Solved

Asking Again

Posted on 2004-09-17
5
129 Views
Last Modified: 2013-12-04
Dear Friend:

Please view this question of mine: http://www.experts-exchange.com/Security/Win_Security/Q_21129561.html

 I'm offering ANOTHER 500 points for it to be resolved! Either post answer here or there, I will give BOTH points to succesfull help! That's a total of 1000 points! PLEASE SOMEONE HELP ME! IT'S ANNOYING.. The logon auth time is TOTALLY random! Now it started spreading on all other PCs... It has nothing to do with soln's offered so far o nthe URL above.

Sincerely,
0
Comment
Question by:ITKnightMare
  • 2
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Gary Dewrell
Comment Utility
Hi ITKnightMare,
I have seen this when I had DNS problems. Check the PC's that are having this issue and make sure you have the dns settings set properly.

God Bless
0
 
LVL 82

Accepted Solution

by:
oBdA earned 500 total points
Comment Utility
I'm pretty sure that's due to incorrect DNS settings.
Assuming both of your DCs are running DNS (are they?), the following setup is correct:

*** TCP/IP-Settings ***
* On your first DC/DNS, make sure the only DNS listed in the TCP/IP properties is itself.
* On your second DC, let it point to the first DC as primary, to itself as secondary.
* On your domain members, enter both DCs as primary and secondary DNS.
* Do NOT enter your ISP's DNS server in the TCP/IP settings on any domain member. All DNS resolution needs to be done by your internal DNS servers *only*.

*** DNS Server Settings ***
* Delete the root zone (if present) in your DNS servers' forward lookup zones (the single dot, "."), to enable external lookups.
* Right-click your forward and reverse lookup zones, and make sure that they Dynamic Updates are enabled.
* In the properties page of your DNS servers, configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.
* It's recommended (but not necessary) to set your zones to Active Directory integrated (this can be done in the properties of the zones as well).

Once you've checked this, open a command prompt and enter "ipconfig /registerdns", then stop and re-start the netlogon service. Check if the SRV records have been created (see link below).
For further troubleshooting, you can use dcdiag.exe and netdiag.exe to check your system for errors in the domain setup.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows 2000
http://support.microsoft.com/?kbid=316341

HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202

Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/?kbid=237675

Troubleshooting Common Active Directory Setup Issues in Windows 2000
http://support.microsoft.com/?kbid=260371

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

HOW TO: Use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000
http://support.microsoft.com/?kbid=321708

DCDiag and NetDiag in Windows 2000 Facilitate Domain Join and DC Creation
http://support.microsoft.com/?kbid=265706

Do not install the Support Tools from your installation CD, some tools were updates by the Service Packs. Here's the current version:
Windows 2000 SP4 Support Tools
http://www.microsoft.com/windows2000/downloads/servicepacks/SP4/supporttools.asp

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897
0
 
LVL 1

Author Comment

by:ITKnightMare
Comment Utility
@oBdA:

I will... However I had a question.; in regards to this comment:

*** TCP/IP-Settings ***
* On your first DC/DNS, make sure the only DNS listed in the TCP/IP properties is itself.

The DCs are on a private network. To be more precise, there is a main network, which I have established my own domain upon.  Now based on this, the primary DC has the major network's DNS address entered. If I enter itself, won't this cause a problem? Or is this stupid of me to ask?
0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
If the DNS entry in the DC's TCP/IP configuration does not point to itself, then that's where your troubles are coming from. The DC will then try to register its SRV entries with the DNS server for the other domain (which will probably refuse this). You could of course use this "major" DNS server, but for that to work, a zone with your domain name needs to be created, and this DNS server needs to support dynamic updates.
The setting from above assume that you are running DNS on your DCs. If so, then enter the own IP address on your DC, and configure forwarders to point to your "major" DNS.
0
 
LVL 1

Author Comment

by:ITKnightMare
Comment Utility
Debl99 has had some insights as well as Tiran Dagan. Please take a look at them for they did not help either! I just raised the questions total worth to 1000 now (500 here and 500 here: http://www.experts-exchange.com/Security/Win_Security/Q_21129561.html )

PLEASE HELP!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now