JosephGreenwald
asked on
DNS Issues
Hello, I've been trying to get an issue straightened out since I took back over a network at a law fim. There are issues with DNS that I've discovered due to errors in the event viewer. The error states:
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4010
Date: 8/2/2006
Time: 10:38:34 AM
User: N/A
Computer: FILESERVER
Description:
The DNS server was unable to create a resource record for 10.0.0.10.in-addr.arpa. in zone 10.in-addr.arpa. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 00 00 00 {...
Now I have discovered that I cannot access any of the administrative shares (or any shares for that matter) on the most of the network (approximately 75 Windows XP PCs). Although some do work.
This is a Server 2003 domain. I have a Fileserver and an Exchange Server, both of which are configured to be Domain Controllers. Both are also running DNS. I am using Root Hints and Forwarders (from the ISP). DNS seems to work just fine when surfing the internet, I just keep getting the event viewer errors; except for our OWA web address. I changed the DNS forwarders to XO communications DNS servers and now it seems that it can't resolve the IP for OWA. I know OWA is working properly because it works just fine outside of the office. Maybe someone can provide me with better DNS servers to use. I changed them last week because users were complaining of slow internet, and then I ran into issues with Delayed Messages from Exchange, so I'm now using the ISP recommended ones, but now I have this problem.
I"ve tried several things over the past two weeks, including removing and reinstalling DNS from both servers, clearing the DNS cache, and reloading the root hints list from the backup directory as advised by the Microsoft Knowledgebase. I've also tried looking up the events in eventid.net and nothing has helped. I really need to get these administrative shares working and I don't want to run into anymore issues down the road.
Please someone, help!!
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4010
Date: 8/2/2006
Time: 10:38:34 AM
User: N/A
Computer: FILESERVER
Description:
The DNS server was unable to create a resource record for 10.0.0.10.in-addr.arpa. in zone 10.in-addr.arpa. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 00 00 00 {...
Now I have discovered that I cannot access any of the administrative shares (or any shares for that matter) on the most of the network (approximately 75 Windows XP PCs). Although some do work.
This is a Server 2003 domain. I have a Fileserver and an Exchange Server, both of which are configured to be Domain Controllers. Both are also running DNS. I am using Root Hints and Forwarders (from the ISP). DNS seems to work just fine when surfing the internet, I just keep getting the event viewer errors; except for our OWA web address. I changed the DNS forwarders to XO communications DNS servers and now it seems that it can't resolve the IP for OWA. I know OWA is working properly because it works just fine outside of the office. Maybe someone can provide me with better DNS servers to use. I changed them last week because users were complaining of slow internet, and then I ran into issues with Delayed Messages from Exchange, so I'm now using the ISP recommended ones, but now I have this problem.
I"ve tried several things over the past two weeks, including removing and reinstalling DNS from both servers, clearing the DNS cache, and reloading the root hints list from the backup directory as advised by the Microsoft Knowledgebase. I've also tried looking up the events in eventid.net and nothing has helped. I really need to get these administrative shares working and I don't want to run into anymore issues down the road.
Please someone, help!!
ah crap just read over that Q again, apologies, you have already read this
what does your dcdiag come back with?
> Maybe someone can provide me with better DNS servers to use. I changed them last week because users
> were complaining of slow internet, and then I ran into issues with Delayed Messages from Exchange, so
> I'm now using the ISP recommended ones, but now I have this problem.
If you're having problems with the Forwarders then the first thing I would do is get rid of them. You don't need them, your server will happily resolve requests using Root Hints without having to have anything to do with ISPs Name Servers.
Once you've done that see what works and what doesn't, it gives you a much simpler base to troubleshoot from.
Chris
ASKER
Thanks for your replies.
