Link to home
Start Free TrialLog in
Avatar of JosephGreenwald
JosephGreenwald

asked on

DNS Issues

Hello,  I've been trying to get an issue straightened out since I took back over a network at a law fim.  There are issues with DNS that I've discovered due to errors in the event viewer.  The error states:

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4010
Date:            8/2/2006
Time:            10:38:34 AM
User:            N/A
Computer:      FILESERVER
Description:
The DNS server was unable to create a resource record for  10.0.0.10.in-addr.arpa. in zone 10.in-addr.arpa. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 00 00 00               {...    

Now I have discovered that I cannot access any of the administrative shares (or any shares for that matter) on the most of the network (approximately 75 Windows XP PCs).  Although some do work.

This is a Server 2003 domain.  I have a Fileserver and an Exchange Server, both of which are configured to be Domain Controllers.  Both are also running DNS.  I am using Root Hints and Forwarders (from the ISP).  DNS seems to work just fine when surfing the internet, I just keep getting the event viewer errors; except for our OWA web address.  I changed the DNS forwarders to XO communications DNS servers and now it seems that it can't resolve the IP for OWA.  I know OWA is working properly because it works just fine outside of the office.  Maybe someone can provide me with better DNS servers to use.  I changed them last week because users were complaining of slow internet, and then I ran into issues with Delayed Messages from Exchange, so I'm now using the ISP recommended ones, but now I have this problem.

I"ve tried several things over the past two weeks, including removing and reinstalling DNS from both servers, clearing the DNS cache, and reloading the root hints list from the backup directory as advised by the Microsoft Knowledgebase.  I've also tried looking up the events in eventid.net and nothing has helped.  I really need to get these administrative shares working and I don't want to run into anymore issues down the road.

Please someone, help!!
Avatar of Jay_Jay70
Jay_Jay70
Flag of Australia image

this might at least help get us started

http://www.eventid.net/display.asp?eventid=4010&eventno=791&source=DNS&phase=1

after that you may need to look at recreating your DNS zones
ah crap just read over that Q again, apologies, you have already read this
what does your dcdiag come back with?
Avatar of Chris Dent

> Maybe someone can provide me with better DNS servers to use.  I changed them last week because users
> were complaining of slow internet, and then I ran into issues with Delayed Messages from Exchange, so
> I'm now using the ISP recommended ones, but now I have this problem.

If you're having problems with the Forwarders then the first thing I would do is get rid of them. You don't need them, your server will happily resolve requests using Root Hints without having to have anything to do with ISPs Name Servers.

Once you've done that see what works and what doesn't, it gives you a much simpler base to troubleshoot from.

Chris
Avatar of JosephGreenwald
JosephGreenwald

ASKER

Thanks for your replies.

Everything passes in DCdiag except this:

 Starting test: frsevent
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared.  Failing SYSVOL replication problems may cause
    Group Policy problems.




I ran netdiag too and I get some errors there, but haven't been able to get to the bottom of those either:




    Computer Name: FILESERVER
    DNS Host Name: FILESERVER.JGLLAW.COM
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
    List of installed hotfixes :
        KB833407
        KB890046
        KB893756
        KB896358
        KB896422
        KB896424
        KB896428
        KB896688
        KB896727
        KB898715
        KB898792
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB905414
        KB905915
        KB908519
        KB908531
        KB910437
        KB911280
        KB911562
        KB911567
        KB911927
        KB912919
        KB913446
        KB914388
        KB914389
        KB916281
        KB917159
        KB917344
        KB917734
        KB917953
        KB918439
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Team #0 - Adaptive Load Balancing Mode

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : FILESERVER
        IP Address . . . . . . . . : 10.0.0.10
        Subnet Mask. . . . . . . . : 255.0.0.0
        Default Gateway. . . . . . : 10.0.0.22
        Dns Servers. . . . . . . . : 10.0.0.10
                                     10.0.0.5


