2000TermServ RPC communication problem between DC's. Help!

[matt95gsr]

I have two Windows 2000 Terminal Server boxes (Metaframe XPa actually, but the issue is in the communication between the servers, so I thought I'd post it here) that have been running flawlessly for 4 months and suddenly came up with a problem today. The two servers, MF1 and MF2, have ip addresses 10.0.0.29 and 10.0.0.30, respectively and MF2 configured as DNS Server. They run mirror images of each other with published applications and load balancing via Metaframe. Today, the applications quit running properly on MF1. As it turns out, the user's home drive paths (mapped as P point to drive N: on MF2, so when they log on to MF2 the drive maps no problem, but errors out when attempting to map drive P: to the share on MF2 from MF1. If I execute a net use P: \\MF2\username$ from MF1, I get the error message "System error 1396 has occured. Logon Failure: The target account name is incorrect." Searching MS tech support, the official explanation of this is "This error message can occur if two computers have the same computer name. One computer is located in the child domain; the other computer is located in the parent domain." Well, there's only one domain, and all computer names are unique; so I can't take their advice and rename one of the computers (not to mention they're both DC's, making them a tad more difficult to rename.). Anyway, the net use command works if I substitute the IP for the machine name in the UNC path, so I'm even more confused as their explanation almost seems more plausible (but I can ping by name). A little more research, and an article tells me to install SP3. Done, same thing happens. Testing a little more, I decide to try to force replication of AD info from MF2 to MF1, but it errors out displaying, "The following error occured during the attempt to contact the domain controller: The RPC server is unavailable. This condition may be caused by a DNS lookup problem, please see the following MS site:

http://go.microsoft.com/fwlink/?LinkID=5171".

This page essentially tells me how to set up my DNS structure in order for AD to work. Since it's worked for over 4 months, I figured it was configured properly but I double-checked and everything seems in line with the article. The one thing it did say to try was to run dcdiag.exe to check the config. Run on MF2, it passes; run on MF1, it fails on FSMOCheck with "WarningcGetDcName (GC_Server_required) call failed, error 1355. A Global Catalog server could not be located - all GC's are down. Checking the DNS config, it lists MF2 as GC. If you make it this far, I do apologize for the long post, but I'm at wit's end right now. If anyone has seen something similar to this, or just has an interesting idea, please please help! Thanks in advance.
Matt

 

[tlcscousin]

Have you tried to verify the trust between the domains? If the trust fails you would get that type of problem.
It can also be caused by DNS, stop and restart DNS. Go to domains and trusts and edit the trusts and there is a verify button that will verify the trust, and if it fails will try repairing it for you.

 

[GrnEyedLdy]

Matt95,

The last time I had errors regarding the RPC service, it was a time synch problem between the DC's. Are there any Win32 Time errors in the System log?

Just a thought,

Patty

 

[matt95gsr]

futuretech204: single domain involved here...no trusts involved. DNS has been stopped, restarted, stopped and restarted some more.

GrnEyedlLdy: Nope, no time errors in log. As a matter of fact, no errors in the logs whatsoever except a warning that AD was unable to replicate between the servers.

Thanks guys,

Matt

 

[tlcscousin]

If it is a single domain then your post is a little bit off. you talk about a parent domain and a child domain.When you create a child domain there is a trust created automatically between parent and child if the trust fails you get RPC errors that is why I made the suggestion.

 

[tlcscousin]

Ok I reread the post, and it is M$ that talks about child and parent, i apologise i guess it was a bit early for my brain to get in gear.I will take a look and see if I find anything relevant.

 

[tlcscousin]

The error 1355 brings the possability of the sysvol having lost its share status as per

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q283133&

 

[matt95gsr]

Thanks futuretech, I didn't see that article before. Unfortunately, I can't check until Monday morning, but it does appear to be a possibility.

 

[matt95gsr]

Update:
Checked sysvol share status per Q283133 and everything appears to be alright as far as that's concerned. Still looking for answers....looks like a possible call to MS coming up.
Thanks for the help though, futuretech.

 

[matt95gsr]

FYI,

Problem solved. I spent about 10 hours yesterday playing stump the MS Tech. It turned out that the initial problem had to do with a "disjointed namespace" problem stemming from the way 2000 handles things when upgrading from NT4. Apparently, the upgrade takes anything that is configured as a DNS suffix in your TCP/IP properties-->DNS tab and appends that to the computer name to create the FQDN for the machine. So what you end up with is a mismatch between the domain listed under DOMAIN: and the domain listed in the FQDN under Full Computer Name: field in your network ID properties. Since MS knows this is a problem they had a vb script to send out to me to fix the issue and correct that problem. It then became a matter of manually demoting and removing two of the dc's from the domain, removing their info from AD and then using metadata cleanup command in ntdsutil to clean their leftover junk out of AD. Then dcpromo'd the two servers back to DC's, waited for replication, and everything's golden. Not that any of this probably matters to you guys, but perhaps if you find yourselves in a similar situation sometime, it'll give you another idea of a direction to move in. Thanks again for everyone's help and thoughts on this matter.

Matt.