![]() HKLM\System\CurrentControlSet\services\TCPIP6\Parameters The registry key deployed was a DWORD key labeled "DisabledComponents" with a value of ffffffff and it was added to the following path: This required a complete Force disable of the IPv6 on the NIC configurations as well as deploying a Registry key entry via GPO to force disable IPv6 due to the fact that simply disabling on the NIC side actually does nothing for actually disabling it completely. Three are virtual and one is physical and we also have the roles split as recommended by Microsoft Best Practices.Īfter many hours of troubleshooting with Microsoft, we were finally able to determine that the AD/GC syncing was getting further and further out of sync due to the IPv6 feature since our networks do not support IPv6. It took some time to track down as we were focused on possible DNS issues.Īfter running through troubleshooting and constant reboots, the catalogs simply got further and further out of sync until two of the DCs completely failed, and a VM snapshot restore in an effort to recover them only compounded the issue, although the snapshot restore was in fact only tried as a last resort to try and avoid decommissioning and rebuilding the DC's that were more severely impacted.Īfter running DCDIAG, NETDOM, NDSUTIL, REPADMIN, DSMGMT, NLTEST and NSLOOKUP, we found that DNS was in fact setup and functioning perfectly, and the same with the rest of our server configurations, however, the IDS and stream block were actually bringing to light an IPv6 problem we found to be causing constant communication issues between the DC's.Īt this point, we had no choice but to force seize all roles to one DC, decommission three DCs, and redeploy two, one to our corporate office and one to our Berkeley office. The IDS (Intrusion Detection) feature and rules for blocking Internet "Streaming" were causing what appeared to be DNS issues and were more prevalent in our corporate office with an occasional impact in our Texas and California offices. The problem was brought to the forefront after installing a new SonicWall Firewall in our Corporate office. Within a few months after upgrading our domain controllers from Windows Server 2008 to Windows Server 2008 R2, we had 3 out of 5 DC's become inoperable, Exchange was down for 4 days and the complete resolution to the disaster took almost a week, working nearly around the clock.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |