techspeak
asked on
SBS 2003 Can't access Server / DNS issues
I have a new client that had one existing Win SBS 2003 server (DC, AD). I went out a few months ago for the first time and corrected some DNS errors that have not recurred. Everything's been running great - until someone in their office installed a new router. The user disabled DHCP at the server and enabled it at the router. They're not actually using DHCP for workstation addresses as he created static ip addresses for the workstations at the router - and didn't specify a DNS server (internally).
The workstations have been running really slowly - and getting lots of Userenv and Autoenrollment errors.
I went out a couple of days ago to check on the Server status because they've asked me to install Exchange; this is when I first heard of the router and speed issues. I cleaned up a number of workstation permission issues and then added the File Server's IP address (192.168.0.2) to the router's DHCP section. (The workstations are using Statis IP as I mentioned, but without the specified DNS entry, they defaulted to the DNS servers of the ISP.) The workstations were then using the Server's IP address.
The users reported that everything ran much faster - and their error logs were clean.
Today, I asked them to restart the server at lunch - and the three workstations; this had not been done since I made the router DNS change. I wanted to get a fresh look at their error logs and to make sure everything was working before starting on Exchange. After that, the workstations could no longer login (Userenv and Autoenrollment again) with no access at all to the Server (permissions errors). The Server reported 7062 errors.
I saw Microsoft's pages on the Server error (218814 &Â 249868) and went thru and verified that DNS was ok. (The last time I looked, I was no longer getting these messages.) I verified that the workstations were getting the Server's DNS address - which they were - but they couldn't browse the internet with this address, since the Server was inaccessible. If I change the DNS address back to the router, the internet works (of course) - but still no Server.
I am no longer at the client's site. I'll be back in on Sunday. Frankly, I'm a bit stymied.
Any ideas?
The workstations have been running really slowly - and getting lots of Userenv and Autoenrollment errors.
I went out a couple of days ago to check on the Server status because they've asked me to install Exchange; this is when I first heard of the router and speed issues. I cleaned up a number of workstation permission issues and then added the File Server's IP address (192.168.0.2) to the router's DHCP section. (The workstations are using Statis IP as I mentioned, but without the specified DNS entry, they defaulted to the DNS servers of the ISP.) The workstations were then using the Server's IP address.
The users reported that everything ran much faster - and their error logs were clean.
Today, I asked them to restart the server at lunch - and the three workstations; this had not been done since I made the router DNS change. I wanted to get a fresh look at their error logs and to make sure everything was working before starting on Exchange. After that, the workstations could no longer login (Userenv and Autoenrollment again) with no access at all to the Server (permissions errors). The Server reported 7062 errors.
I saw Microsoft's pages on the Server error (218814 &Â 249868) and went thru and verified that DNS was ok. (The last time I looked, I was no longer getting these messages.) I verified that the workstations were getting the Server's DNS address - which they were - but they couldn't browse the internet with this address, since the Server was inaccessible. If I change the DNS address back to the router, the internet works (of course) - but still no Server.
I am no longer at the client's site. I'll be back in on Sunday. Frankly, I'm a bit stymied.
Any ideas?
ASKER
Hey Netman66 -
Thanks for the reply. I really appreciate the info, but think I might have been unclear. Currently, whether I designate the Server OR the router as the DNS server (any kind of way) the user can't see the Server. No matter how I set the DNS settings, users cannot login into the Server. If I set the DNS Server to the router (or ISP), the users can at least use the Internet.
The Server itself is up and running - and did not have any DNS errors when I was there last - so I'm really perplexed. It is possible that since I was there another 7062 error was logged, but my remote access isn't working, so I can't say for sure.
There is one FLZ and one RLZ. The root hints were recreated today by looking to the ISP's DNS Server.
Any ideas? I can't login to the SErver, no matter what I do.
Thanks for the reply. I really appreciate the info, but think I might have been unclear. Currently, whether I designate the Server OR the router as the DNS server (any kind of way) the user can't see the Server. No matter how I set the DNS settings, users cannot login into the Server. If I set the DNS Server to the router (or ISP), the users can at least use the Internet.
The Server itself is up and running - and did not have any DNS errors when I was there last - so I'm really perplexed. It is possible that since I was there another 7062 error was logged, but my remote access isn't working, so I can't say for sure.
There is one FLZ and one RLZ. The root hints were recreated today by looking to the ISP's DNS Server.
Any ideas? I can't login to the SErver, no matter what I do.
I would guess that (due to previous configurations) the server has not registered any SRV records with it's DNS. Â Therefore, the clients can't locate it.
Make sure the Server has a static address and ONLY points to itself for DNS.
Make sure your DNS FLZ and RLZ are set to allow Secure Dynamic Updates.
(Optional) Make sure the zones are AD Integrated.
Make sure the _msdcs.domain.com zone exists.
Restart the Netlogon Service on the server.
Run (from CMD window) IPCONFIG /registerdns
Check in DNS to make sure the records for _msdcs.domain.com now exist.
Your clients should now point to your DNS server - and if things are right, they'll work properly.
Make sure the Server has a static address and ONLY points to itself for DNS.
Make sure your DNS FLZ and RLZ are set to allow Secure Dynamic Updates.
(Optional) Make sure the zones are AD Integrated.
Make sure the _msdcs.domain.com zone exists.
Restart the Netlogon Service on the server.
Run (from CMD window) IPCONFIG /registerdns
Check in DNS to make sure the records for _msdcs.domain.com now exist.
Your clients should now point to your DNS server - and if things are right, they'll work properly.
ASKER
You are wonderful. All great suggestions - I'll try on Sunday when I can get back in.
Two quick questions:
- Is there any benefit to running DHCP on a router (like the Linksys) vs the Server? I usually run on the Server.......but am curious.
- When you say to check for the _msdcs.domain.com zone, I remember seeing _msdcs as a sub of the rza.local zone. Do you mean that the FLZ should be _msdcs.rza.local?
Two quick questions:
- Is there any benefit to running DHCP on a router (like the Linksys) vs the Server? I usually run on the Server.......but am curious.
- When you say to check for the _msdcs.domain.com zone, I remember seeing _msdcs as a sub of the rza.local zone. Do you mean that the FLZ should be _msdcs.rza.local?
In a Domain environment, you should be running DHCP from the server. Â It then has the ability to register records on behalf of the client - if you want it to. Â You also have only one place to manage the network from - the server.
If this was alway a 2003 DNS setup then the _msdcs zone should be at the same level as the domain zone. Â It used to be inside the domain zone in 2000, but was moved outside to facilitate Application Partitions and replication scope.
If it's inside the main domain zone, then it's simple to create a top level zone - let me know BEFORE you do anything so I can provide you with the proper advice.
If this was alway a 2003 DNS setup then the _msdcs zone should be at the same level as the domain zone. Â It used to be inside the domain zone in 2000, but was moved outside to facilitate Application Partitions and replication scope.
If it's inside the main domain zone, then it's simple to create a top level zone - let me know BEFORE you do anything so I can provide you with the proper advice.
ASKER
There is only the rza.local FLZ with _msdcs underneath. It is a relatively new SBS 2003 install - never upgraded. Let me know how best to proceed.
Also, they're not even using DHCP, as far as I can tell, but have it turned on on the router - with Static IP exceptions created and assigned to MAC addresses. Would you recommend that I disable this and assign the Static IP addresses from the User or Computer records on the Server?
Also, they're not even using DHCP, as far as I can tell, but have it turned on on the router - with Static IP exceptions created and assigned to MAC addresses. Would you recommend that I disable this and assign the Static IP addresses from the User or Computer records on the Server?
