URGENT--Unable to establish connection with global catalog.

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

gphalpin@gmail.com - 26 Jul 2005 23:02 GMT

I have run into a very bizarre problem at my new job and no one knows
the history or how to fix the DNS problems because there are so many
domains.

When I reboot any of the five domain controllers, I cannot log back on
to them for several hours until they can locate a Global Catalog
server. But I can still access the shares on those servers from other
computers. I have read many posts about this and DNS posts but none
are quite like my issue. There are definitely DNS problems with our
network but they won't be fixed until we setup a new Forest and Domain
with new DNS servres. In the meantime, is there are way to configure
domain controllers to look for a particular Global Catalog server? The
DCs eventually find a Global Catalog server but it takes several hours.

Event ID 1126
Unable to establish connection with global catalog.

Thanks,

Greg

Reply to this Message

Steve Duff [MVP] - 27 Jul 2005 01:52 GMT

If DNS is really misconfigured, you're fortunate that this is your worst problem.

Systems find global catalog DCs using a locator service that depends deeply on a functioning and properly-configured DNS serving
active directory.

One workaround for your problem might be to make every DC a GC - possibly even in separate sites, but this has some implications,
especially if your existing topology isn't working. And it still would not help if DNS is broken. I am not recommending trying it.

I should think the solution is to patch up the DNS configuration you presently have, whether or not you intend to change it down the
line. Why do you say that not possible?

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

>I have run into a very bizarre problem at my new job and no one knows
> the history or how to fix the DNS problems because there are so many
[quoted text clipped - 16 lines]
>
> Greg

Reply to this Message

Greg H - 27 Jul 2005 14:41 GMT

I guess we will have to get our DNS problem corrected but no one here
is very experienced with it. Where I worked before, DNS was functioned
properly and I never had to look at it.

In the meantime, I'd like to avoid setting all my DCs as global catalog
servers. What I'm wondering is what is the process that a DC goes
through to locate a global catalog server? And what can I configure to
make it take less time. There is a GC in the same rack as these problem
servers but they don't find it for hours. Do I add a sevice record in
DNS or tell the server to point to a DNS server that is actually
working? If so, how is that done?

Right now, I have to wait hours before I can log back into a DC after
rebooting because it cannot locate a GC. I can access the server
shares from another server or workstation but cannot logon to it. I'm
concerned I may not be able to log back on to one of these servers.

Thanks,

Greg

Reply to this Message

Steve Duff [MVP] - 27 Jul 2005 18:10 GMT

The basic process it goes through to locate GC servers is to look in DNS. You cannot really work around a DNS problem, you just have
to fix it. You can manually add or fix SRV records, but there is an easier way:

As a start, verify the following:

1) All machines (servers and workstations) MUST point only to an internal DNS server(s) for the domain.
2) Make sure dynamic DNS updates are enabled on the AD zones in DNS

Now try running a "netdiag /fix" on all DCs. That will either clean up the AD DNS records or point you to the problems. Post back
with the relevant section of the netdiag output if you need to.

There are two other utilities that may be of use for this: dcdiag and nltest - but if the problem is only DNS then you likely won't
need to use these.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

>I guess we will have to get our DNS problem corrected but no one here
> is very experienced with it. Where I worked before, DNS was functioned
[quoted text clipped - 16 lines]
>
> Greg

Reply to this Message