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

    Adapter : {FA7B7980-2826-4AA6-B663-E5F6FF10262D}

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : FILESERVER
        IP Address . . . . . . . . : 10.0.0.123
        Subnet Mask. . . . . . . . : 255.255.255.255
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{0EA37839-E303-413A-B737-75A9AD31E62A}
        NetBT_Tcpip_{FA7B7980-2826-4AA6-B663-E5F6FF10262D}
    2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
              [FATAL]: The DNS registration for 'FILESERVER.JGLLAW.COM' is incorrect on all DNS servers.
    PASS - All the DNS entries for DC are registered on DNS server '10.0.0.10' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '10.0.0.5' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{0EA37839-E303-413A-B737-75A9AD31E62A}
        NetBT_Tcpip_{FA7B7980-2826-4AA6-B663-E5F6FF10262D}
    The redir is bound to 2 NetBt transports.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{0EA37839-E303-413A-B737-75A9AD31E62A}
        NetBT_Tcpip_{FA7B7980-2826-4AA6-B663-E5F6FF10262D}
    The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'FILESERVER.JGLLAW.COM'.
    [WARNING] Failed to query SPN registration on DC 'exchange1.JGLLAW.COM'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    Service status  is: Started
    Service startup is: Automatic
    IPSec service is available, but no policy is assigned or active
    Note: run "ipseccmd /?" for more detailed information


The command completed successfully
Chris, thanks for your reply as well.

Won't getting rid of the forwarders slow my internet access a little?  The slightest drop in speed and I have people all over me.  I have 75 users here and I read somewhere that a moderately sized network will operate a little faster with forwarders enabled.

What do you think?  Do you think that this will prevent my message delay issues with Exchange as well?
I forgot to mention that I'm getting this error in the event viewer as well:

Event Type:      Warning
Event Source:      NtFrs
Event Category:      None
Event ID:      13508
Date:            8/2/2006
Time:            11:18:26 PM
User:            N/A
Computer:      FILESERVER
Description:
The File Replication Service is having trouble enabling replication from EXCHANGE1 to FILESERVER for c:\windows\sysvol\domain using the DNS name exchange1.JGLLAW.COM. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name exchange1.JGLLAW.COM from this computer.
 [2] FRS is not running on exchange1.JGLLAW.COM.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 04 00 00               Õ...    

> Won't getting rid of the forwarders slow my internet access a little?  The slightest drop in speed and I
> have people all over me.  I have 75 users here and I read somewhere that a moderately sized network
> will operate a little faster with forwarders enabled.
>
> What do you think?  Do you think that this will prevent my message delay issues with Exchange as well?

That is debatable, and even if it does you're talking milliseconds. The thing is, Forwarders date back to when Modems were in full use and there wasn't the bandwidth for a single server to perform a recursive query, instead it would just send the request off to the Forwarder and that (with it's larger bandwidth and generally larger Cache) would do all the work for you.

It does also mean that your server will start holding it's own Cache - so in some cases name resolution will actually be faster.

The main disadvantage of Forwarders in my opinion is that it makes you completely reliant on someone elses network - and that I really don't like.

Message Delays in Exchange could well be related to the same thing - DNS is required for everything after all.

> [FATAL]: The DNS registration for 'FILESERVER.JGLLAW.COM' is incorrect on all DNS servers.

For this last little part, is FileServer failing to register it's records in DNS correctly?

Chris

Oh one thing I should have added.

In some cases (and it's not all that uncommon) it can actually be slower getting answers from a Forwarder than directly. It all depends on how well the servers at your ISP are setup and how many other people are asking it questions.

Chris
Chris, thanks for the info.  I'll try disabling forwarders and see what happens.  I agree with you on relying on other networks.  When I worked for a consultant before, we were constantly changing the forwarders when there were speed issues.

How would I check to see of the Fileserver is failing the registration?

