?
Solved

Help with Windows Server 2003 DNS/DHCP Configuration

Posted on 2007-08-03
98
Medium Priority
?
5,839 Views
Last Modified: 2008-11-16
Hi.  I am trying to configure DNS and DHCP for active directory on a server (MS Server 2003, standard edition) and am having a bear of a time.  The server is replacing a server 2000 one that recently died.  I was able to bring my active directory and group olicy settings over, but I can't get DNS and DHCP working.  DHCP is not working for any client on the network.  If I configure a client with a manual IP address, the gateway, and the IP addresses for the server (two network cards), I can get a connectiont hat will allow me to access the Internet and the server.  It will also work for all of the active directory applications (LDAP, group policy application, remote software installs, etc).  However, I am unable to join a new computer to the domain even when I type in a functional IP address.

I ran a DCDIAG test, and below are the results.  Relevant info is as follows: Domain Name: mountdechantal.local.  Server IP address: 192.168.1.7; 192.168.1.6. The server is the domain controller, DNS server, and DHCP server.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.MOUNTDECHANTAL>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER2003
      Starting test: Connectivity
         ......................... SERVER2003 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER2003
      Starting test: Replications
         [Replications Check,SERVER2003] A recent replication attempt failed:
            From SERVER2000 to SERVER2003
            Naming Context: CN=Schema,CN=Configuration,DC=mountdechantal,DC=loca
l
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failu
re.
            The failure occurred at 2007-08-03 13:55:09.
            The last success occurred at 2007-03-22 11:58:08.
            3225 failures have occurred since the last success.
            The guid-based DNS name 48a66f38-bfe8-4f55-8fd7-479503cb42ec._msdcs.
mountdechantal.local
            is not registered on one or more DNS servers.
         [SERVER2000] DsBindWithSpnEx() failed with error 1722,
         The RPC server is unavailable..
         [Replications Check,SERVER2003] A recent replication attempt failed:
            From SERVER2000 to SERVER2003
            Naming Context: CN=Configuration,DC=mountdechantal,DC=local
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failu
re.
            The failure occurred at 2007-08-03 13:54:40.
            The last success occurred at 2007-04-20 10:26:13.
            2529 failures have occurred since the last success.
            The guid-based DNS name 48a66f38-bfe8-4f55-8fd7-479503cb42ec._msdcs.
mountdechantal.local
            is not registered on one or more DNS servers.
         [Replications Check,SERVER2003] A recent replication attempt failed:
            From SERVER2000 to SERVER2003
            Naming Context: DC=mountdechantal,DC=local
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failu
re.
            The failure occurred at 2007-08-03 13:54:11.
            The last success occurred at 2007-04-20 10:25:43.
            2529 failures have occurred since the last success.
            The guid-based DNS name 48a66f38-bfe8-4f55-8fd7-479503cb42ec._msdcs.
mountdechantal.local
            is not registered on one or more DNS servers.
         REPLICATION-RECEIVED LATENCY WARNING
         SERVER2003:  Current time is 2007-08-03 14:24:29.
            CN=Schema,CN=Configuration,DC=mountdechantal,DC=local
               Last replication recieved from SERVER2000 at 2007-03-22 11:58:08.

               WARNING:  This latency is over the Tombstone Lifetime of 60 days!

            CN=Configuration,DC=mountdechantal,DC=local
               Last replication recieved from SERVER2000 at 2007-04-20 10:26:13.

               WARNING:  This latency is over the Tombstone Lifetime of 60 days!

            DC=mountdechantal,DC=local
               Last replication recieved from SERVER2000 at 2007-04-20 10:25:43.

               WARNING:  This latency is over the Tombstone Lifetime of 60 days!

         ......................... SERVER2003 passed test Replications
      Starting test: NCSecDesc
         ......................... SERVER2003 passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER2003 passed test NetLogons
      Starting test: Advertising
         ......................... SERVER2003 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVER2003 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVER2003 passed test RidManager
      Starting test: MachineAccount
         ......................... SERVER2003 passed test MachineAccount
      Starting test: Services
         ......................... SERVER2003 passed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER2003 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SERVER2003 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SERVER2003 failed test frsevent
      Starting test: kccevent
         ......................... SERVER2003 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC00010DF
            Time Generated: 08/03/2007   14:12:11
            (Event String could not be retrieved)
         ......................... SERVER2003 failed test systemlog
      Starting test: VerifyReferences
         ......................... SERVER2003 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : mountdechantal
      Starting test: CrossRefValidation
         ......................... mountdechantal passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... mountdechantal passed test CheckSDRefDom

   Running enterprise tests on : mountdechantal.local
      Starting test: Intersite
         ......................... mountdechantal.local passed test Intersite
      Starting test: FsmoCheck
         ......................... mountdechantal.local passed test FsmoCheck

C:\Documents and Settings\Administrator.MOUNTDECHANTAL>

This issue is driving me nuts; I'm not sure where to start trying to unravel it.  Thanks for any help someone can provide.
0
Comment
Question by:mikecamden
  • 52
  • 24
  • 21
97 Comments
 
LVL 10

Expert Comment

by:duffman76
ID: 19627746
Did you authorize your DHCP Server?

http://technet2.microsoft.com/windowsserver/en/library/9f713d6c-d7e5-42a0-87f7-43dbf86a17301033.mspx?mfr=true

In Windows Server 2000 you could just set up a server but in Windows 2003 you need to authorize your server in order for it to send out addresses.
0
 

Author Comment

by:mikecamden
ID: 19627768
After doing some additional troubleshooting, I have discovered the following that appear to be causing the issue:

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain mountdechantal:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.mountdechantal

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child zone:

mountdechantal
. (the root zone)

However, I have no idea how to fix this.  I tried the following under the DNS Management console, but it didn't help.  Right click on the domain in the Forward look-up zone.  Selected Othe rnew records. Selected Service Loction (SRV) and Create Record.  On the next screen, I typed the FQDN (server2003.mountdechantal.local.) in the block for Host Offering this Service.  This didn't help.