Everything passes in DCdiag except this:
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
I ran netdiag too and I get some errors there, but haven't been able to get to the bottom of those either:
Computer Name: FILESERVER
DNS Host Name: FILESERVER.JGLLAW.COM
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB833407
KB890046
KB893756
KB896358
KB896422
KB896424
KB896428
KB896688
KB896727
KB898715
KB898792
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB905414
KB905915
KB908519
KB908531
KB910437
KB911280
KB911562
KB911567
KB911927
KB912919
KB913446
KB914388
KB914389
KB916281
KB917159
KB917344
KB917734
KB917953
KB918439
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Team #0 - Adaptive Load Balancing Mode
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : FILESERVER
IP Address . . . . . . . . : 10.0.0.10
Subnet Mask. . . . . . . . : 255.0.0.0
Default Gateway. . . . . . : 10.0.0.22
Dns Servers. . . . . . . . : 10.0.0.10
10.0.0.5
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Adapter : {FA7B7980-2826-4AA6-B663-E 5F6FF10262 D}
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : FILESERVER
IP Address . . . . . . . . : 10.0.0.123
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{0EA37839-E303 -413A-B737 -75A9AD31E 62A}
NetBT_Tcpip_{FA7B7980-2826 -4AA6-B663 -E5F6FF102 62D}
2 NetBt transports currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration for 'FILESERVER.JGLLAW.COM' is incorrect on all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server '10.0.0.10' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '10.0.0.5' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{0EA37839-E303 -413A-B737 -75A9AD31E 62A}
NetBT_Tcpip_{FA7B7980-2826 -4AA6-B663 -E5F6FF102 62D}
The redir is bound to 2 NetBt transports.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{0EA37839-E303 -413A-B737 -75A9AD31E 62A}
NetBT_Tcpip_{FA7B7980-2826 -4AA6-B663 -E5F6FF102 62D}
The browser is bound to 2 NetBt transports.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'FILESERVER.JGLLAW.COM'.
[WARNING] Failed to query SPN registration on DC 'exchange1.JGLLAW.COM'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
Service status is: Started
Service startup is: Automatic
IPSec service is available, but no policy is assigned or active
Note: run "ipseccmd /?" for more detailed information
The command completed successfully
Everything passes in DCdiag except this:
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
I ran netdiag too and I get some errors there, but haven't been able to get to the bottom of those either:
Computer Name: FILESERVER
DNS Host Name: FILESERVER.JGLLAW.COM
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB833407
KB890046
KB893756
KB896358
KB896422
KB896424
KB896428
KB896688
KB896727
KB898715
KB898792
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB905414
KB905915
KB908519
KB908531
KB910437
KB911280
KB911562
KB911567
KB911927
KB912919
KB913446
KB914388
KB914389
KB916281
KB917159
KB917344
KB917734
KB917953
KB918439
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Team #0 - Adaptive Load Balancing Mode
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : FILESERVER
IP Address . . . . . . . . : 10.0.0.10
Subnet Mask. . . . . . . . : 255.0.0.0
Default Gateway. . . . . . : 10.0.0.22
Dns Servers. . . . . . . . : 10.0.0.10
10.0.0.5
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Adapter : {FA7B7980-2826-4AA6-B663-E
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : FILESERVER
IP Address . . . . . . . . : 10.0.0.123
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{0EA37839-E303
NetBT_Tcpip_{FA7B7980-2826
2 NetBt transports currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration for 'FILESERVER.JGLLAW.COM' is incorrect on all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server '10.0.0.10' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '10.0.0.5' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{0EA37839-E303
NetBT_Tcpip_{FA7B7980-2826
The redir is bound to 2 NetBt transports.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{0EA37839-E303
NetBT_Tcpip_{FA7B7980-2826
The browser is bound to 2 NetBt transports.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'FILESERVER.JGLLAW.COM'.
[WARNING] Failed to query SPN registration on DC 'exchange1.JGLLAW.COM'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
Service status is: Started
Service startup is: Automatic
IPSec service is available, but no policy is assigned or active
Note: run "ipseccmd /?" for more detailed information
The command completed successfully
ASKER
Chris, thanks for your reply as well.
Won't getting rid of the forwarders slow my internet access a little? The slightest drop in speed and I have people all over me. I have 75 users here and I read somewhere that a moderately sized network will operate a little faster with forwarders enabled.
What do you think? Do you think that this will prevent my message delay issues with Exchange as well?
Won't getting rid of the forwarders slow my internet access a little? The slightest drop in speed and I have people all over me. I have 75 users here and I read somewhere that a moderately sized network will operate a little faster with forwarders enabled.
What do you think? Do you think that this will prevent my message delay issues with Exchange as well?
ASKER
I forgot to mention that I'm getting this error in the event viewer as well:
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 8/2/2006
Time: 11:18:26 PM
User: N/A
Computer: FILESERVER
Description:
The File Replication Service is having trouble enabling replication from EXCHANGE1 to FILESERVER for c:\windows\sysvol\domain using the DNS name exchange1.JGLLAW.COM. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name exchange1.JGLLAW.COM from this computer.
