Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 764
  • Last Modified:

Windows 2003 conditional forwarding

We recently aquired a company and we set up conditional forwarding on the windows 2003 domain controller which also runs DNS. We then setup the DNS suffix search order on the clients(XP and 2K). This worked for about a month and then stopped. We haven't changed anything and i've checked all options. The lookup only works if I append the domain. Example: If i want to ping hostA I need to type "ping hostA.domain.loc" If i simply type "ping HostA" it times out. It used to work though.

The domain controller which runs DNS is on Windows 2003 standard. Clients computers are mostly on XP whith a few exceptions. We have a site to site VPN tunnel between offices which is working fine.

How do I go about further troubleshooting this?
Thank you.
0
mistico
Asked:
mistico
  • 8
  • 7
1 Solution
 
Chris DentPowerShell DeveloperCommented:

If you can ping the FQDN then the problem isn't in DNS and you need to look into the clients DNS suffix search list.

As a test, try this (ignoring the prompts):

C:\> nslookup
> set srchlist=domain.loc/remotedomain.loc
> <hostname>

That will let us see if DNS is working when the resolver is passing the correct suffixes and works as a first step.

Chris
0
 
misticoAuthor Commented:
If I do the steps above, it resolves fine to any name in either domain.
The machines have the suffix search order set but won't resolved from a ping.
What next?
Thank you.
0
 
Chris DentPowerShell DeveloperCommented:

Presumably you know where the suffixes are set, and it presumably has "Append these DNS Suffixes (in order)" selected?

Chris
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
misticoAuthor Commented:
Yes, it's under the TCP/IP properties > advanced > DNS > and the button that says "Append these DNS Suffixes (in order)" selected. Both DNS domains listed. As I said in the opening post, this worked for a while and then just stopped.
0
 
Chris DentPowerShell DeveloperCommented:

Oh one more little bit. You probably already checked. But it is showing the domains it should be searching when you do "ipconfig /all" isn't it?

Chris
0
 
misticoAuthor Commented:
It does NOT show the second domain when I do an ipconfig /all
0
 
Chris DentPowerShell DeveloperCommented:

Interesting.

I bet if you look in the registry you'll see them. You already know where they are?

If not, they're hidden under:

HKey_Local_Machine\System\CurrentControlSet\Services\TCPIP\Parameters

As SearchList.

Could we also have a check for Group Policies that may be overriding what you already setup? Those are Computer Configuration, Administrative Templates, Network, DNS Client.

Chris
0
 
misticoAuthor Commented:
It shows up in the registry under searchlist as "domainA.lan,domainB.loc"

It was also in group policy and I set it to "not configured" but it was set the same as the registry. I set this a while back while troubleshooting.

One interesting bit is that i just went to a 2k pro desptop that hadn't been touched yet and i set the DNS suffix search oder and it worked right away. But this is one machine out over 30 of them. All the ones that were previuosly working don't work now.
0
 
Chris DentPowerShell DeveloperCommented:

Could you delete one of the search lists from the registry, reboot and manually add it in again through the properties of TCP/IP for the card?

Just wondering if it's got something else set at some point and isn't quite clearing it out properly.

Chris
0
 
misticoAuthor Commented:
I deleted the entry via the registry, rebooted, readded the entry manually again from the tcp/ip properties of the NIC.
It still doesn't show up when i do an ipconfig/ all and i still can't resolved if I leave out the Domain.

Thanks.
0
 
Chris DentPowerShell DeveloperCommented:

Any of those Windows XP? Could you try resetting TCP/IP with:

netsh int ip reset c:\resetlog.txt

resetlog.txt will show you the changes that makes. All documented here:

http://support.microsoft.com/kb/299357

Chris
0
 
misticoAuthor Commented:
just rest the tcp/ip stack, rebooted, added search order and still fails.

On another 2000 Pro machine that had not been touched yet, i addede the search order and it worked right away. It's only on the XP ones it seems.
0
 
Chris DentPowerShell DeveloperCommented:

I'm a bit out of ideas for that one at the moment then. Clearly something isn't working as it should, and I would have expected resetting TCPIP to clear that out.

What about a clean build of Windows XP? Does that exhibit the same behaviour? If so, I'd suggest looking for Group Policies and such (for that particular part I believe they only work with Windows XP SP2 so it's not something Windows 2k would see).

The Resultant Set of Policy tool would be useful for checking policies applied to the computer (start, run, rsop.msc).

Chris
0
 
misticoAuthor Commented:
Chris,

Success, thank you!

I ran rsop.msc and i saw that we were inhereting DNS suffixes from the default domain policy. I set it to "not configured" did a gpupdate and that did it.

Thanks again!
Felipe
0
 
Chris DentPowerShell DeveloperCommented:

You're welcome, very glad it turned up :)

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now