Domain Controller Issues



  • I ran into a scanning issue today and found that I could not resolve the host names of a few of the computers that my users were trying to scan to. I checked the logs of my domain controllers:

    Active Directory Web Services:
    0_1490801717637_AWDS1.png

    DFS Replication
    0_1490801866659_AWDS2.png

    Directory Service
    0_1490802317759_AWDS3.png

    DNS Server
    0_1490802077434_AWDS4.png

    This is only on one subdomain, not across the board.



  • What is your DNS configuration on your DCs?



  • Neat!



  • Do you just have the one other site?

    DNS Servers authorized?

    Reverse DNS configured?

    Would love to see your forwarders and resolvers in the DNS Server. Then again I just learned everyone stopped using split DNS so I have some reading to do myself. My last network was about 12 sites and all still 2008 Server AD so a lot has changed.

    The last time I saw these I didn't resolve the replication issues and ended up seeing a DC "tombstoned"



  • The moment I posted this they had me installing POE switches in all of the IDF's. Sorry for not replying.

    @magroover We have multiple subdomains, each with two domain controllers.

    @Kelly Each DC has itself set as the primary, each other as the secondary. Tertiary is either set to loopback or not at all depending on the DC. One thing to note is that we have one DC at each site (with its own subdomain) and then one resides back at the main site. Everything is set to go to the main site first, which is stupid but I'm just giving information.

    One thing I found today was DC1 of the problem subdomain was running out of hard drive space (OS Partition) so I allocated 50 GB HD space from one partition into the OS partition. It immediately used 25 GB, I'm assuming because of all of the replication that needed to take place. This did not fix the issue though ultimately.



  • I think this DC stopped replicating awhile ago and no one was monitoring it. Now it just won't replicate.



  • @wirestyle22 said in Domain Controller Issues:

    I think this DC stopped replicating awhile ago and no one was monitoring it. Now it just won't replicate.

    Replication can take a relatively long time. Typically you have to wait about 24 hours before seeing if your changes made a difference.



  • @Kelly said in Domain Controller Issues:

    @wirestyle22 said in Domain Controller Issues:

    I think this DC stopped replicating awhile ago and no one was monitoring it. Now it just won't replicate.

    Replication can take a relatively long time. Typically you have to wait about 24 hours before seeing if your changes made a difference.

    How would I verify it's taking place? dcdiag is kicking back all kinds of errors.



  • repadmin /replsummary



  • We have 3 DC's that have full OS partitions. This is a nightmare. This is the stuff that happens that forces me into a server administrator role.



  • What is your replication topology?

    Can you post pics of your sites and links? DNS forwarders. Reserve Sites DNS.

    And what Schema.

    I can think of a lot of things but my experience stopped at 2008 with limited 2012 exposure. Still it didn't look like anything major changed.

    25GB is your Sysvol size?



  • @Kelly said in Domain Controller Issues:

    repadmin /replsummary

    Subdomain 1
    DC1 - The RPC server is unavailable
    DC2 - Access is denied
    DC3 - The target principle name is incorrect

    Subdomain 2
    DC1 - Access is denied

    Note: I realized we were using WINS when I tried to power down DC1 and we couldn't ping hostnames. DC1 is one of the DNS servers.



  • What is filling up the space on your DCs? 25 GB seems really high for something to fill immediately. Are you using DFS?



  • @Kelly said in Domain Controller Issues:

    What is filling up the space on your DCs? 25 GB seems really high for something to fill immediately. Are you using DFS?

    Yeah we are.

    I have no idea what is taking up this space. I'm attempting to find it now.



  • @wirestyle22 said in Domain Controller Issues:

    @Kelly said in Domain Controller Issues:

    What is filling up the space on your DCs? 25 GB seems really high for something to fill immediately. Are you using DFS?

    Yeah we are.

    I have no idea what is taking up this space. I'm attempting to find it now.

    https://windirstat.net/index.html



  • Alright. I'm waiting to see what the event logs are going to tell me but it seems like a lot of this (not all) has been resolved. For some reason they used AVG Tuneup (yeah...i know) on our Domain Controllers and they created recovery files that were 30 GB+, then when our OS partition didn't have enough space to make changes the DC's just started turning off services.

    I still can't ping some hostnames but I may just need to wait for replication.



  • WHAT? A reg cleaner on a DC? I don't think there is a facepalm meme sufficient for this level. Can you get them fired? If you continue to experience problems you may have to retire those DCs (hopefully they're virtualized).



  • @Kelly You have no idea what I'm dealing with over here. I'm not a religious man but please pray for me.


  • Service Provider

    @wirestyle22 why is any of this your problem what is your job but is not your job stop doing things that are in stop caring about things that are not your job



  • /sigh
    FFS
    OMFG
    ROFLOL
    huh...

    wow.. just wow...

    OK now back to our regularly scheduled crap fest .



  • @JaredBusch said in Domain Controller Issues:

    @wirestyle22 why is any of this your problem what is your job but is not your job stop doing things that are in stop caring about things that are not your job

    I don't know how to not care. I always see the network as my baby. Also, it's in my best interest for us to get our contract renewal whenever that comes up.