[2] FRS is not running on exchange1.JGLLAW.COM.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 04 00 00 Õ...
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 8/2/2006
Time: 11:18:26 PM
User: N/A
Computer: FILESERVER
Description:
The File Replication Service is having trouble enabling replication from EXCHANGE1 to FILESERVER for c:\windows\sysvol\domain using the DNS name exchange1.JGLLAW.COM. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name exchange1.JGLLAW.COM from this computer.
[2] FRS is not running on exchange1.JGLLAW.COM.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 04 00 00 Õ...
> Won't getting rid of the forwarders slow my internet access a little? The slightest drop in speed and I
> have people all over me. I have 75 users here and I read somewhere that a moderately sized network
> will operate a little faster with forwarders enabled.
>
> What do you think? Do you think that this will prevent my message delay issues with Exchange as well?
That is debatable, and even if it does you're talking milliseconds. The thing is, Forwarders date back to when Modems were in full use and there wasn't the bandwidth for a single server to perform a recursive query, instead it would just send the request off to the Forwarder and that (with it's larger bandwidth and generally larger Cache) would do all the work for you.
It does also mean that your server will start holding it's own Cache - so in some cases name resolution will actually be faster.
The main disadvantage of Forwarders in my opinion is that it makes you completely reliant on someone elses network - and that I really don't like.
Message Delays in Exchange could well be related to the same thing - DNS is required for everything after all.
> [FATAL]: The DNS registration for 'FILESERVER.JGLLAW.COM' is incorrect on all DNS servers.
For this last little part, is FileServer failing to register it's records in DNS correctly?
Chris
Oh one thing I should have added.
In some cases (and it's not all that uncommon) it can actually be slower getting answers from a Forwarder than directly. It all depends on how well the servers at your ISP are setup and how many other people are asking it questions.
Chris
ASKER
Chris, thanks for the info. I'll try disabling forwarders and see what happens. I agree with you on relying on other networks. When I worked for a consultant before, we were constantly changing the forwarders when there were speed issues.
How would I check to see of the Fileserver is failing the registration?
How would I check to see of the Fileserver is failing the registration?
Well the first place would be to see if FileServer has an A record registered in DNS. Is it a Domain Controller? If so you should run "ipconfig /registerdns" then check the event log for registration errors.
I take it FileServer has the same DNS servers as posted in your DCDiag log above?
Chris
ASKER
Yes, Filserver has an A record registered and Yes, it is a domain controller.
Yes, the Fileserver has the DNS servers 10.0.0.10 (which is itself) and 10.0.0.5 (which is Exchange1).
Tried running ipconfig/registerdns and it said to check event viewer but there wasn't anything after 30. Any thoughts?
Yes, the Fileserver has the DNS servers 10.0.0.10 (which is itself) and 10.0.0.5 (which is Exchange1).
Tried running ipconfig/registerdns and it said to check event viewer but there wasn't anything after 30. Any thoughts?
Then it's possible it's referring to the Service Records (or GUID record) it should have registered in DNS.
Still, we can make DCDiag tell us a bit more... if you run it with /v and /c it'll say more about it... or it should.
Chris
ASKER
I found another issue aside from not being to resolve our OWA address. It also cannot resolve the website of the firm which is hosted externally. I must've screwed something up when recreating the forward lookup zone? Do I have to manually place these records in there?
I named the forward lookup zone jgllaw.com (which is what it was before). Should I not have done this? Should I have named it jgllaw.local?
Here's DCdiag with /v and /c
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator.JGL >dcdiag /v /c
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine FILESERVER, is a DC.
* Connecting to directory service on server FILESERVER.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FI LESERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... FILESERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FI LESERVER
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=DomainDnsZones,DC=JGLLA W,DC=COM
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=ForestDnsZones,DC=JGLLA W,DC=COM
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Schema,CN=Configuration ,DC=JGLLAW ,DC=COM
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Configuration,DC=JGLLAW ,DC=COM
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=JGLLAW,DC=COM
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
* Replication Site Latency Check
......................... FILESERVER passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=DomainDnsZones,DC=JGLLA W,DC=
COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=ForestDnsZones,DC=JGLLA W,DC=
COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration ,DC=J
GLLAW,DC=COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=JGLLAW ,DC=C
OM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=JGLLAW,DC=COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... FILESERVER passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=DomainDnsZones
,DC=JGLLAW,DC=COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=ForestDnsZones
,DC=JGLLAW,DC=COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Conf
iguration,DC=JGLLAW,DC=COM .