For SBS it's best to leave things as the Wizard set them up - however, it's not the same as a default Server 2003 install (non-SBS) and that puzzles me. Â They (MS) are probably using the old 2000 scripts to create everything.
Â
They are using Reservations if there are MAC addresses in there.
You can certainly repeat this inside the server DHCP installation. Â You would add a Reservation by MAC in under the new scope. Â Make sure the server has a STATIC address and is excluded from the scope (as is the router).
Â
They are using Reservations if there are MAC addresses in there.
You can certainly repeat this inside the server DHCP installation. Â You would add a Reservation by MAC in under the new scope. Â Make sure the server has a STATIC address and is excluded from the scope (as is the router).
ASKER
Thanks, Netman66. I agree about the MS scripts - but I was talking about the router. When I say they, I mean the guy who does the inhouse support when I'm not there. He setup the router with DHCP - and static IP addresses for the workstations. I was understanding you to say that I would be well advised to move the static IP addresses to either the workstations or to the Server, inside the computer object. Correct? .....since they're not really using DHCP anyway.
Also, you had mentioned before that I should tell you if the _msdcs was underneath the top level zone, which it is. You said you'd give me proper advice on creating a new top-level zone......?
Also, you had mentioned before that I should tell you if the _msdcs was underneath the top level zone, which it is. You said you'd give me proper advice on creating a new top-level zone......?
ASKER
By the way, your advice is REALLY appreciated.
It's safe to use proper DHCP on this network. Â It's less maintenance for you in the end.
I would turn off DHCP on the router.
Anything that needs a specific IP address, then make that reservation in DHCP.
Anything that is statically addressed (except the workstations) should be excluded from the scope.
Since this is SBS, leave the _msdcs zone where it is. Â Just make sure the server and SRV records are properly registered inside that zone.
I would turn off DHCP on the router.
Anything that needs a specific IP address, then make that reservation in DHCP.
Anything that is statically addressed (except the workstations) should be excluded from the scope.
Since this is SBS, leave the _msdcs zone where it is. Â Just make sure the server and SRV records are properly registered inside that zone.
ASKER
Re: the zones - I'm a little confused. I thought you were originally saying that I should have both a _msdcs.domain.com AND a domain.com under FLZ. Yes? I don't. I only have the domain.com with a _msdcs underneath. I will run ipconfig/registerdns and see where that leaves me.
Is there anything I should run to determine DNS health? I'm going in at 1pm today with people standing over my shoulder the whole time. I would LOVE to knock this out!
Is there anything I should run to determine DNS health? I'm going in at 1pm today with people standing over my shoulder the whole time. I would LOVE to knock this out!
ASKER
OH. And how to I make my DNS changes propogate immediately? I know sometimes it takes awhile for it to happen automatically.......
ASKER
I think I've found the answer to the last DNS question (re: propogating).
Don't be confused.
DNS in Server 2003 *normally* has the _msdcs.domain.com zone at the same level as the domain.com zone. Â In this case (since it's SBS) it's okay to leave it where it is.
DNS uses FRS to replicate - you never mentioned there was a second DC running DNS. Â In AD Sites and Services, expand the server then select it (on the left) on the right pane you right click NTDS settings the select Replicate Now.
If there are two DNS servers, on the second (non-root) DC is the _msdcs zone present in the domain.com zone.
DNS in Server 2003 *normally* has the _msdcs.domain.com zone at the same level as the domain.com zone. Â In this case (since it's SBS) it's okay to leave it where it is.
DNS uses FRS to replicate - you never mentioned there was a second DC running DNS. Â In AD Sites and Services, expand the server then select it (on the left) on the right pane you right click NTDS settings the select Replicate Now.
If there are two DNS servers, on the second (non-root) DC is the _msdcs zone present in the domain.com zone.
ASKER
Hey -
OK. I'm onsite. I've run ipconfig/registerdns, reviewed all DNS settings and made the corrections you sugested. I've stopped and restarted netlogon. I tried to run the Replicate Now - but when I click on the NTDS settings listed on the left, there's nothing in the right window to click on.
??
OK. I'm onsite. I've run ipconfig/registerdns, reviewed all DNS settings and made the corrections you sugested. I've stopped and restarted netlogon. I tried to run the Replicate Now - but when I click on the NTDS settings listed on the left, there's nothing in the right window to click on.
??
ASKER
Just so you know, I am using one workstation to test. I have given that workstation a static IP address with the router as the gateway and the server as the dns server. I am still getting the exact same result: the workstation tries to login but generates Userenv 1054 and Autoenrollment 15 errors. If I browse to the server and try to connect, it says the server is inaccessible; that I may not have permissions.
ASKER
Also, i'm getting tons of 7062 erros in the server's dns logs.
ASKER
OK. I've completely recreated the FLZ &Â RLZ, stopped and restarted DNS and NetLogon. I am getting no DNS errors in the log but netdiag /fix gives me tons of _ldap and _msdcs errors.
Any other ideas? I still can't attach a workstation......
Any other ideas? I still can't attach a workstation......
ASKER
OK. As per another EE entry, I have added a second primary zone called _msdcs.rza.local. I stopped and started NetLogon and then reran IPconfig /registerdns. No errors in the DNS logs, but none of the usual folders either: no _msdcs, _sites, _tcp or _udp. Do you want me to upload netdiag /fix output? the netlogon.dns - which seems full of entries? I'm not sure what else to do at this point.....
ASKER
I am posting the results of netdiag/fix. I'm really in a pinch..........Any ideas?
Netcard queries test . . . . . . . : Passed
Per interface results:
  Adapter : Server Local Area Connection
    Netcard queries test . . . : Passed
    Host Name. . . . . . . . . : Server
    IP Address . . . . . . . . : 192.168.0.2
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . : 192.168.0.1
    Primary WINS Server. . . . : 192.168.0.2
    Dns Servers. . . . . . . . : 192.168.0.2
    AutoConfiguration results. . . . . . : Passed
    Default gateway test . . . : Passed
    NetBT name test. . . . . . : Passed
    [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messeng
r Service', <20> 'WINS' names is missing.
    WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
  List of NetBt transports currently configured:
    NetBT_Tcpip_{11974A5C-7DCF -4638-A497 -5C39361C9 278}
  1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
  [WARNING] You don't have a single interface with the <00> 'WorkStation Serv
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
     [WARNING] Cannot find a primary authoritative DNS server for the name
      'Server.rza.local.'. [RCODE_SERVER_FAILURE]
      The name 'Server.rza.local.' may not be registered in DNS.
  [FATAL] Failed to fix: DC DNS entry rza.local. re-registeration on DNS serv
r '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.rza.local. re-registeration
n DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S ite-Name._ sit
s.rza.local. re-registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.rza. local. re-reg
steration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.rza.l ocal. re-regi
teration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S ite-Name._ sit
s.gc._msdcs.rza.local. re-registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ae248820-dd3e-4 8f7-8b3f-f b3a
6c4e384.domains._msdcs.rza .local. re-registeration on DNS server '192.168.0.2'
ailed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry gc._msdcs.rza.local. re-registeration o
 DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry 99987cb0-7e98-49ab-89d5-ec 72b5285e4e ._m
dcs.rza.local. re-registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.r za.local. re-
egisteration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-Fir st-Site-Na me.
sites.dc._msdcs.rza.local. re-registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.rza.l ocal. re-regi
teration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S ite-Name._ sit
s.dc._msdcs.rza.local. re-registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.rza.local. re-registerat
on on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-Fir st-Site-Na me.
sites.rza.local. re-registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _gc._tcp.rza.local. re-registeration on
DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Sit e-Name._si tes
rza.local. re-registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _kerberos._udp.rza.local. re-registerat
on on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.rza.local. re-registerati
n on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.rza.local. re-registerati
n on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry ForestDnsZones.rza.local. re-registerat
on on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones. rza.local. re
registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S ite-Name._ sit
s.ForestDnsZones.rza.local . re-registeration on DNS server '192.168.0.2' failed
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry DomainDnsZones.rza.local. re-registerat
on on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones. rza.local. re
registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S ite-Name._ sit
s.DomainDnsZones.rza.local . re-registeration on DNS server '192.168.0.2' failed
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI LURE
  [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for t
is DC on DNS server '192.168.0.2'.
