Active Directory

[GlenJohnson]

I have 2 W2K servers on one domain. The main server is a dc with a fresh install of 2000 server. The secondary server is the original PDC NT4.0 server which was upgraded to W2K. We upgraded the NT4.0 to 2000, then had the new server join the domain. Both are dc's now, replicating Wins and DNS. We're not running DHCP. The problem. the new server can replicate AD from the old server, but the old server can't replicate from the new server. I can create a user in AD on the old server, and the new user shows up in AD on the new server. If I create a new user on AD on the new server, he never shows up in AD on the old server. I heard that DNS might cause the problem, so I stopped and started the dns on both servers. Didn't help. The new server gives me an error message about the name being changed or not available. Has anybody heard of one way replicating? Thanks

 

[Guest_imported]

Just out of curiosity. Ar your DNS servers replicating OK or no?

 

[GlenJohnson]

Thanks Handl1, I checked and the main server is replicating DNS just fine. The problem dc says
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 409
Date: 3/20/2002
Time: 2:49:18 PM
User: N/A
Computer: NTS1
Description:
The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer.
Use the DNS manager server properties, interfaces dialog, to verify and reset the IP addresses the DNS server should listen on. For more information, see "To restrict a DNS server to listen only on selected addresses" in the online Help.

I don't know yet what this means, but the DNS may be really causing the AD problems. Appreciate the quick response. I'll start digging into this now.

 

[tlcscousin]

Go To

http://www.eventid.net

and search the database.
Here is what they have listed for that error code.

Event ID: 409
Source DNS
Type Warning
Description The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer. Use the DNS manager server properties, interfaces dialog, to verify and reset the IP addresses the DNS server should listen on. For more information, see "To restrict a DNS server to listen only on selected addresses" in the online Help.
Comments This indicates that the DNS interface is configured with more than one IP address, and that one of the addresses is no longer valid. In the DNS console, open the properties for the server, select the Interfaces tab, and review the IP addresses listed. Remove any old or invalid IP addresses to prevent this message from re-appearing.

 

[pollux0]

also make sure your zone(s) are configured for dynamic update!! If not than you will have major problems like this in the future.

 

[GlenJohnson]

This get's stranger the deeper I dig. If I click on the icon for the main server in DHC, a screen comes up that says configure your server, yet there are drop downs for forward and reverse lookup zones and the settings are all correct. If I click on the icon for the secondary server, it just shows the forward and reverse lookup zones like it should. They are set for dynamic updates. I also found a bad IP address on the secondary server for zone transfers. I've got it set up to transfer to any zone now. I didn't set up DNS on either server, but the person that did tells me everything was set up at one time, and it all worked correctly. Bizzarre.

 

[GlenJohnson]

Problem solved. The more resarch I did, the more I found you folks were right. DNS must have something to do with it. I had a consultant at one time I should NEVER have two WINS servers with each others ip address in the WINS settings, but he never said anything about DNS. I looked again, and the only DNS server their was itself. I added the other DNS servers IP address and when I said replicate now, perfect. Thanks for the help. Glen A. Johnson
Microsoft Certified Professional

"It is never too late to learn what is always necessary to know".
Lucius Annaeus Seneca (4 BC - 65AD); Roman philosopher and statesman.