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,
DC=JGLLAW,DC=COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=JGLLAW,DC=COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... FILESERVER passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=DomainDnsZones,DC=JGLLA W,DC=COM
(NDNC,Version 2)
* Security Permissions Check for
DC=ForestDnsZones,DC=JGLLA W,DC=COM
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=JGLLAW ,DC=COM
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=JGLLAW ,DC=COM
(Configuration,Version 2)
* Security Permissions Check for
DC=JGLLAW,DC=COM
(Domain,Version 2)
......................... FILESERVER passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... FILESERVER passed test NetLogons
Starting test: Advertising
The DC FILESERVER is advertising itself as a DC and having a DS.
The DC FILESERVER is advertising as an LDAP server
The DC FILESERVER is advertising as having a writeable directory
The DC FILESERVER is advertising as a Key Distribution Center
The DC FILESERVER is advertising as a time server
The DS FILESERVER is advertising as a GC.
......................... FILESERVER passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=FILESERVER,CN= Servers,CN =Defaul
t-First-Site-Name,CN=Sites ,CN=Config uration,DC =JGLLAW,DC =COM
Role Domain Owner = CN=NTDS Settings,CN=FILESERVER,CN= Servers,CN =Defaul
t-First-Site-Name,CN=Sites ,CN=Config uration,DC =JGLLAW,DC =COM
Role PDC Owner = CN=NTDS Settings,CN=FILESERVER,CN= Servers,CN =Default-F
irst-Site-Name,CN=Sites,CN =Configura tion,DC=JG LLAW,DC=CO M
Role Rid Owner = CN=NTDS Settings,CN=FILESERVER,CN= Servers,CN =Default-F
irst-Site-Name,CN=Sites,CN =Configura tion,DC=JG LLAW,DC=CO M
Role Infrastructure Update Owner = CN=NTDS Settings,CN=FILESERVER,CN= Se
rvers,CN=Default-First-Sit e-Name,CN= Sites,CN=C onfigurati on,DC=JGLL AW,DC=COM
......................... FILESERVER passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4886 to 1073741823
* FILESERVER.JGLLAW.COM is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2386 to 2885
* rIDPreviousAllocationPool is 2386 to 2885
* rIDNextRID: 2407
......................... FILESERVER passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/FILESERVER.JGLLAW.CO M/JGLLAW.C OM
* SPN found :LDAP/FILESERVER.JGLLAW.CO M
* SPN found :LDAP/FILESERVER
* SPN found :LDAP/FILESERVER.JGLLAW.CO M/JGL
* SPN found :LDAP/cb8c0be5-6e03-45c0-9 850-d931ea 481688._ms dcs.JGLLAW .CO
M
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/cb8c0be5 -6e03-45c0 -98
50-d931ea481688/JGLLAW.COM
* SPN found :HOST/FILESERVER.JGLLAW.CO M/JGLLAW.C OM
* SPN found :HOST/FILESERVER.JGLLAW.CO M
* SPN found :HOST/FILESERVER
* SPN found :HOST/FILESERVER.JGLLAW.CO M/JGL
* SPN found :GC/FILESERVER.JGLLAW.COM/ JGLLAW.COM
......................... FILESERVER passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... FILESERVER passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... FILESERVER passed test OutboundSecureChannels
Starting test: ObjectsReplicated
FILESERVER is in domain DC=JGLLAW,DC=COM
Checking for CN=FILESERVER,OU=Domain Controllers,DC=JGLLAW,DC=C OM in do
main DC=JGLLAW,DC=COM on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=FILESERVER,CN= Servers,CN =Default-F irst
-Site-Name,CN=Sites,CN=Con figuration ,DC=JGLLAW ,DC=COM in domain CN=Configuration
,DC=JGLLAW,DC=COM on 1 servers
Object is up-to-date on all servers.
......................... FILESERVER passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... FILESERVER passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/02/2006 23:18:26
(Event String could not be retrieved)
......................... FILESERVER failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... FILESERVER passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... FILESERVER passed test systemlog
Starting test: VerifyReplicas
......................... FILESERVER passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=FILESERVER,OU=Domain Controllers,DC=JGLLAW,DC=C OM and backlink on
CN=FILESERVER,CN=Servers,C N=Default- First-Site -Name,CN=S ites,CN=Co nfigu
ration,DC=JGLLAW,DC=COM
are correct.
