Domain controllers unable to communicate

I have been battling a strange problem that has been difficult to
troubleshoot and difficult to explain or categorize. I'm hoping that someone
may have encountered similar issues and have some ideas.

Problem: About every 3 days or so, the domain controller in the branch
office
will experience some or all of the following problems:
1. From this server, I cannot connect to the administrative share (c$ or
d$) of one or both of the domain controllers in the main office. One of the
main office domain controllers is a Windows 2000 DC upgraded to 2003. The
other DC in the main office is a Windows 2000 domain controller running
Exchange 2003. Most of the time, the connection problems seem to be with the
2003 DC. Whatever DC I am having trouble connecting with, the problem is
bi-directional. I can log on to the other DC and I also cannot connect to an
administrative share on the server in the branch office. However, from the
server in the branch office, I can connect to shares on other servers in the
main office.
2. Mail flow between the main office and this branch office will stop
including outgoing and incoming Internet mail and mail.
3. Most of the time, I can "fix" the problem by rebooting the server in
the branch office. Until I can resolve the problem, I have resorted to
rebooting this server every 3 days late at night. Sometimes a reboot of this
server does not help and I have to reboot one of the other servers in the
main office.
4. If I wait too long to reboot the server in the main office, I cannot
connect to the server with a terminal server connection. However, I can,
establish a remote desktop connection to another Windows XP computer in that
same office and use that computer to make a remote desktop connection to the
branch office server.

This problem seems to have started shortly after upgrading the first DC in
the main office from Windows 2000 to 2003. My event logs on all the servers
are fairly clean. I cannot find anything in any of the event logs that give
me a clue as to what is happening. It appears to be some sort of
authentication problem between the branch office and the main office but the
Application, Directory Service, DNS Server, File Replication Service,
System, etc logs do not give me a clue as to what is happening. Dcdiag and
other such tools seem to run without error. The long term solution that I am
working on is to complete the Windows 2003 upgrades and break up the server
in the branch office into a separate Exchange server (that is not a DC) and
install a new Exchange server in the main office that is not a DC. Until I
can get that accomplished, I am still battling this problem.

Following is a rough summary of the environment:

Environment: Main office and branch office geographically separated
Users: Aproximately 60 users between two offices.
Network: 100MB lan in each office
Inter-office Connectivity: VPN tunnel over a DSL connection
Domain: Mixed Windows 2000 and 2003 domain

Domain controllers:
Branch office currently has one server functioning as
file/print/exchange/domain controller for a office of about 30 users
Main office has two domain controllers. One is an upgraded 2000 DC upgraded
to 2003 running DNS. The other domain controller is the exchange server. It
is still a windows 2000 domain controller but the Exchange server is
Exchange 2003.

Exchange: Exchange 2003 (not native). There are two exchange servers in the
main office and one exchange server in the branch office. One of the
exchange servers in the main office accepts mail for the entire organization
and is also hosts the mailbox stores for the main office of about 20 users.

If anyone has any ideas, I would certainly appreciate it.

Rod

What is the date of the NIC drivers of the server in the branch office. The
NIC drivers pass RPC/NetBIOS communications (along with everything else) so
in the absence of any logical mis-configuration (it works fine for a few
then suddenly stops working for unknown reasons) we are looking at a NIC
driver issue in my opinion.

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

Todd,

That is a good idea and I did check the driver and found a newer driver and
updated it. However, the problem takes 2 or 3 days to resurface after a
reboot and if I don't proactively reboot it in the evening, I usually have
to kick everyone off during the day when the problem resurfaces. I won't
know for a few days. However, I am inclined to think that the driver may not
be the problem because sometimes when this happens and I reboot, I still
cannot connect to the administrative shares on a domain controller in the
home office until I reboot that home office domain controller. The domain
controllers in the home office never have any trouble connecting to each
other. The problem is always between the DC in the branch office and one or
both DC's in the home office.

