Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

small business server

Posted on 2004-09-01
12
Medium Priority
?
718 Views
Last Modified: 2010-04-19
when i run dcdiag on sbs server i get cant find a time server also when i try to join the domain xp clients cant join it says cant find a domain invoice.local but ns lookup works fine and the dns pulling my hair out
0
Comment
Question by:chole
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 3
12 Comments
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 11958654
Are your service records available in DNS?  The client using DNS?  Almost guarentee it's a DNS issue.  (I HATE DNS).  
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 11958659
You can reregister the service records by executing the following command from a command prompt:
net stop netlogon & net start netlogon
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 11959136
leew
If your machines are able to resolve the domain then there are only 2 likely causes:

1. The Time on the Server is more than a few minutes (4-5) different from that on the workstations.

Use NET TIME \\servername /SET /YES on a workstation and retry joining the domain.

If this works then you will be able to do the same on every other workstation.

2. The DNS records for your domain may be missing

Make sure that the DNS settings for your server and ALL workstations and other servers are pointing to the SBS server (IE your INTERNAL DNS).
Make sure that the AD ZONE hosted by your SBS/DNS Server contains the _MSDCS records and that it is set to allow dynamic updates.
Run these commands at the SBS Server:

IPCONFIG /FLUSHDNS
IPCONFIG /REGISTERDNS

Stop and Restart the NETLOGON SERVICE as described by leew

Recheck the DNS ZONE for your AD for those service records and if they are in place retry joining the domain.

Cheers

JamesDS
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 11959471
Not being able to find a time server doesn't suggest his sbs server is significantly off.  however, you are of course correct (once had a Windows update problem because the time was SOOOO off, but Kerberos is dependant on all systems having a similar GMT time (which is adjusted automatically based on Time Zone).

I have frequently seen W32Time errors indicating an unavailable time server and it has nothing to do with the clocks being seriously out of sync.

Actually, what chole might want to try is to resolve the time server error is:

net time /querysntp

to determine what server is designated as a time server.  I use sundial.columbia.edu, but you can generally use any of those listed here:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262680
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 11960004
leew

AD doesn't care if the time on the SBS domain controller is off. Indeed, it doesn't matter so long as the differential time between the server and the workstations is within a few minutes so kerberos can authenticate the hardware.

Windows Update has nothing to do with Kerberos authentication of machines attempting to join a domain.

Given that SBS comes with ISA, I thought it unwise to begin tackling external timesyncing without getting into potentially complex discussions on opening ports on the firewall. For the moment simply having the workstations set to within a few minutes of the server (regardless of timezone) will be sufficient to move on to the next stage (address possible DNS issues)

I'll stick up another post here to help you diagnose timesync problems.

Cheers

JamesDS
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 11960007
leew
Fixing timesync is different according to the machine type...

If it's a Member Server, standard Domain Controller (not a PDCEmulator) or standard workstation then behave as if its a member server (below)
If it's a PDCEmulator then make sure you allow port 123TCP/UDP outbound on your firewall and configure the external microsoft time service by entering this at the command line
NET TIME /SETSNTP:time.windows.com

If it's a workstation, member server or a standard Domain Controller:

Members of the Active Directory sync with their local DC (local as in local AD site). The DCs then sync with the PDCEmulator, so the PDCE is the root of all time - as it were!

Diagnosis of timesync errors is difficult, but do not be tempted to use NET TIME /SETSNTP: on all machines in the domain (as suggested to many questions like this one, unless it's a PDCE), as it specifically overrides the natural internal operation of the time service within Active Directory.

These commands are written for Windows 2003 and Windows XP. There are some equivalents for windows 2000, use W32tm /? or W32Time /? from the command line to look for alternatives on older OSs.

Use NET TIME /SETSNTP:
to clear any entry and return to the default settings

Use NET TIME /SET /YES
to synch NOW with your authenticating DC and begin the diagnosis:

Start by verifying your domain is synching AD by using REPLMON.EXE in the support tools pack on the Windows installation CD.

If this is OK then run this from the command line:
W32TM /monitor

to ensure that each member server/workstation is actually pointing to a DC.

If this is OK then run this from the command line:
W32TM /resync /rediscover

followed by:
W32TM /resync /nowait

and check the system eventlog for W32TIME errors. This process does a full reset and recheck of the time system as it relates to one member machine on your AD.