  [FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
  List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{11974A5C-7DCF -4638-A497 -5C39361C9 278}
  The redir is bound to 1 NetBt transport.
  List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{11974A5C-7DCF -4638-A497 -5C39361C9 278}
  The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
    Failed to enumerate DCs by using the browser. [ERROR_BAD_NETPATH]
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
  No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
  Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Program Files\Support Tools>
Netcard queries test . . . . . . . : Passed
Per interface results:
  Adapter : Server Local Area Connection
    Netcard queries test . . . : Passed
    Host Name. . . . . . . . . : Server
    IP Address . . . . . . . . : 192.168.0.2
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . : 192.168.0.1
    Primary WINS Server. . . . : 192.168.0.2
    Dns Servers. . . . . . . . : 192.168.0.2
    AutoConfiguration results. . . . . . : Passed
    Default gateway test . . . : Passed
    NetBT name test. . . . . . : Passed
    [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messeng
r Service', <20> 'WINS' names is missing.
    WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
  List of NetBt transports currently configured:
    NetBT_Tcpip_{11974A5C-7DCF
  1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
  [WARNING] You don't have a single interface with the <00> 'WorkStation Serv
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
     [WARNING] Cannot find a primary authoritative DNS server for the name
      'Server.rza.local.'. [RCODE_SERVER_FAILURE]
      The name 'Server.rza.local.' may not be registered in DNS.
  [FATAL] Failed to fix: DC DNS entry rza.local. re-registeration on DNS serv
r '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.rza.local. re-registeration
n DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S
s.rza.local. re-registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.rza.
steration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.rza.l
teration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S
s.gc._msdcs.rza.local. re-registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ae248820-dd3e-4
6c4e384.domains._msdcs.rza
ailed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry gc._msdcs.rza.local. re-registeration o
 DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry 99987cb0-7e98-49ab-89d5-ec
dcs.rza.local. re-registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.r
egisteration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-Fir
sites.dc._msdcs.rza.local.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.rza.l
teration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S
s.dc._msdcs.rza.local. re-registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.rza.local. re-registerat
on on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-Fir
sites.rza.local. re-registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _gc._tcp.rza.local. re-registeration on
DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Sit
rza.local. re-registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _kerberos._udp.rza.local. re-registerat
on on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.rza.local. re-registerati
n on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.rza.local. re-registerati
n on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry ForestDnsZones.rza.local. re-registerat
on on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones.
registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S
s.ForestDnsZones.rza.local
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry DomainDnsZones.rza.local. re-registerat
on on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.
registeration on DNS server '192.168.0.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S
s.DomainDnsZones.rza.local
DNS Error code: DNS_ERROR_RCODE_SERVER_FAI
  [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for t
is DC on DNS server '192.168.0.2'.
  [FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
  List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{11974A5C-7DCF
  The redir is bound to 1 NetBt transport.
  List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{11974A5C-7DCF
  The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
    Failed to enumerate DCs by using the browser. [ERROR_BAD_NETPATH]
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
  No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
  Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Program Files\Support Tools>
ASKER
Anybody have any input on this?
ASKER
Latest: DNS has now been fully populated. I'm not getting any DNS errors in netdiag  /fix. My workstations are still not connecting tho - Userenv/1054 and Autoenrollment/15. Any advice?
It looks like there are 2 NICs in the server - move the Internal (LAN side) NIC to the top of the binding order.
Restart the server.
Restart the server.
ASKER
HEYYYY! God, I am desperate.
There aren't two nics - only one. the only errors i'm getting are in browstat status - it just says that browsing is not enabled on the domain. I think we're SO close!
There aren't two nics - only one. the only errors i'm getting are in browstat status - it just says that browsing is not enabled on the domain. I think we're SO close!
ASKER
Here's the latest netdiag output:
Computer Name: SERVER
  DNS Host Name: Server.rza.local
  System info : Microsoft Windows Server 2003 (Build 3790)
  Processor : x86 Family 15 Model 4 Stepping 10, GenuineIntel
  List of installed hotfixes :
    KB890046
    KB893756
    KB896358
    KB896422
    KB896424
    KB896428
    KB896688
    KB898715
    KB898792
    KB899587
    KB899588
    KB899589
    KB899591
    KB900725
    KB901017
    KB901214
    KB902400
    KB904706
    KB904942
    KB905414
    KB908519
    KB908531
    KB908981
    KB910437
    KB911280
    KB911562
    KB911567
    KB911897
    KB911927
    KB912919
    KB914388
    KB914389
    KB914783
    KB916281
    KB917159
    KB917344
    KB917422
    KB917537
    KB917734
    KB917953
    KB918118
    KB918439
    KB918899
    KB920213
    KB920214
    KB920670
    KB920683
    KB920685
    KB921398
    KB921883
    KB922582
    KB922616
    KB922760
    KB922819
    KB923191
    KB923414
    KB923689
    KB923694
    KB923980
    KB924191
    KB924496
    KB924667
    KB925398_WMP64
    KB925454
    KB925486
    KB926436
    KB928090-IE7
    KB928255
    KB928843
    KB929969
    KB931836
    Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
  Adapter : Server Local Area Connection
    Netcard queries test . . . : Passed
    Host Name. . . . . . . . . : Server
    IP Address . . . . . . . . : 192.168.0.2
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . : 192.168.0.1
    Primary WINS Server. . . . : 192.168.0.2
    Dns Servers. . . . . . . . : 192.168.0.2
    AutoConfiguration results. . . . . . : Passed
    Default gateway test . . . : Passed
    NetBT name test. . . . . . : Passed
    [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
    WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
  List of NetBt transports currently configured:
    NetBT_Tcpip_{11974A5C-7DCF -4638-A497 -5C39361C9 278}
  1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
  [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
  PASS - All the DNS entries for DC are registered on DNS server '192.168.0.2'.
Redir and Browser test . . . . . . : Passed
  List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{11974A5C-7DCF -4638-A497 -5C39361C9 278}
  The redir is bound to 1 NetBt transport.
