Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

win2000 & acrive directory install problems.

Posted on 2002-06-20
47
164 Views
Last Modified: 2010-04-13
ok, so i did an install according to a step by step install i found on microsoft web site.

but i get the msg could not register account with DNS server.   so i disabled 'Register this connection's address in DNS' for my NIC'. it fixed that probloem but now i get 2 errors in my application log.

Event Type:     Error
Event Source:     Userenv
Event Category:     None
Event ID:     1000
Date:          6/20/2002
Time:          10:05:40 AM
User:          NT AUTHORITY\SYSTEM
Computer:     HQ-MICS-01
Description:
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (3).

and

Event Type:     Error
Event Source:     SceCli
Event Category:     None
Event ID:     1001
Date:          6/20/2002
Time:          10:05:40 AM
User:          N/A
Computer:     HQ-MICS-01
Description:
Security policy cannot be propagated. Cannot access the template. Error code = 3.
     \\mics.local\sysvol\mics.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.


any ideas?
0
Comment
Question by:MICS
  • 21
  • 14
  • 9
  • +1
47 Comments
 

Author Comment

by:MICS
ID: 7096218
ok... i kind got it work out...  i found it was a binding order problem( i have 2 nics)
0
 

Author Comment

by:MICS
ID: 7096225
so now here is what i have ..  2 NICS, bother have Register this connection's address in DNS disabled.
one nic has file&print shareing enabled , and i get the msg below.


Event Type:     Warning
Event Source:     NETLOGON
Event Category:     None
Event ID:     5782
Date:          6/20/2002
Time:          10:59:20 AM
User:          N/A
Computer:     HQ-MICS-01
Description:
Dynamic registration or deregistration of one or more DNS records failed with the following error:
No DNS servers configured for local system.  
Data:
0000: 7c 26 00 00               |&..    


0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7096522
You need to go into TCP/IP properties and specify the primary DNS server to be the local server and the secondary to be whatever tyour secondary server is.

This is however as long as this is a Windows 2000 Domain Controlle with AD installed. You really didn't completely specify that, you only hinted at it...
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 17

Expert Comment

by:mikecr
ID: 7096771
You SHOULD NOT, if at all possible, have a domain controller look at himself first when doing DNS resolution and should use another server if at all possible. It is okay to set it as a secondary in the tcp/ip properties of the nic, but if he is the primary and there is a problem with his DNS, Windows 2000 clients will have a hard time logging into the network. If you don't register the computers name in DNS, and it is a domain controller, Windows 2000 clients will have a hard time logging into the network. You need to make sure that, if this is a domain controller, it looks at another server for DNS resolution if possible and registers himself in DNS so that clients can resolve his name so they can log into the network. You can also make that error message go away if you stop the DNS client service, but I wouldn't recommend that.
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7096906
I was under the impression (From many articles) that you are SUPPOSED to set the primary DNS Server to [self] on a DNS server. Resolving locally first. Can you please post any referencing articles here? I will try to do the same.

How would doing this affect the other clients on the network? This setting is ONLY used for the Local Area Network connection on that server. How IT resolves DNS for itself, not how the CLIENTS resolve DNS...
0
 

Author Comment

by:MICS
ID: 7097289
http://www.microsoft.com/windows2000/techinfo/planning/server/serversteps.asp

this links to a page by MICROSOFT say how to install it on a single system. If it cant be done, why do they post these step-by-step  procedures that dont work.....


(is this just microsofts way of messing with peopel)
0
 
LVL 17

Expert Comment

by:mikecr
ID: 7098671
This is a best practice scenario. In a true environment you would normally have two domain controllers running AD. They would look at each other for DNS resolution first and then to themselves. If you only have one domain controller then you have not choice but to use himself for DNS. If at all possible, you would set both of your domain controllers to have AD integrated DNS also.

Jmiller47, here are the articles that you requested.

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q275278&ID=KB;EN-US;Q275278

Here is also an exerpt from Microsofts best practices setting up AD.

Additional Tips and Best Practices  
 



Always configure your DC's DNS client to point to the local server as the preferred DNS server and any other DNS server as the alternate DNS server. The exception here is with the Forest root domain DCs: These should point to other forest root DCs both as the preferred and alternate DNS server ("The Island problem" is the known issue here. Read the Microsoft Knowledge Base article Q275278 for more information). Configure the DNS client before you run dcpromo (except the first DC) and point to any existing DNS server before you run dcpromo. Re-configure the DNS client after a third domain controller is promoted.