Well the first place would be to see if FileServer has an A record registered in DNS. Is it a Domain Controller? If so you should run "ipconfig /registerdns" then check the event log for registration errors.

I take it FileServer has the same DNS servers as posted in your DCDiag log above?

Chris
Yes, Filserver has an A record registered and Yes, it is a domain controller.

Yes, the Fileserver has the DNS servers 10.0.0.10 (which is itself) and 10.0.0.5 (which is Exchange1).

Tried running ipconfig/registerdns and it said to check event viewer but there wasn't anything after 30.  Any thoughts?

Then it's possible it's referring to the Service Records (or GUID record) it should have registered in DNS.

Still, we can make DCDiag tell us a bit more... if you run it with /v and /c it'll say more about it... or it should.

Chris
I found another issue aside from not being to resolve our OWA address.  It also cannot resolve the website of the firm which is hosted externally.  I must've screwed something up when recreating the forward lookup zone?  Do I have to manually place these records in there?

I named the forward lookup zone jgllaw.com (which is what it was before).  Should I not have done this?  Should I have named it jgllaw.local?

Here's DCdiag with /v and /c

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.JGL>dcdiag /v /c

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine FILESERVER, is a DC.
   * Connecting to directory service on server FILESERVER.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\FILESERVER
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... FILESERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\FILESERVER
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=DomainDnsZones,DC=JGLLAW,DC=COM
               Latency information for 4 entries in the vector were ignored.
                  4 were retired Invocations.  0 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
            DC=ForestDnsZones,DC=JGLLAW,DC=COM
               Latency information for 4 entries in the vector were ignored.
                  4 were retired Invocations.  0 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
            CN=Schema,CN=Configuration,DC=JGLLAW,DC=COM
               Latency information for 6 entries in the vector were ignored.
                  6 were retired Invocations.  0 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
            CN=Configuration,DC=JGLLAW,DC=COM
               Latency information for 6 entries in the vector were ignored.
                  6 were retired Invocations.  0 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
            DC=JGLLAW,DC=COM
               Latency information for 6 entries in the vector were ignored.
                  6 were retired Invocations.  0 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
         * Replication Site Latency Check
         ......................... FILESERVER passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=DomainDnsZones,DC=JGLLAW,DC=
COM.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=ForestDnsZones,DC=JGLLAW,DC=
COM.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=J
GLLAW,DC=COM.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=JGLLAW,DC=C
OM.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=JGLLAW,DC=COM.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... FILESERVER passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=DomainDnsZones
,DC=JGLLAW,DC=COM.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=ForestDnsZones
,DC=JGLLAW,DC=COM.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Conf
iguration,DC=JGLLAW,DC=COM.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,
DC=JGLLAW,DC=COM.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=JGLLAW,DC=COM.

