Hello Everybody,
I am having a strange problem with a new DC which is running Server 2012 R2. Here is a the setup:
SBS 2003 Server running as a DC
Server 2008 R2 running as a terminal server
new Server 2012 R2 running as a DC
The first two servers have been running for a while and work fine. However I would like to get rid of the SBS 2003 server sometime soon. Therefore I have added in the Server 2012 R2 as a DC. It is also running as a Global Catalog Server as is the SBS. For now SBS is running all FSMO roles since it is required by SBS. Once I can get the other server to allow logons I will seize these roles.
All servers are running under VMware 5.5 Server.
Here is the problem, if the Small Business Server is turned off, nobody can login with domain credentials on the terminal server. If memory serves me correctly you cannot login into a local workstation either. I have disabled all GPO's to make sure they are not causing a time out issue. I can login into the Server 2012 system even if the SBS server is off. In testing I have logged into the terminal server locally through VMware and checked to make sure DNS was working on the new 2012 server which it is. The terminal server does have both DC servers set in as its DNS servers.
Some testing I did with nslookup (this taken from another site as some suggestions to try):
typed in domain name incorrectly and received the error "*** 2012-servername can't find domain: non-existent domain
I then noticed my incorrect spelling and type it in correctly and got this response:
Server: 2012ServerName.domain-name
Address: <the IPv4 Address of the 2012 Server>
Name: domain-name
Addresses: <first the SBS server IPv4 address then on the next line the 2012 IPv4 address>
I then issued the command "set type=SRV" then type in "_ldap._tcp.domain-name"
The result I got back is:
Server: 2012ServerName.domain-name
Address: <the IPv4 Address of the 2012 Server>
-ldap._tcp.domainname SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = SBS-Server-Name.domain-name
ldap._tcp.domainname SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = 2012-Server-Name.domain-name
sbs-server-name.domain-name internet address = <the IPv4 IP Address of that server>
2012-server-name.domain-name internet address = <the IPv4 IP Address of that server>
These commands where run while the SBS Server was turned off. So it looks like it is responding correctly to those commands. I also logged into the 2012 Server while the SBS server was down and tried to take a look at the GPO's to verify that they where turned off. When adding in the forest domain it told me it that the domain was not found or available. When I turned the SBS server back on I was able to add in the forest domain normally and it showed me all of the GPO's.
If anybody has any possible tests I can run or ideas why the 2012 Server is not processing domain logins I would be happy to explore them. From what I understand, as long as a server is setup as a DC, and it is running DNS, and setup as a Catalog Server, it should process domain requests and logon requests. Before disabling the GPO's I was getting some errors in the event log showing a GPO error and then another error I cannot remember. Both indicating a problem with active directory domain issues. Once I disabled the GPO's I no longer see any problems in the event logs.
I am having a strange problem with a new DC which is running Server 2012 R2. Here is a the setup:
SBS 2003 Server running as a DC
Server 2008 R2 running as a terminal server
new Server 2012 R2 running as a DC
The first two servers have been running for a while and work fine. However I would like to get rid of the SBS 2003 server sometime soon. Therefore I have added in the Server 2012 R2 as a DC. It is also running as a Global Catalog Server as is the SBS. For now SBS is running all FSMO roles since it is required by SBS. Once I can get the other server to allow logons I will seize these roles.
All servers are running under VMware 5.5 Server.
Here is the problem, if the Small Business Server is turned off, nobody can login with domain credentials on the terminal server. If memory serves me correctly you cannot login into a local workstation either. I have disabled all GPO's to make sure they are not causing a time out issue. I can login into the Server 2012 system even if the SBS server is off. In testing I have logged into the terminal server locally through VMware and checked to make sure DNS was working on the new 2012 server which it is. The terminal server does have both DC servers set in as its DNS servers.
Some testing I did with nslookup (this taken from another site as some suggestions to try):
typed in domain name incorrectly and received the error "*** 2012-servername can't find domain: non-existent domain
I then noticed my incorrect spelling and type it in correctly and got this response:
Server: 2012ServerName.domain-name
Address: <the IPv4 Address of the 2012 Server>
Name: domain-name
Addresses: <first the SBS server IPv4 address then on the next line the 2012 IPv4 address>
I then issued the command "set type=SRV" then type in "_ldap._tcp.domain-name"
The result I got back is:
Server: 2012ServerName.domain-name
Address: <the IPv4 Address of the 2012 Server>
-ldap._tcp.domainname SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = SBS-Server-Name.domain-name
ldap._tcp.domainname SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = 2012-Server-Name.domain-name
sbs-server-name.domain-name internet address = <the IPv4 IP Address of that server>
2012-server-name.domain-name internet address = <the IPv4 IP Address of that server>
These commands where run while the SBS Server was turned off. So it looks like it is responding correctly to those commands. I also logged into the 2012 Server while the SBS server was down and tried to take a look at the GPO's to verify that they where turned off. When adding in the forest domain it told me it that the domain was not found or available. When I turned the SBS server back on I was able to add in the forest domain normally and it showed me all of the GPO's.
If anybody has any possible tests I can run or ideas why the 2012 Server is not processing domain logins I would be happy to explore them. From what I understand, as long as a server is setup as a DC, and it is running DNS, and setup as a Catalog Server, it should process domain requests and logon requests. Before disabling the GPO's I was getting some errors in the event log showing a GPO error and then another error I cannot remember. Both indicating a problem with active directory domain issues. Once I disabled the GPO's I no longer see any problems in the event logs.
