Very Computer

I have read a few posts about setting up another domain controller in the
event our SBS server goes down.  The following post gave the quick & dirty
for configuring the 2nd domain controller, which would just sit there until
the above scenario occurs.

http://www.microsoft.com/technet/community/newsgroups/managed/dgbrows...

Here's what I did:

-Install a new licensed copy of Windows 2003 Std server. Since this is just a
plain DC that will do absolutely nothing else, any workstation with 256MB
RAM will do.
-Make it a member server.
-Run DCPROMO on the machine to make it a DC.
-Once it's a DC and passes DCDIAG tests, go to Active Directory Sites and
Services, Sites -> Default-first-site-name -> Servers -> NewServer
Right click on NTDS settings and check the "Global Catalog" checkbox and
then click OK.
-Install DNS & DHCP

My goal (in a perfect world) was to have all the other servers accessible in
the case of the SBS going down.  If that happens, I would activate DHCP on
the 2nd DC which is already setup with DNS.  Users could reboot and get a new
IP with the new DNS server IP.  The login script would run mapping drives to
the file server...and both web-based apps would be available since the new
DNS server would point them to the respective server.

In my testing, when I took the SBS server offline, our workstations came to
a crawl after the reboot.  The logon script wouldn't run and our NAS(file
server) freaked out because the log reported it couldn't contact a domain
controller.  The web-based app hosted in the W2K3 server was accessible from
an outside computer, but the login failed....the login requires access to
Active Directory.

I feel like I'm missing something...or the 2nd domain controller is not
being recognized as such.

how long after the install did you wait to test all this??

--
Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the newsgroup so all can take advantage

  Our SBS 2K3 server is the only DC on our office.  We have a NAS file server,
  a W2K3 std member server hosting a web-based application (accessible from
  outside our network), and a UNIX server also hosting a web-based application.

  I have read a few posts about setting up another domain controller in the
  event our SBS server goes down.  The following post gave the quick & dirty
  for configuring the 2nd domain controller, which would just sit there until
  the above scenario occurs.

  http://www.microsoft.com/technet/community/newsgroups/managed/dgbrows...

  Here's what I did:

  -Install a new licensed copy of Windows 2003 Std server. Since this is just a
  plain DC that will do absolutely nothing else, any workstation with 256MB
  RAM will do.
  -Make it a member server.
  -Run DCPROMO on the machine to make it a DC.
  -Once it's a DC and passes DCDIAG tests, go to Active Directory Sites and
  Services, Sites -> Default-first-site-name -> Servers -> NewServer
  Right click on NTDS settings and check the "Global Catalog" checkbox and
  then click OK.
  -Install DNS & DHCP

  My goal (in a perfect world) was to have all the other servers accessible in
  the case of the SBS going down.  If that happens, I would activate DHCP on
  the 2nd DC which is already setup with DNS.  Users could reboot and get a new
  IP with the new DNS server IP.  The login script would run mapping drives to
  the file server...and both web-based apps would be available since the new
  DNS server would point them to the respective server.

  In my testing, when I took the SBS server offline, our workstations came to
  a crawl after the reboot.  The logon script wouldn't run and our NAS(file
  server) freaked out because the log reported it couldn't contact a domain
  controller.  The web-based app hosted in the W2K3 server was accessible from
  an outside computer, but the login failed....the login requires access to
  Active Directory.

  I feel like I'm missing something...or the 2nd domain controller is not
  being recognized as such.

Upon further investigation, I did find a few of these Warnings in the
Application Event Log:

Event ID: 53258
Source:  MSDTC
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC
will continue to function and will use the existing security settings. Error
Specifics: %1

I did a little research and found and performed the following:
I had this error after upgrading from Win2k to Win2k3 and applying SP1. I
fixed this by changing the registry key HKLM\Software\Microsoft\MSDTC, and
giving the Network Service "Create Subkey" and "Set Value" Permissions.

David Grant (Last update 4/12/2005):
I corrected the error by doing the following:
1. Click Start -> Administrative Tools -> Component Services.
2. Click the "+" next to Component services to expand it.
3. Right click "My Computer" in the right window pane and select Properties.
4. Click the MS DTC Tab.
5. Click the "Security Configuration" button, a dialog box appears. Click
"OK".
6. Click "OK" on the "My Computer Properties" box; this will take you back
to the console.
7. Right click "My Computer" and select "Stop MS DTC" (this stops the MSDTC
service.
8. Again, right click "My Computer" and select "Start MS DTC".
By following the above steps, it appears that this sets the MS DTC defaults
resolving the error messages. Check the event log to verify that the problem
is gone. You might also want to restart the server to verify this.  