The system object reference (frsComputerReferenceBL)
CN=FILESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
n Service,CN=System,DC=JGLLA W,DC=COM
and backlink on CN=FILESERVER,OU=Domain Controllers,DC=JGLLAW,DC=C OM
are correct.
The system object reference (serverReferenceBL)
CN=FILESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
n Service,CN=System,DC=JGLLA W,DC=COM
and backlink on
CN=NTDS Settings,CN=FILESERVER,CN= Servers,CN =Default-F irst-Site- Name,CN
=Sites,CN=Configuration,DC =JGLLAW,DC =COM
are correct.
......................... FILESERVER passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... FILESERVER passed test VerifyEnterpriseRefere
nces
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : JGLLAW
Starting test: CrossRefValidation
......................... JGLLAW passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... JGLLAW passed test CheckSDRefDom
Running enterprise tests on : JGLLAW.COM
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... JGLLAW.COM passed test Intersite
Starting test: FsmoCheck
GC Name: \\FILESERVER.JGLLAW.COM
Locator Flags: 0xe00003fd
PDC Name: \\FILESERVER.JGLLAW.COM
Locator Flags: 0xe00003fd
Time Server Name: \\FILESERVER.JGLLAW.COM
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\FILESERVER.JGLLAW.COM
Locator Flags: 0xe00003fd
KDC Name: \\FILESERVER.JGLLAW.COM
Locator Flags: 0xe00003fd
......................... JGLLAW.COM passed test FsmoCheck
I named the forward lookup zone jgllaw.com (which is what it was before). Should I not have done this? Should I have named it jgllaw.local?
Here's DCdiag with /v and /c
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator.JGL
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine FILESERVER, is a DC.
* Connecting to directory service on server FILESERVER.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FI
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... FILESERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FI
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=DomainDnsZones,DC=JGLLA
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=ForestDnsZones,DC=JGLLA
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Configuration,DC=JGLLAW
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=JGLLAW,DC=COM
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
* Replication Site Latency Check
......................... FILESERVER passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=DomainDnsZones,DC=JGLLA
COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=ForestDnsZones,DC=JGLLA
COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration
GLLAW,DC=COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=JGLLAW
OM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=JGLLAW,DC=COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... FILESERVER passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=DomainDnsZones
,DC=JGLLAW,DC=COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=ForestDnsZones
,DC=JGLLAW,DC=COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Conf
iguration,DC=JGLLAW,DC=COM
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,
DC=JGLLAW,DC=COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=JGLLAW,DC=COM.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... FILESERVER passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=DomainDnsZones,DC=JGLLA
(NDNC,Version 2)
* Security Permissions Check for
DC=ForestDnsZones,DC=JGLLA
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=JGLLAW
(Configuration,Version 2)
* Security Permissions Check for
DC=JGLLAW,DC=COM
(Domain,Version 2)
......................... FILESERVER passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... FILESERVER passed test NetLogons
Starting test: Advertising
The DC FILESERVER is advertising itself as a DC and having a DS.
The DC FILESERVER is advertising as an LDAP server
The DC FILESERVER is advertising as having a writeable directory
The DC FILESERVER is advertising as a Key Distribution Center
The DC FILESERVER is advertising as a time server
The DS FILESERVER is advertising as a GC.
