Solved

win2000 & acrive directory install problems.

Posted on 2002-06-20
47
159 Views
Last Modified: 2010-04-13
ok, so i did an install according to a step by step install i found on microsoft web site.

but i get the msg could not register account with DNS server.   so i disabled 'Register this connection's address in DNS' for my NIC'. it fixed that probloem but now i get 2 errors in my application log.

Event Type:     Error
Event Source:     Userenv
Event Category:     None
Event ID:     1000
Date:          6/20/2002
Time:          10:05:40 AM
User:          NT AUTHORITY\SYSTEM
Computer:     HQ-MICS-01
Description:
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (3).

and

Event Type:     Error
Event Source:     SceCli
Event Category:     None
Event ID:     1001
Date:          6/20/2002
Time:          10:05:40 AM
User:          N/A
Computer:     HQ-MICS-01
Description:
Security policy cannot be propagated. Cannot access the template. Error code = 3.
     \\mics.local\sysvol\mics.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.


any ideas?
0
Comment
Question by:MICS
  • 21
  • 14
  • 9
  • +1
47 Comments
 

Author Comment

by:MICS
Comment Utility
ok... i kind got it work out...  i found it was a binding order problem( i have 2 nics)
0
 

Author Comment

by:MICS
Comment Utility
so now here is what i have ..  2 NICS, bother have Register this connection's address in DNS disabled.
one nic has file&print shareing enabled , and i get the msg below.


Event Type:     Warning
Event Source:     NETLOGON
Event Category:     None
Event ID:     5782
Date:          6/20/2002
Time:          10:59:20 AM
User:          N/A
Computer:     HQ-MICS-01
Description:
Dynamic registration or deregistration of one or more DNS records failed with the following error:
No DNS servers configured for local system.  
Data:
0000: 7c 26 00 00               |&..    


0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
You need to go into TCP/IP properties and specify the primary DNS server to be the local server and the secondary to be whatever tyour secondary server is.

This is however as long as this is a Windows 2000 Domain Controlle with AD installed. You really didn't completely specify that, you only hinted at it...
0
 
LVL 17

Expert Comment

by:mikecr
Comment Utility
You SHOULD NOT, if at all possible, have a domain controller look at himself first when doing DNS resolution and should use another server if at all possible. It is okay to set it as a secondary in the tcp/ip properties of the nic, but if he is the primary and there is a problem with his DNS, Windows 2000 clients will have a hard time logging into the network. If you don't register the computers name in DNS, and it is a domain controller, Windows 2000 clients will have a hard time logging into the network. You need to make sure that, if this is a domain controller, it looks at another server for DNS resolution if possible and registers himself in DNS so that clients can resolve his name so they can log into the network. You can also make that error message go away if you stop the DNS client service, but I wouldn't recommend that.
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
I was under the impression (From many articles) that you are SUPPOSED to set the primary DNS Server to [self] on a DNS server. Resolving locally first. Can you please post any referencing articles here? I will try to do the same.

How would doing this affect the other clients on the network? This setting is ONLY used for the Local Area Network connection on that server. How IT resolves DNS for itself, not how the CLIENTS resolve DNS...
0
 

Author Comment

by:MICS
Comment Utility
http://www.microsoft.com/windows2000/techinfo/planning/server/serversteps.asp

this links to a page by MICROSOFT say how to install it on a single system. If it cant be done, why do they post these step-by-step  procedures that dont work.....


(is this just microsofts way of messing with peopel)
0
 
LVL 17

Expert Comment

by:mikecr
Comment Utility
This is a best practice scenario. In a true environment you would normally have two domain controllers running AD. They would look at each other for DNS resolution first and then to themselves. If you only have one domain controller then you have not choice but to use himself for DNS. If at all possible, you would set both of your domain controllers to have AD integrated DNS also.

Jmiller47, here are the articles that you requested.

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q275278&ID=KB;EN-US;Q275278

Here is also an exerpt from Microsofts best practices setting up AD.

Additional Tips and Best Practices  
 



Always configure your DC's DNS client to point to the local server as the preferred DNS server and any other DNS server as the alternate DNS server. The exception here is with the Forest root domain DCs: These should point to other forest root DCs both as the preferred and alternate DNS server ("The Island problem" is the known issue here. Read the Microsoft Knowledge Base article Q275278 for more information). Configure the DNS client before you run dcpromo (except the first DC) and point to any existing DNS server before you run dcpromo. Re-configure the DNS client after a third domain controller is promoted.