0
 

Author Comment

by:MICS
ID: 7099105
mikecr,   i only have one domain controller, i run a small LAN with 15 computers and dont have the budget for 2 servers..   is there anything i can do to resolve this problem???

thanks,
0
 

Author Comment

by:MICS
ID: 7099108
DNS and AD Domain controller on same system.
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7099245
mikecr,

That says that you are to have the DNS client (in TCP/IP settings) to point to the local server as it's promary DNS server and another as its secondary. The only exception would be if the Server were a Forest Root Domain Controllers. Very good information in these articles. I am not completely done reading them, but I will definitely comb through them now. Thanks for the info.

MICS,
If you only have one Domain Controller then you would point the Primary DNS to the local IP and the secondary to your choice such as your router or ISP DNS servers.
0
 
LVL 17

Expert Comment

by:mikecr
ID: 7099275
I agree with Jmiller47 except for I wouldn't point it at any ISP's for DNS resolution unless you need to. His root hints should be enough to resolve internal queries to the internet and keep you from getting garbage updates from your ISP. As for the DC, I would create the DNS first on the machine as a primary zone, register the computers record in the zone, then upgrade the machine to a DC. This can be done also during the install process as you will be prompted to set up DNS automatically if you wish and it will do it for you. Let us know how you make out.
0
 

Author Comment

by:MICS
ID: 7099300
At the moment thats how i have it setup. but it seems to have a problem contacting itself during boot.  has anyone experienced it..

can either of you try an install in my setup single system dns /AD domain controller?

thanks.
0
 
LVL 17

Expert Comment

by:mikecr
ID: 7099375
I already have one at home that is set up that way, however I don't get the error messages that you do. How did you set up DNS when you first installed or did you let it set it up? Do you have SP2 installed?
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7099378
With only a single DNS server, I usually have the clients point to an ISP DNS server.

That way if it needs a DNS resolution, it goes to the AD DNS first. If it fails, then it tries the ISP's DNS Server. This way, if for some reason your server goes down, offline, or DNS services hang, people can still get to the Internet to do work. With the clients ONLY pointing at the one DNS server and nothing else, if that DNS server or service is unavailable, the clients will be unable to resolve any addresses.

- "can either of you try an install in my setup single system dns /AD domain controller?"

What do you mean by this? Do you want us to emulate what you have done in the How-to article? I have that setup "almost" to a T...

Can you post the following information about your server found in TCP/IP properties?
IP address
Subnet mask
Gateway
Primary DNS
Secondary DNS
Whatever you are using now would be fine.

Thanks
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7099380
Yes, let us know if you have SP2 installed.

You did do the automatic DNS setup through the DCPROMO wizard as the instructions suggest correct?
0
 

Author Comment

by:MICS
ID: 7099435
i followed the instructions to a T except for the the names I used my own company name  ie . MICS.local as my domain.

i have 2 nics. one for internal 10.10.1.1 (the install does this auto) and for my internet connection the nic is 216.183.11.103, subnet 255.255.255.224.  gateway 216.183.11.97

after all the steps I installed SP2.

after that check the logs for errors....

thanks alot.. i have been playing with this for a while and will errors/warnings.

i also boosted the points to 400


0
 

Author Comment

by:MICS
ID: 7099438
if someone did an install that is done in a different way, but works, can you please let me know what was different and I will give it a try, thanks.
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7099526
What do you have set for your Primary and secondary DNS servers?
0
 

Author Comment

by:MICS
ID: 7099583
primary DNS is itself...  secondary is blank... i dont have it connected to the internet yet.
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7099592
By itself, you do you mean 127.0.0.1? Or do you have something else there? I just wanted to make sure..

Thanks
0
 

Author Comment

by:MICS
ID: 7100642
i had that, but then I changed it to 10.10.1.1 for NIC1 and 216.183.11.103 for NIC2
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7101134
That should do the same thing. Looking back, I think 127.0.0.1 would work better, but your setup will do just fine.
0
 
LVL 17

Expert Comment

by:mikecr
ID: 7103344
Are you still having any more problems and what are they?
0
 

Author Comment

by:MICS
ID: 7104465
here is a recap of what i did,

installed as the document linked above said. i let it do the DNS install and everything..   installed sp2.  my dns server ips are set to 127.0.0.1 for both NIC's, I also disabled ip registration for both nic's(dont know if i needed to do this or not). I still get this error in the event log when I start the system

Event Type:     Warning
Event Source:     NETLOGON
Event Category:     None
Event ID:     5782
Date:          6/24/2002
Time:          10:15:00 AM
User:          N/A
Computer:     HQ-MICS-01
Description:
Dynamic registration or deregistration of one or more DNS records failed with the following error:
No DNS servers configured for local system.  
Data:
0000: 7c 26 00 00               |&..    
0
 
LVL 17

Expert Comment

by:mikecr
ID: 7107085
Do an ipconfig /registerdns on the machine and tell me if it throws an error.
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7107883
Can you go into Computer management> Services> Services and see if Microsoft DNS server service is started?