  List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{11974A5C-7DCF -4638-A497 -5C39361C9 278}
  The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
    Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_ FOUND]
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
  No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
  Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
Computer Name: SERVER
  DNS Host Name: Server.rza.local
  System info : Microsoft Windows Server 2003 (Build 3790)
  Processor : x86 Family 15 Model 4 Stepping 10, GenuineIntel
  List of installed hotfixes :
    KB890046
    KB893756
    KB896358
    KB896422
    KB896424
    KB896428
    KB896688
    KB898715
    KB898792
    KB899587
    KB899588
    KB899589
    KB899591
    KB900725
    KB901017
    KB901214
    KB902400
    KB904706
    KB904942
    KB905414
    KB908519
    KB908531
    KB908981
    KB910437
    KB911280
    KB911562
    KB911567
    KB911897
    KB911927
    KB912919
    KB914388
    KB914389
    KB914783
    KB916281
    KB917159
    KB917344
    KB917422
    KB917537
    KB917734
    KB917953
    KB918118
    KB918439
    KB918899
    KB920213
    KB920214
    KB920670
    KB920683
    KB920685
    KB921398
    KB921883
    KB922582
    KB922616
    KB922760
    KB922819
    KB923191
    KB923414
    KB923689
    KB923694
    KB923980
    KB924191
    KB924496
    KB924667
    KB925398_WMP64
    KB925454
    KB925486
    KB926436
    KB928090-IE7
    KB928255
    KB928843
    KB929969
    KB931836
    Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
  Adapter : Server Local Area Connection
    Netcard queries test . . . : Passed
    Host Name. . . . . . . . . : Server
    IP Address . . . . . . . . : 192.168.0.2
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . : 192.168.0.1
    Primary WINS Server. . . . : 192.168.0.2
    Dns Servers. . . . . . . . : 192.168.0.2
    AutoConfiguration results. . . . . . : Passed
    Default gateway test . . . : Passed
    NetBT name test. . . . . . : Passed
    [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
    WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
  List of NetBt transports currently configured:
    NetBT_Tcpip_{11974A5C-7DCF
  1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
  [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
  PASS - All the DNS entries for DC are registered on DNS server '192.168.0.2'.
Redir and Browser test . . . . . . : Passed
  List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{11974A5C-7DCF
  The redir is bound to 1 NetBt transport.
  List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{11974A5C-7DCF
  The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
    Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
  No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
  Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
NetBT name test. . . . . . : Passed
    [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
This error generally means the NIC at the top of the binding order is on the outside of the LAN.
Please look in Device Manager, under Network Cards - what is listed? Â There is likely a Firewire adapter there if you say there isn't 2 NICs.
    [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
This error generally means the NIC at the top of the binding order is on the outside of the LAN.
Please look in Device Manager, under Network Cards - what is listed? Â There is likely a Firewire adapter there if you say there isn't 2 NICs.
ASKER
In device mgr at the Server/pdc, i have one intel pro/100 mt network connection. nothing else.
On the main DC, check this registry key:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\Bro wser\Param eters
for the following two values:
IsDomainMaster = "Yes"
MaintainServerList = "Auto"
If they are not set correctly, then set them as above.
If they are missing, create them exactly as above - they are REG_SZ (String) values.
Let me know
HKEY_LOCAL_MACHINE\SYSTEM\
for the following two values:
IsDomainMaster = "Yes"
MaintainServerList = "Auto"
If they are not set correctly, then set them as above.
If they are missing, create them exactly as above - they are REG_SZ (String) values.
Let me know
ASKER
Well, i thought you were onto something, but no change. the 'isdomainmaster' was FALSE - so I changed to TRUE; 'Maintainserverlist" was set to Yes. (I changed to Auto)
Browstat still says that browsing is not active - and because I've turned on several workstations, not thinks the browser name is held by one of them. ????
Browstat still says that browsing is not active - and because I've turned on several workstations, not thinks the browser name is held by one of them. ????
No, reboot the server now and wait a bit.
You should see (in the Event Log) that it forced an election. Â
It's not an immediate thing - it now needs to gather network browser information, which takes some time.
You should see (in the Event Log) that it forced an election. Â
It's not an immediate thing - it now needs to gather network browser information, which takes some time.
ASKER
ok. i'm going to do that now. thanks.......
ASKER
just fyi, browstat is still showing same. i'm not sure how long to wait......but i'm falling into a little techno-clump. my brain is fried. if you think it'll take more than 5 more minutes to update, i'm going to call it a night.........by the way, i opened another ticket out of sheer desparation. if you figure this out, you should respond to it as well for megapoints. no one has given me much yet.....
Post the output of "browstat status", "browstat stats" and "browstat dumpnet"
ASKER
one last thing. i have the workstations temporarily setup with 192.168 static ip's with 0.1 as gateway and dns - just so they can at least use the internet in the morning. if i try to browse for the server, i see it in the list but get \\server not accessible, might not have permission when i try to look at it.
to test it tomorrow, they should be able to browse ok without changing ip addresses, right? if they can't browse to the server by tomorrow morning, i can assume it's still not working........?
to test it tomorrow, they should be able to browse ok without changing ip addresses, right? if they can't browse to the server by tomorrow morning, i can assume it's still not working........?
Well, for DNS they need to point to the server or domain functionality is non-existent.
Is the File and Print service checked in the TCP/IP properties of the NIC?
Is the File and Print service checked in the TCP/IP properties of the NIC?
ASKER
Re: DNS - ok. we'll change the workstation ip dns back to the server (0.2) to test in the morning.
Re: F&P Service - I believe so, but I'll double-check.
Re: Remote Access - I had Remote Desktop working before this started. It hasn't worked since - and still isn't working from my office, so I guess the problem is not yet resolved.
Re: F&P Service - I believe so, but I'll double-check.
Re: Remote Access - I had Remote Desktop working before this started. It hasn't worked since - and still isn't working from my office, so I guess the problem is not yet resolved.
ASKER
Morning, netman.
Well, it is still not working. File and Printer Sharing is checked and even if the workstation changes its dns address to 0.2 it's having the same problem seeing the server.
Two things: Even if I try to browse the network from the Server I get the messages about inaccesibility and lack of permissions. I don't even have to try a workstation to know it's not working.
Also, I'm still getting the DC list test failure with netdiag. This has got to be a huge clue.......but to what?
Well, it is still not working. File and Printer Sharing is checked and even if the workstation changes its dns address to 0.2 it's having the same problem seeing the server.
Two things: Even if I try to browse the network from the Server I get the messages about inaccesibility and lack of permissions. I don't even have to try a workstation to know it's not working.
Also, I'm still getting the DC list test failure with netdiag. This has got to be a huge clue.......but to what?
ASKER
Two more notes:
Exchange is enabled but not setup, as far as I can tell. I had disabled Exchange the last time I was there, so I was noting that someone had re-enabled.
In my manic search, i did notice some MS articles on single-label domain problems. Their domain name is rza.local. I made the two registry changes at the server and one workstation, but this seemed to have no effect.
Exchange is enabled but not setup, as far as I can tell. I had disabled Exchange the last time I was there, so I was noting that someone had re-enabled.
In my manic search, i did notice some MS articles on single-label domain problems. Their domain name is rza.local. I made the two registry changes at the server and one workstation, but this seemed to have no effect.
It doesn't look like a Single-Label DNS issue even though it's behaving like one.
I'd love to remote in and take a look - see what you can do.
Is NetBIOS over TCP/IP enabled?
Is there a reason why you are running WINS?
I'd love to remote in and take a look - see what you can do.
Is NetBIOS over TCP/IP enabled?
Is there a reason why you are running WINS?
ASKER
Well, I would LOVE for RDC to work - but I can't get it to since this happens. It seems that whatever caused this problem browsing/logging in has affected my RDC connection.
NetBios over IP is enabled. I tried disabling it just to see what happened and it just made browstat in operable - and no change browsing/accessing Server. (Browstat Status would then just bring me to a command line.) I only added WINS during all of this to troubleshoot. We have three XP pro and two W2K workstations..........
NetBios over IP is enabled. I tried disabling it just to see what happened and it just made browstat in operable - and no change browsing/accessing Server. (Browstat Status would then just bring me to a command line.) I only added WINS during all of this to troubleshoot. We have three XP pro and two W2K workstations..........
ASKER
The only errors (warngings) in the error log when I left last night were WinMgmt (5603) and NNTP (101)......if this helps. It really bothers me that I have NO other errors of problems on the Server. Everything looks so close to perfect.....except that DC list test error.