         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... FILESERVER passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions Check for
           DC=DomainDnsZones,DC=JGLLAW,DC=COM
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=ForestDnsZones,DC=JGLLAW,DC=COM
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=JGLLAW,DC=COM
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=JGLLAW,DC=COM
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=JGLLAW,DC=COM
            (Domain,Version 2)
         ......................... FILESERVER passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         ......................... FILESERVER passed test NetLogons
      Starting test: Advertising
         The DC FILESERVER is advertising itself as a DC and having a DS.
         The DC FILESERVER is advertising as an LDAP server
         The DC FILESERVER is advertising as having a writeable directory
         The DC FILESERVER is advertising as a Key Distribution Center
         The DC FILESERVER is advertising as a time server
         The DS FILESERVER is advertising as a GC.
         ......................... FILESERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=FILESERVER,CN=Servers,CN=Defaul
t-First-Site-Name,CN=Sites,CN=Configuration,DC=JGLLAW,DC=COM
         Role Domain Owner = CN=NTDS Settings,CN=FILESERVER,CN=Servers,CN=Defaul
t-First-Site-Name,CN=Sites,CN=Configuration,DC=JGLLAW,DC=COM
         Role PDC Owner = CN=NTDS Settings,CN=FILESERVER,CN=Servers,CN=Default-F
irst-Site-Name,CN=Sites,CN=Configuration,DC=JGLLAW,DC=COM
         Role Rid Owner = CN=NTDS Settings,CN=FILESERVER,CN=Servers,CN=Default-F
irst-Site-Name,CN=Sites,CN=Configuration,DC=JGLLAW,DC=COM
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=FILESERVER,CN=Se
rvers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=JGLLAW,DC=COM
         ......................... FILESERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 4886 to 1073741823
         * FILESERVER.JGLLAW.COM is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 2386 to 2885
         * rIDPreviousAllocationPool is 2386 to 2885
         * rIDNextRID: 2407
         ......................... FILESERVER passed test RidManager
      Starting test: MachineAccount
         * SPN found :LDAP/FILESERVER.JGLLAW.COM/JGLLAW.COM
         * SPN found :LDAP/FILESERVER.JGLLAW.COM
         * SPN found :LDAP/FILESERVER
         * SPN found :LDAP/FILESERVER.JGLLAW.COM/JGL
         * SPN found :LDAP/cb8c0be5-6e03-45c0-9850-d931ea481688._msdcs.JGLLAW.CO
M
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/cb8c0be5-6e03-45c0-98
50-d931ea481688/JGLLAW.COM
         * SPN found :HOST/FILESERVER.JGLLAW.COM/JGLLAW.COM
         * SPN found :HOST/FILESERVER.JGLLAW.COM
         * SPN found :HOST/FILESERVER
         * SPN found :HOST/FILESERVER.JGLLAW.COM/JGL
         * SPN found :GC/FILESERVER.JGLLAW.COM/JGLLAW.COM
         ......................... FILESERVER passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... FILESERVER passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... FILESERVER passed test OutboundSecureChannels

      Starting test: ObjectsReplicated
         FILESERVER is in domain DC=JGLLAW,DC=COM
         Checking for CN=FILESERVER,OU=Domain Controllers,DC=JGLLAW,DC=COM in do
main DC=JGLLAW,DC=COM on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=FILESERVER,CN=Servers,CN=Default-First
-Site-Name,CN=Sites,CN=Configuration,DC=JGLLAW,DC=COM in domain CN=Configuration
,DC=JGLLAW,DC=COM on 1 servers
            Object is up-to-date on all servers.
         ......................... FILESERVER passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... FILESERVER passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         An Warning Event occured.  EventID: 0x800034C4
            Time Generated: 08/02/2006   23:18:26
            (Event String could not be retrieved)
         ......................... FILESERVER failed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minut
es.
         ......................... FILESERVER passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... FILESERVER passed test systemlog
      Starting test: VerifyReplicas
         ......................... FILESERVER passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
         CN=FILESERVER,OU=Domain Controllers,DC=JGLLAW,DC=COM and backlink on
         CN=FILESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu
ration,DC=JGLLAW,DC=COM
         are correct.
         The system object reference (frsComputerReferenceBL)
         CN=FILESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
n Service,CN=System,DC=JGLLAW,DC=COM
         and backlink on CN=FILESERVER,OU=Domain Controllers,DC=JGLLAW,DC=COM
         are correct.
         The system object reference (serverReferenceBL)
         CN=FILESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
n Service,CN=System,DC=JGLLAW,DC=COM
         and backlink on
         CN=NTDS Settings,CN=FILESERVER,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=JGLLAW,DC=COM
         are correct.
         ......................... FILESERVER passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... FILESERVER passed test VerifyEnterpriseRefere
nces

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : JGLLAW
      Starting test: CrossRefValidation
         ......................... JGLLAW passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... JGLLAW passed test CheckSDRefDom

