I am working on a domain that my company inherited from another support group. It appears as though this domain has been upgraded from NT to 2000 to 2003 Server and renamed as well (so there are plenty of opportunities for error). Here is the network layout. I have the primary DC (the one that has had all the upgrades and changes) at the main office (Tampa). I have three remote offices in two states all connected to the main office via VPN. Each remote office has a server which acts as a DC on their own subnet (192.168.1.x, 192.168.2.x, 192.168.3.x, 192.168.4.x). DNS is integrated with Active Directory and replication of DNS and Active Directory are occurring without issue.
Where the problem arises is when the DC in Tampa is rebooted. While we had some initial issues with DNS still referencing the old domain in some cases and the Exchange server configured as a DC, but not authorized, we have cleared those up. Now, when the computer is rebooted it takes about 12 minutes to get past the configuration of the network settings. Then when you go to login, there is only the option to login to the domain and not the "this computer" account. You login to the domain, and Active Directory has failed to start because DNS has failed to start. While DNS server shows as being started, the actual DC is not available in the snap-in. Some pop-ups come into play that say there could not be a name resolved to the IP address of the current computer (event viewer shows five errors numbered 4000, 4001, 4007).
Once I restart the DNS server service a few times, the computer comes up, I can connect ADUC to the domain, and all is well... until the next reboot.
I think the lack of ability to login to the local computer is causing associated with the computer not knowing who it is and realizing that when the DNS server starts it is the primary DC for the domain. Because DNS is the backbone of most everything else on the network, AD and DHCP server also fail.
Has anyone had any experience with this computer's local account not being available as a login option? I have been working with Microsoft on it for a week, but they do not think the two issues are related (the local login and everything failing when it comes up).
Steve Hohman
When you earnestly believe you can compensate for a lack of skill by doubling your efforts, there's no end to what you can't do. (Despair.com)
Where the problem arises is when the DC in Tampa is rebooted. While we had some initial issues with DNS still referencing the old domain in some cases and the Exchange server configured as a DC, but not authorized, we have cleared those up. Now, when the computer is rebooted it takes about 12 minutes to get past the configuration of the network settings. Then when you go to login, there is only the option to login to the domain and not the "this computer" account. You login to the domain, and Active Directory has failed to start because DNS has failed to start. While DNS server shows as being started, the actual DC is not available in the snap-in. Some pop-ups come into play that say there could not be a name resolved to the IP address of the current computer (event viewer shows five errors numbered 4000, 4001, 4007).
Once I restart the DNS server service a few times, the computer comes up, I can connect ADUC to the domain, and all is well... until the next reboot.
I think the lack of ability to login to the local computer is causing associated with the computer not knowing who it is and realizing that when the DNS server starts it is the primary DC for the domain. Because DNS is the backbone of most everything else on the network, AD and DHCP server also fail.
Has anyone had any experience with this computer's local account not being available as a login option? I have been working with Microsoft on it for a week, but they do not think the two issues are related (the local login and everything failing when it comes up).
Steve Hohman
When you earnestly believe you can compensate for a lack of skill by doubling your efforts, there's no end to what you can't do. (Despair.com)