......................... FILESERVER passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=FILESERVER,CN=
t-First-Site-Name,CN=Sites
Role Domain Owner = CN=NTDS Settings,CN=FILESERVER,CN=
t-First-Site-Name,CN=Sites
Role PDC Owner = CN=NTDS Settings,CN=FILESERVER,CN=
irst-Site-Name,CN=Sites,CN
Role Rid Owner = CN=NTDS Settings,CN=FILESERVER,CN=
irst-Site-Name,CN=Sites,CN
Role Infrastructure Update Owner = CN=NTDS Settings,CN=FILESERVER,CN=
rvers,CN=Default-First-Sit
......................... FILESERVER passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4886 to 1073741823
* FILESERVER.JGLLAW.COM is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2386 to 2885
* rIDPreviousAllocationPool is 2386 to 2885
* rIDNextRID: 2407
......................... FILESERVER passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/FILESERVER.JGLLAW.CO
* SPN found :LDAP/FILESERVER.JGLLAW.CO
* SPN found :LDAP/FILESERVER
* SPN found :LDAP/FILESERVER.JGLLAW.CO
* SPN found :LDAP/cb8c0be5-6e03-45c0-9
M
* SPN found :E3514235-4B06-11D1-AB04-0
50-d931ea481688/JGLLAW.COM
* SPN found :HOST/FILESERVER.JGLLAW.CO
* SPN found :HOST/FILESERVER.JGLLAW.CO
* SPN found :HOST/FILESERVER
* SPN found :HOST/FILESERVER.JGLLAW.CO
* SPN found :GC/FILESERVER.JGLLAW.COM/
......................... FILESERVER passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... FILESERVER passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... FILESERVER passed test OutboundSecureChannels
Starting test: ObjectsReplicated
FILESERVER is in domain DC=JGLLAW,DC=COM
Checking for CN=FILESERVER,OU=Domain Controllers,DC=JGLLAW,DC=C
main DC=JGLLAW,DC=COM on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=FILESERVER,CN=
-Site-Name,CN=Sites,CN=Con
,DC=JGLLAW,DC=COM on 1 servers
Object is up-to-date on all servers.
......................... FILESERVER passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... FILESERVER passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/02/2006 23:18:26
(Event String could not be retrieved)
......................... FILESERVER failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... FILESERVER passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... FILESERVER passed test systemlog
Starting test: VerifyReplicas
......................... FILESERVER passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=FILESERVER,OU=Domain Controllers,DC=JGLLAW,DC=C
CN=FILESERVER,CN=Servers,C
ration,DC=JGLLAW,DC=COM
are correct.
The system object reference (frsComputerReferenceBL)
CN=FILESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
n Service,CN=System,DC=JGLLA
and backlink on CN=FILESERVER,OU=Domain Controllers,DC=JGLLAW,DC=C
are correct.
The system object reference (serverReferenceBL)
CN=FILESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
n Service,CN=System,DC=JGLLA
and backlink on
CN=NTDS Settings,CN=FILESERVER,CN=
=Sites,CN=Configuration,DC
are correct.
......................... FILESERVER passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... FILESERVER passed test VerifyEnterpriseRefere
nces
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : JGLLAW
Starting test: CrossRefValidation
......................... JGLLAW passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... JGLLAW passed test CheckSDRefDom
Running enterprise tests on : JGLLAW.COM
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... JGLLAW.COM passed test Intersite
Starting test: FsmoCheck
GC Name: \\FILESERVER.JGLLAW.COM
Locator Flags: 0xe00003fd
PDC Name: \\FILESERVER.JGLLAW.COM
Locator Flags: 0xe00003fd
Time Server Name: \\FILESERVER.JGLLAW.COM
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\FILESERVER.JGLLAW.COM
Locator Flags: 0xe00003fd
KDC Name: \\FILESERVER.JGLLAW.COM
Locator Flags: 0xe00003fd
......................... JGLLAW.COM passed test FsmoCheck
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Nope, still getting the error in the event viewer after restarting DNS service.
The FRS Error regarding Replication to Exchange1? Or the Record Registration Error at the top? (Or both?)
Chris
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm still getting both errors.
Actually, now that I look at the NTfrs error, going back a few weeks (it actually has been happening for months, not just the 3 and half weeks I've been back) it will occasionally log the event:
Event Type: Information
Event Source: NtFrs
Event Category: None
Event ID: 13516
Date: 8/3/2006
Time: 2:21:30 PM
User: N/A
Computer: FILESERVER
Description:
The File Replication Service is no longer preventing the computer FILESERVER from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
Type "net share" to check for the SYSVOL share.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
But then a little while later, I'll get this again:
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 8/3/2006
Time: 2:23:11 PM
User: N/A
Computer: FILESERVER
Description:
The File Replication Service is having trouble enabling replication from EXCHANGE1 to FILESERVER for c:\windows\sysvol\domain using the DNS name exchange1.JGLLAW.COM. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name exchange1.JGLLAW.COM from this computer.
[2] FRS is not running on exchange1.JGLLAW.COM.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 04 00 00 Õ...
