?
Solved

W2K DNS and Internet problem

Posted on 2003-03-03
10
Medium Priority
?
858 Views
Last Modified: 2010-03-19
Hello,

I have a W2K AS server setup, connected to an ADSL Router/ modem, which also acts as DHCP server. It is set up as a PDC, although at present their no other computers on the network. (other software installed is ZoneAlarm 3.7, Oracle8, SQL server2000 and Domino R5).

The problem appears to be DNS: it takes forever to get a web page to show up and when I try localhost or 127.0.0.1 in a browser I give up before the page ever loads. There are 3 recurrent entries in the Event Viewer (app log):


ERROR -  SceCli

Security policy cannot be propagated. Cannot access the template. Error code = 3.
     \\mydom.com\sysvol\mydom.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.


ERROR - userEnv


The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (3).


Do i need DNS running on my server? I tried to set DNS to point to the router but it was having none of it. When I select DNS from Admin tools it says specified DNS server cannot be contacted. What should I do?! I've set up Nt servers in the past but W2K is a bit more complex...

p.s. Why when I right click and select properties for a folder does nothing happen?


0
Comment
Question by:markhoy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 

Expert Comment

by:jezcalvert
ID: 8057219
This problem is more likely due to insuffcient rights to the sysvol. This comes about through the fact access is gained via the local NIC and requests are looped back to the local server OS.

If the server is a dual NIC server try changing the order of the NIC's in the Control Pannel, Network & Dial-up, Tools, Advanced, Advanced Settings.

This is a problem with authentication and authorisation, I think the DNS problem is a red herring. Just to be sure have you used nslookup to proove name resolution.

Also this fault has been posted before but I don't have the link. If you type the exact error code in google you should be able to find it.
0
 
LVL 7

Author Comment

by:markhoy
ID: 8057613
but any ideas why right click > properties doesn't work?
0
 
LVL 7

Author Comment

by:markhoy
ID: 8057702
The server only has one NIC. File and print sharing is enabled. I can't right click on the sysvol folde to check permissions.

Are you sure the incomplete dns isn't an issue? I can't get to localhost in a broswer and the error message says "can't get to \\mydom.com"
0
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

 

Expert Comment

by:jezcalvert
ID: 8057764
That provides you with the properties of the individual NIC, the problem can be caused by the order of the NIC's. To change the order you need to use the Advanced Settings.
0
 
LVL 7

Author Comment

by:markhoy
ID: 8057895
If i select advance properties of my Network connection (LAN) on the adapters/ bindings tab it shows:
LOCAL AREA NETWORK

file and printer sharing
     internet protocol (tcp/ip)


client for MS networks
    internet protocol (tcp/ip)

PROVIDER ORDER:

Network providers
    MS Windows Network

print providers

The properties of the LAN connection shows me my NIC properties.

Going back to the DNS bit, my Domain is called mydom.com but my server is called nihal. Within explorer I see nihal as part of mydom and sysvol is shared. (and I turned off ZOneAlarm and checked the logs an hour later. The previous error msg has gone
sceCli - Security policy in the Group policy objects are applied successfully.

But now i get a new error msg:

warning - 5781 - winlogon -  Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available. )

so the sysvol has been found but http browsing still takes forever...



0
 
LVL 2

Expert Comment

by:mdnewell
ID: 8060825
Hello,
You need DNS to run a Win2k DC. Check MS for installing ddns. The 2k DC needs to put entries in the DNS server to run. If you didn't have DNS setup when you ran dcpromo it should have prompted you to set it up.

Try here also.
http://www.microsoft.com/windows2000/techinfo/howitworks/communications/nameadrmgmt/w2kdns.asp

(Text may wrap so cut and paste into browser)


Let me know if you can't find what you need to clear this up and I'll help further but right now I'm short on time.

HTH,
Mike.
0
 
LVL 2

Expert Comment

by:mdnewell
ID: 8061110
I forgot,
External DNS problems could be caused by zone alarm not allowing DNS requests out so check that. Once you have dns setup on your server point the forwarder to a public dns server or your ISP's DNS server.

Do you have ICS setup anywhere or is the server plugged directly into the router?
0
 
LVL 7

Author Comment

by:markhoy
ID: 8063124
Hello,

have worked out that DNS IS the problem. Will reconfigure today. ZOneAlarm was stopping Distributed File Services and causing the initial errors. The new error msg is DNS and I alreay worked that out. Thanks for the input mdnewell but I will ask for this question to be deleted.
0
 

Accepted Solution

by:
SpideyMod earned 0 total points
ID: 8065089
PAQ'd and points refunded.

SpideyMod
Community Support Moderator @Experts Exchange
0
 
LVL 2

Expert Comment

by:mdnewell
ID: 8066110
Glad you got it fixed.
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question