Solved

Asking Again

Posted on 2004-09-17
5
146 Views
Last Modified: 2013-12-04
Dear Friend:

Please view this question of mine: http://www.experts-exchange.com/Security/Win_Security/Q_21129561.html

 I'm offering ANOTHER 500 points for it to be resolved! Either post answer here or there, I will give BOTH points to succesfull help! That's a total of 1000 points! PLEASE SOMEONE HELP ME! IT'S ANNOYING.. The logon auth time is TOTALLY random! Now it started spreading on all other PCs... It has nothing to do with soln's offered so far o nthe URL above.

Sincerely,
0
Comment
Question by:ITKnightMare
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Gary Dewrell
ID: 12090162
Hi ITKnightMare,
I have seen this when I had DNS problems. Check the PC's that are having this issue and make sure you have the dns settings set properly.

God Bless
0
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 12091551
I'm pretty sure that's due to incorrect DNS settings.
Assuming both of your DCs are running DNS (are they?), the following setup is correct:

*** TCP/IP-Settings ***
* On your first DC/DNS, make sure the only DNS listed in the TCP/IP properties is itself.
* On your second DC, let it point to the first DC as primary, to itself as secondary.
* On your domain members, enter both DCs as primary and secondary DNS.
* Do NOT enter your ISP's DNS server in the TCP/IP settings on any domain member. All DNS resolution needs to be done by your internal DNS servers *only*.

*** DNS Server Settings ***
* Delete the root zone (if present) in your DNS servers' forward lookup zones (the single dot, "."), to enable external lookups.
* Right-click your forward and reverse lookup zones, and make sure that they Dynamic Updates are enabled.
* In the properties page of your DNS servers, configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.
* It's recommended (but not necessary) to set your zones to Active Directory integrated (this can be done in the properties of the zones as well).

Once you've checked this, open a command prompt and enter "ipconfig /registerdns", then stop and re-start the netlogon service. Check if the SRV records have been created (see link below).
For further troubleshooting, you can use dcdiag.exe and netdiag.exe to check your system for errors in the domain setup.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows 2000
http://support.microsoft.com/?kbid=316341

HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202

Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/?kbid=237675

Troubleshooting Common Active Directory Setup Issues in Windows 2000
http://support.microsoft.com/?kbid=260371

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

HOW TO: Use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000
http://support.microsoft.com/?kbid=321708

DCDiag and NetDiag in Windows 2000 Facilitate Domain Join and DC Creation
http://support.microsoft.com/?kbid=265706

Do not install the Support Tools from your installation CD, some tools were updates by the Service Packs. Here's the current version:
Windows 2000 SP4 Support Tools
http://www.microsoft.com/windows2000/downloads/servicepacks/SP4/supporttools.asp

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897
0
 
LVL 1

Author Comment

by:ITKnightMare
ID: 12099636
@oBdA:

I will... However I had a question.; in regards to this comment:

*** TCP/IP-Settings ***
* On your first DC/DNS, make sure the only DNS listed in the TCP/IP properties is itself.

The DCs are on a private network. To be more precise, there is a main network, which I have established my own domain upon.  Now based on this, the primary DC has the major network's DNS address entered. If I enter itself, won't this cause a problem? Or is this stupid of me to ask?
0
 
LVL 85

Expert Comment

by:oBdA
ID: 12101689
If the DNS entry in the DC's TCP/IP configuration does not point to itself, then that's where your troubles are coming from. The DC will then try to register its SRV entries with the DNS server for the other domain (which will probably refuse this). You could of course use this "major" DNS server, but for that to work, a zone with your domain name needs to be created, and this DNS server needs to support dynamic updates.
The setting from above assume that you are running DNS on your DCs. If so, then enter the own IP address on your DC, and configure forwarders to point to your "major" DNS.
0
 
LVL 1

Author Comment

by:ITKnightMare
ID: 12104279
Debl99 has had some insights as well as Tiran Dagan. Please take a look at them for they did not help either! I just raised the questions total worth to 1000 now (500 here and 500 here: http://www.experts-exchange.com/Security/Win_Security/Q_21129561.html )

PLEASE HELP!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question