0
 

Author Comment

by:MICS
Comment Utility
mikecr,   i only have one domain controller, i run a small LAN with 15 computers and dont have the budget for 2 servers..   is there anything i can do to resolve this problem???

thanks,
0
 

Author Comment

by:MICS
Comment Utility
DNS and AD Domain controller on same system.
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
mikecr,

That says that you are to have the DNS client (in TCP/IP settings) to point to the local server as it's promary DNS server and another as its secondary. The only exception would be if the Server were a Forest Root Domain Controllers. Very good information in these articles. I am not completely done reading them, but I will definitely comb through them now. Thanks for the info.

MICS,
If you only have one Domain Controller then you would point the Primary DNS to the local IP and the secondary to your choice such as your router or ISP DNS servers.
0
 
LVL 17

Expert Comment

by:mikecr
Comment Utility
I agree with Jmiller47 except for I wouldn't point it at any ISP's for DNS resolution unless you need to. His root hints should be enough to resolve internal queries to the internet and keep you from getting garbage updates from your ISP. As for the DC, I would create the DNS first on the machine as a primary zone, register the computers record in the zone, then upgrade the machine to a DC. This can be done also during the install process as you will be prompted to set up DNS automatically if you wish and it will do it for you. Let us know how you make out.
0
 

Author Comment

by:MICS
Comment Utility
At the moment thats how i have it setup. but it seems to have a problem contacting itself during boot.  has anyone experienced it..

can either of you try an install in my setup single system dns /AD domain controller?

thanks.
0
 
LVL 17

Expert Comment

by:mikecr
Comment Utility
I already have one at home that is set up that way, however I don't get the error messages that you do. How did you set up DNS when you first installed or did you let it set it up? Do you have SP2 installed?
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
With only a single DNS server, I usually have the clients point to an ISP DNS server.

That way if it needs a DNS resolution, it goes to the AD DNS first. If it fails, then it tries the ISP's DNS Server. This way, if for some reason your server goes down, offline, or DNS services hang, people can still get to the Internet to do work. With the clients ONLY pointing at the one DNS server and nothing else, if that DNS server or service is unavailable, the clients will be unable to resolve any addresses.

- "can either of you try an install in my setup single system dns /AD domain controller?"

What do you mean by this? Do you want us to emulate what you have done in the How-to article? I have that setup "almost" to a T...

Can you post the following information about your server found in TCP/IP properties?
IP address
Subnet mask
Gateway
Primary DNS
Secondary DNS
Whatever you are using now would be fine.

Thanks
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
Yes, let us know if you have SP2 installed.

You did do the automatic DNS setup through the DCPROMO wizard as the instructions suggest correct?
0
 

Author Comment

by:MICS
Comment Utility
i followed the instructions to a T except for the the names I used my own company name  ie . MICS.local as my domain.

i have 2 nics. one for internal 10.10.1.1 (the install does this auto) and for my internet connection the nic is 216.183.11.103, subnet 255.255.255.224.  gateway 216.183.11.97

after all the steps I installed SP2.

after that check the logs for errors....

thanks alot.. i have been playing with this for a while and will errors/warnings.

i also boosted the points to 400


0
 

Author Comment

by:MICS
Comment Utility
if someone did an install that is done in a different way, but works, can you please let me know what was different and I will give it a try, thanks.
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
What do you have set for your Primary and secondary DNS servers?
0
 

Author Comment

by:MICS
Comment Utility
primary DNS is itself...  secondary is blank... i dont have it connected to the internet yet.
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
By itself, you do you mean 127.0.0.1? Or do you have something else there? I just wanted to make sure..

Thanks
0
 

Author Comment

by:MICS
Comment Utility
i had that, but then I changed it to 10.10.1.1 for NIC1 and 216.183.11.103 for NIC2
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
That should do the same thing. Looking back, I think 127.0.0.1 would work better, but your setup will do just fine.
0
 
LVL 17

Expert Comment

by:mikecr
Comment Utility
Are you still having any more problems and what are they?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:MICS
Comment Utility
here is a recap of what i did,

installed as the document linked above said. i let it do the DNS install and everything..   installed sp2.  my dns server ips are set to 127.0.0.1 for both NIC's, I also disabled ip registration for both nic's(dont know if i needed to do this or not). I still get this error in the event log when I start the system

Event Type:     Warning
Event Source:     NETLOGON
Event Category:     None
Event ID:     5782
Date:          6/24/2002
Time:          10:15:00 AM
User:          N/A
Computer:     HQ-MICS-01
Description:
Dynamic registration or deregistration of one or more DNS records failed with the following error:
No DNS servers configured for local system.  
Data:
0000: 7c 26 00 00               |&..    
0
 
LVL 17

Expert Comment

by:mikecr
Comment Utility
Do an ipconfig /registerdns on the machine and tell me if it throws an error.
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
Can you go into Computer management> Services> Services and see if Microsoft DNS server service is started?