  • Hopefully my motivation to learn will produce results in the next half year and I'll be able to specialize more. That may lead to a better job. I'll update this thread tomorrow when I have more information. Thanks for the help @Kelly.



  • @JaredBusch said in Domain Controller Issues:

    @wirestyle22 why is any of this your problem what is your job but is not your job stop doing things that are in stop caring about things that are not your job

    From the sounds of it, He basically works for a S*B, but a HUGE one :P He's a jack of all trades, they don't have dedicated Server team, don't have a dedicated desktop team. Don't have a dedicated Helpdesk.

    He gets to wear all of those hats.



  • @Dashrender said in Domain Controller Issues:

    @JaredBusch said in Domain Controller Issues:

    @wirestyle22 why is any of this your problem what is your job but is not your job stop doing things that are in stop caring about things that are not your job

    From the sounds of it, He basically works for a S*B, but a HUGE one :P He's a jack of all trades, they don't have dedicated Server team, don't have a dedicated desktop team. Don't have a dedicated Helpdesk.

    He gets to wear all of those hats.

    Yeah kind of. The servers aren't my responsibility until something happens that everyone else doesn't know. I guess they trust me although I don't know why



  • @Dashrender said in Domain Controller Issues:

    @JaredBusch said in Domain Controller Issues:

    @wirestyle22 why is any of this your problem what is your job but is not your job stop doing things that are in stop caring about things that are not your job

    From the sounds of it, He basically works for a S*B, but a HUGE one :P He's a jack of all trades, they don't have dedicated Server team, don't have a dedicated desktop team. Don't have a dedicated Helpdesk.

    He gets to wear all of those hats.

    The smaller the team, the more hats one must wear. Division of responsibilities amongst an enterprise sized team has little or no bearing on a one or two person IT department.


  • Service Provider

    @wirestyle22 said in Domain Controller Issues:

    @JaredBusch said in Domain Controller Issues:

    @wirestyle22 why is any of this your problem what is your job but is not your job stop doing things that are in stop caring about things that are not your job

    I don't know how to not care. I always see the network as my baby.

    It cannot be overstated how bad this is. The network is NOT your baby. This attitude means that IT is the wrong career path for you, it means that entrepreneurship is the right path. Owners own the network, it is their baby, not the IT team's.

    The idea that you own or oversee the network is so unhealthy, it has no place in IT. It will cause you to be a bad employee, it will make you unhappy. There is no good outcome of it - not for you, not for the business.


  • Service Provider

    @RojoLoco said in Domain Controller Issues:

    @Dashrender said in Domain Controller Issues:

    @JaredBusch said in Domain Controller Issues:

    @wirestyle22 why is any of this your problem what is your job but is not your job stop doing things that are in stop caring about things that are not your job

    From the sounds of it, He basically works for a S*B, but a HUGE one :P He's a jack of all trades, they don't have dedicated Server team, don't have a dedicated desktop team. Don't have a dedicated Helpdesk.

    He gets to wear all of those hats.

    The smaller the team, the more hats one must wear. Division of responsibilities amongst an enterprise sized team has little or no bearing on a one or two person IT department.

    He works for a large entity, though.


  • Service Provider

    @wirestyle22 said in Domain Controller Issues:

    @Dashrender said in Domain Controller Issues:

    @JaredBusch said in Domain Controller Issues:

    @wirestyle22 why is any of this your problem what is your job but is not your job stop doing things that are in stop caring about things that are not your job

    From the sounds of it, He basically works for a S*B, but a HUGE one :P He's a jack of all trades, they don't have dedicated Server team, don't have a dedicated desktop team. Don't have a dedicated Helpdesk.

    He gets to wear all of those hats.

    Yeah kind of. The servers aren't my responsibility until something happens that everyone else doesn't know. I guess they trust me although I don't know why

    No, not kind of. If there is a team that that is their job it is not your job. Don't let them give you that job without giving you pay for that job you're letting them abuse you. This is 100% your problem and 100% your fault for letting them do it. It is not your problem. If the problem in packs your job pinpoint the problem send it to the person who need to take care of it and fucking ignore it it is not your goddamn problem.



  • @scottalanmiller said in Domain Controller Issues:

    IT is the wrong career path for you

    I agree.


  • Service Provider

    @wirestyle22 said in Domain Controller Issues:

    @Dashrender said in Domain Controller Issues:

    @JaredBusch said in Domain Controller Issues:

    @wirestyle22 why is any of this your problem what is your job but is not your job stop doing things that are in stop caring about things that are not your job

    From the sounds of it, He basically works for a S*B, but a HUGE one :P He's a jack of all trades, they don't have dedicated Server team, don't have a dedicated desktop team. Don't have a dedicated Helpdesk.

    He gets to wear all of those hats.

    Yeah kind of. The servers aren't my responsibility until something happens that everyone else doesn't know. I guess they trust me although I don't know why

    Not kind of. Are they, or are they not? Think about it for a minute, chances are you know the answer here. Are you the admin who "owns" the servers, or do you work on them with someone else's permission?


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.