Thanks
0
 

Author Comment

by:MICS
ID: 7111407
mikecr - ipconfig /registerdns didn't throw any errors after it booted... it seems as if it only errors during bootup.

jmiller47 - DNS is started
0
 

Author Comment

by:MICS
ID: 7111436
i just removed my 2nd NIC. and still the same problem...
0
 
LVL 17

Expert Comment

by:mikecr
ID: 7113212
I could be wrong, but I don't think you can register the loopback address in DNS. Try a different IP address and do the ipconfig /registerdns again and see what happens.
0
 

Author Comment

by:MICS
ID: 7113383
different IP address in which box?
0
 
LVL 17

Expert Comment

by:mikecr
ID: 7114364
Of the domain controller. Use the Domain controllers regular IP address in DNS and not the loopback adapter address.
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7114403
"I could be wrong, but I don't think you can register the loopback address in DNS. Try a different IP address and do the ipconfig /registerdns again and see what happens".

I was wondering about what you meant by this and now I understand. But, if he puts the loopback address in as the Primary DNS server, it does not register the loopback address in DNS. Rather, it registers the IP address designated to that card to the DNS server specified in the Primary DNS server field of that card. Since the Primary DNS server is the loopback, (127.0.0.1) it will register the DNS record in it's own DNS server Service.


0
 

Author Comment

by:MICS
ID: 7114735
ok. i did try the regular IP in the DNS Server ip. and its identical.

I just tried another computer, and it did tha same thing.....    it doesn't make sense....

0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7114828
So no computer can do dymanic updates?

Is the Server DNS configured to accept dynamic updates?

This is really strange if you have turned off dynamic updates on the clients altogether. Is this still turned off?
0
 

Author Comment

by:MICS
ID: 7114838
i dont have any clients installed yet...   as for the dynamic reg setting. i will check it out
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7114885
"I just tried another computer, and it did tha same thing.....    it doesn't make sense...."

The other computer is another CLIENT computer...

"as for the dynamic reg setting"
I'm not understanding why you said dynamic REG settings here. The 'allow dynamic updates' feature that I mentioned is a Windows 2000 DNS server option that you turn on or off using the GUI interface.
0
 

Author Comment

by:MICS
ID: 7114989
there seems to be a missunderstanding somewhere.   the SERVER is giving the errors not the client. On the DNS serever I changed the 'allow dynamic updates' to 'Yes' from 'Secure only'.When i said another computer I ment i installed Server onto another system.
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7115308
I understand what you are saying now. Thanks for clearing that up.

Now, after you changed the 'allow dynamic updates' option
from 'Secure only' to 'Yes', have your problems gone away?

Have you rebooted?


0
 

Author Comment

by:MICS
ID: 7116103
I still have the problem after rebooting....   as i stated in one of my comments before, It only seems to be a problem during BOOT....   after its booted and i logged in I can run  IPCONFIG /REGISTERDNS  and no errors occur....

0
 
LVL 17

Accepted Solution

by:
mikecr earned 200 total points
ID: 7121492
I would suggest reapplying service pack two and running all the updates from Microsft's Windows Update site that might be left and see if this fixes the problem.
0
 

Author Comment

by:MICS
ID: 7197393
is there a moderator reading this?
0
 

Author Comment

by:MICS
ID: 7301990
I was still unable to resolve my problem, Its not having a major effect on my system so I'm going to take a brake and try to resolve it again later.

I would like to split the points can a moderator help.

thanks
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 7304082
The best way to get a moderator's attention is to post a message in Community support. You should put it in as a zero point question and link to this question so they know what question to help with.

Cheers!
0
 
LVL 1

Expert Comment

by:Computer101
ID: 7306879
How many experts would you like to split this with

Computer101
E-E Admin
0
 

Author Comment

by:MICS
ID: 7310063
2.

jmiller47
and
mikecr

THanks.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 7310321
Points reduced for a split.  You can now accept one experts comment as an answer.  After that, make another question in this topic area for the other expert.  Make the question for the amount of points intended.  Label the question, "Question for (Expert Name) and post this question number in the base of the question, i.e. For your assistance in question # --------


Computer101
E-E Admin
0
 
LVL 1

Expert Comment

by:Computer101
ID: 7315570
MICS,
Are you going to close this

Thanks

C101
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Is your phone running out of space to hold pictures?  This article will show you quick tips on how to solve this problem.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question