Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 150
  • Last Modified:

Asking Again

Dear Friend:

Please view this question of mine: http://www.experts-exchange.com/Security/Win_Security/Q_21129561.html

 I'm offering ANOTHER 500 points for it to be resolved! Either post answer here or there, I will give BOTH points to succesfull help! That's a total of 1000 points! PLEASE SOMEONE HELP ME! IT'S ANNOYING.. The logon auth time is TOTALLY random! Now it started spreading on all other PCs... It has nothing to do with soln's offered so far o nthe URL above.

Sincerely,
0
ITKnightMare
Asked:
ITKnightMare
  • 2
  • 2
1 Solution
 
Gary DewrellSenior Network AdministratorCommented:
Hi ITKnightMare,
I have seen this when I had DNS problems. Check the PC's that are having this issue and make sure you have the dns settings set properly.

God Bless
0
 
oBdACommented:
I'm pretty sure that's due to incorrect DNS settings.
Assuming both of your DCs are running DNS (are they?), the following setup is correct:

*** TCP/IP-Settings ***
* On your first DC/DNS, make sure the only DNS listed in the TCP/IP properties is itself.
* On your second DC, let it point to the first DC as primary, to itself as secondary.
* On your domain members, enter both DCs as primary and secondary DNS.
* Do NOT enter your ISP's DNS server in the TCP/IP settings on any domain member. All DNS resolution needs to be done by your internal DNS servers *only*.

*** DNS Server Settings ***
* Delete the root zone (if present) in your DNS servers' forward lookup zones (the single dot, "."), to enable external lookups.
* Right-click your forward and reverse lookup zones, and make sure that they Dynamic Updates are enabled.
* In the properties page of your DNS servers, configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.
* It's recommended (but not necessary) to set your zones to Active Directory integrated (this can be done in the properties of the zones as well).

Once you've checked this, open a command prompt and enter "ipconfig /registerdns", then stop and re-start the netlogon service. Check if the SRV records have been created (see link below).
For further troubleshooting, you can use dcdiag.exe and netdiag.exe to check your system for errors in the domain setup.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows 2000
http://support.microsoft.com/?kbid=316341

HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202

Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/?kbid=237675

Troubleshooting Common Active Directory Setup Issues in Windows 2000
http://support.microsoft.com/?kbid=260371

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

HOW TO: Use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000
http://support.microsoft.com/?kbid=321708

DCDiag and NetDiag in Windows 2000 Facilitate Domain Join and DC Creation
http://support.microsoft.com/?kbid=265706

Do not install the Support Tools from your installation CD, some tools were updates by the Service Packs. Here's the current version:
Windows 2000 SP4 Support Tools
http://www.microsoft.com/windows2000/downloads/servicepacks/SP4/supporttools.asp

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897
0
 
ITKnightMareAuthor Commented:
@oBdA:

I will... However I had a question.; in regards to this comment:

*** TCP/IP-Settings ***
* On your first DC/DNS, make sure the only DNS listed in the TCP/IP properties is itself.

The DCs are on a private network. To be more precise, there is a main network, which I have established my own domain upon.  Now based on this, the primary DC has the major network's DNS address entered. If I enter itself, won't this cause a problem? Or is this stupid of me to ask?
0
 
oBdACommented:
If the DNS entry in the DC's TCP/IP configuration does not point to itself, then that's where your troubles are coming from. The DC will then try to register its SRV entries with the DNS server for the other domain (which will probably refuse this). You could of course use this "major" DNS server, but for that to work, a zone with your domain name needs to be created, and this DNS server needs to support dynamic updates.
The setting from above assume that you are running DNS on your DCs. If so, then enter the own IP address on your DC, and configure forwarders to point to your "major" DNS.
0
 
ITKnightMareAuthor Commented:
Debl99 has had some insights as well as Tiran Dagan. Please take a look at them for they did not help either! I just raised the questions total worth to 1000 now (500 here and 500 here: http://www.experts-exchange.com/Security/Win_Security/Q_21129561.html )

PLEASE HELP!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now