Actually, now that I look at the NTfrs error, going back a few weeks (it actually has been happening for months, not just the 3 and half weeks I've been back) it will occasionally log the event:
Event Type: Information
Event Source: NtFrs
Event Category: None
Event ID: 13516
Date: 8/3/2006
Time: 2:21:30 PM
User: N/A
Computer: FILESERVER
Description:
The File Replication Service is no longer preventing the computer FILESERVER from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
Type "net share" to check for the SYSVOL share.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
But then a little while later, I'll get this again:
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 8/3/2006
Time: 2:23:11 PM
User: N/A
Computer: FILESERVER
Description:
The File Replication Service is having trouble enabling replication from EXCHANGE1 to FILESERVER for c:\windows\sysvol\domain using the DNS name exchange1.JGLLAW.COM. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name exchange1.JGLLAW.COM from this computer.
[2] FRS is not running on exchange1.JGLLAW.COM.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 04 00 00 Õ...
ASKER
Any ideas on why I can't access the shares from most of the Domain PCs but I see them in My Network Places? I get a message stating "<Computername> is not accessible. You might not have permission to use this network resource."
ASKER
Thanks a lot, I really appreciate all your help.
Okay, I followed the MS knowledgebase article link you provided and removed and recreated the zones (with jgllaw.local instead of .com). Now I can resolve IPs just fine (including the externally hosted website and OWA, Thanks!!) surfing the internet, but I still can't browse the domain PC shares.
The DNS error appears to have gone away, but the Ntfrs errors are still there. I assume that doesn't affect too much as it has been happening for nearly a year according to the event viewer.
Okay, I followed the MS knowledgebase article link you provided and removed and recreated the zones (with jgllaw.local instead of .com). Now I can resolve IPs just fine (including the externally hosted website and OWA, Thanks!!) surfing the internet, but I still can't browse the domain PC shares.
The DNS error appears to have gone away, but the Ntfrs errors are still there. I assume that doesn't affect too much as it has been happening for nearly a year according to the event viewer.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Okay, you were right, I didn't even notice that. Changing the AD Domain name is very complicated.
So I've redone the process now and renamed the forward lookup zone back to jgllaw.com. Now I'm getting this in the event viewer:
Event Type: Information
Event Source: DNS
Event Category: None
Event ID: 113
Date: 8/4/2006
Time: 9:17:52 AM
User: N/A
Computer: FILESERVER
Description:
The DNS server could not signal the service "NAT". The error was 1168. There may be interoperability problems between the DNS service and this service.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Okay, when I do nbtstat -a <computername> I get "host not found".
When I type the IP of the computer \\<IP>\ I get "No network provider accepted the given path"
When I type \\<computername> I get "No network provider accepted the given path"
So I've redone the process now and renamed the forward lookup zone back to jgllaw.com. Now I'm getting this in the event viewer:
Event Type: Information
Event Source: DNS
Event Category: None
Event ID: 113
Date: 8/4/2006
Time: 9:17:52 AM
User: N/A
Computer: FILESERVER
Description:
The DNS server could not signal the service "NAT". The error was 1168. There may be interoperability problems between the DNS service and this service.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Okay, when I do nbtstat -a <computername> I get "host not found".
When I type the IP of the computer \\<IP>\ I get "No network provider accepted the given path"
When I type \\<computername> I get "No network provider accepted the given path"
ASKER
No, I am not receiving the Ntfrs error on Exchange 1.
ASKER
Also, now I can't get to the externally hosted website (www.jgllaw.com) again. I figured out how to add a record in DNS, but it still doesn't work.
I also need to get my OWA address working from inside so I can test it if people are having issues from outside while I'm in the office.
Thanks.
I also need to get my OWA address working from inside so I can test it if people are having issues from outside while I'm in the office.
Thanks.
ASKER
Okay, nevermind, got the OWA working.
I must have the wrong address for the website. Just using the ip is not working.
I must have the wrong address for the website. Just using the ip is not working.
> Okay, when I do nbtstat -a <computername> I get "host not found".
I take it NetBIOS over TCP/IP is enabled on all of the computers that are having a problem? As rubbish as it is you may actually benefit from setting up a WINS Server in this case.
> When I type the IP of the computer \\<IP>\ I get "No network provider accepted the given path"
That normally implies that the Windows Firewall is blocking it - something you'd normally see with Windows XP SP2.
> Also, now I can't get to the externally hosted website (www.jgllaw.com) again. I figured out how to add
> a record in DNS, but it still doesn't work.
You should have a record called www and that should point to the public IP Address of your website if it's hosted externally and the internal IP if it's hosted inside.
Chris
Ignore the last bit then if you've got it working :)
Chris
ASKER
I have used GP to turn off the firewall, so I don't think that is it.