Thanks.
0
 

Author Comment

by:mikecamden
ID: 19627786
Yes; I tried it early on in the troubleshooting.  I also stopped and restarted the DHCP server and deactivated and reactivated the scope.

Based on the errors I'm seeing (especially with clients "seeing" the domain server), I'm thinking it's something to do with the DNS settings, but I can't find which settings to change (or how to change them).
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
LVL 39

Expert Comment

by:ChiefIT
ID: 19628171
Do you have problems replicating. If so, check your firewall settings. Some ports need to have exceptions in order to communicated between DC1 and DC2. There is a MS knowledge base article on this.  Sorry, but I don't have it handy.

0
 

Author Comment

by:mikecamden
ID: 19628430
Thanks for the firewall suggestion.  I followed the kb article on that earlier today.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19628914
This error says you have no DNS record for your new domain controller. So,let's check DNS.

Go to the 2000 server command prompt and ping the 2003 server. To check DNS you have ping the 2003 server using its computer name.

Example: Ping server2003

If you recieve a reply, DNS, cable connections, and your IP settings are working good.

If not, you can troubleshoot DNS further by adding your server in the host file. Computers first go to the host file for computer/name resolution. Do a search for the host file. It should be in the i386 folder of the 200 server. Edit this host file using notepad and add the 2003 server to it.

Put in your IP address of the  2003 server then enter the 2003servername.(+FQDN)

Then try to ping it again. If it works force replicate from 2000 server to the 2003server.

Once replication is done, shoot me a comment back and we can add the 2003 server host A record to your DNS.

If you can originally ping this, you should check your firewall and FSMO's.

There are five FSMOs to check. The one most commonly missed is the active directory schema FSMO. Did you get those set to DC1?


0
 

Author Comment

by:mikecamden
ID: 19629519
Chief,
Thanks for the post.  I have pinged it based on its IP address but not based on its FQDN (server2003).  I'm at home for the night, but I'm going to try to get back in tomorrow to give it a shot (as long as my wife doesn't skin me for spending another Saturday at the office).  I'll post back as soon as I discover anything.

Thanks,
0
 

Author Comment

by:mikecamden
ID: 19631688
OK; some progress.  ChiefIT (or anyone else), I made some changes to the DNS zones.  I deleted the older Forward lookup and reverse lookup zones that had been established by the older Server 2000 server (that is off-line and no longer fiunctional).  I created new zones and created a default App Dir. Partition with the new server.  I then verified that my SRV and DNS resource records exist in the DNS record.  Finally, I ran a new dcdiag, and all seemed to pass  (except the system log -- I'll need to see what's going on with that after I fix this).  I was able to ping the server when using ping server2003 from a computer that had an IP address assigned by DHCP a few weeks ago.  

I then tried to to connect one of our new computers to the new using DHCP; this DID NOT work still.  

When this didn't work, I gave the new computer a manual IP address within the scope of the DHCP and was able to connect.   I then tried to join the domain from this computer, and it worked (huge relief because I use GPO to assign policies and install software across the domain).

I guess this means that DNS is probably working and integrated with AD, and I'm just down to one problem -- DHCP not being functional.  Here's the weird thing -- when I check the DHCP audit log, computers that had previously been assigned IP addresses from the same DHCP scope are still showing up in the log for today as having leases renewed.  It's just when I try to use DHCP to assign an IP address for either a computer that doesn't already have one or that had one that I manually released that I run into a problem.  When I try to acquire a new lease for a computer using DHCP, it is not being recorded in the audit log, so something has to be misconfigured with my DHCP setup -- not sure what could have changed with the switch to Server 2003 from Server 2000.

The only error that I am seeing in my system log (event viewer) that seems to pertain is:
1. NetBT error - a duplicate name has been detected on the TCP Network. The IP address of the machine that sent the message is in the data.  When I run nbtstat -n, the only data that I get returned is:
C:\Documents and Settings\Administrator.MOUNTDECHANTAL>nbtstat -n

Local Area Connection:
Node IpAddress: [192.168.1.7] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    SERVER2003     <00>  UNIQUE      Registered
    MOUNTDECHANTAL <00>  GROUP       Registered
    MOUNTDECHANTAL <1C>  GROUP       Registered
    SERVER2003     <20>  UNIQUE      Registered
    MOUNTDECHANTAL <1B>  UNIQUE      Registered
    MOUNTDECHANTAL <1E>  GROUP       Registered
    MOUNTDECHANTAL <1D>  UNIQUE      Registered
    ..__MSBROWSE__.<01>  GROUP       Registered

Local Area Connection 2:
Node IpAddress: [192.168.1.6] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    SERVER2003     <00>  UNIQUE      Registered
    MOUNTDECHANTAL <00>  GROUP       Registered
    MOUNTDECHANTAL <1C>  GROUP       Registered
    SERVER2003     <20>  UNIQUE      Registered
    MOUNTDECHANTAL <1B>  UNIQUE      Registered
    MOUNTDECHANTAL <1E>  GROUP       Registered

Any ideas on how to fix DHCP on the server?  I can provide the results of any diagnostics that anyone would like for me to run.

Thanks,
Mike
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19632026
What you are seeing is normal:

Due to your DNS problems, DC1 and DC2 were not replicating. So, changes you made to DHCP were not transfered over from one server to the other. What I would do is go through the leases and delete the ones you don't want and force replicate from that server to the other.

The scopes of the two DHCP servers should NOT be the same.  Two DHCP servers with the same IP Scope usually hoses things up.