OH. I also tried manually starting Computer Browser (related?) and it wouldn't start, but just says it doesn't start because it's not needed.
OH. I also tried manually starting Computer Browser (related?) and it wouldn't start, but just says it doesn't start because it's not needed.
ASKER
One more thing: I cannot ping the server from any workstation. The server can ping the workstations - and see the internet. Do you think there could be a problem with the protocol? i have had a few occassions where an IP repair worked wonders at a workstation............... Is there a good clean way to repair or reinstall IP? Maybe I should add another protocol to test?
Is the firewall on?
ASKER
Not at the Server - just the router, which I CAN access remotely.
ASKER
I am going out to the client's again in an hour. I'm curious to know if you have any other ideas........
Thanks!
Thanks!
I think I've pretty much run out of ideas.
You can post the result of DCDIAG /v off that server if you like.
Other than that, a remote session would be ideal.
You can post the result of DCDIAG /v off that server if you like.
Other than that, a remote session would be ideal.
ASKER
will do.......
ASKER
OK. I'm at the client's........and have run dcdiag /v. here 'tis:
Domain Controller Diagnosis
Performing initial setup:
  * Verifying that the local machine Server, is a DC.
  * Connecting to directory service on server Server.
  * Collecting site info.
  * Identifying all servers.
  * Identifying all NC cross-refs.
  * Found 1 DC(s). Testing 1 of them.
  Done gathering initial info.
Doing initial required tests
 Â
  Testing server: Default-First-Site-Name\SE RVER
   Starting test: Connectivity
     * Active Directory LDAP Services Check
     * Active Directory RPC Services Check
     ......................... SERVER passed test Connectivity
Doing primary tests
 Â
  Testing server: Default-First-Site-Name\SE RVER
   Starting test: Replications
     * Replications Check
     * Replication Latency Check
     * Replication Site Latency Check
     ......................... SERVER passed test Replications
   Test omitted by user request: Topology
   Test omitted by user request: CutoffServers
   Starting test: NCSecDesc
     * Security Permissions check for all NC's on DC SERVER.
     * Security Permissions Check for
      DC=ForestDnsZones,DC=rza,D C=local
      (NDNC,Version 2)
     * Security Permissions Check for
      DC=DomainDnsZones,DC=rza,D C=local
      (NDNC,Version 2)
     * Security Permissions Check for
      CN=Schema,CN=Configuration ,DC=rza,DC =local
      (Schema,Version 2)
     * Security Permissions Check for
      CN=Configuration,DC=rza,DC =local
      (Configuration,Version 2)
     * Security Permissions Check for
      DC=rza,DC=local
      (Domain,Version 2)
     ......................... SERVER passed test NCSecDesc
   Starting test: NetLogons
     * Network Logons Privileges Check
     Verified share \\SERVER\netlogon
     Verified share \\SERVER\sysvol
     ......................... SERVER passed test NetLogons
   Starting test: Advertising
     The DC SERVER is advertising itself as a DC and having a DS.
     The DC SERVER is advertising as an LDAP server
     The DC SERVER is advertising as having a writeable directory
     The DC SERVER is advertising as a Key Distribution Center
     The DC SERVER is advertising as a time server
     The DS SERVER is advertising as a GC.
     ......................... SERVER passed test Advertising
   Starting test: KnowsOfRoleHolders
     Role Schema Owner = CN=NTDS Settings,CN=SERVER,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= rza,DC=loc al
     Role Domain Owner = CN=NTDS Settings,CN=SERVER,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= rza,DC=loc al
     Role PDC Owner = CN=NTDS Settings,CN=SERVER,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= rza,DC=loc al
     Role Rid Owner = CN=NTDS Settings,CN=SERVER,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= rza,DC=loc al
     Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= rza,DC=loc al
     ......................... SERVER passed test KnowsOfRoleHolders
   Starting test: RidManager
     * Available RID Pool for the Domain is 1609 to 1073741823
     * Server.rza.local is the RID Master
     * DsBind with RID Master was successful
     * rIDAllocationPool is 1109 to 1608
     * rIDPreviousAllocationPool is 1109 to 1608
     * rIDNextRID: 1156
     ......................... SERVER passed test RidManager
   Starting test: MachineAccount
     Checking machine account for DC SERVER on DC SERVER.
     * SPN found :LDAP/Server.rza.local/rza .local
     * SPN found :LDAP/Server.rza.local
     * SPN found :LDAP/SERVER
     * SPN found :LDAP/Server.rza.local/RZA
     * SPN found :LDAP/99987cb0-7e98-49ab-8 9d5-ec72b5 285e4e._ms dcs.rza.lo cal
     * SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/99987cb0 -7e98-49ab -89d5-ec72 b5285e4e/r za.local
     * SPN found :HOST/Server.rza.local/rza .local
     * SPN found :HOST/Server.rza.local
     * SPN found :HOST/SERVER
     * SPN found :HOST/Server.rza.local/RZA
     * SPN found :GC/Server.rza.local/rza.l ocal
     ......................... SERVER passed test MachineAccount
   Starting test: Services
     * Checking Service: Dnscache
     * Checking Service: NtFrs
     * Checking Service: IsmServ
      IsmServ Service is stopped on [SERVER]
     * Checking Service: kdc
     * Checking Service: SamSs
     * Checking Service: LanmanServer
     * Checking Service: LanmanWorkstation
     * Checking Service: RpcSs
     * Checking Service: w32time
     * Checking Service: NETLOGON
     ......................... SERVER failed test Services
   Test omitted by user request: OutboundSecureChannels
   Starting test: ObjectsReplicated
     SERVER is in domain DC=rza,DC=local
     Checking for CN=SERVER,OU=Domain Controllers,DC=rza,DC=loca l in domain DC=rza,DC=local on 1 servers
      Object is up-to-date on all servers.
     Checking for CN=NTDS Settings,CN=SERVER,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= rza,DC=loc al in domain CN=Configuration,DC=rza,DC =local on 1 servers
      Object is up-to-date on all servers.
     ......................... SERVER passed test ObjectsReplicated
   Starting test: frssysvol
     * The File Replication Service SYSVOL ready test
     File Replication Service's SYSVOL is ready
     ......................... SERVER passed test frssysvol
   Starting test: frsevent
     * The File Replication Service Event log test
     ......................... SERVER passed test frsevent
   Starting test: kccevent
     * The KCC Event log test
     Found no KCC errors in Directory Service Event log in the last 15 minutes.
     ......................... SERVER passed test kccevent
   Starting test: systemlog
     * The System Event log test
     Found no errors in System Event log in the last 60 minutes.
     ......................... SERVER passed test systemlog
   Test omitted by user request: VerifyReplicas
   Starting test: VerifyReferences
     The system object reference (serverReference)
     CN=SERVER,OU=Domain Controllers,DC=rza,DC=loca l and backlink on
     CN=SERVER,CN=Servers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =rza,DC=lo cal
     are correct.
     The system object reference (frsComputerReferenceBL)
     CN=SERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=rza,D C=local
     and backlink on CN=SERVER,OU=Domain Controllers,DC=rza,DC=loca l are
     correct.
     The system object reference (serverReferenceBL)
     CN=SERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=rza,D C=local
     and backlink on
     CN=NTDS Settings,CN=SERVER,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= rza,DC=loc al
     are correct.
