asked on

Windows Server 2003 trusts/logons/dns

I have 3 Windows 2003 servers. The primary is the SBS2003 and I also have an Enterprise and Standard Edition. I have been getting thousands of logon failures (Event ID 529) and consequently I am having issues now where servers and computers are not logging onto the resources and having access to the files on the various drives. I am also having issues where I cannot access outside Internet sites such as www.yahoo.com. What advise can you give me?

Thanks

ASKER CERTIFIED SOLUTION

gpriceee

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

gpriceee

As for your yahoo.com issue, if you fixup DNS, you'll have issues with yahoo.com.
The old standard called for a 512 limit on DNS packets; yahoo returns a larger packet. The 512 limit is gone.

c_ur_f8

ASKER

I used yahoo.com as an example. I can get to mail.yahoo.com and my.yahoo.com, but not www.yahoo.com. Any further thoughts?

gpriceee

Yes. www.yahoo.com returns a lerger than 512 DNS packet.
Are you using a firewall that "checks" DNS for errors?

c_ur_f8

ASKER

I'm not in control of the firewall, but we do have a unit that may be the cause and effect of many of our problems. It is also running DHCP which I need to get onto one of my 2003 servers, but I'm having issues with that authorizing. I'm wondering if I have an AD issue, DNS issue or something else that I'm not thinking of.

gpriceee

My assumption for yahoo is the firewall.

Check ou the following for DHCP: http://support.microsoft.com/default.aspx?scid=kb;en-us;303317

c_ur_f8

ASKER

It lets me authorize, but won't give the permissions.

Have you seen the following error?

C:\Documents and Settings\administrator.CRSENGINEERS>repadmin /showreps
Default-First-Site-Name\CRSXCHANGE
DC Options: IS_GC
Site Options: (none)
DC object GUID: 7293b1f4-20c9-4db3-9161-bcf6ee3b0d58
DC invocationID: bd922d11-0231-4ed7-9ea5-0321e1626d63

==== INBOUND NEIGHBORS ======================================

DC=crsengineers,DC=com
Default-First-Site-Name\CRSWEB via RPC
DC object GUID: 0ed5a2ec-3cb5-4c08-a5cb-68c27661164d
Last attempt @ 2005-04-18 10:29:24 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2005-04-18 09:56:30.
Default-First-Site-Name\CRSACCNT via RPC
DC object GUID: a107ffdf-2cb0-4aae-aae2-fd1c79192743
Last attempt @ 2005-04-18 10:31:09 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2005-04-18 09:56:30.

CN=Configuration,DC=crsengineers,DC=com
Default-First-Site-Name\CRSACCNT via RPC
DC object GUID: a107ffdf-2cb0-4aae-aae2-fd1c79192743
Last attempt @ 2005-04-18 10:35:56 was successful.
Default-First-Site-Name\CRSWEB via RPC
DC object GUID: 0ed5a2ec-3cb5-4c08-a5cb-68c27661164d
Last attempt @ 2005-04-18 10:35:56 was successful.

CN=Schema,CN=Configuration,DC=crsengineers,DC=com
Default-First-Site-Name\CRSACCNT via RPC
DC object GUID: a107ffdf-2cb0-4aae-aae2-fd1c79192743
Last attempt @ 2005-04-18 10:29:54 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2005-04-18 09:56:30.
Default-First-Site-Name\CRSWEB via RPC
DC object GUID: 0ed5a2ec-3cb5-4c08-a5cb-68c27661164d
Last attempt @ 2005-04-18 10:30:24 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2005-04-18 09:56:30.

DC=DomainDnsZones,DC=crsengineers,DC=com
Default-First-Site-Name\CRSWEB via RPC
DC object GUID: 0ed5a2ec-3cb5-4c08-a5cb-68c27661164d
Last attempt @ 2005-04-18 10:30:39 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2005-04-18 09:56:30.
Default-First-Site-Name\CRSACCNT via RPC
DC object GUID: a107ffdf-2cb0-4aae-aae2-fd1c79192743
Last attempt @ 2005-04-18 10:31:24 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2005-04-18 09:56:30.

DC=ForestDnsZones,DC=crsengineers,DC=com
Default-First-Site-Name\CRSWEB via RPC
DC object GUID: 0ed5a2ec-3cb5-4c08-a5cb-68c27661164d
Last attempt @ 2005-04-18 10:30:54 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2005-04-18 09:56:30.
Default-First-Site-Name\CRSACCNT via RPC
DC object GUID: a107ffdf-2cb0-4aae-aae2-fd1c79192743
Last attempt @ 2005-04-18 10:31:41 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2005-04-18 09:56:30.

Source: Default-First-Site-Name\CRSWEB
******* 1 CONSECUTIVE FAILURES since 2005-04-18 09:56:30
Last error: 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.

Source: Default-First-Site-Name\CRSACCNT
******* 1 CONSECUTIVE FAILURES since 2005-04-18 09:56:30
Last error: 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.

gpriceee

Do you have the server looking at an external DNS address?
http://support.microsoft.com/?kbid=263624

c_ur_f8

ASKER

Nope. I verified this already. The servers are only looking at their own IP for DNS.

gpriceee

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/5586ecc0-924b-4f08-800b-9fd6eef05619.mspx