Example:
Scope for fixed IP XXX.XXX.XXX.1 through 60
Scope for DC1: 61 through 140
Scope for DC2: 141 through 254

Getting the Domain controllers on the same sheet of music also applies to DNS, there are probably a bunch of Host A records of computers that no longer exist or have been transfered to a different IP. DHCP uses these records to coordinate assigning a DHCP lease. Remove the Host A records that are incorrect. If you mess up, the correct host A record will reappear.

Don't worry about screwing up: DHCP and DNS are designed to be dynamic. So, records come back. Worse case scenario is you will have to release and renew your client machine's IP address. Sounds like you have that covered.

May I also recommend you look through your LAN at Routers and Network Storage devices. These two nodes can administer DHCP. Most are set default for doing so. If you have a DHCP service on your Domain controllers, those network nodes can cause DHCP issues. Just disable them from administering DHCP. When doing so, be careful you are not disabling the WAN side of the router.

If you disable DHCP on a Router or Network storage device, the clients going to those devices will need to release and renew their IP addresses.
0
 

Author Comment

by:mikecamden
ID: 19635095
My initial explanation of the problem may not be 100% clear.  I am currently only running one server.  The network began several years ago as an NT server network.  About five years ago, the previous IT person at the school converted it into a Server 2000 environment.  Last year, we purchased a new server with Server 2003.  Since I didn't have the time to replace the Server2000 server with the Server 2003 one during the school year, I just added the Server2003 one as an additional Domain controller and file server.  At the time, I also transferred DHCP duties from our router to the 2003 server.  When I did so, I disabled DHCP on the router, gave each of the servers a static address from the router.  I also transferred (or at least thought I did) DNS duties from the 2000 server to the 2003 one.  From that point on until our 2000 server died, DHCP worked without a hitch.  

The server that was running Server 2000 died a few weeks ago, so it is no longer in the mix.  The weird thing is that the 2000 server had never provided DHCP duties for the network, so I'm not sure why it being taken out of the mix caused so many problems (I do understand now why I had DNS problems when it died).

Apparently, I didn't do such a great job with the DNS transfer last , which is what I discovered when digging through reports.  

When fixing the problem this week, I seized operations master control from the 2000 server to the server 2003 for the AD schema, RID, PDC, and Infrastructure.  I deleted the DNS zones and started with fresh forward and reverse lookup zones to get rid of all of the multitude of incorrect records that had built up.  I also fixed the SRV record and A pointer locations as well as some other steps that I can't remember.

I think based on what I am seeing (i.e. nslookup reports, dcdiag reports without errors, and being able to join computers to the domain now) and on ChiefIT saying DNS looks OK that I now have the DNS problem fixed.

What I am still left with is the DHCP problem.  Here's where we stand with that.  I do not have any devices on the network providing DHCP except the 2003 server (I reconfirmed that today).  I only have one scope set for DHCP (which is providing IP addresses for xxx.xxx.xxx.4 - 199.  My server and a few other systems have static IP addresses that are configured as reserved leases.  The computers that had leases prior to the other server dying, still have leases and according to the DHCP log, the 2003 server is still regularly renewing their leases when requested.  So that leads me to believe that DHCP is working to some extent.  The problem that I still is that I can't get an IP lease through DHCP for any new system or for a system when I manually release its lease (ipconfig /release).  According to my statistics, I still have 40 IP addresses available for lease through DHCP, so I have IP addresses available.  I can manually assign a free IP address within the scope or outside of the scope but still within the same subnet and be fine.  I have gone through and deleted the address leases for computers that aren't currently connected to the network.  

If I can't think of anything else or another idea that works isn't offered here, I'm thinking my best bet tomorrow might be to delete the DHCP scope and start fresh with the DHCP (since this seemed to work with the DNS).

Is there anything I'm missing here or something else that I should do before starting over with the DHCP scope?

Thanks,
Mike
0
 

Author Comment

by:mikecamden
ID: 19635115
ChiefIT,
By the way; thanks for all of the suggestions and the time you have invested in this issue.  I really appreciate it!

Mike
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19635978
Static IPs are considered a scope, in a way. Try separating your static IPs out of the scope of your dynamic IP scope. The tech net article below says overlaping scopes from two DHCP servers will automatically stop the DHCP service.

The following is a tech net article from this site:

http://technet2.microsoft.com/windowsserver/en/library/1cba3948-5605-4a19-89ef-8762cdcdc7ad1033.mspx?mfr=true

Many DHCP clients are unable to get IP addresses from the DHCP server.
" Cause:  The IP address of the DHCP server was changed and now DHCP clients cannot get IP addresses.
 
" Solution:  A DHCP server can only service requests for a scope that has a network ID that is the same as the network ID of its IP address.

Make sure that the DHCP server IP address falls in the same network range as the scope it is servicing. For example, a server with an IP address in the 192.168.0.0 network cannot assign addresses from scope 10.0.0.0 unless superscopes are used.
 
" See also:  DHCP Best Practices; Using superscopes; Configuring scopes
 
" Cause:  The DHCP clients are located across a router from the subnet where the DHCP server resides and are unable to receive an address from the server.
 
" Solution:  A DHCP server can provide IP addresses to client computers on remote multiple subnets only if the router that separates them can act as a DHCP relay agent.

Completing the following steps might correct this problem:
 
" See also:  DHCP Best Practices; DHCP/BOOTP Relay Agents; BOOTP and DHCP
 
" Cause:  Multiple DHCP servers exist on the same local area network (LAN).
 
" Solution:  Make sure that you do not configure multiple DHCP servers on the same LAN with overlapping scopes.

You might want to rule out the possibility that one of the DHCP servers in question is a computer running Small Business Server. On a computer running Small Business Server, the DHCP Server service automatically stops when it detects another DHCP server on the LAN.
 