   Running enterprise tests on : JGLLAW.COM
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         ......................... JGLLAW.COM passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\FILESERVER.JGLLAW.COM
         Locator Flags: 0xe00003fd
         PDC Name: \\FILESERVER.JGLLAW.COM
         Locator Flags: 0xe00003fd
         Time Server Name: \\FILESERVER.JGLLAW.COM
         Locator Flags: 0xe00003fd
         Preferred Time Server Name: \\FILESERVER.JGLLAW.COM
         Locator Flags: 0xe00003fd
         KDC Name: \\FILESERVER.JGLLAW.COM
         Locator Flags: 0xe00003fd
         ......................... JGLLAW.COM passed test FsmoCheck
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Nope, still getting the error in the event viewer after restarting DNS service.

The FRS Error regarding Replication to Exchange1? Or the Record Registration Error at the top? (Or both?)

Chris
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I'm still getting both errors.

Actually, now that I look at the NTfrs error, going back a few weeks (it actually has been happening for months, not just the 3 and half weeks I've been back) it will occasionally log the event:
Event Type:      Information
Event Source:      NtFrs
Event Category:      None
Event ID:      13516
Date:            8/3/2006
Time:            2:21:30 PM
User:            N/A
Computer:      FILESERVER
Description:
The File Replication Service is no longer preventing the computer FILESERVER from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
 
Type "net share" to check for the SYSVOL share.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

But then a little while later, I'll get this again:
Event Type:      Warning
Event Source:      NtFrs
Event Category:      None
Event ID:      13508
Date:            8/3/2006
Time:            2:23:11 PM
User:            N/A
Computer:      FILESERVER
Description:
The File Replication Service is having trouble enabling replication from EXCHANGE1 to FILESERVER for c:\windows\sysvol\domain using the DNS name exchange1.JGLLAW.COM. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name exchange1.JGLLAW.COM from this computer.
 [2] FRS is not running on exchange1.JGLLAW.COM.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 04 00 00               Õ...
Any ideas on why I can't access the shares from most of the Domain PCs but I see them in My Network Places?  I get a message stating "<Computername> is not accessible.  You might not have permission to use this network resource."
Thanks a lot, I really appreciate all your help.  

Okay, I followed the MS knowledgebase article link you provided and removed and recreated the zones (with jgllaw.local instead of .com).  Now I can resolve IPs just fine (including the externally hosted website and OWA, Thanks!!) surfing the internet, but I still can't browse the domain PC shares.

The DNS error appears to have gone away, but the Ntfrs errors are still there.  I assume that doesn't affect too much as it has been happening for nearly a year according to the event viewer.

SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Okay, you were right, I didn't even notice that.  Changing the AD Domain name is very complicated.

So I've redone the process now and renamed the forward lookup zone back to jgllaw.com.  Now I'm getting this in the event viewer:

Event Type:      Information
Event Source:      DNS
Event Category:      None
Event ID:      113
Date:            8/4/2006
Time:            9:17:52 AM
User:            N/A
Computer:      FILESERVER
Description:
The DNS server could not signal the service "NAT". The error was 1168. There  may be interoperability problems between the DNS service and this service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



Okay, when I do nbtstat -a <computername> I get "host not found".

When I type the IP of the computer \\<IP>\ I get "No network provider accepted the given path"

When I type \\<computername> I get "No network provider accepted the given path"
No, I am not receiving the Ntfrs error on Exchange 1.
Also, now I can't get to the externally hosted website (www.jgllaw.com) again.  I figured out how to add a record in DNS, but it still doesn't work.  

I also need to get my OWA address working from inside so I can test it if people are having issues from outside while I'm in the office.

Thanks.
Okay, nevermind, got the OWA working.

I must have the wrong address for the website.  Just using the ip is not working.

> Okay, when I do nbtstat -a <computername> I get "host not found".

I take it NetBIOS over TCP/IP is enabled on all of the computers that are having a problem? As rubbish as it is you may actually benefit from setting up a WINS Server in this case.

