?
Solved

Joining domain: Some XP clients insist on domain's NetBIOS name, others full DNS name

Posted on 2006-07-18
9
Medium Priority
?
377 Views
Last Modified: 2012-06-27
We just switched from Server 2000 to 2003 and I rebuilt the network and domain.  I disjoined the clients from the old domain before reloading the server and creating the new domain.  The old domain was office.net, while the new domain  under W2k3 is office.local.  When joining the clients to the new domain, some of them insist on being joined to "office" while others insist on using "office.local"

What's up?  
0
Comment
Question by:fuze44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
9 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 1400 total points
ID: 17134125
Very likely incorrect DNS settings. You should be able to add all members to the domain using the domain's FQDN. If this doesn't work, you have name resolution problems. Assuming your DC is running DNS, the following setup is correct:

*** TCP/IP-Settings ***
* On your DC/DNS, make sure the only DNS listed in the TCP/IP properties is itself.
* On your domain members, enter only your DC as primaryDNS.
* Do NOT enter your ISP's DNS server in the TCP/IP settings on any domain member. All DNS resolution needs to be done by your internal DNS server *only*.

*** DNS Server Settings ***
* Delete the root zone (if present) in your DNS servers' forward lookup zones (the single dot, "."), to enable external lookups.
* Right-click your forward and reverse lookup zones, go to Properties, and make sure that Dynamic Updates are enabled.
* In the properties page of your DNS servers, configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.
* It's recommended (but not necessary) to set your zones to Active Directory integrated (this can be done in the properties of the zones as well).

Once you've checked this, open a command prompt and enter "ipconfig /registerdns", then stop and re-start the netlogon service. Check if the SRV records have been created (see link below).
For further troubleshooting, you can use dcdiag.exe and netdiag.exe (from the Support Tools; both support a /fix parameter to fix small problems on the fly) to check your system for errors in the domain setup.

10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?EditorialsID=413

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17134219
Functionally, there is no difference using either name.

It's likely a NetBIOS issue or the DNS cache is interfering.  Try IPCONFIG /flushdns.



0
 
LVL 85

Expert Comment

by:oBdA
ID: 17141131
Hm; I beg to differ slightly. If you can't join an XP client to a domain using the domain's FQDN, then you have some serious name resolution problems.
You might be able to join the machine using the NetBIOS name because the client can resolve the domain name using a broadcast (after all, it might actually be an NT4 domain), even if there is no WINS server (and assuming NetBIOS isn't disabled), but then you'll have just the same name resolution problems as before, only now with a machine that's joined to the domain ...
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:fuze44
ID: 17142220
Thanks for your feedback, everyone.  I do, in fact, run DNS on the domain controller.  I've been reading through the material that oBda linked to, and found that after running netdiag.exe, I get the following errors listed below. I'm currently trying to take steps to correct this, but if you have any suggestions, please let me know.   One question: in the DNS console under forward lookup zones, there is a _msdcs.office.local and an office.local.  What are the differences between the two?  


[WARNING] The DNS entries for this DC are not registered correctly on DNS server 10.0.0.1
[FATAL] No DNS servers have the DNS records for this DC registered
[WARNING] Cannot find a primary authoritative DNS server for the name
            'dc03.office.local.'. [RCODE_SERVER_FAILURE]
            The name 'dc03.office.local.' may not be registered in DNS.
Check the DNS registration for DCs entries on DNS server '10.0.0.1'
Query for DC DNS entry office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.Default-First-Site._sites.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.pdc._msdcs.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.gc._msdcs.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.Default-First-Site._sites.gc._msdcs.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.fff419e6-8667-4589-b71d-789dbacce320.domains._msdcs.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry gc._msdcs.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry af87c411-db45-4f72-986a-28c826370866._msdcs.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kerberos._tcp.dc._msdcs.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kerberos._tcp.Default-First-Site._sites.dc._msdcs.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.dc._msdcs.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.Default-First-Site._sites.dc._msdcs.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kerberos._tcp.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kerberos._tcp.Default-First-Site._sites.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _gc._tcp.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _gc._tcp.Default-First-Site._sites.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kerberos._udp.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kpasswd._tcp.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kpasswd._udp.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry DomainDnsZones.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.DomainDnsZones.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.Default-First-Site._sites.DomainDnsZones.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry ForestDnsZones.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.ForestDnsZones.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.Default-First-Site._sites.ForestDnsZones.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry TAPI3Directory.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.TAPI3Directory.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.Default-First-Site._sites.TAPI3Directory.office.local. on DNS server 10.0.0.1 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.0.1'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17142623
That would do it, yep.

Make sure all your zones accept Secure Dynmaic Updates, that DNS is servicing the correct NIC (if multi-homed), the proper NIC is at the top of the binding order (if multi-homed), the checkbox is checked for Register this connection in DNS, and every NIC in the LAN is pointing only to your DNS server.

0
 

Author Comment

by:fuze44
ID: 17142660
I can't believe I did this, but my DNS server wasn't pointing to itself. I corrected that and ran
ntdiag /fix.

Now, the only warnings I get are:

[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Is this of concern?  I don't use WINS, but what about the other two?

Thanks
0
 

Author Comment

by:fuze44
ID: 17142670
Also, do the clients need to have their dns cache flushed or will it be rebuilt overnight? Thanks
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 600 total points
ID: 17142813
That error is normally caused by the wrong NIC being at the top of the binding order.

If this server has 2 NICs, you need to move the internal (LAN side) NIC to the top of the order.

Clients should be rebooted to guarantee a clean start.



0
 
LVL 85

Expert Comment

by:oBdA
ID: 17144573
You can probably ignore the last warning; that's likely because the messenger service is disabled by default in Server 2003, so for the obvious reason, it doesn't register in WINS. If you start the messenger service, this error should disappear; if it does disappear, you can stop the messenger service and ignore the error.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question