" See also:  DHCP Best Practices; Configuring scopes
 
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19637930
Do you have a helper address setup on your routers that points to the 2000 server that no longer exists?  
0
 

Author Comment

by:mikecamden
ID: 19638144
No.  Not sure what a helper address is.  Can you provide any additional details?  That would be great if it were something that simple.
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19638253
Here are some links
http://en.wikipedia.org/wiki/UDP_Helper_Address
http://www.ciscopress.com/articles/article.asp?p=330807&seqNum=9

In short, it forwards requests such as dhcp to the right location if the server is located on a different subnet.  
0
 

Author Comment

by:mikecamden
ID: 19639504
duffman,
Thanks for the link.  I'm in the router interface now, and we don't have any helper addresses setup.

Could it be a setting in the DHCP configuration?  I'm really not sure that I have that setup correctly.

What really doesn't make sense is that computers that already had leases before the other server died are still showing up in the DHCP log as having their leases renewed regularly, so DHCP is working for the systems already established in the address pool.  It's just for systems outside of the address pool that it isn't working.


ChiefIT,
Thanks for the link.  I've gone through most of those recommendations.  We have only ever had one server (the current one) operating as a DHCP server on this network, so nothing should be looking to the old server for DHCP.  I have not changed the IP address of that server, and it has always been in the same netwrok address range (192.168.1.x, 255.255.255.0) as all of the clients and the scope.

The DHCP clients aren't located across a router from the subnet from the DHCP server.  And as I just stated above, we only have one ever had DHCP server with this network configuration.  I've gone through the troubleshooting steps for each of the above over the past few days (even though the conditions don't match), and I'm still not getting anywhere.

I'm not too sure what step to try next.

0
 

Author Comment

by:mikecamden
ID: 19639515
When I say "Could it be a setting in the DHCP configuration?  I'm really not sure that I have that setup correctly." above I mean I think it's got to be a setting in the DHCP configuration on the Win 2003 server; I have DHCP turned off on the router (the setting that has been in place and working since I configured it last winter).
0
 

Author Comment

by:mikecamden
ID: 19639738
OK, here's a new warning message that I just noticed wehn going through the DNS Event Viewer.  It's coming up since the day I started having problems, but I just checked this particular log area a few minutes ago:

I'm going to go through it right now, but if anyone has any quick advice of how to fix it, please let me know.

Thanks,

Mike
From DNS Event Viewer 8/6/07
The DNS server encountered a packet addressed to itself on IP address 192.168.1.7. The packet is for the DNS name "MOUNTDECHANTAL.mountdechantal.local.". The packet will be discarded. This condition usually indicates a configuration error.
 
Check the following areas for possible self-send configuration errors:
  1) Forwarders list. (DNS servers should not forward to themselves).
  2) Master lists of secondary zones.
  3) Notify lists of primary zones.
  4) Delegations of subzones.  Must not contain NS record for this DNS server unless subzone is also on this server.
  5) Root hints.
 
Example of self-delegation:
  -> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com.
  -> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com,
  (bar.example.microsoft.com NS dns1.example.microsoft.com)
  -> BUT the bar.example.microsoft.com zone is NOT on this server.
 
Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result.  If found, the subzone DNS server admin should remove the offending NS record.
 
You can use the DNS server debug logging facility to track down the cause of this problem.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 

Author Comment

by:mikecamden
ID: 19639846
The log also has the following warning that has appeared since the problems began.
I looked both up online, and I have no idea what either means, how to troublshoot either and if either could be contributing to my DHCP problems.

The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer.
 
Use the DNS manager server properties, interfaces dialog, to verify and reset the IP addresses the DNS server should listen on.  For more information, see "To restrict a DNS server to listen only on selected addresses" in the online Help.
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19640053
The first event viewer log relates to this.  It sounds like you don't have a forwarder setup.
http://support.microsoft.com/?id=300202

This link provides some information to your second event viewer question.
http://support.microsoft.com/kb/326911

Also, on your dhcp under scope options did you setup your router?  You should have an entry that shows router and the ip address.
0
 

Author Comment

by:mikecamden
ID: 19640163
Thanks.  I found both of those links after poking around.  The second one was easily resolved (it was caused by something I had messed around with).
I went through the resolutions for the first and couldn't find anything that helps.  I used the Zone wizard to setup the zone, so I thought it was all good.  In my server properties under the DNS console, I have the following for Forwarders listed under DNS Domain:
All other DNS Domains (the listed forwarder for this is 194.30.0.1)

I tried to add our domain as a second forwarder (mountdechantal.local) and the 2003 server's static IP addresses (it has two because it has two network cards 192.168.1.7 and 192.168.1.6), but I get the error "The server forwarders cannot be updated. The Zone already exists."

What should I have listed in this section?

As to the router in the DHCP scope, yes I do have it listed.  Under the DHCP scope, I have the following:
003 Router 192.168.1.3 (which is the static IP of the router)
005 Name Servers 192.168.1.7, 192.168.1.6
006 DNS Servers 192.168.1.7, 192.168.1.6
015 DNS Domain Name mountdechantal.local

Anything I'm missing?

Thanks,

Mike
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19640661
You should probably not have 005 Name Servers setup.  If you are using Wins you should use option 44 for that setup. 005 were old IEN 116 servers which were replaced by dns servers.  I am sure you have probably check this, but is your name servers setup properly under dns properties?  Does it have the dns server(s) ip addresses listed?  Under the server network properties on the dns server do you have the itself as the primary dns server?  Do you have the local router set as the gateway?  Even if one of these settings are wrong will probably still be a problem with DHCP.  Under forwarders you should have dns servers listed that has other zones in it that your server does not have.  For example some people setup their ISP dns servers so that if an address is not found within their zone it will look at the ISP's.  That is just an example though.  
0
 

Author Comment

by:mikecamden
ID: 19640942
"You should probably not have 005 Name Servers setup.  If you are using Wins you should use option 44 for that setup. 005 were old IEN 116 servers which were replaced by dns servers.  "
- OK thanks.  I'll remove.