     ......................... SERVER passed test VerifyReferences
   Test omitted by user request: VerifyEnterpriseReferences
   Test omitted by user request: CheckSecurityError
 Â
  Running partition tests on : ForestDnsZones
   Starting test: CrossRefValidation
     ......................... ForestDnsZones passed test CrossRefValidation
   Starting test: CheckSDRefDom
     ......................... ForestDnsZones passed test CheckSDRefDom
 Â
  Running partition tests on : DomainDnsZones
   Starting test: CrossRefValidation
     ......................... DomainDnsZones passed test CrossRefValidation
   Starting test: CheckSDRefDom
     ......................... DomainDnsZones passed test CheckSDRefDom
 Â
  Running partition tests on : Schema
   Starting test: CrossRefValidation
     ......................... Schema passed test CrossRefValidation
   Starting test: CheckSDRefDom
     ......................... Schema passed test CheckSDRefDom
 Â
  Running partition tests on : Configuration
   Starting test: CrossRefValidation
     ......................... Configuration passed test CrossRefValidation
   Starting test: CheckSDRefDom
     ......................... Configuration passed test CheckSDRefDom
 Â
  Running partition tests on : rza
   Starting test: CrossRefValidation
     ......................... rza passed test CrossRefValidation
   Starting test: CheckSDRefDom
     ......................... rza passed test CheckSDRefDom
 Â
  Running enterprise tests on : rza.local
   Starting test: Intersite
     Skipping site Default-First-Site-Name, this site is outside the scope
     provided by the command line arguments provided.
     ......................... rza.local passed test Intersite
   Starting test: FsmoCheck
     GC Name: \\Server.rza.local
     Locator Flags: 0xe00001fd
     PDC Name: \\Server.rza.local
     Locator Flags: 0xe00001fd
     Time Server Name: \\Server.rza.local
     Locator Flags: 0xe00001fd
     Preferred Time Server Name: \\Server.rza.local
     Locator Flags: 0xe00001fd
     KDC Name: \\Server.rza.local
     Locator Flags: 0xe00001fd
     ......................... rza.local passed test FsmoCheck
   Test omitted by user request: DNS
   Test omitted by user request: DNS
Domain Controller Diagnosis
Performing initial setup:
  * Verifying that the local machine Server, is a DC.
  * Connecting to directory service on server Server.
  * Collecting site info.
  * Identifying all servers.
  * Identifying all NC cross-refs.
  * Found 1 DC(s). Testing 1 of them.
  Done gathering initial info.
Doing initial required tests
 Â
  Testing server: Default-First-Site-Name\SE
   Starting test: Connectivity
     * Active Directory LDAP Services Check
     * Active Directory RPC Services Check
     ......................... SERVER passed test Connectivity
Doing primary tests
 Â
  Testing server: Default-First-Site-Name\SE
   Starting test: Replications
     * Replications Check
     * Replication Latency Check
     * Replication Site Latency Check
     ......................... SERVER passed test Replications
   Test omitted by user request: Topology
   Test omitted by user request: CutoffServers
   Starting test: NCSecDesc
     * Security Permissions check for all NC's on DC SERVER.
     * Security Permissions Check for
      DC=ForestDnsZones,DC=rza,D
      (NDNC,Version 2)
     * Security Permissions Check for
      DC=DomainDnsZones,DC=rza,D
      (NDNC,Version 2)
     * Security Permissions Check for
      CN=Schema,CN=Configuration
      (Schema,Version 2)
     * Security Permissions Check for
      CN=Configuration,DC=rza,DC
      (Configuration,Version 2)
     * Security Permissions Check for
      DC=rza,DC=local
      (Domain,Version 2)
     ......................... SERVER passed test NCSecDesc
   Starting test: NetLogons
     * Network Logons Privileges Check
     Verified share \\SERVER\netlogon
     Verified share \\SERVER\sysvol
     ......................... SERVER passed test NetLogons
   Starting test: Advertising
     The DC SERVER is advertising itself as a DC and having a DS.
     The DC SERVER is advertising as an LDAP server
     The DC SERVER is advertising as having a writeable directory
     The DC SERVER is advertising as a Key Distribution Center
     The DC SERVER is advertising as a time server
     The DS SERVER is advertising as a GC.
     ......................... SERVER passed test Advertising
   Starting test: KnowsOfRoleHolders
     Role Schema Owner = CN=NTDS Settings,CN=SERVER,CN=Serv
     Role Domain Owner = CN=NTDS Settings,CN=SERVER,CN=Serv
     Role PDC Owner = CN=NTDS Settings,CN=SERVER,CN=Serv
     Role Rid Owner = CN=NTDS Settings,CN=SERVER,CN=Serv
     Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER,CN=Serv
     ......................... SERVER passed test KnowsOfRoleHolders
   Starting test: RidManager
     * Available RID Pool for the Domain is 1609 to 1073741823
     * Server.rza.local is the RID Master
     * DsBind with RID Master was successful
     * rIDAllocationPool is 1109 to 1608
     * rIDPreviousAllocationPool is 1109 to 1608
     * rIDNextRID: 1156
     ......................... SERVER passed test RidManager
   Starting test: MachineAccount
     Checking machine account for DC SERVER on DC SERVER.
     * SPN found :LDAP/Server.rza.local/rza
     * SPN found :LDAP/Server.rza.local
     * SPN found :LDAP/SERVER
     * SPN found :LDAP/Server.rza.local/RZA
     * SPN found :LDAP/99987cb0-7e98-49ab-8
     * SPN found :E3514235-4B06-11D1-AB04-0
     * SPN found :HOST/Server.rza.local/rza
     * SPN found :HOST/Server.rza.local
     * SPN found :HOST/SERVER
     * SPN found :HOST/Server.rza.local/RZA
     * SPN found :GC/Server.rza.local/rza.l
     ......................... SERVER passed test MachineAccount
   Starting test: Services
     * Checking Service: Dnscache
     * Checking Service: NtFrs
     * Checking Service: IsmServ
      IsmServ Service is stopped on [SERVER]
     * Checking Service: kdc
     * Checking Service: SamSs
     * Checking Service: LanmanServer
     * Checking Service: LanmanWorkstation
     * Checking Service: RpcSs
     * Checking Service: w32time
     * Checking Service: NETLOGON
     ......................... SERVER failed test Services
   Test omitted by user request: OutboundSecureChannels
   Starting test: ObjectsReplicated
     SERVER is in domain DC=rza,DC=local
     Checking for CN=SERVER,OU=Domain Controllers,DC=rza,DC=loca
      Object is up-to-date on all servers.
     Checking for CN=NTDS Settings,CN=SERVER,CN=Serv
      Object is up-to-date on all servers.
     ......................... SERVER passed test ObjectsReplicated
   Starting test: frssysvol
     * The File Replication Service SYSVOL ready test
     File Replication Service's SYSVOL is ready
     ......................... SERVER passed test frssysvol
   Starting test: frsevent
     * The File Replication Service Event log test
     ......................... SERVER passed test frsevent
   Starting test: kccevent
     * The KCC Event log test
     Found no KCC errors in Directory Service Event log in the last 15 minutes.
     ......................... SERVER passed test kccevent
   Starting test: systemlog
     * The System Event log test
     Found no errors in System Event log in the last 60 minutes.
     ......................... SERVER passed test systemlog
   Test omitted by user request: VerifyReplicas
   Starting test: VerifyReferences
     The system object reference (serverReference)
     CN=SERVER,OU=Domain Controllers,DC=rza,DC=loca
     CN=SERVER,CN=Servers,CN=De
     are correct.
     The system object reference (frsComputerReferenceBL)
     CN=SERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=rza,D
     and backlink on CN=SERVER,OU=Domain Controllers,DC=rza,DC=loca
     correct.
     The system object reference (serverReferenceBL)
     CN=SERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=rza,D
     and backlink on
     CN=NTDS Settings,CN=SERVER,CN=Serv
     are correct.