Could this have been my problem??

-----

most likely...
Not a big fan of "inplace" upgrades personnally.

A number of MVPs were having an off line discussion on this very topic (changes in certain modules from 2000 to 2003)

is it replicating and have you retested??

--
Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the newsgroup so all can take advantage

  2 days.  The install was on a Thursday and the testing was on Saturday morning.

  Upon further investigation, I did find a few of these Warnings in the
  Application Event Log:

  Event ID: 53258
  Source:  MSDTC
  MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC
  will continue to function and will use the existing security settings. Error
  Specifics: %1

  I did a little research and found and performed the following:
  I had this error after upgrading from Win2k to Win2k3 and applying SP1. I
  fixed this by changing the registry key HKLM\Software\Microsoft\MSDTC, and
  giving the Network Service "Create Subkey" and "Set Value" Permissions.

  David Grant (Last update 4/12/2005):
  I corrected the error by doing the following:
  1. Click Start -> Administrative Tools -> Component Services.
  2. Click the "+" next to Component services to expand it.
  3. Right click "My Computer" in the right window pane and select Properties.
  4. Click the MS DTC Tab.
  5. Click the "Security Configuration" button, a dialog box appears. Click
  "OK".
  6. Click "OK" on the "My Computer Properties" box; this will take you back
  to the console.
  7. Right click "My Computer" and select "Stop MS DTC" (this stops the MSDTC
  service.
  8. Again, right click "My Computer" and select "Start MS DTC".
  By following the above steps, it appears that this sets the MS DTC defaults
  resolving the error messages. Check the event log to verify that the problem
  is gone. You might also want to restart the server to verify this.  

  Could this have been my problem??

  -----

  > how long after the install did you wait to test all this??
  >
  > --
  > Cris Hanna [SBS-MVP]
  > --------------------------------------
  > Please do not respond directly to me, but only post in the newsgroup so all can take advantage

  >   Our SBS 2K3 server is the only DC on our office.  We have a NAS file server,
  >   a W2K3 std member server hosting a web-based application (accessible from
  >   outside our network), and a UNIX server also hosting a web-based application.
  >
  >   I have read a few posts about setting up another domain controller in the
  >   event our SBS server goes down.  The following post gave the quick & dirty
  >   for configuring the 2nd domain controller, which would just sit there until
  >   the above scenario occurs.
  >
  >   http://www.microsoft.com/technet/community/newsgroups/managed/dgbrows...
  >
  >   Here's what I did:
  >
  >   -Install a new licensed copy of Windows 2003 Std server. Since this is just a
  >   plain DC that will do absolutely nothing else, any workstation with 256MB
  >   RAM will do.
  >   -Make it a member server.
  >   -Run DCPROMO on the machine to make it a DC.
  >   -Once it's a DC and passes DCDIAG tests, go to Active Directory Sites and
  >   Services, Sites -> Default-first-site-name -> Servers -> NewServer
  >   Right click on NTDS settings and check the "Global Catalog" checkbox and
  >   then click OK.
  >   -Install DNS & DHCP
  >
  >   My goal (in a perfect world) was to have all the other servers accessible in
  >   the case of the SBS going down.  If that happens, I would activate DHCP on
  >   the 2nd DC which is already setup with DNS.  Users could reboot and get a new
  >   IP with the new DNS server IP.  The login script would run mapping drives to
  >   the file server...and both web-based apps would be available since the new
  >   DNS server would point them to the respective server.
  >
  >   In my testing, when I took the SBS server offline, our workstations came to
  >   a crawl after the reboot.  The logon script wouldn't run and our NAS(file
  >   server) freaked out because the log reported it couldn't contact a domain
  >   controller.  The web-based app hosted in the W2K3 server was accessible from
  >   an outside computer, but the login failed....the login requires access to
  >   Active Directory.
  >
  >   I feel like I'm missing something...or the 2nd domain controller is not
  >   being recognized as such

Everything seems to be replicating....but I thought it was before I tested
on Saturday.  I have not retested since I can't take our current SBS offline
until the weekend.

did I mis-understand?  thought the DC was originally Win2k that was upgraded to Win2k3?

--
Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the newsgroup so all can take advantage

  I'm not sure what you mean by "inplace upgrades".

  Everything seems to be replicating....but I thought it was before I tested
  on Saturday.  I have not retested since I can't take our current SBS offline
  until the weekend.