"but is your name servers setup properly under dns properties? "
- This was an area where I was having problems before I deleted the previous forward lookup zone and started from scratch in the DNS console on Saturday.  Prior to deleting it, I think this was wrong (at that time I couldn't join a client to the domain).  Once I deleted the previous Forward and Reverse lookup zones (and it repopulated with correct DNS Name servers, A record, and SRV record), I could then join computers that I assigned manual IP addresses to the Domain.

"Under the server network properties on the dns server do you have the itself as the primary dns server? "
- I'm not sure where this is.  Are you talking about, right clicking on the Server at the top of the DNS management console screen and selecting properties?  If so, what I have listed there is as follows:
Interfaces: Listen on all IP adresses is selected.   I have tried switching this between the specific IP addresses for our server (192.168.1.7 and 192.168.1.6) and listen on all; neither change seems to make a difference in anything I've seen.
Forwardes: DNS Domain: All other DNS Domains. I configured this with the IP address from my ISP.
Advanced: Bind Secondaries, Enable ROund Robin, Enable Netmasking ordering, secure cache against pollution are checked. Name checking: Multi-byte (UTF) is selected. Lone Zone data on startup: From Active Directory and registry.

I don't see a spot anywhere on there for a gateway where I could add my router.  Where specifically should I see the gateway option listed.  I'm kind of excited now, because I'm hoping it can be something this simple.
Thanks,
Mike
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19641256
Sorry I wasn't clear where I was talking about.  I was meaning under control panel, Network options, adapater, tcp/ip settings.  Is the gateway setup with the router and dns server listed as itself?  Listen on all should be set like you have it.  It sounds like everything is setup properly there.  Have you tried stopping and starting the dns server after the changes?  Some changes do not take effect until after the service restarts.
0
 

Author Comment

by:mikecamden
ID: 19641423
Ok, gotcha.  Yes, I have the router set as the default gateway for both network adapters in the server.  Also, I have tried stopping and restarting DNS service a few times (as well as a coupl eof server reboots).
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19642311
Let's try a couple command line diagnostics.

Go to the command prompt and type "netsh".
You should get "netsh>"
Now type "DHCP"
You should get "netsh DHCP>"

Now type in a ? question mark to show you some options.

One of the options we should try is to show all available DHCP servers authorized by AD. If you are getting IP addresses beyond your scope, maybe you have a node hading out DHCP or metadata, (left over data), from an old Server somewhere on the LAN that were authorized servers. So, type in "show server". If your server is the only one authorized to administer DHCP to your AD clients, then I think you are on the right track by looking at DNS as  the culprite.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19642403
Let me redo my last entry, so it reads better:

There are a lot of handy utilities to troubleshoot DNS and DHCP. First let's start with DHCP.

Go to the command prompt and type "netsh".
You should get "netsh>"
Now type "DHCP"
You should get "netsh DHCP>"

Now type in a ? question mark to show you some options.


One of the options we should try is to show all DHCP servers. If you are getting IP addresses beyond your scope, maybe you have a node handing out DHCP, like your gateway router. Then, there is always the possibility you have metadata, (leftover data), from an old scope still on your server that is not necessarily easily seen. So, at this prompt, "netsh DHCP>" , type in show server. This should give you a list of all DHCP servers on your LAN.

If you do not have any more servers than your 2003 server, I think you are on the  right track by checking our DNS. Below is a link on how to use command line utilities to diagnose DNS. These are extremely handy for DNS errors. Just copy and paste the link into your browser. I like to save it as a favorite for all of my DNS servers.

http://technet2.microsoft.com/windowsserver/en/library/5237db58-a1e8-40cd-ae8a-7f52848a90f21033.mspx?mfr=true
0
 

Author Comment

by:mikecamden
ID: 19645140
ChiefIT,
Ok I just ran the netsh command.  The only server it showed was the two IP addresses for the server2003 (the accurate server).  So I guess this means that it is a DNS error.

I've used Dcdiag (as you can tell from some of my earlier posts in this thread in which I provided the results), but I've not tried the options.  My big problem is that I don't know what I'm looking for with DNS errors.  Is there something specifically I should be looking to see if it's out of place?  Is there some kind of broadcast of DNS that might be turned off? The reason I say this is because if I enter a manual IP address at a new client computer, I can connect to the domain and am able to join the domain.  Prior to my deleting my forward and reverse lookup zones and configuring my server in the DNS console from scratch, I wasn't able to join a domain after I manually assigned an IP address.  It just seems like there is that one missing piece that I am overlooking because I'm new at DNS.
Some general questions of issues I'm not sure about:
- Should I not specify a reverse lookup zone when I re-configured (it gave me that option)?
- Should I not have used my ISPs DNS address in the forwarders for All other DNS Domains (under server properties in the DNS console)?
- In the DHCP console, under server properties--> Advanced, what should I put for DNS Dynamic updates registration credentials?  I have tried my administrator account (which is a member of the DNSUpdateProxies group like I read in help).

Thanks,
Mike
0
 

Author Comment

by:mikecamden
ID: 19645189
duffman76,
I have two LAN cards.  
For the first, I have the following:
IP address: 192.168.1.7, subnet: 255.255.255.0, gateway: 192.168.1.3 (which is the router), DNS primary (192.168.1.6 - the IP address for the other LAN card on this server),  and alternate: 192.168.1.3 (router).  I have tried every combination under DNS primary and alternate for 192.168.1.7, 192.168.1.6, and 192.168.1.3.

LAN 2:
IP address: 192.168.1.6, subnet: 255.255.255.0, gateway: 192.168.1.3 (which is the router), DNS primary (192.168.1.7 - the IP address for the other LAN card on this server),  and alternate: 192.168.1.3 (router).  I have tried every combination under DNS primary and alternate for 192.168.1.7, 192.168.1.6, and 192.168.1.3.

