Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3894
  • Last Modified:

Windows 2003 DHCP-DNS PROBLEMS-UNABLE TO JOIN THE DOMAIN OR PING

We are small Biotech company in the process of implementing Active Directory and Exchange.
Windows 2003 server is up and running but I'm having DHCP and DNS problems.  We have an internet Registered Domain and ready to add MS Exchange soon.
I've tried using MS step by step troubleshooting tools but none seems to help.   For one, I can't join any of my workstations to the Domain, dhcp is not issuing ip addresses, cannot ping the dc name or ip  and there could be some issues with DNS.
I've gathered enough info from DCDIAG and NETDIAG tests all ran from the DC.   I'm gonna need to create MX Records for Exchange..so if you can include that too..I'll appreciate........ Here are the results:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.MEDSRV1.000>cd\

C:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : medsrv1
   Primary Dns Suffix  . . . . . . . : XYZ.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XYZ.com

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/100+ PCI Adapter
   Physical Address. . . . . . . . . : 00-90-27-71-A2-BC
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.5
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.5

C:\>dcdiag.exe

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\MEDSRV1
      Starting test: Connectivity
         ......................... MEDSRV1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\MEDSRV1
      Starting test: Replications
         ......................... MEDSRV1 passed test Replications
      Starting test: NCSecDesc
         ......................... MEDSRV1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... MEDSRV1 passed test NetLogons
      Starting test: Advertising
         ......................... MEDSRV1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... MEDSRV1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... MEDSRV1 passed test RidManager
      Starting test: MachineAccount
         ......................... MEDSRV1 passed test MachineAccount
      Starting test: Services
         ......................... MEDSRV1 passed test Services
      Starting test: ObjectsReplicated
         ......................... MEDSRV1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... MEDSRV1 passed test frssysvol
      Starting test: frsevent
         ......................... MEDSRV1 passed test frsevent
      Starting test: kccevent
         ......................... MEDSRV1 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000423
            Time Generated: 07/22/2007   06:38:20
            Event String: The DHCP service failed to see a directory server
         An Error Event occured.  EventID: 0x00000416
            Time Generated: 07/22/2007   06:38:20
            Event String: The DHCP/BINL service on the local machine,
         An Error Event occured.  EventID: 0x00000423
            Time Generated: 07/22/2007   06:38:20
            Event String: The DHCP service failed to see a directory server
         ......................... MEDSRV1 failed test systemlog
      Starting test: VerifyReferences
         ......................... MEDSRV1 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : XYZ
      Starting test: CrossRefValidation
         ......................... XYZ passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... XYZ passed test CheckSDRefDom

   Running enterprise tests on : XYZ.com
      Starting test: Intersite
         ......................... XYZ.com passed test Intersite
      Starting test: FsmoCheck
         ......................... XYZ.com passed test FsmoCheck

C:\>Netdiag.exe

....................................

    Computer Name: MEDSRV1
    DNS Host Name: medsrv1.XYZ.com
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 6 Model 7 Stepping 3, GenuineIntel
    List of installed hotfixes :
        KB924667-v2
        KB925398_WMP64
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB931836
        KB932168
        KB933566
        KB933854
        KB935839
        KB935840
        KB935966
        KB936357
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : medsrv1
        IP Address . . . . . . . . : 192.168.1.5
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Dns Servers. . . . . . . . : 192.168.1.5


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{305CC760-4CB2-4FDC-B65E-D584D16DE9CB}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.5'
.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{305CC760-4CB2-4FDC-B65E-D584D16DE9CB}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{305CC760-4CB2-4FDC-B65E-D584D16DE9CB}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\>

0
timnjohnson
Asked:
timnjohnson
  • 7
  • 6
  • 3
1 Solution
 
ezatonCommented:
Does your internet router (you probably have one) is issuing DHCP addresses? If so, disable the built-in DHCP server.
0
 
timnjohnsonInformation Security EngineerAuthor Commented:
No it has static ip.  DHCP is disabled on the Linksys router.
0
 
ezatonCommented:
Try to remove the domain controller (un-promote using dcpromo), and check your DHCP+DNS services. Do they work correctly? You need to have the DHCP running correctly. What is the configuration of the scope?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
timnjohnsonInformation Security EngineerAuthor Commented:

The DHCP and DNS services are ok.  I can stop and start services without any problem.

My DHCP Scope configuration:  

Starting IP: 192.168.1.2  
Ending IP 192.168.1.30

Excluded from DHCP Distribution:
192.168.1.2 through 192.168.1.11 ( Domain is 192.168.1.5)

No Reservations configured.
Scope Options:
003-router= 192.168.1.1
006-DNS Server:  ISP IP ADDRESSE
015-DNS Domain Name: My Domain-XYZ.COM

Server Options:
ISP Forwarders.

Note:
I've not demoted the Domain yet.
Look  at the config and let me know whether demoting is necessary.
Thanks.

