It’s a common best practice to run the DCDIAG tool in all DC in your forest whenever a significant change has been made, i.e. a new DC has been added or deleted in the forest. With this you are testing if the change you just made was done correctly. It’s also common that if you have at least two domains in your forest (and the trust relationships in place), when you run dcdiag in any DC you get a message indicating that when the test of replication on a specific server applies, it fails indicating that the “RPC Server is unavailable”. Well, if you see this message you probably check if that the RPC service is up and running on the server… running in cmd “net start rpcss”. But the command prompt answers you, “don’t worry dude, the service was already running”. “Alright then…” you say, “Let’s try DCDIAG again”… and you get the same error like the first time… And then you go like “Hmmmm… why do I keep getting the same “RPC Server is unavailable” error?” And then I say “I know why dude!”… And then you “You do? Is there any way I can solve it?”…“Of course, why I’ll be posting something that I don’t know the answer!”… and then… OK, enough with the theatre… This issue appears when the configurations between the different DNS servers are not compatible. It’s something like this: you have a correct […]
Scenario: I have the domain contoso.com with only one DC (with DNS) and I wish to add another one in case something goes wrong. – The first thing that you must have is, of course, the new server where you are going to install your second DC. It’s highly recommended that both servers are working with the latest updates, Windows Server 2003 R2 SP2. And the domain is raised into “Windows 2003” functional level (on this level there are some improvements in many things, including the replications between 2003 servers). – Run the Administration Tool “Manage Your Server” in the new Windows 2003 and add the role “Active Directory” for this server. Domain controller promotion wizard – Configure the server as a DC for an existing domain and follow the instructions in the wizard. You’ll be asked for the credentials of privileged account to add a new server. The account must be a member of the “Domain Admins” group. – After the promotion of the new DC is completed, visit again “Manage your Server” and add the role “DNS Server”, but don’t set any new zone on this server. When you configure it as a DNS server the primary server will replicate the zones with this new server. – Each DC must be pointing to themselves as the first preferred DNS server and the secondary DNS must be the remaining DC. First DC TCP/IP configuration Second DC TCP/IP configuration – […]
For those, like me, who uses several times a day and for different connections the Terminal Services and Remote Desktop knows that is a must having a nice and simple way to manage all the connections. That’s why you probably use the “Remote Desktops” snap-in. This is how I use it in Windows Vista: What if I tell you that you can manage all the connections that you want in your Internet Explorer? And if you’re using Mozilla Firefox or IE7 all the connections can be in you different tabs? Probably have the same functionality as this one, but it’s always good to know the option is there right?. This is really simple and easy. Works with Windows Server 2003 and XP: Using “Add or Remove Programs”, select “Add/Remove Components” and in “Application Server” select “Details”. You will find another list and in “Internet Information Services” select “Details” again and check “Remote Desktop Web Connection”. When the installation starts you’ll be prompted to insert the Windows Server 2003 CD. After the installation is complete you are ready to use your Remote Desktop Connection in the default direction established in IIS: http://localhost/tsweb/ As a best practice, is always recommended that you set your permissions in IIS to not allow anonymous authentication, any other will be fine; and use HTTPS for the communication. Cheers!!
“My DC is online, the TCP/IP it´s OK, the DNS service running but I still cannot make a valid connection with AD! “ This is a problem that can be present in many ways. The most common example is: you have your DC completely configure for Active Directory, the DNS server too, and you try to join a workstation to your domain and the following error appears: An Active Directory Domain Controller for the domain [yourdomain.com] could not be contacted.Ensure that the domain name is typed correctly(…) First of all, the obvious: Check that the connectivity is working fine… the DNS server and the DC both of them responds to PING requests. It’s most likely that if you cannot connect to the domain, the PING requests for the FQDN (such as: ping dcname.yourdomain.com or ping yourdomain.com) will not respond as well… but with the IP parameter should be working… if it’s not, then there’s definitely a connectivity problem, a bad TCP/IP configuration or a firewall within the way . Well, let’s see, this is a problem that can really make you nuts trying to solve it. Let’s assume that you have the correct configuration in your DC and workstations. If you have a DHCP server in you network, check that he is doing his job… giving the correct IP address for the workstations, the subnet mask, the DNS server and the other parameters that you are using. DCDIAG really? Can […]