Post any errors here

Explanation of why it doesn't always instantly set the right time:
Timesync works as follows:

If the local clock time of the time client is behind the current time received from the time server, W32Time will change the local clock time immediately.
If the local clock time of the time client is more than three minutes ahead of the time on the time server, W32Time will change the local clock time immediately.
If the local clock time of the time client is less than three minutes ahead of the time on the server, W32Time will quarter or halve the clock frequency for long enough to bring the clocks into sync. If the client is less that 15 seconds ahead, it will halve the frequency; otherwise, it will quarter the frequency. The amount of time the clock spends running at an unusual frequency depends on the size of the offset that is being corrected.

W32Time will periodically check its local time with the current time by connecting to the time source. This process starts as soon as the service turns on during system start-up. W32Time attempts synchronization every 45 minutes until the clocks have successfully synchronized three times. When the clocks are correctly synchronized, W32Time then synchronizes at eight-hour intervals, unless there is a failure to obtain a timestamp, or a validation failure. If there is a failure, the process starts over from the beginning.

Set it by hand (or with the command NET TIME /SET /YES) as close as you can and then simply leave it to sort itself out.


Cheers

JamesDS
0
 

Author Comment

by:chole
ID: 11964487
this is what i get if i run dcdiag/v
this sbs server is on the same net work as windows 2003 server which issues the ip address

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>dcdiag/s
Invalid Syntax: Invalid option /s. Use dcdiag.exe /h for help.

C:\Documents and Settings\Administrator>dcdiag/v

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine accounts, is a DC.
   * Connecting to directory service on server accounts.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 1 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\ACCOUNTS
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         The host 8407b8ae-2e1f-46b7-a1be-f6e43f562c83._msdcs.invoicedept.local
could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (8407b8ae-2e1f-46b7-a1be-f6e43f562c83._msdcs.invoicedept.local)
         couldn't be resolved, the server name (accounts.invoicedept.local)
         resolved to the IP address (192.168.1.8) and was pingable.  Check that
         the IP address is registered correctly with the DNS server.
         ......................... ACCOUNTS failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\ACCOUNTS
      Skipping all tests, because server ACCOUNTS is
      not responding to directory service requests
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: VerifyReplicas
      Test omitted by user request: VerifyEnterpriseReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : invoicedept
      Starting test: CrossRefValidation
         ......................... invoicedept passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... invoicedept passed test CheckSDRefDom

   Running enterprise tests on : invoicedept.local
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         ......................... invoicedept.local passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\accounts.invoicedept.local
         Locator Flags: 0xe00001bd
         PDC Name: \\accounts.invoicedept.local
         Locator Flags: 0xe00001bd
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 1600 total points
ID: 11971534
chole

The problem is your DNS entries.
Have you run netdiag /fix?

Cheers

JamesDS
0
 

Author Comment

by:chole
ID: 11973458
hi james ran netdig/fix this was the outcome
also ran dcdiag/c still cant find a time server any ideas on how to over come this the windows 2003 server is a time server but my small business edition wont pick it up thanks for the help




Microsoft Windows [Version 5.2.3790]

(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>netdiag/fix

......................................

    Computer Name: ACCOUNTS
    DNS Host Name: accounts.invoicedept.local
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB819696
        KB822132
        KB822742
        KB822743
        KB822744
        KB822745
        KB822925
        KB823182
        KB823353
        KB823559
        KB823980
        KB824073
        KB824105
        KB824139
        KB824141
        KB824146
        KB825117
        KB825119
        KB826238
        KB826936
        KB828035
        KB828741
        KB830352
        KB835732
        KB837001
        KB839643
        KB839645
        KB840315
        KB840374
        KB867801
        Q147222
        Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Server Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : accounts
        IP Address . . . . . . . . : 192.168.1.8
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Primary WINS Server. . . . : 192.168.1.8
        Dns Servers. . . . . . . . : 192.168.1.8
                                     192.168.1.3


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03>

'Messenge
r Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{4C99058C-19ED-4F63-AF18-5AF7DE588CA7}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00>

'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server

'192.168.1.8'
.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{4C99058C-19ED-4F63-AF18-5AF7DE588CA7}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{4C99058C-19ED-4F63-AF18-5AF7DE588CA7}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed

information


The command completed successfully
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 11974366
chole

Looks like you missing DNS entries are now fixed.
SBS insists that it is the PDCEmulator in any domain and all DCs look to the PDCE for timesync.

So, to sort timesync out, treat the SBS box as the PDCE and look at the post I wrote earlier on fixing timesync

Cheers

JamesDS


0
 

Author Comment

by:chole
ID: 11990178
thanks james all working ok now
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 11990862
chole
Very welcome, glad to help

Cheers

JamesDS
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question