Solved

Windows 2003 conditional forwarding

Posted on 2007-03-27
15
757 Views
Last Modified: 2012-06-21
We recently aquired a company and we set up conditional forwarding on the windows 2003 domain controller which also runs DNS. We then setup the DNS suffix search order on the clients(XP and 2K). This worked for about a month and then stopped. We haven't changed anything and i've checked all options. The lookup only works if I append the domain. Example: If i want to ping hostA I need to type "ping hostA.domain.loc" If i simply type "ping HostA" it times out. It used to work though.

The domain controller which runs DNS is on Windows 2003 standard. Clients computers are mostly on XP whith a few exceptions. We have a site to site VPN tunnel between offices which is working fine.

How do I go about further troubleshooting this?
Thank you.
0
Comment
Question by:mistico
  • 8
  • 7
15 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18803587

If you can ping the FQDN then the problem isn't in DNS and you need to look into the clients DNS suffix search list.

As a test, try this (ignoring the prompts):

C:\> nslookup
> set srchlist=domain.loc/remotedomain.loc
> <hostname>

That will let us see if DNS is working when the resolver is passing the correct suffixes and works as a first step.

Chris
0
 

Author Comment

by:mistico
ID: 18803617
If I do the steps above, it resolves fine to any name in either domain.
The machines have the suffix search order set but won't resolved from a ping.
What next?
Thank you.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18803649

Presumably you know where the suffixes are set, and it presumably has "Append these DNS Suffixes (in order)" selected?

Chris
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 

Author Comment

by:mistico
ID: 18803672
Yes, it's under the TCP/IP properties > advanced > DNS > and the button that says "Append these DNS Suffixes (in order)" selected. Both DNS domains listed. As I said in the opening post, this worked for a while and then just stopped.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18803674

Oh one more little bit. You probably already checked. But it is showing the domains it should be searching when you do "ipconfig /all" isn't it?

Chris
0
 

Author Comment

by:mistico
ID: 18803687
It does NOT show the second domain when I do an ipconfig /all
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18803723

Interesting.

I bet if you look in the registry you'll see them. You already know where they are?

If not, they're hidden under:

HKey_Local_Machine\System\CurrentControlSet\Services\TCPIP\Parameters

As SearchList.

Could we also have a check for Group Policies that may be overriding what you already setup? Those are Computer Configuration, Administrative Templates, Network, DNS Client.

Chris
0
 

Author Comment

by:mistico
ID: 18803763
It shows up in the registry under searchlist as "domainA.lan,domainB.loc"

It was also in group policy and I set it to "not configured" but it was set the same as the registry. I set this a while back while troubleshooting.

One interesting bit is that i just went to a 2k pro desptop that hadn't been touched yet and i set the DNS suffix search oder and it worked right away. But this is one machine out over 30 of them. All the ones that were previuosly working don't work now.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18803790

Could you delete one of the search lists from the registry, reboot and manually add it in again through the properties of TCP/IP for the card?

Just wondering if it's got something else set at some point and isn't quite clearing it out properly.

Chris
0
 

Author Comment

by:mistico
ID: 18803889
I deleted the entry via the registry, rebooted, readded the entry manually again from the tcp/ip properties of the NIC.
It still doesn't show up when i do an ipconfig/ all and i still can't resolved if I leave out the Domain.

Thanks.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18803915

Any of those Windows XP? Could you try resetting TCP/IP with:

netsh int ip reset c:\resetlog.txt

resetlog.txt will show you the changes that makes. All documented here:

http://support.microsoft.com/kb/299357

Chris
0
 

Author Comment

by:mistico
ID: 18803991
just rest the tcp/ip stack, rebooted, added search order and still fails.

On another 2000 Pro machine that had not been touched yet, i addede the search order and it worked right away. It's only on the XP ones it seems.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 18804100

I'm a bit out of ideas for that one at the moment then. Clearly something isn't working as it should, and I would have expected resetting TCPIP to clear that out.

What about a clean build of Windows XP? Does that exhibit the same behaviour? If so, I'd suggest looking for Group Policies and such (for that particular part I believe they only work with Windows XP SP2 so it's not something Windows 2k would see).

The Resultant Set of Policy tool would be useful for checking policies applied to the computer (start, run, rsop.msc).

Chris
0
 

Author Comment

by:mistico
ID: 18804184
Chris,

Success, thank you!

I ran rsop.msc and i saw that we were inhereting DNS suffixes from the default domain policy. I set it to "not configured" did a gpupdate and that did it.

Thanks again!
Felipe
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18806442

You're welcome, very glad it turned up :)

Chris
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question