0
 
ezatonCommented:
It seems to be ok, however, you say your clients can't get IP from your DHCP server, right?
0
 
timnjohnsonInformation Security EngineerAuthor Commented:
Yes, but I can't ping the dc from the client side.
0
 
ezatonCommented:
Could it be that there some other computer with the DC's IP?
What happens when you attempt to run nslookup with the DC's name?
0
 
timnjohnsonInformation Security EngineerAuthor Commented:

Here is the result with nslookup:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>nslookup Medstar
Server:  cns.manassaspr.va.dc02.comcast.net
Address:  68.87.73.242

Non-authoritative answer:
Name:    premium11.geo.yahoo9.akadns.net
Addresses:  69.147.83.176, 69.147.83.154, 69.147.83.152, 69.147.83.158
          69.147.83.156, 69.147.83.178, 69.147.83.155, 69.147.83.159
Aliases:  Medstar.Medstarcorp.com


C:\Documents and Settings\Administrator>
0
 
ezatonCommented:
Your settings are incorrect. The DHCP *should* supply the DNS address of the DC server. Nothing else. Also, the DC server has to use its own DNS, and its DNS should use your ISP's DNS settings as its forwarders.
0
 
timnjohnsonInformation Security EngineerAuthor Commented:

I have made the changes you recommended.  Removed all the forwarders from DHCP and instead placed the local DNS server ( 192.168.1.5) address   The DC is it's own dns server also.  But, even after all that I still can't ping the server by name or ip address.  Stopped and started both DHCP and DNS SERVICES but still no go.

Have a look at this ping summary:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\TimJ>ping medstar
Ping request could not find host medstar. Please check the name and try again.

C:\Documents and Settings\TimJ>ping 192.168.1.5

Pinging 192.168.1.5 with 32 bytes of data:

Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.

Ping statistics for 192.168.1.5:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\TimJ>ping medstar
Ping request could not find host medstar. Please check the name and try again.

C:\Documents and Settings\TimJ>ping 192.168.1.5

Pinging 192.168.1.5 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.5:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\TimJ>ping 192.168.1.5

Pinging 192.168.1.5 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.5:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\TimJ>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : LisasPC
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 4:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC
(3C905B-TX)
        Physical Address. . . . . . . . . : 00-50-04-A0-7F-01
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        Autoconfiguration IP Address. . . : 169.254.46.52
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . : 169.254.46.52

C:\Documents and Settings\TimJ>
0
 
ezatonCommented:
Your IP shows you got no DHCP.
About the server, use 'ipconfig /registerdns' to register it, however, it seems as if you're having some vlan or a whole different (and disconnected) network problem.
Try running 'ipconfig /renew' on the client, and see if it got an IP of the class 192.168.1.x
0
 
securitythreatCommented:
This is simple issue that has really been blown out porpotion...heheheh... but here is the deal

You have a domain controller on your site.  This has nothing to do with anything external.  As a result, just forget anything that you have externally (including your firewall).  Give your domain controller an IP address of somthing (192.168.192.5).  Give your client an ip address in the same subnet (192.168.192.10).  At this point and time, you should be able to ping by IP address.  

The second item is that if you can verify communications, you need now to setup dhcp.  If this is your first domain controller then you would have been prompted to setup DNS upon install.  As a result, this domain controller is a DC and DNS providor.  The next thing you need to do is install DHCP and edit your DHCP and tell it what you want to hand out for addresses and other info.  Here is a tutorial (http://www.windowsnetworking.com/articles_tutorials/DHCP_Server_Windows_2003.html) .  .Afterwards, you will need to configure your scope options to reflect the DHCP, Gateway, and DNS info.  Please note that in this you need to specify your DC, that is running DNS, as your DNS server Once given, you should be able to change client back to dynamic.  If your setup is correct, then you will be able to recieve ip address, recieve DHCP (which is given from DC)

When you get this portion setup, when you simply set your pointer up as your firewall.

I hope this makes sense.. if not.. feel free to respond
0
 
timnjohnsonInformation Security EngineerAuthor Commented:

I'll try your suggestions and post the results.
Thanks.
0
 
securitythreatCommented:
Sure, let me know if you have any questions or need clarification
0
 
timnjohnsonInformation Security EngineerAuthor Commented:

Update:

Now the clients are getting the IP address from the DHCP server,  but after joining the domain it's taking almost ten minutes to load personal profile every time I log off.  I can understand the first time after joining the domain but second, third and fourth time there must be something wrong some where.
Do you have any ideas?
Thanks.
0
 
securitythreatCommented:
Sure... sorry for the delay....

First, unplug the pc from the network and attempt to login to it using a domain account that you have logged into it before.  See if your response is any better.  If the login is significately better, however, when you plug it back in it is slow, then you have some sort of routing issue here.

Secondly, make sure that you are not using roaming profiles (http://technet2.microsoft.com/windowsserver/en/library/b41402c2-c982-4bfb-891e-91b47f211e181033.mspx?mfr=true)

Last but not least, make sure that when you ping domainname.com that you are getting the ip address of the dc.  For instance, if my internal domain that the computer is joined to is called mickey.internal ..... If you ping mickey.internal you should recieve ip address of the domain controller.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 7
  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now