> When I type the IP of the computer \\<IP>\ I get "No network provider accepted the given path"

That normally implies that the Windows Firewall is blocking it - something you'd normally see with Windows XP SP2.

> Also, now I can't get to the externally hosted website (www.jgllaw.com) again.  I figured out how to add
> a record in DNS, but it still doesn't work.  

You should have a record called www and that should point to the public IP Address of your website if it's hosted externally and the internal IP if it's hosted inside.

Chris

Ignore the last bit then if you've got it working :)

Chris
I have used GP to turn off the firewall, so I don't think that is it.

Not sure if NetBIOS is enabled over TCP/IP on all PCs.  Can I do this from the server?

WINS is already setup on the fileserver.

Never tried enabling it globally, not entirely sure you can though.

Still, it'll certainly get upset without it for File and Printer Sharing.

Chris
Isn't it turned on by default in Windows XP?

It is yes. But if you can't get a response from NBTStat -a <ComputerName> then you're going to have a great deal of trouble connecting to the file and printer sharing service on the PC in question.

The WINS Server has a registration for one of the computers that doesn't work?

Chris
Yes, the WINS server has registration for some pcs that don't work.  It doesn't appear to have a registration for all of them though.

But nbtstat -a <PCName> still returns nothing for those PCs? And the Windows Firewall is definately switched off? And there's no routing or other firewalls inbetween?

I take it all PCs have the WINS server listed in their TCP/IP config?

Chris
Yes, nbtstat -a <computername> comes back as "Host Not Found."

Windows firewall is definitely off (I used GP)

There are no other routing or firewalls between.

All PCs should have the WINS Server listed in TCP/IP because I've configured this in DCHP on the Fileserver.

Not sure what to suggest then. There's only really TCP/IP configuration that you can change to setup File and Printer Sharing - not exactly flexible.

The PCs that don't work also fail to allow access on \\<IP Address>?

Never did like NetBIOS or File and Printer Sharing - very out of date technologies.

Chris
Nope, fails access on \\<IP Address> as well.

I've also noticed I can't ping them either.

hehe and you're sure there's no Firewall there?

How about if, from one of the machines that you can't access, you try \\localhost or \\<machinename> or \\<machineIP>? Basically trying to access the bits that really shouldn't be blocked unless the service just isn't there...

Chris
Okay, I may be onto something here.  I've got approximately 75 computers here that were setup about 2-3 years ago with the computer name containing the users initials.  Since then, many users have left, PCs have gone to different people, etc. so it's hard for me to tell who's using what PC.  But from what I can tell *most* (if not all) of the PCs that are not working (I'm trying to use GPinventory which will pull info from some PCs) have been assigned IP addresses manually (only attorney's are assigned manually).  I also have many users who use RDP remotely and do not actually log off; they just disconnect by closing the window from home.

A few of those I've gone back as I've been working on other issues and created reservations in DHCP.  Of those, it seems that they are accessible from the server using GPinventory and I can also view the administrative shares.

So I'm thinking that maybe either the GPO didn't apply yet to those PCs or the DHCP settings (enabling NetBIOS over TCP/IP) didn't change either.  There are a few people here who won't restart their computer for anything short of a power outage as well.

That would make sense and would certainly explain a lot of the access problems. And I would have to agree at this stage that the problem seems to be with the client PCs rather than your domain configuration.

Chris
Chris, thank you very much.  You were a huge help.  I still haven't gotten the issue of not being able to access all PCs administrative shares from the server, but I think that will require me to set reservations for all manually configured IPs on the network (there are like 35).

I wasn't quite sure how to assign the points to which answer, so I did it as best I could.  I'm no longer recieving the DNS errors in the event viewer and I was able to fix the issue of not being able to access OWA and the externally hosted website, all with your assistance.

Once again, thank you very much.

Pleasure, glad I could help out a little :)

Chris