     ......................... SERVER passed test VerifyReferences
   Test omitted by user request: VerifyEnterpriseReferences
   Test omitted by user request: CheckSecurityError
 Â
  Running partition tests on : ForestDnsZones
   Starting test: CrossRefValidation
     ......................... ForestDnsZones passed test CrossRefValidation
   Starting test: CheckSDRefDom
     ......................... ForestDnsZones passed test CheckSDRefDom
 Â
  Running partition tests on : DomainDnsZones
   Starting test: CrossRefValidation
     ......................... DomainDnsZones passed test CrossRefValidation
   Starting test: CheckSDRefDom
     ......................... DomainDnsZones passed test CheckSDRefDom
 Â
  Running partition tests on : Schema
   Starting test: CrossRefValidation
     ......................... Schema passed test CrossRefValidation
   Starting test: CheckSDRefDom
     ......................... Schema passed test CheckSDRefDom
 Â
  Running partition tests on : Configuration
   Starting test: CrossRefValidation
     ......................... Configuration passed test CrossRefValidation
   Starting test: CheckSDRefDom
     ......................... Configuration passed test CheckSDRefDom
 Â
  Running partition tests on : rza
   Starting test: CrossRefValidation
     ......................... rza passed test CrossRefValidation
   Starting test: CheckSDRefDom
     ......................... rza passed test CheckSDRefDom
 Â
  Running enterprise tests on : rza.local
   Starting test: Intersite
     Skipping site Default-First-Site-Name, this site is outside the scope
     provided by the command line arguments provided.
     ......................... rza.local passed test Intersite
   Starting test: FsmoCheck
     GC Name: \\Server.rza.local
     Locator Flags: 0xe00001fd
     PDC Name: \\Server.rza.local
     Locator Flags: 0xe00001fd
     Time Server Name: \\Server.rza.local
     Locator Flags: 0xe00001fd
     Preferred Time Server Name: \\Server.rza.local
     Locator Flags: 0xe00001fd
     KDC Name: \\Server.rza.local
     Locator Flags: 0xe00001fd
     ......................... rza.local passed test FsmoCheck
   Test omitted by user request: DNS
   Test omitted by user request: DNS
ASKER
Here are the results of the dcdiag /v /test:dns:
Domain Controller Diagnosis
Performing initial setup:
  * Verifying that the local machine Server, is a DC.
  * Connecting to directory service on server Server.
  * Collecting site info.
  * Identifying all servers.
  * Identifying all NC cross-refs.
  * Found 1 DC(s). Testing 1 of them.
  Done gathering initial info.
Doing initial required tests
 Â
  Testing server: Default-First-Site-Name\SE RVER
   Starting test: Connectivity
     * Active Directory LDAP Services Check
     * Active Directory RPC Services Check
     ......................... SERVER passed test Connectivity
Doing primary tests
 Â
  Testing server: Default-First-Site-Name\SE RVER
   Test omitted by user request: Replications
   Test omitted by user request: Topology
   Test omitted by user request: CutoffServers
   Test omitted by user request: NCSecDesc
   Test omitted by user request: NetLogons
   Test omitted by user request: Advertising
   Test omitted by user request: KnowsOfRoleHolders
   Test omitted by user request: RidManager
   Test omitted by user request: MachineAccount
   Test omitted by user request: Services
   Test omitted by user request: OutboundSecureChannels
   Test omitted by user request: ObjectsReplicated
   Test omitted by user request: frssysvol
   Test omitted by user request: frsevent
   Test omitted by user request: kccevent
   Test omitted by user request: systemlog
   Test omitted by user request: VerifyReplicas
   Test omitted by user request: VerifyReferences
   Test omitted by user request: VerifyEnterpriseReferences
   Test omitted by user request: CheckSecurityError
 Â
  Running partition tests on : ForestDnsZones
   Test omitted by user request: CrossRefValidation
   Test omitted by user request: CheckSDRefDom
 Â
  Running partition tests on : DomainDnsZones
   Test omitted by user request: CrossRefValidation
   Test omitted by user request: CheckSDRefDom
 Â
  Running partition tests on : Schema
   Test omitted by user request: CrossRefValidation
   Test omitted by user request: CheckSDRefDom
 Â
  Running partition tests on : Configuration
   Test omitted by user request: CrossRefValidation
   Test omitted by user request: CheckSDRefDom
 Â
  Running partition tests on : rza
   Test omitted by user request: CrossRefValidation
   Test omitted by user request: CheckSDRefDom
 Â
  Running enterprise tests on : rza.local
   Test omitted by user request: Intersite
   Test omitted by user request: FsmoCheck
   Starting test: DNS
     Test results for domain controllers:
     Â
      DC: Server.rza.local
      Domain: rza.local
        Â
        TEST: Authentication (Auth)
         Authentication test: Successfully completed
        Â
        TEST: Basic (Basc)
          Microsoft(R) Windows(R) Server 2003 for Small Business Server (Service Pack level: 1.0) is supported
         NETLOGON service is running
         kdc service is running
         DNSCACHE service is running
         DNS service is running
         DC is a DNS server
         Network adapters information:
         Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
           MAC address is 00:13:72:FD:CF:CC
           IP address is static
           IP address: 192.168.0.2
           DNS servers:
            192.168.0.2 (<name unavailable>) [Valid]
         The A record for this DC was found
         The SOA record for the Active Directory zone was found
         The Active Directory zone on this DC/DNS server was found (primary)
         Root zone on this DC/DNS server was not found
        Â
        TEST: Forwarders/Root hints (Forw)
         Recursion is enabled
         Forwarders Information:
           67.69.184.160 (<name unavailable>) [Valid]
        Â
        TEST: Delegations (Del)
         No delegations were found in this zone on this DNS server
        Â
        TEST: Dynamic update (Dyn)
         Dynamic update is enabled on the zone rza.local.
         Test record _dcdiag_test_record added successfully in zone rza.local.
         Test record _dcdiag_test_record deleted successfully in zone rza.local.
        Â
        TEST: Records registration (RReg)
         Network Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
           Matching A record found at DNS server 192.168.0.2:
           Server.rza.local
           Matching CNAME record found at DNS server 192.168.0.2:
           99987cb0-7e98-49ab-89d5-ec 72b5285e4e ._msdcs.rz a.local
           Matching DC SRV record found at DNS server 192.168.0.2:
           _ldap._tcp.dc._msdcs.rza.l ocal
           Matching GC SRV record found at DNS server 192.168.0.2:
           _ldap._tcp.gc._msdcs.rza.l ocal
           Matching PDC SRV record found at DNS server 192.168.0.2:
           _ldap._tcp.pdc._msdcs.rza. local
    Â
     Summary of test results for DNS servers used by the above domain controllers:
      DNS server: 192.168.0.2 (<name unavailable>)
        All tests passed on this DNS server
        This is a valid DNS server.
        Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
       Â
      DNS server: 67.69.184.160 (<name unavailable>)
        All tests passed on this DNS server
        This is a valid DNS server.
       Â
     Summary of DNS test results:
    Â
                      Auth Basc Forw Del  Dyn  RReg Ext Â
        __________________________ __________ __________ __________ ________
      Domain: rza.local
        Server            PASS PASS PASS PASS PASS PASS n/a Â
    Â
     ......................... rza.local passed test DNS
Domain Controller Diagnosis
Performing initial setup:
  * Verifying that the local machine Server, is a DC.
  * Connecting to directory service on server Server.
  * Collecting site info.
  * Identifying all servers.
  * Identifying all NC cross-refs.
  * Found 1 DC(s). Testing 1 of them.
