Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

metaframe over an NT & 2000 domain

Status
Not open for further replies.
timarnold

timarnold

MIS
Jul 11, 2003
17
GB
I have a metaframe 1.8 server which is a member of a windows NT4 domain. I also have a Windows 2000 domain (with all of the trusts in place)
When I go into PAM and try to add a Windows 2000 group to a published application, I get the following error message.
"The primary domain controll for domain "domain name" is unavailable"

I can browse all the servers in the domain from the Citrix server? I can ping all machines in the domain.

I can connect to the enterprise root domain?

Any ideas, as to why I can't enumerate the groups in this one domain.

Please help?[afro]
 
Sort by date Sort by votes
Oooh. Number of possible causes. The MF server may have issues on the local domain (has been imaged/SID invalid/etc), or hosts/wins/dns problems. If you're running 'em, the wins server(s) may have issues. The domain controllers may not be replicating properly.....

See if you can log onto the other domain from the Citrix server - that might give you a better idea as to what's happening.

Cheers
 
Upvote 0 Downvote
I have tried to log onto the server using the AD domain admin user id and this works fine.. I also can connect to all of the AD servers when logged on as the admin for the windows NT 4 domain.

Not sure if this makes it easier but the citrix server is windows 2000 as well.
 
Upvote 0 Downvote
Assuming there are no issues with routing/dns/wins/host files:

Active Directory uses multimaster replication for most directory updates, but it still has what is called a primary domain controller emulator. Losing the server running this does not have the same impact as unavailability of the primary domain controller in a Windows NT4 domain but it can still cause issues, and this may be what's happened here.

Try logging into the NT4 domain from the Citrix server console, and then map a drive to a share that's published on a server that's a member of the other domain (eg run a command prompt and type something like "net use * \\servername\share /user:domainname\user password". Then see if you can add the groups into the published app.

Otherwise contact the domain admin of the AD domain and try to find out if they have lost a domain controller. Specifically, ask if they have upgraded their domain from NT4 to AD and have wiped the NT4 PDC they converted over to AD....

Cheers
 
Upvote 0 Downvote
thats me then.!

PDC Emul is working as far as I can see.

Any other ideas?
 
Upvote 0 Downvote
Bummer. Well.... beer always seems to help me.... <grin>

Cheers

P.S. Ok, so maybe beer won't help in the long run, but it's 11:17pm (which means for me it's sometime tomorrow) on a Friday after a long week and I'm typing this from a &quot;Business Centre&quot; (which is like a Airport lounge only without the people or food) in the Sheraton in Perth in Australia and - shame to my psuedonym (and trust me when I say that's hard for me to spell at the moment) - I've just polished off a bottle of red wine in my room, so perhaps you can't expect quality help from me at the moment..... ;-)

P.P.S. Again, assuming the whole name resolution tango is working ok, and no luck with the command line mapping, try finding a copy of ntdsutil.exe from Mickeysoft and just run it and see if it comes up with any errors.
 
Upvote 0 Downvote
what do I do with the file? is there a command line I should use to check for errors?
 
Upvote 0 Downvote
To quote from Microsoft:


Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory™, the Microsoft® Windows® 2000 directory service. Use Ntdsutil to perform database maintenance of Active Directory, to manage and control single master operations, and to remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled. This tool is intended to be used by experienced administrators. By default, Ntdsutil is installed in the Winnt\System32 folder.

Invoking Ntdsutil Commands and Parameters

Ntdsutil provides menus that list the set of commands for the program. At any level, you can enter ? or Help (or even h if there are no other options that start with h at that level) to read the list of commands for that part of the program. The command quit (or q, if sufficiently unique) is the universal command to return to the prior menu. The command quit, when used at the outermost level, exits the program.



Anyhoo, I'd just run ntdsutil.exe as is and see if it finds any problems - I'm afraid I suspect it will assuming that all your AD domain controllers are up and running and you're still getting the error. You need to make sure you have/can find the primary domain controller emulator (PDCE). Further info can be found at: or get yourself a (large) tea/coffee/beverage of choice & do a google search ( and sit back and read....

Assuming that the problem is being caused by a failed PDCE (and make sure that none of your servers in the AD domain have been shut down temporarily in case one of those is the PDCE) you can use the info at (specifically &quot;Recovery of the PDC Emulator&quot;) to put things back to normal.

Cheers
 
Upvote 0 Downvote
We have windows 95 clients that use he pdc emul. we have had problems in the past and have had to move the role from one machine to another... Will the citrix server cached the location of the pdc emul??? The server went in way before we had to move the fsmo role to another server??

If the pdc emul isnt working wouldnt our windows 95 clients have problems logging on?
 
Upvote 0 Downvote
1. The Citrix server would not cache the location of the PDCE for any great length of time - probably measured in seconds or minutes rather than days.... and if it couldn't find it directly it would then query a BDC in the domain to try to locate it.
2. The win9x clients would - generally - still be able to log on. It's as if they were on an NT4 domain and the PDC was not around - they'd use the BDC(s) (ie the local DC they've logged into) instead. They may have issues if, for example, they change their password but otherwise there wouldn't be a huge impact.

When you say you've had issues with the pdce in the past, can I ask what sort? Sometimes errors are caused by something else and people end up treating the symptoms rather than the cause, and end up never actually fixing the original problem. For example, a corrupted wins database (I really hate wins for anything other than very small networks by the way - if you're using it, I'd recommend migrating to dns) can cause issues where servers aren't able to resolve reliably the locations of their peers which in turn causes authentication issues....

As well as the utility I mentioned previously, also check out (Active Directory Diagnostics, Troubleshooting, and Recovery) that describes how to use utilities such as dcdiag, netdiag and nltest.

Cheers
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lb63640
  • Locked
  • Question
Windows 2000 with Citrix MetaFrame XP upgraded to 2003--no autocreated printers
Replies
1
Views
226
itsp1965
itsp1965
treedstang
  • Locked
  • Question
SAMBA4 DOMAIN NOT SEEING IMPORTED USERS OR GROUPS FROM SAMBA3 DOMAIN
Replies
0
Views
239
treedstang
treedstang
lb63640
  • Locked
  • Question
Licenses for MetaFrame XP
Replies
0
Views
199
lb63640
lb63640
rojariggs
  • Locked
  • Question
Xenapp &amp; Metaframe together on web interface
Replies
2
Views
229
rojariggs
rojariggs
bizhelp
  • Locked
  • Question
iPad + metaframe 4.5 + web interface 4.6 + secure gateway 3.0
Replies
0
Views
189
bizhelp
bizhelp

Part and Inventory Search

Sponsor

Back
Top