  > most likely...
  > Not a big fan of "inplace" upgrades personnally.
  >
  > A number of MVPs were having an off line discussion on this very topic (changes in certain modules from 2000 to 2003)
  >
  > is it replicating and have you retested??
  >
  > --
  > Cris Hanna [SBS-MVP]
  > --------------------------------------
  > Please do not respond directly to me, but only post in the newsgroup so all can take advantage

  >   2 days.  The install was on a Thursday and the testing was on Saturday morning.
  >
  >   Upon further investigation, I did find a few of these Warnings in the
  >   Application Event Log:
  >
  >   Event ID: 53258
  >   Source:  MSDTC
  >   MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC
  >   will continue to function and will use the existing security settings. Error
  >   Specifics: %1
  >
  >   I did a little research and found and performed the following:
  >   I had this error after upgrading from Win2k to Win2k3 and applying SP1. I
  >   fixed this by changing the registry key HKLM\Software\Microsoft\MSDTC, and
  >   giving the Network Service "Create Subkey" and "Set Value" Permissions.
  >
  >   David Grant (Last update 4/12/2005):
  >   I corrected the error by doing the following:
  >   1. Click Start -> Administrative Tools -> Component Services.
  >   2. Click the "+" next to Component services to expand it.
  >   3. Right click "My Computer" in the right window pane and select Properties.
  >   4. Click the MS DTC Tab.
  >   5. Click the "Security Configuration" button, a dialog box appears. Click
  >   "OK".
  >   6. Click "OK" on the "My Computer Properties" box; this will take you back
  >   to the console.
  >   7. Right click "My Computer" and select "Stop MS DTC" (this stops the MSDTC
  >   service.
  >   8. Again, right click "My Computer" and select "Start MS DTC".
  >   By following the above steps, it appears that this sets the MS DTC defaults
  >   resolving the error messages. Check the event log to verify that the problem
  >   is gone. You might also want to restart the server to verify this.  
  >
  >   Could this have been my problem??
  >
  >   -----

  >
  >   > how long after the install did you wait to test all this??
  >   >
  >   > --
  >   > Cris Hanna [SBS-MVP]
  >   > --------------------------------------
  >   > Please do not respond directly to me, but only post in the newsgroup so all can take advantage

  >   >   Our SBS 2K3 server is the only DC on our office.  We have a NAS file server,
  >   >   a W2K3 std member server hosting a web-based application (accessible from
  >   >   outside our network), and a UNIX server also hosting a web-based application.
  >   >
  >   >   I have read a few posts about setting up another domain controller in the
  >   >   event our SBS server goes down.  The following post gave the quick & dirty
  >   >   for configuring the 2nd domain controller, which would just sit there until
  >   >   the above scenario occurs.
  >   >
  >   >   http://www.microsoft.com/technet/community/newsgroups/managed/dgbrows...
  >   >
  >   >   Here's what I did:
  >   >
  >   >   -Install a new licensed copy of Windows 2003 Std server. Since this is just a
  >   >   plain DC that will do absolutely nothing else, any workstation with 256MB
  >   >   RAM will do.
  >   >   -Make it a member server.
  >   >   -Run DCPROMO on the machine to make it a DC.
  >   >   -Once it's a DC and passes DCDIAG tests, go to Active Directory Sites and
  >   >   Services, Sites -> Default-first-site-name -> Servers -> NewServer
  >   >   Right click on NTDS settings and check the "Global Catalog" checkbox and
  >   >   then click OK.
  >   >   -Install DNS & DHCP
  >   >
  >   >   My goal (in a perfect world) was to have all the other servers accessible in
  >   >   the case of the SBS going down.  If that happens, I would activate DHCP on
  >   >   the 2nd DC which is already setup with DNS.  Users could reboot and get a new
  >   >   IP with the new DNS server IP.  The login script would run mapping drives to
  >   >   the file server...and both web-based apps would be available since the new
  >   >   DNS server would point them to the respective server.
  >   >
  >   >   In my testing, when I took the SBS server offline, our workstations came to
  >   >   a crawl after the reboot.  The logon script wouldn't run and our NAS(file
  >   >   server) freaked out because the log reported it couldn't contact a domain
  >   >   controller.  The web-based app hosted in the W2K3 server was accessible from
  >   >   an outside computer, but the login failed....the login requires access to
  >   >   Active Directory.
  >   >
  >   >   I feel like I'm missing something...or the 2nd domain controller is not
  >   >   being recognized as such