  Done gathering initial info.
Doing initial required tests
 Â
  Testing server: Default-First-Site-Name\SE
   Starting test: Connectivity
     * Active Directory LDAP Services Check
     * Active Directory RPC Services Check
     ......................... SERVER passed test Connectivity
Doing primary tests
 Â
  Testing server: Default-First-Site-Name\SE
   Test omitted by user request: Replications
   Test omitted by user request: Topology
   Test omitted by user request: CutoffServers
   Test omitted by user request: NCSecDesc
   Test omitted by user request: NetLogons
   Test omitted by user request: Advertising
   Test omitted by user request: KnowsOfRoleHolders
   Test omitted by user request: RidManager
   Test omitted by user request: MachineAccount
   Test omitted by user request: Services
   Test omitted by user request: OutboundSecureChannels
   Test omitted by user request: ObjectsReplicated
   Test omitted by user request: frssysvol
   Test omitted by user request: frsevent
   Test omitted by user request: kccevent
   Test omitted by user request: systemlog
   Test omitted by user request: VerifyReplicas
   Test omitted by user request: VerifyReferences
   Test omitted by user request: VerifyEnterpriseReferences
   Test omitted by user request: CheckSecurityError
 Â
  Running partition tests on : ForestDnsZones
   Test omitted by user request: CrossRefValidation
   Test omitted by user request: CheckSDRefDom
 Â
  Running partition tests on : DomainDnsZones
   Test omitted by user request: CrossRefValidation
   Test omitted by user request: CheckSDRefDom
 Â
  Running partition tests on : Schema
   Test omitted by user request: CrossRefValidation
   Test omitted by user request: CheckSDRefDom
 Â
  Running partition tests on : Configuration
   Test omitted by user request: CrossRefValidation
   Test omitted by user request: CheckSDRefDom
 Â
  Running partition tests on : rza
   Test omitted by user request: CrossRefValidation
   Test omitted by user request: CheckSDRefDom
 Â
  Running enterprise tests on : rza.local
   Test omitted by user request: Intersite
   Test omitted by user request: FsmoCheck
   Starting test: DNS
     Test results for domain controllers:
     Â
      DC: Server.rza.local
      Domain: rza.local
        Â
        TEST: Authentication (Auth)
         Authentication test: Successfully completed
        Â
        TEST: Basic (Basc)
          Microsoft(R) Windows(R) Server 2003 for Small Business Server (Service Pack level: 1.0) is supported
         NETLOGON service is running
         kdc service is running
         DNSCACHE service is running
         DNS service is running
         DC is a DNS server
         Network adapters information:
         Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
           MAC address is 00:13:72:FD:CF:CC
           IP address is static
           IP address: 192.168.0.2
           DNS servers:
            192.168.0.2 (<name unavailable>) [Valid]
         The A record for this DC was found
         The SOA record for the Active Directory zone was found
         The Active Directory zone on this DC/DNS server was found (primary)
         Root zone on this DC/DNS server was not found
        Â
        TEST: Forwarders/Root hints (Forw)
         Recursion is enabled
         Forwarders Information:
           67.69.184.160 (<name unavailable>) [Valid]
        Â
        TEST: Delegations (Del)
         No delegations were found in this zone on this DNS server
        Â
        TEST: Dynamic update (Dyn)
         Dynamic update is enabled on the zone rza.local.
         Test record _dcdiag_test_record added successfully in zone rza.local.
         Test record _dcdiag_test_record deleted successfully in zone rza.local.
        Â
        TEST: Records registration (RReg)
         Network Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
           Matching A record found at DNS server 192.168.0.2:
           Server.rza.local
           Matching CNAME record found at DNS server 192.168.0.2:
           99987cb0-7e98-49ab-89d5-ec
           Matching DC SRV record found at DNS server 192.168.0.2:
           _ldap._tcp.dc._msdcs.rza.l
           Matching GC SRV record found at DNS server 192.168.0.2:
           _ldap._tcp.gc._msdcs.rza.l
           Matching PDC SRV record found at DNS server 192.168.0.2:
           _ldap._tcp.pdc._msdcs.rza.
    Â
     Summary of test results for DNS servers used by the above domain controllers:
      DNS server: 192.168.0.2 (<name unavailable>)
        All tests passed on this DNS server
        This is a valid DNS server.
        Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
       Â
      DNS server: 67.69.184.160 (<name unavailable>)
        All tests passed on this DNS server
        This is a valid DNS server.
       Â
     Summary of DNS test results:
    Â
                      Auth Basc Forw Del  Dyn  RReg Ext Â
        __________________________
      Domain: rza.local
        Server            PASS PASS PASS PASS PASS PASS n/a Â
    Â
     ......................... rza.local passed test DNS
IsmServ Service is stopped on [SERVER]
Start that service and make sure it's set to Automatic - not sure if that will solve things, but it looks like it should be running.
Start that service and make sure it's set to Automatic - not sure if that will solve things, but it looks like it should be running.
Also - TCP/IP NetBIOS Helper service - make sure it's started and set to Automatic.
ASKER
OH MY GOD. That may have done it.......I'm getting the beginnings of a connection!!!!!! I just ran browstat status and it is not saying that browsing is active on the domain! it's still showing a workstation as Master, though. How best to force the Server?
It will happen on it's own - shortly.
ASKER
Well......that didn't do it, but we do have some great clues. I had added IPX/SPX just to see if that had any affect - and it did have some. The workstations can connect via \\Server and Browstat Status shows all protocols with browsing active with the Server as the Master. if I take out IPX, I'm back to square one. This really seems like an IP issue, yes? It seems we are SOOOO close!
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Can i use the netsh command at the Server (netsh in ip reset) like I would to reset IP for an XP workstation?
ASKER
Thanks for the article. I'll try the netsh command above first and then the rest if need be.....
Ahh....caution there..
This is a production DC. Â Read the article. Â Don't rush in doing untested things or you'll have a bigger mess to fix.
This is a production DC. Â Read the article. Â Don't rush in doing untested things or you'll have a bigger mess to fix.
ASKER
Well, I'm lucky I didn't read your caution first. I got lucky. I ran the netsh int ip reset - and am back up and running. I had been wondering about IP - but was unsure about how to reset it, and was getting no errors...... It was the document you sent, though, that gave me permission to try. It mentions that a symptom was this command failing, so I gave it a twirl.
You have certainly earned these points, my friend. Thank you SO much for hanging in with me. WHEW!
You have certainly earned these points, my friend. Thank you SO much for hanging in with me. WHEW!
Anytime. Â It's not often the IP stack gets screwed up, but I suppose it happens. Â From the looks of the posts, there were other things that needed fixing too - so I guess you got the "tune up" special here!
Cheers,
NM
Cheers,
NM
Don't forget to accept an answer!
If this is AD, then the workstations and the server need to use only the local DNS server. Â Either Root Hints or Forwarders are used for queries to the internet.
If the server goes offline, then the client won't have any DNS resolution - which is to be expected. Â If you add the router as the Secondary DNS entry on the NICs then they should (after a few attempts) start using the router for DNS.
The problem is that when this practice is used in a closed AD environment then network glitches or slowness causes the client to use the router (secondary) DNS for domain lookups which won't work.
Once the client has started using the router, it doesn't automatically try the Primary DNS entry again to see if it's back up until you actually reboot.
Either way, it's not a great scenario. Â Your best option is to have 2 DNS servers local - but even that isn't particularly cost effective or foolproof.
The only thing to do is continue to use the local DNS server only. Â If it goes offline and will be out of commision for a long time, then change the client DNS - other than that, just get the server back online again.
NM