Thanks,
Mike
0
 

Author Comment

by:mikecamden
ID: 19645272
ChiefIT and Duffman,
OK, I think I may have some info you guys can use.  I ran the DCdiag /test:DNS and rec'd a lot of failures back.  I went back into my LAN controller properties and changed the DNS primary and alternate addresses back to what I had them as before (for LAN 1: 192.168.1.6, 192.168.7; for LAN 2: 192.168.1.7, and 192.168.1.6).

I reran the Dcdiag /test: DNS and still had a bunch of failures.  
Should I only have DNS and DHCP setup on one of my LAN controllers on the server?  I set the IP address of both (LAN 1: 192.168.1.7; LAN2: 192.168.1.6) as DNS servers based on a recommendaton last year when I set up the server.
The results from the Dcdiag /tes:dns are below:

C:\Documents and Settings\Administrator.MOUNTDECHANTAL>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER2003
      Starting test: Connectivity
         ......................... SERVER2003 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER2003

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : mountdechantal

   Running enterprise tests on : mountdechantal.local
      Starting test: DNS
         Test results for domain controllers:

            DC: server2003.mountdechantal.local
            Domain: mountdechantal.local


               TEST: Delegations (Del)
                  Error: DNS server: server2003.mountdechantal.local. IP:192.168
.1.6 [Broken delegated domain mountdechantal.local.mountdechantal.local.]
                  Error: DNS server: server2003.mountdechantal.local. IP:192.168
.1.7 [Broken delegated domain mountdechantal.local.mountdechantal.local.]
                  Error: DNS server: server2003.mountdechantal.local. IP:192.168
.1.6 [Broken delegated domain mountdechantal.mountdechantal.local.]
                  Error: DNS server: server2003.mountdechantal.local. IP:192.168
.1.7 [Broken delegated domain mountdechantal.mountdechantal.local.]

               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure
mountdechantal.local.

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 192.168.1.6 (server2003.mountdechantal.local.)
               2 test failures on this DNS server
               Delegation is broken for the domain mountdechantal.local.mountdec
hantal.local. on the DNS server 192.168.1.6
               Delegation is broken for the domain mountdechantal.mountdechantal
.local. on the DNS server 192.168.1.6

            DNS server: 192.168.1.7 (server2003.mountdechantal.local.)
               2 test failures on this DNS server
               Delegation is broken for the domain mountdechantal.local.mountdec
hantal.local. on the DNS server 192.168.1.7
               Delegation is broken for the domain mountdechantal.mountdechantal
.local. on the DNS server 192.168.1.7

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: mountdechantal.local
               server2003                   PASS PASS PASS FAIL WARN PASS n/a

         ......................... mountdechantal.local failed test DNS

C:\Documents and Settings\Administrator.MOUNTDECHANTAL>

Hopefully this gives you something to work with. Thanks!
Mike
0
 

Author Comment

by:mikecamden
ID: 19645380
Based on the troubleshooting steps I found, I need to create a zone delegation.  To do so, I opened the DNS console, expanded Forward Lookup Zones, right-clicked on the zone listed there (mountdechantal.local), selected new delegation.  The New delegation wizard opend.  For the delegated domain, I typed mountdechantal and hit next.  For the name servers, I added server2003.mountdechantal.local. and clicked resolve.  It filled in the two IP addresses with 192.168.1.7 and 192.168.1.6.  I hit OK.  And then clicked next.  When I click Finish to complete the wizard, I get the following error:
"A DNS domain or delegation by this name already exists. To change an existing delegation, right-click on the delegation and select Properties. To change a DNS domain into a delegation, delete the domain and the create the delegation."

Any tips of what to do next?
0
 
LVL 10

Accepted Solution

by:
duffman76 earned 1000 total points
ID: 19645560
Your dual nic situation could be causing you some problems.  Try either teaming the nics or disabling one of them.  You can set it up like the following:

IP Address: 192.168.1.6
Mask: 255.255.255.0
Gateway: 192..168.1.3
DNS primary: 192.168.1.6
Seconday: leave as none for now.  

Try that and see if that is causing conflicts when it try to register the same dns server on two different nics.  
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19646227
I absolutely agreewith Duffman> You have two Mac addresses for the same computer name.

in DNS there should be four Host A records for your server.

one should say Host A
192.168.1.6  and the name should be (ServerName).(+FQDN)
The scond should say
192.168.1.6 and the computer name should say (Same as Host)
The third should say
192.168.1.7 and the computer name should be (ServerName).(+FQDN)
The fourth should say
192.168.1.7 and the computername should be (Same as Host)

LAN1 and LAN2  are on the same IP Space, but do they have the same FQDN? If not you will have to create a second zone for the two separated LANS and make sure the server is the host for both.

I also recommend disabling NIC 2 on your Server. For some reason, that doesn't seem to work well with DNS. May I recommend adding a second IP to LAN1? It would be less confusing to the server.

0
 

Author Comment

by:mikecamden
ID: 19646630
Duffman,
I tried you solution and kept seeing errors, so I deleted the forward and reverse lookup zones again from the DNS Management console.  I kept the second LAN adapter disabled (192.168.1.6) and only used one IP address in the DNS spaces under the properties for LAN adapter 1 (192.168.1.7, which is the IP address for that adapter and for the domain, DNS, and DHCP server).
I right-clicked Server2003 in the DNS Management console to configure a DNS server and set up a new forward and reverse lookup zones.  I then created a new host A record and a new SRV record for the new zone.  I named the forward look-up zone as mountdechantal.local

I am now getting an error free dcdiag /test:dns result.  I can also still join new workstations to the domain, but DHCP is still not working.

