Domain Controller Issues

wirestyle22

I ran into a scanning issue today and found that I could not resolve the host names of a few of the computers that my users were trying to scan to. I checked the logs of my domain controllers:

Active Directory Web Services:

DFS Replication

Directory Service

DNS Server

This is only on one subdomain, not across the board.

Kelly

What is your DNS configuration on your DCs?

Grey

Neat!

magroover

Do you just have the one other site?

DNS Servers authorized?

Reverse DNS configured?

Would love to see your forwarders and resolvers in the DNS Server. Then again I just learned everyone stopped using split DNS so I have some reading to do myself. My last network was about 12 sites and all still 2008 Server AD so a lot has changed.

The last time I saw these I didn't resolve the replication issues and ended up seeing a DC "tombstoned"

wirestyle22

The moment I posted this they had me installing POE switches in all of the IDF's. Sorry for not replying.

@magroover We have multiple subdomains, each with two domain controllers.

@Kelly Each DC has itself set as the primary, each other as the secondary. Tertiary is either set to loopback or not at all depending on the DC. One thing to note is that we have one DC at each site (with its own subdomain) and then one resides back at the main site. Everything is set to go to the main site first, which is stupid but I'm just giving information.

One thing I found today was DC1 of the problem subdomain was running out of hard drive space (OS Partition) so I allocated 50 GB HD space from one partition into the OS partition. It immediately used 25 GB, I'm assuming because of all of the replication that needed to take place. This did not fix the issue though ultimately.

wirestyle22

I think this DC stopped replicating awhile ago and no one was monitoring it. Now it just won't replicate.

Kelly

@wirestyle22 said in Domain Controller Issues:

I think this DC stopped replicating awhile ago and no one was monitoring it. Now it just won't replicate.

Replication can take a relatively long time. Typically you have to wait about 24 hours before seeing if your changes made a difference.

wirestyle22

@Kelly said in Domain Controller Issues:

@wirestyle22 said in Domain Controller Issues:

I think this DC stopped replicating awhile ago and no one was monitoring it. Now it just won't replicate.

Replication can take a relatively long time. Typically you have to wait about 24 hours before seeing if your changes made a difference.

How would I verify it's taking place? dcdiag is kicking back all kinds of errors.

Kelly

repadmin /replsummary

wirestyle22

We have 3 DC's that have full OS partitions. This is a nightmare. This is the stuff that happens that forces me into a server administrator role.

magroover

What is your replication topology?

Can you post pics of your sites and links? DNS forwarders. Reserve Sites DNS.

And what Schema.

I can think of a lot of things but my experience stopped at 2008 with limited 2012 exposure. Still it didn't look like anything major changed.

25GB is your Sysvol size?

wirestyle22

@Kelly said in Domain Controller Issues:

repadmin /replsummary

Subdomain 1
DC1 - The RPC server is unavailable
DC2 - Access is denied
DC3 - The target principle name is incorrect

Subdomain 2
DC1 - Access is denied

Note: I realized we were using WINS when I tried to power down DC1 and we couldn't ping hostnames. DC1 is one of the DNS servers.

Kelly

What is filling up the space on your DCs? 25 GB seems really high for something to fill immediately. Are you using DFS?

wirestyle22

@Kelly said in Domain Controller Issues:

What is filling up the space on your DCs? 25 GB seems really high for something to fill immediately. Are you using DFS?

Yeah we are.

I have no idea what is taking up this space. I'm attempting to find it now.

Kelly

@wirestyle22 said in Domain Controller Issues:

@Kelly said in Domain Controller Issues:

What is filling up the space on your DCs? 25 GB seems really high for something to fill immediately. Are you using DFS?

Yeah we are.

I have no idea what is taking up this space. I'm attempting to find it now.

https://windirstat.net/index.html

wirestyle22

Alright. I'm waiting to see what the event logs are going to tell me but it seems like a lot of this (not all) has been resolved. For some reason they used AVG Tuneup (yeah...i know) on our Domain Controllers and they created recovery files that were 30 GB+, then when our OS partition didn't have enough space to make changes the DC's just started turning off services.

I still can't ping some hostnames but I may just need to wait for replication.

Kelly

WHAT? A reg cleaner on a DC? I don't think there is a facepalm meme sufficient for this level. Can you get them fired? If you continue to experience problems you may have to retire those DCs (hopefully they're virtualized).

wirestyle22

@Kelly You have no idea what I'm dealing with over here. I'm not a religious man but please pray for me.

JaredBusch

@wirestyle22 why is any of this your problem what is your job but is not your job stop doing things that are in stop caring about things that are not your job

Dashrender

/sigh
FFS
OMFG
ROFLOL
huh...

wow.. just wow...

OK now back to our regularly scheduled crap fest .