Thanks
0
 

Author Comment

by:MICS
Comment Utility
mikecr - ipconfig /registerdns didn't throw any errors after it booted... it seems as if it only errors during bootup.

jmiller47 - DNS is started
0
 

Author Comment

by:MICS
Comment Utility
i just removed my 2nd NIC. and still the same problem...
0
 
LVL 17

Expert Comment

by:mikecr
Comment Utility
I could be wrong, but I don't think you can register the loopback address in DNS. Try a different IP address and do the ipconfig /registerdns again and see what happens.
0
 

Author Comment

by:MICS
Comment Utility
different IP address in which box?
0
 
LVL 17

Expert Comment

by:mikecr
Comment Utility
Of the domain controller. Use the Domain controllers regular IP address in DNS and not the loopback adapter address.
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
"I could be wrong, but I don't think you can register the loopback address in DNS. Try a different IP address and do the ipconfig /registerdns again and see what happens".

I was wondering about what you meant by this and now I understand. But, if he puts the loopback address in as the Primary DNS server, it does not register the loopback address in DNS. Rather, it registers the IP address designated to that card to the DNS server specified in the Primary DNS server field of that card. Since the Primary DNS server is the loopback, (127.0.0.1) it will register the DNS record in it's own DNS server Service.


0
 

Author Comment

by:MICS
Comment Utility
ok. i did try the regular IP in the DNS Server ip. and its identical.

I just tried another computer, and it did tha same thing.....    it doesn't make sense....

0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
So no computer can do dymanic updates?

Is the Server DNS configured to accept dynamic updates?

This is really strange if you have turned off dynamic updates on the clients altogether. Is this still turned off?
0
 

Author Comment

by:MICS
Comment Utility
i dont have any clients installed yet...   as for the dynamic reg setting. i will check it out
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
"I just tried another computer, and it did tha same thing.....    it doesn't make sense...."

The other computer is another CLIENT computer...

"as for the dynamic reg setting"
I'm not understanding why you said dynamic REG settings here. The 'allow dynamic updates' feature that I mentioned is a Windows 2000 DNS server option that you turn on or off using the GUI interface.
0
 

Author Comment

by:MICS
Comment Utility
there seems to be a missunderstanding somewhere.   the SERVER is giving the errors not the client. On the DNS serever I changed the 'allow dynamic updates' to 'Yes' from 'Secure only'.When i said another computer I ment i installed Server onto another system.
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
I understand what you are saying now. Thanks for clearing that up.

Now, after you changed the 'allow dynamic updates' option
from 'Secure only' to 'Yes', have your problems gone away?

Have you rebooted?


0
 

Author Comment

by:MICS
Comment Utility
I still have the problem after rebooting....   as i stated in one of my comments before, It only seems to be a problem during BOOT....   after its booted and i logged in I can run  IPCONFIG /REGISTERDNS  and no errors occur....

0
 
LVL 17

Accepted Solution

by:
mikecr earned 200 total points
Comment Utility
I would suggest reapplying service pack two and running all the updates from Microsft's Windows Update site that might be left and see if this fixes the problem.
0
 

Author Comment

by:MICS
Comment Utility
is there a moderator reading this?
0
 

Author Comment

by:MICS
Comment Utility
I was still unable to resolve my problem, Its not having a major effect on my system so I'm going to take a brake and try to resolve it again later.

I would like to split the points can a moderator help.

thanks
0
 
LVL 7

Expert Comment

by:jmiller47
Comment Utility
The best way to get a moderator's attention is to post a message in Community support. You should put it in as a zero point question and link to this question so they know what question to help with.

Cheers!
0
 
LVL 1

Expert Comment

by:Computer101
Comment Utility
How many experts would you like to split this with

Computer101
E-E Admin
0
 

Author Comment

by:MICS
Comment Utility
2.

jmiller47
and
mikecr

THanks.
0
 
LVL 1

Expert Comment

by:Computer101
Comment Utility
Points reduced for a split.  You can now accept one experts comment as an answer.  After that, make another question in this topic area for the other expert.  Make the question for the amount of points intended.  Label the question, "Question for (Expert Name) and post this question number in the base of the question, i.e. For your assistance in question # --------


Computer101
E-E Admin
0
 
LVL 1

Expert Comment

by:Computer101
Comment Utility
MICS,
Are you going to close this

Thanks

C101
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, I will show you HOW TO: Create your first Windows Virtual Machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, the Windows OS we will install is Windows Server 2016.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now