Solved

Windows 2003 conditional forwarding

Posted on 2007-03-27
15
752 Views
Last Modified: 2012-06-21
We recently aquired a company and we set up conditional forwarding on the windows 2003 domain controller which also runs DNS. We then setup the DNS suffix search order on the clients(XP and 2K). This worked for about a month and then stopped. We haven't changed anything and i've checked all options. The lookup only works if I append the domain. Example: If i want to ping hostA I need to type "ping hostA.domain.loc" If i simply type "ping HostA" it times out. It used to work though.

The domain controller which runs DNS is on Windows 2003 standard. Clients computers are mostly on XP whith a few exceptions. We have a site to site VPN tunnel between offices which is working fine.

How do I go about further troubleshooting this?
Thank you.
0
Comment
Question by:mistico
  • 8
  • 7
15 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18803587

If you can ping the FQDN then the problem isn't in DNS and you need to look into the clients DNS suffix search list.

As a test, try this (ignoring the prompts):

C:\> nslookup
> set srchlist=domain.loc/remotedomain.loc
> <hostname>

That will let us see if DNS is working when the resolver is passing the correct suffixes and works as a first step.

Chris
0
 

Author Comment

by:mistico
ID: 18803617
If I do the steps above, it resolves fine to any name in either domain.
The machines have the suffix search order set but won't resolved from a ping.
What next?
Thank you.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18803649

Presumably you know where the suffixes are set, and it presumably has "Append these DNS Suffixes (in order)" selected?

Chris
0
 

Author Comment

by:mistico
ID: 18803672
Yes, it's under the TCP/IP properties > advanced > DNS > and the button that says "Append these DNS Suffixes (in order)" selected. Both DNS domains listed. As I said in the opening post, this worked for a while and then just stopped.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18803674

Oh one more little bit. You probably already checked. But it is showing the domains it should be searching when you do "ipconfig /all" isn't it?

Chris
0
 

Author Comment

by:mistico
ID: 18803687
It does NOT show the second domain when I do an ipconfig /all
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18803723

Interesting.

I bet if you look in the registry you'll see them. You already know where they are?

If not, they're hidden under:

HKey_Local_Machine\System\CurrentControlSet\Services\TCPIP\Parameters

As SearchList.

Could we also have a check for Group Policies that may be overriding what you already setup? Those are Computer Configuration, Administrative Templates, Network, DNS Client.

Chris
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:mistico
ID: 18803763
It shows up in the registry under searchlist as "domainA.lan,domainB.loc"

It was also in group policy and I set it to "not configured" but it was set the same as the registry. I set this a while back while troubleshooting.

One interesting bit is that i just went to a 2k pro desptop that hadn't been touched yet and i set the DNS suffix search oder and it worked right away. But this is one machine out over 30 of them. All the ones that were previuosly working don't work now.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18803790

Could you delete one of the search lists from the registry, reboot and manually add it in again through the properties of TCP/IP for the card?

Just wondering if it's got something else set at some point and isn't quite clearing it out properly.

Chris
0
 

Author Comment

by:mistico
ID: 18803889
I deleted the entry via the registry, rebooted, readded the entry manually again from the tcp/ip properties of the NIC.
It still doesn't show up when i do an ipconfig/ all and i still can't resolved if I leave out the Domain.

Thanks.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18803915

Any of those Windows XP? Could you try resetting TCP/IP with:

netsh int ip reset c:\resetlog.txt

resetlog.txt will show you the changes that makes. All documented here:

http://support.microsoft.com/kb/299357

Chris
0
 

Author Comment

by:mistico
ID: 18803991
just rest the tcp/ip stack, rebooted, added search order and still fails.

On another 2000 Pro machine that had not been touched yet, i addede the search order and it worked right away. It's only on the XP ones it seems.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 18804100

I'm a bit out of ideas for that one at the moment then. Clearly something isn't working as it should, and I would have expected resetting TCPIP to clear that out.

What about a clean build of Windows XP? Does that exhibit the same behaviour? If so, I'd suggest looking for Group Policies and such (for that particular part I believe they only work with Windows XP SP2 so it's not something Windows 2k would see).

The Resultant Set of Policy tool would be useful for checking policies applied to the computer (start, run, rsop.msc).

Chris
0
 

Author Comment

by:mistico
ID: 18804184
Chris,

Success, thank you!

I ran rsop.msc and i saw that we were inhereting DNS suffixes from the default domain policy. I set it to "not configured" did a gpupdate and that did it.

Thanks again!
Felipe
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18806442

You're welcome, very glad it turned up :)

Chris
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
This video discusses moving either the default database or any database to a new volume.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now