Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 2003 conditional forwarding

Posted on 2007-03-27
15
Medium Priority
?
760 Views
Last Modified: 2012-06-21
We recently aquired a company and we set up conditional forwarding on the windows 2003 domain controller which also runs DNS. We then setup the DNS suffix search order on the clients(XP and 2K). This worked for about a month and then stopped. We haven't changed anything and i've checked all options. The lookup only works if I append the domain. Example: If i want to ping hostA I need to type "ping hostA.domain.loc" If i simply type "ping HostA" it times out. It used to work though.

The domain controller which runs DNS is on Windows 2003 standard. Clients computers are mostly on XP whith a few exceptions. We have a site to site VPN tunnel between offices which is working fine.

How do I go about further troubleshooting this?
Thank you.
0
Comment
Question by:mistico
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
15 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18803587

If you can ping the FQDN then the problem isn't in DNS and you need to look into the clients DNS suffix search list.

As a test, try this (ignoring the prompts):

C:\> nslookup
> set srchlist=domain.loc/remotedomain.loc
> <hostname>

That will let us see if DNS is working when the resolver is passing the correct suffixes and works as a first step.

Chris
0
 

Author Comment

by:mistico
ID: 18803617
If I do the steps above, it resolves fine to any name in either domain.
The machines have the suffix search order set but won't resolved from a ping.
What next?
Thank you.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18803649

Presumably you know where the suffixes are set, and it presumably has "Append these DNS Suffixes (in order)" selected?

Chris
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 

Author Comment

by:mistico
ID: 18803672
Yes, it's under the TCP/IP properties > advanced > DNS > and the button that says "Append these DNS Suffixes (in order)" selected. Both DNS domains listed. As I said in the opening post, this worked for a while and then just stopped.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18803674

Oh one more little bit. You probably already checked. But it is showing the domains it should be searching when you do "ipconfig /all" isn't it?

Chris
0
 

Author Comment

by:mistico
ID: 18803687
It does NOT show the second domain when I do an ipconfig /all
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18803723

Interesting.

I bet if you look in the registry you'll see them. You already know where they are?

If not, they're hidden under:

HKey_Local_Machine\System\CurrentControlSet\Services\TCPIP\Parameters

As SearchList.

Could we also have a check for Group Policies that may be overriding what you already setup? Those are Computer Configuration, Administrative Templates, Network, DNS Client.

Chris
0
 

Author Comment

by:mistico
ID: 18803763
It shows up in the registry under searchlist as "domainA.lan,domainB.loc"

It was also in group policy and I set it to "not configured" but it was set the same as the registry. I set this a while back while troubleshooting.

One interesting bit is that i just went to a 2k pro desptop that hadn't been touched yet and i set the DNS suffix search oder and it worked right away. But this is one machine out over 30 of them. All the ones that were previuosly working don't work now.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18803790

Could you delete one of the search lists from the registry, reboot and manually add it in again through the properties of TCP/IP for the card?

Just wondering if it's got something else set at some point and isn't quite clearing it out properly.

Chris
0
 

Author Comment

by:mistico
ID: 18803889
I deleted the entry via the registry, rebooted, readded the entry manually again from the tcp/ip properties of the NIC.
It still doesn't show up when i do an ipconfig/ all and i still can't resolved if I leave out the Domain.

Thanks.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18803915

Any of those Windows XP? Could you try resetting TCP/IP with:

netsh int ip reset c:\resetlog.txt

resetlog.txt will show you the changes that makes. All documented here:

http://support.microsoft.com/kb/299357

Chris
0
 

Author Comment

by:mistico
ID: 18803991
just rest the tcp/ip stack, rebooted, added search order and still fails.

On another 2000 Pro machine that had not been touched yet, i addede the search order and it worked right away. It's only on the XP ones it seems.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 18804100

I'm a bit out of ideas for that one at the moment then. Clearly something isn't working as it should, and I would have expected resetting TCPIP to clear that out.

What about a clean build of Windows XP? Does that exhibit the same behaviour? If so, I'd suggest looking for Group Policies and such (for that particular part I believe they only work with Windows XP SP2 so it's not something Windows 2k would see).

The Resultant Set of Policy tool would be useful for checking policies applied to the computer (start, run, rsop.msc).

Chris
0
 

Author Comment

by:mistico
ID: 18804184
Chris,

Success, thank you!

I ran rsop.msc and i saw that we were inhereting DNS suffixes from the default domain policy. I set it to "not configured" did a gpupdate and that did it.

Thanks again!
Felipe
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18806442

You're welcome, very glad it turned up :)

Chris
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question