Thanks,

Rod

"Todd J Heron" <(E-Mail Removed)> wrote in message
news:ep$(E-Mail Removed)...
> What is the date of the NIC drivers of the server in the branch office.
> The
> NIC drivers pass RPC/NetBIOS communications (along with everything else)
> so
> in the absence of any logical mis-configuration (it works fine for a few
> then suddenly stops working for unknown reasons) we are looking at a NIC
> driver issue in my opinion.
>
> --
> Todd J Heron, MCSE
> Windows Server 2003/2000/NT; CCA
> ----------------------------------------------------------------------------
> This posting is provided "as is" with no warranties and confers no rights
>

When troubleshooting this particular issue it's best to do some
basic troubleshooting when the problem occurs e.g., connectivity
is a good place to start. If you've tried all the following post the
results as well as any / all errors returned. Ping by tcp/ip address
then by name. Attempt to map to any shares by tcp/ip address
then by name. Open a dos prompt and run net view; what do
you see? I would start with the problem server. Make sure you
check the system log of the event viewer on the problem machine
as well.

"Rod" <(E-Mail Removed)> wrote in message news:...
> I have been battling a strange problem that has been difficult to
> troubleshoot and difficult to explain or categorize. I'm hoping that
someone
> may have encountered similar issues and have some ideas.
>
> Problem: About every 3 days or so, the domain controller in the branch
> office
> will experience some or all of the following problems:
> 1. From this server, I cannot connect to the administrative share (c$
or
> d$) of one or both of the domain controllers in the main office. One of
the
> main office domain controllers is a Windows 2000 DC upgraded to 2003. The
> other DC in the main office is a Windows 2000 domain controller running
> Exchange 2003. Most of the time, the connection problems seem to be with
the
> 2003 DC. Whatever DC I am having trouble connecting with, the problem is
> bi-directional. I can log on to the other DC and I also cannot connect to
an
> administrative share on the server in the branch office. However, from the
> server in the branch office, I can connect to shares on other servers in
the
> main office.
> 2. Mail flow between the main office and this branch office will stop
> including outgoing and incoming Internet mail and mail.
> 3. Most of the time, I can "fix" the problem by rebooting the server
in
> the branch office. Until I can resolve the problem, I have resorted to
> rebooting this server every 3 days late at night. Sometimes a reboot of
this
> server does not help and I have to reboot one of the other servers in the
> main office.
> 4. If I wait too long to reboot the server in the main office, I
cannot
> connect to the server with a terminal server connection. However, I can,
> establish a remote desktop connection to another Windows XP computer in
that
> same office and use that computer to make a remote desktop connection to
the
> branch office server.
>
> This problem seems to have started shortly after upgrading the first DC in
> the main office from Windows 2000 to 2003. My event logs on all the
servers
> are fairly clean. I cannot find anything in any of the event logs that
give
> me a clue as to what is happening. It appears to be some sort of
> authentication problem between the branch office and the main office but
the
> Application, Directory Service, DNS Server, File Replication Service,
> System, etc logs do not give me a clue as to what is happening. Dcdiag and
> other such tools seem to run without error. The long term solution that I
am
> working on is to complete the Windows 2003 upgrades and break up the
server
> in the branch office into a separate Exchange server (that is not a DC)
and
> install a new Exchange server in the main office that is not a DC. Until I
> can get that accomplished, I am still battling this problem.
>
> Following is a rough summary of the environment:
>
> Environment: Main office and branch office geographically separated
> Users: Aproximately 60 users between two offices.
> Network: 100MB lan in each office
> Inter-office Connectivity: VPN tunnel over a DSL connection
> Domain: Mixed Windows 2000 and 2003 domain
>
> Domain controllers:
> Branch office currently has one server functioning as
> file/print/exchange/domain controller for a office of about 30 users
> Main office has two domain controllers. One is an upgraded 2000 DC
upgraded
> to 2003 running DNS. The other domain controller is the exchange server.
It
> is still a windows 2000 domain controller but the Exchange server is
> Exchange 2003.
>
> Exchange: Exchange 2003 (not native). There are two exchange servers in
the
> main office and one exchange server in the branch office. One of the
> exchange servers in the main office accepts mail for the entire
organization
> and is also hosts the mailbox stores for the main office of about 20
users.
>
> If anyone has any ideas, I would certainly appreciate it.
>
> Rod
>
>
>