?
Solved

DNS issues possibly related to network adapter bindings?

Posted on 2004-03-25
4
Medium Priority
?
758 Views
Last Modified: 2010-04-19
I have an issue on my small home network on my domain controller for bstinman.local domain.   My setup is as follows:  Win2003 server with two NICs.  One for my private network and one for my public (Road Runner cable modem).  Private NIC is set for static IP and points to itself for DNS server (10.10.1.1).  The public (cable modem) NIC is set to optain IP and DNS settings automatically.  

When the public network adapter (which has file and print shareing disabled for security reasons) is set as first in the binding order I can not access any group or domain policies and I get the following event error every 5 minutes on my 2003 server.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 2/8/2002
Time: 7:25:40 AM
User: NT AUTHORITY\SYSTEM
Computer: MYCOMPUTER
Description: Windows cannot access the file gpt.ini for GPO
(Access is denied) Group Policy processing aborted.

The reason this happens is simple and I've proven it to be right by switching the BINDING ORDER of my NICs.  "Windows 2003 attempts to access its Sysvol share through the primary adapter to read the group policies. Because file and print sharing is disabled, the Sysvol share is unavailable through that adapter, and the operation does not work.
 
So I moved my private adapter (which has file and print sharing enabled) to the top of the binding order as suggested and it solves the Group Policy issues but creates another...I can't surf the internet on my server or my client machines.

My cable modem can get to Road Runner because the public adapter gets assigned an IP address and it also shows the Road Runner DNS servers when I do an IPCONFIG /ALL...but I can't surf!  

I'm convinced this is a DNS thing.  Since my private adapter is now set up as first in the binding order maybe its trying to use my server (10.10.1.1) to resolve internet names because the main adapter points to itself as the DNS server?    My thinking is I should be able to set up the ISP DNS servers as forwarders in my DNS setup, but this doesn't work and besides even without setting up forwarders shouldn't my server automatically use ROOT HINT servers to resolve IP's when it can not?  The server is not set up as a ROOT server (the "." zone is not there under forward lookup zones).

Its a catch 22.  Errors and no group policy when my cable modem adapter is set 1st in the binding order vs. no Internet Access if it is set second in the binding order.  I should be able to get both!

I'm thinking there is something I'm missing with my DNS setup, but only know enough to be dangerous.  






0
Comment
Question by:bstinman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 10676854
What are you using for routing on that box? - firewall software, or NAT?

You'll have to setup RRAS for NAT'ing between external and internal NICS.

Your DNS sounds correct and the internal adapter must be first in the binding.


Disable NetBIOS over TCP/IP, file and print and Microsoft Network on the external NIC.
Make sure there is no gateway on the internal NIC.

Other than that, you have thing sright so far, now you need to get the routing working between both NICS.

0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 10676874
0
 

Author Comment

by:bstinman
ID: 10677413
RRAS is set up to use NAT, but I haven't done anything within IP Routing as suggested by the document you said...I'll try that.

 I will also try disabling Netbios over TCP/IP on the enternal NIC, File & Print sharing is allready disabled on it.  

Also, I may have 10.10.1.1 listed as the gateway on the internal NIC.  Maybe that is it.

I'll give it a go when I get home today.  Thanks!!  
0
 

Author Comment

by:bstinman
ID: 10682155
Thanks, for the help Netman...I made your suggested changes and all works well.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question