We had a very weird thing happen yesterday...
First off our setup is like this.. I have two DCs.. both DCs have DCHP and DNS installed (as backups to each other), though the DHCP is a split, say .1 to .150 and .151 to .254 etc...
Its 2003 Active Directory.. all 5 servers have static ips, while the clients use DCHP.
Suddenly yesterday afternoon everything went haywire.. internet connectivity was intermittent and died.. network access died.. lots of local workstations couldnt get an ip (limitted connectivity errors)...
I first checked that both DHCP instances were running and they were.
So then I decided just to give one of the DCs a reboot (the main one, fileserver).. that didnt fix it..
So I then decided to reboot the secondary DC (in the past, for some weird reason, access to network drives, but not ips.. would fail and the only fix has been to reboot the other DC machine.. I think this one is a replication error though)...
So the secondary DC reboot was no good.. I checked the logs in the Main DC and there was this error:
The browser has received a server announcement indicating that the computer DCMAIN is a master browser, but this computer is not a master browser.
This certainly was not the case.. I'm fairly certain it was the master browser...
On the "secondary" DC, I found this in the event logs:
A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
So I ran the command and found that an ip address ending in .47 was showing the same computer name as the secondary server!
I was shocked to find after some research that this secondary ip address, at least earlier that day, belonged to my second PC in my office, which I hadnt touched in forever, but was on.. its machine name was not the same as the secondary DC...
I shut this machine off, then rebooted both DCs again and all returned to normal!
I'm at a loss as to how this could have happened.
On that secondary DC I did find this in the error log too:
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1
I had never tried to demote the secondary DC either.
There was this autoenrollment error too (Eventid 13):
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
At this point everything is still fine, though on the secondary I do have these 2 messages:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
EventID 1030,
and
EventID 1058, windows cannot access the file gpt.ini in GPO etc.
I did find one article stating to do a reset on the winsock catalog and reboot.. I tried this, havent rebooted to see if it clears the issue.
Perhaps this is related to my duplicate machine thing:
I am getting this from time to time:
The DHCP service encountered the following error while cleaning up the database:
An error occurred while accessing the DHCP database. Look at the
DHCP server event log for more information on this error.
EventID 1010
As well as EventID 1016 and 1014.
If anyone knows of a reason as to how this may have happened that would be great
First off our setup is like this.. I have two DCs.. both DCs have DCHP and DNS installed (as backups to each other), though the DHCP is a split, say .1 to .150 and .151 to .254 etc...
Its 2003 Active Directory.. all 5 servers have static ips, while the clients use DCHP.
Suddenly yesterday afternoon everything went haywire.. internet connectivity was intermittent and died.. network access died.. lots of local workstations couldnt get an ip (limitted connectivity errors)...
I first checked that both DHCP instances were running and they were.
So then I decided just to give one of the DCs a reboot (the main one, fileserver).. that didnt fix it..
So I then decided to reboot the secondary DC (in the past, for some weird reason, access to network drives, but not ips.. would fail and the only fix has been to reboot the other DC machine.. I think this one is a replication error though)...
So the secondary DC reboot was no good.. I checked the logs in the Main DC and there was this error:
The browser has received a server announcement indicating that the computer DCMAIN is a master browser, but this computer is not a master browser.
This certainly was not the case.. I'm fairly certain it was the master browser...
On the "secondary" DC, I found this in the event logs:
A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
So I ran the command and found that an ip address ending in .47 was showing the same computer name as the secondary server!
I was shocked to find after some research that this secondary ip address, at least earlier that day, belonged to my second PC in my office, which I hadnt touched in forever, but was on.. its machine name was not the same as the secondary DC...
I shut this machine off, then rebooted both DCs again and all returned to normal!
I'm at a loss as to how this could have happened.
On that secondary DC I did find this in the error log too:
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1
I had never tried to demote the secondary DC either.
There was this autoenrollment error too (Eventid 13):
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.
At this point everything is still fine, though on the secondary I do have these 2 messages:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
EventID 1030,
and
EventID 1058, windows cannot access the file gpt.ini in GPO etc.
I did find one article stating to do a reset on the winsock catalog and reboot.. I tried this, havent rebooted to see if it clears the issue.
Perhaps this is related to my duplicate machine thing:
I am getting this from time to time:
The DHCP service encountered the following error while cleaning up the database:
An error occurred while accessing the DHCP database. Look at the
DHCP server event log for more information on this error.
EventID 1010
As well as EventID 1016 and 1014.
If anyone knows of a reason as to how this may have happened that would be great