If it would help, I'm willing to delete and start from scratch with everything except the active directory with one of you walking me through the steps.

Below are my results from the latest dcdiag /test:dns report
C:\Documents and Settings\Administrator.MOUNTDECHANTAL>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER2003
      Starting test: Connectivity
         ......................... SERVER2003 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER2003

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : mountdechantal

   Running enterprise tests on : mountdechantal.local
      Starting test: DNS
         Test results for domain controllers:

            DC: server2003.mountdechantal.local
            Domain: mountdechantal.local


               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure
mountdechantal.local.

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: mountdechantal.local
               server2003                   PASS PASS PASS PASS WARN PASS n/a

         ......................... mountdechantal.local passed test DNS

C:\Documents and Settings\Administrator.MOUNTDECHANTAL>
0
 

Author Comment

by:mikecamden
ID: 19646713
Would either of you be available for me to call?  Is there a way to do private messages on here where I could shoot you my email address or phone number?
I don't think I need the second adapter or even a second IP address for LAN 1, do I?  Would I be fine with just one IP address for LAN 1 (192.168.1.7 is the default).

In my DNS console, I have the following listed for the Forward lookup zone:
a folder labeld _tcp
(same as parent folder)  Start of Authority [1], server2003.mountdechantal.local.
(same as parent folder) Name Server (NS) server2003.mountdechantal.local.
server2003 Host(A) 192.168.1.7
In the _tcp folder I have,
_finger Service Location (SRV) [0] [0] [79] server2003.mountdechantal.local.
If I double click on that record, the domain for the SRV record is mountdechantal.local

Is there something I should add or change in this?  Do you need me to provide what's listed in the reverse lookup zone?
0
 

Author Comment

by:mikecamden
ID: 19648115
I now have a bunch of other info under my Forward lookup zone in the DNS management console.  This appears to be coming from my DHCP.
In addition to what I listed above, I also have a bunch of the domain computers that previously had IP addresses assigned through DHCP as well as the six or so that I have given manual IP addresses to.

I still can't use DHCP to automatically assign IP addresses to a client computer.  Once I manually assign an IP address, I'm able to join a new computer to the domain, apply GPO to that computer, use shared folders, etc.  Any thoughts?
0
 

Author Comment

by:mikecamden
ID: 19648127
I pressed enter before I forgot something.  Under the mountdechantal.local forward lookup zone, I have what I listed two posts ago, what I listed in the post immediately above this one, and the following folders:
_msdcs
_sites
_tcp
_udp
_DomainDnsZones
_ForestDnsZones

Thanks,
Mike
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19648427
Well it has to be getting closer.  Go into DHCP and click your scope.  Then right click your scope and click reconcile and click verify.  That will check the database with the registry and ensure consistancy.  I have seen that lock up sending addresses before.  If you have all of those folders showing up now it should be working.  Can you ping a workstation by using it's workstation name instead of the ip addresss?  
0
 

Author Comment

by:mikecamden
ID: 19648813
When I went into reconcile, it identified about five IP addresses in the scope.  When I selected reconcile, it got rid of them.  When I hit verify, I received a message that the database is consistent.  When I wait a few minutes and try the same thing, I'll get a similar situation with different IP addresses.

I can successfully ping (by computer name) workstations that had previously been assigned IP addresses when DHCP was working.  I cannot successfully ping computers by workstation name for which DHCP isn't working and I have assigned a manual IP address.  The error that I get is "Ping request could not find host xxx.

However, from a computer in which I have assigned a manual IP address, I can ping a workstation that had previously received an IP address from DHCP by its name.

Thanks.
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19649100
Run the dcdiag like you did at the start and see if the dns lookup failure errors are gone.  Do you have a dhcp scope setup?   I would assume you should have a scope with starting address of 192.168.1.4 - 192.168.1.254 since .3 is your router.   Under scope properties and dns tab make sure you have automatically update DHCP client information in DNS and Update DNS only if DHCP requests.  Also, check the discard forward (name-to-address) lookups when lease expires.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19649228
Mike:

I think you are having problems because some of your clients went to one IP address for DNS and DHCP. And some went to the other IP address, that has been disabled, for DNS and DHCP. This is why you can ping some with the computer name and not others.

Also I think your server is a little confused. Like with DNS that second LAN port appears to be a second server to DHCP with the same scope. "Can't have two servers with overlapping scopes."

Let's first make sure the server is straight. You disabled the second IP address. Now remove all Host A and PTR records of the IP address from DNS. Now let's check on DHCP. Go into the DHCP snapin and right click that DHCP snapin and go to all authorized servers. Remove all instances of the second IP  from there. Now view the "Server2003.(+FQDN)" properties. Under the General button, enable audit logging. Under the DNS tab elect to enable DNS dynamic updates according to the settings below and select the dynamically update DNS and PTR records only if requested by DHCP. Also discard A and PTR records when lease is deleted. Under the advanced tab>>bindings remove the disabled IP address. Now lets right click the scope. Check the general tab and see if it is correct for your scope. Under the advanced tab assign DHCP to clients of DHCP only. As a sub menu right click the scope and go to properties. Click on router and make sure it has the right IP. Now, highlight the  DNS server and remove the one IP address that was disabled. That should conclude your server issues.

Now go to each client that is having issues. Put them as dynamic IPs. Go to the command prompt and type IPconfig /flush DNS. The reason I am doing this is because for some of these clients that were use to getting DNS on the disabled server port may still be looking for that port. This forces the computer to look for a DNS server elsewhere. After flushing the DNS, you should release and renew your IP address. Type IPconfig /release, then type IPconfig /renew.

I think once these clients find the only remaining server port, they will come up and be more cooperative.

