mistico
asked on
Windows 2003 conditional forwarding
We recently aquired a company and we set up conditional forwarding on the windows 2003 domain controller which also runs DNS. We then setup the DNS suffix search order on the clients(XP and 2K). This worked for about a month and then stopped. We haven't changed anything and i've checked all options. The lookup only works if I append the domain. Example: If i want to ping hostA I need to type "ping hostA.domain.loc" If i simply type "ping HostA" it times out. It used to work though.
The domain controller which runs DNS is on Windows 2003 standard. Clients computers are mostly on XP whith a few exceptions. We have a site to site VPN tunnel between offices which is working fine.
How do I go about further troubleshooting this?
Thank you.
The domain controller which runs DNS is on Windows 2003 standard. Clients computers are mostly on XP whith a few exceptions. We have a site to site VPN tunnel between offices which is working fine.
How do I go about further troubleshooting this?
Thank you.
ASKER
If I do the steps above, it resolves fine to any name in either domain.
The machines have the suffix search order set but won't resolved from a ping.
What next?
Thank you.
The machines have the suffix search order set but won't resolved from a ping.
What next?
Thank you.
Presumably you know where the suffixes are set, and it presumably has "Append these DNS Suffixes (in order)" selected?
Chris
ASKER
Yes, it's under the TCP/IP properties > advanced > DNS > and the button that says "Append these DNS Suffixes (in order)" selected. Both DNS domains listed. As I said in the opening post, this worked for a while and then just stopped.
Oh one more little bit. You probably already checked. But it is showing the domains it should be searching when you do "ipconfig /all" isn't it?
Chris
ASKER
It does NOT show the second domain when I do an ipconfig /all
Interesting.
I bet if you look in the registry you'll see them. You already know where they are?
If not, they're hidden under:
HKey_Local_Machine\System\
As SearchList.
Could we also have a check for Group Policies that may be overriding what you already setup? Those are Computer Configuration, Administrative Templates, Network, DNS Client.
Chris
ASKER
It shows up in the registry under searchlist as "domainA.lan,domainB.loc"
It was also in group policy and I set it to "not configured" but it was set the same as the registry. I set this a while back while troubleshooting.
One interesting bit is that i just went to a 2k pro desptop that hadn't been touched yet and i set the DNS suffix search oder and it worked right away. But this is one machine out over 30 of them. All the ones that were previuosly working don't work now.
It was also in group policy and I set it to "not configured" but it was set the same as the registry. I set this a while back while troubleshooting.
One interesting bit is that i just went to a 2k pro desptop that hadn't been touched yet and i set the DNS suffix search oder and it worked right away. But this is one machine out over 30 of them. All the ones that were previuosly working don't work now.
Could you delete one of the search lists from the registry, reboot and manually add it in again through the properties of TCP/IP for the card?
Just wondering if it's got something else set at some point and isn't quite clearing it out properly.
Chris
ASKER
I deleted the entry via the registry, rebooted, readded the entry manually again from the tcp/ip properties of the NIC.
It still doesn't show up when i do an ipconfig/ all and i still can't resolved if I leave out the Domain.
Thanks.
It still doesn't show up when i do an ipconfig/ all and i still can't resolved if I leave out the Domain.
Thanks.
Any of those Windows XP? Could you try resetting TCP/IP with:
netsh int ip reset c:\resetlog.txt
resetlog.txt will show you the changes that makes. All documented here:
http://support.microsoft.com/kb/299357
Chris
ASKER
just rest the tcp/ip stack, rebooted, added search order and still fails.
On another 2000 Pro machine that had not been touched yet, i addede the search order and it worked right away. It's only on the XP ones it seems.
On another 2000 Pro machine that had not been touched yet, i addede the search order and it worked right away. It's only on the XP ones it seems.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Chris,
Success, thank you!
I ran rsop.msc and i saw that we were inhereting DNS suffixes from the default domain policy. I set it to "not configured" did a gpupdate and that did it.
Thanks again!
Felipe
Success, thank you!
I ran rsop.msc and i saw that we were inhereting DNS suffixes from the default domain policy. I set it to "not configured" did a gpupdate and that did it.
Thanks again!
Felipe
You're welcome, very glad it turned up :)
Chris
If you can ping the FQDN then the problem isn't in DNS and you need to look into the clients DNS suffix search list.
As a test, try this (ignoring the prompts):
C:\> nslookup
> set srchlist=domain.loc/remote
> <hostname>
That will let us see if DNS is working when the resolver is passing the correct suffixes and works as a first step.
Chris