I'm new to this environment and unsure where to begin with some replication and time sync issues between two domain controllers. One (DC1) is a physical server with all the FSMO roles, and the other (DC2) is a virtual server running on DC1. When I run 'dcdiag' on DC1, I see several troubling errors regarding replication failures and time discrepancies. The errors indicate that DC2 seems unavailable, and some are pointing to Kerberos issues and time differences between servers. I've tried adjusting GPOs and running various time commands, but I'm still stuck. Any advice would be greatly appreciated!
2 Answers
Before diving deeper into your configuration, make sure to check the actual time on both servers. Sometimes the virtual machine gets behind due to resource contention. If possible, set one server as the NTP source and enable time sync with the host for the VM. Also, keep an eye on your virtual CPUs; don't overload the physical host. Just a heads up to try these basic checks before anything else!
Check the DNS settings for both domain controllers—what are they using? Ensure that they point to each other and to localhost for backups. If they're synced to their local time sources, verify the time source with the command 'w32tm /query /source'. If everything else fails, consider demoting DC2, moving its file duties, and setting up a proper secondary DC. Good luck, it's a tricky situation!
They both have DNS configured to point to each other and themselves. I was thinking of checking the BIOS time on DC1—I'll report back what I find!
I checked the VM and host, and they both show the same time in Windows.