Not sure if NetBIOS is enabled over TCP/IP on all PCs. Can I do this from the server?
WINS is already setup on the fileserver.
Not sure if NetBIOS is enabled over TCP/IP on all PCs. Can I do this from the server?
WINS is already setup on the fileserver.
Never tried enabling it globally, not entirely sure you can though.
Still, it'll certainly get upset without it for File and Printer Sharing.
Chris
ASKER
Isn't it turned on by default in Windows XP?
It is yes. But if you can't get a response from NBTStat -a <ComputerName> then you're going to have a great deal of trouble connecting to the file and printer sharing service on the PC in question.
The WINS Server has a registration for one of the computers that doesn't work?
Chris
ASKER
Yes, the WINS server has registration for some pcs that don't work. It doesn't appear to have a registration for all of them though.
But nbtstat -a <PCName> still returns nothing for those PCs? And the Windows Firewall is definately switched off? And there's no routing or other firewalls inbetween?
I take it all PCs have the WINS server listed in their TCP/IP config?
Chris
ASKER
Yes, nbtstat -a <computername> comes back as "Host Not Found."
Windows firewall is definitely off (I used GP)
There are no other routing or firewalls between.
All PCs should have the WINS Server listed in TCP/IP because I've configured this in DCHP on the Fileserver.
Windows firewall is definitely off (I used GP)
There are no other routing or firewalls between.
All PCs should have the WINS Server listed in TCP/IP because I've configured this in DCHP on the Fileserver.
Not sure what to suggest then. There's only really TCP/IP configuration that you can change to setup File and Printer Sharing - not exactly flexible.
The PCs that don't work also fail to allow access on \\<IP Address>?
Never did like NetBIOS or File and Printer Sharing - very out of date technologies.
Chris
ASKER
Nope, fails access on \\<IP Address> as well.
I've also noticed I can't ping them either.
I've also noticed I can't ping them either.
hehe and you're sure there's no Firewall there?
How about if, from one of the machines that you can't access, you try \\localhost or \\<machinename> or \\<machineIP>? Basically trying to access the bits that really shouldn't be blocked unless the service just isn't there...
Chris
ASKER
Okay, I may be onto something here. I've got approximately 75 computers here that were setup about 2-3 years ago with the computer name containing the users initials. Since then, many users have left, PCs have gone to different people, etc. so it's hard for me to tell who's using what PC. But from what I can tell *most* (if not all) of the PCs that are not working (I'm trying to use GPinventory which will pull info from some PCs) have been assigned IP addresses manually (only attorney's are assigned manually). I also have many users who use RDP remotely and do not actually log off; they just disconnect by closing the window from home.
A few of those I've gone back as I've been working on other issues and created reservations in DHCP. Of those, it seems that they are accessible from the server using GPinventory and I can also view the administrative shares.
So I'm thinking that maybe either the GPO didn't apply yet to those PCs or the DHCP settings (enabling NetBIOS over TCP/IP) didn't change either. There are a few people here who won't restart their computer for anything short of a power outage as well.
A few of those I've gone back as I've been working on other issues and created reservations in DHCP. Of those, it seems that they are accessible from the server using GPinventory and I can also view the administrative shares.
So I'm thinking that maybe either the GPO didn't apply yet to those PCs or the DHCP settings (enabling NetBIOS over TCP/IP) didn't change either. There are a few people here who won't restart their computer for anything short of a power outage as well.
That would make sense and would certainly explain a lot of the access problems. And I would have to agree at this stage that the problem seems to be with the client PCs rather than your domain configuration.
Chris
ASKER
Chris, thank you very much. You were a huge help. I still haven't gotten the issue of not being able to access all PCs administrative shares from the server, but I think that will require me to set reservations for all manually configured IPs on the network (there are like 35).
I wasn't quite sure how to assign the points to which answer, so I did it as best I could. I'm no longer recieving the DNS errors in the event viewer and I was able to fix the issue of not being able to access OWA and the externally hosted website, all with your assistance.
Once again, thank you very much.
I wasn't quite sure how to assign the points to which answer, so I did it as best I could. I'm no longer recieving the DNS errors in the event viewer and I was able to fix the issue of not being able to access OWA and the externally hosted website, all with your assistance.
Once again, thank you very much.
Pleasure, glad I could help out a little :)
Chris
http://www.eventid.net/display.asp?eventid=4010&eventno=791&source=DNS&phase=1
after that you may need to look at recreating your DNS zones