John
0
 

Author Comment

by:mikecamden
ID: 19649420
Duffman,
No errors for dcdiag or dcdiah /test:dns.
My scope is 192.168.1.4 - 192.168.1.199.  I have some spots reserved if I ever need to manually configure something.  The settings you are recommending in DHCP, DNS are what I had.

John,
When I disabled the second LAN adapter (192.168.1.6), I actually deleted the DNS zones and started with fresh (for fear of all kinds of bad records and corruption).  I then went through to ensure that the old address wasn't listed, which it wasn't.  I also removed all instances of 192.168.1.6 for where it existed in the DHCP console.  I just went through again to confim, and it doesn't exist anywhere in the DHCP console.  The other DHCP settings you recommended were what I already had entered.

I just disconencted my laptop from the maunal IP address, flushed the DNS cache, did an ipconfig /release and tried to obtain an IP address dynamically (ipconfig /renew) and still no joy.

The questions:
1. When I right click on the server in the DHCP console and select properties, I get that short windows beep that often indicates an error of some sort.  I don't get an error message, but I get the beep.  Could there be something here awry?
2. Under the advanced tab of the server properties in the DHCP console, I have the administrator username, domain, and password assigned for DNS dynamic credentials.  I made the admin account a member of the DNSUpdateProxy group (per one of the help articles I read).  Is this correct?
3. Should I have routing and remote access enabled?  I have tried it both ways; neither seemed to make a difference.

Thanks.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19649956
with one of the clients you are having problems with, try going in to the machine as network administrator and pinging the server. If that doesn't work try rejoining the domain by using just the domain name and not the FQDN domain name.

example of joining the domain:
instead of domainname.xxx.yyy.zzz
join as domainname.

If you get a popup saying welcome to the domainname domain, try and test your client and see if you have an IP address assigned by the server.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19650375
Forget the above, your clients should get an IP address automatically even if they are not a member of your domain unless you have DHCP filters to only allow DHCP from a Domain computer only.

If you detect that DHCP database info is missing or inconsistent, you can attempt to resolve the problem by reconciling DHCP data for all or any scopes. Just right click the scope under the DHCP snapin and click on reconcile. Also, the Conflict Detection option from the DHCP server properties can be used to detect scope conflicts.


Scope IP lease info is stored in two forms by the DHCP server service:

1  Detailed IP address lease info, stored in the DHCP database

2  Summary IP address lease info, stored in the DHCP database

When the reconciling scopes, the detail and summary entries are compared to find inconsistencies.

In this process, the DHCP server either returns the addresses in question to their original owners or creates a temporary reservation for these addresses. These reservations are valid for the lease time assigned to the scope. When the lease time expires, the addresses are recovered for future use.

>>>Also, many of these symptoms point to a rogue DHCP server with an overlapping scope. NetSH is a utility I gave you to look up rogue DHCP servers on the active directory domain. But, what if they are not a part of the domain? The windows support tools includes dhcploc.exe which can be used to locate rogue DHCP servers.
0
 

Author Comment

by:mikecamden
ID: 19650516
John,
I'll give it a try tomorrow. Thanks.  If it doesn't work, I'm seriously thinking about deleting my DHCP scope and rebuilding it.

Thanks.
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19650837
It has to be close if you don't have a huge scope and nothing else is working it wouldn't hurt to try and rebuild it.  
0
 

Author Comment

by:mikecamden
ID: 19650996
Yeah, that's kind of what I'm thinking.  I'm going to try John's latest suggestion first.  The scope is only 195 IP addresses, of which about 120 are currently in use.  I work for a school; the only ones it will really affect are the nuns who live in the attached monestary and a couple of the other administrators.  My big push right now is trying to get new computers for the teachers configured and provisioned over the next week.  I was pretty bummed when this first happened because I was unable to join the systems to the domain (which woul dhave been a nightmare for our administrative and grading software, not mention getting out general software installs).  They are laptops, so it will be really, really nice to be able to use DHCP innstead of manually assigned IP addresses.  I think if I set them up with manual IP addresses, they're going to have a heck of a time switching between using them at home and at school.

Thanks again.
0
 

Author Comment

by:mikecamden
ID: 19656501
I tried the dhcploc command, and it didn't return any rouge servers.  I haven't had the chance to try anything else yet today.

Since it sounds like we've exhausted all other ideas, I'm going to try to rebuild the DHCP scope.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19656954
Mike, did you reconcile the scope?
0
 

Author Comment

by:mikecamden
ID: 19657228
I did.  It comes up with several IP addresses when I hit verify.  When I hit reconcile, they are reconciled and no more addresses are listed when I hit verify again.  If I wait a few minutes and try reconcile again, I'll get another list of IP addresses.

I tried to delete and rebuild the scope, and that didn't help.  I also removed the DHCP server as a role and reinstalled it with a similar scope.  It still didn't work.

All IP addresses that were assigned IP addresses when DHCP was working were reconciled again with the database and maintained their lease.  Workstations that didn't have an IP address assigned by DHCP are still unable to get one through DHCP.

Not sure if you saw my question above -- do I need to have routing and remote access enabled for DHCP to work?  I do not have it enabled now.  I tried it with routing and remote access enabled and it didn't seem to help, but I may not have configured it properly.
0
 

Author Comment

by:mikecamden
ID: 19657286
Also, should I have WINS activated under DHCP?  I wouldn't think that I would need to, but a lot of this is new to me.
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19657751
Since the scope was rebuit, did you right click on dhcp and choose manage authorized servers, find your server and click authorize?  It soundsl like you did since they re-leased their ip's.
0
 

Author Comment

by:mikecamden
ID: 19658015
I just tried running Microsoft Network Monitor on our server and then tried to get an IP address through DHCP with my laptop.  

The results were very interesting.  I'm pretty sure they are telling me where the problem exist, but I'm not sure exactly where or what to do next.  It's like 8 pages of data when I copy it, but it appears like the laptop is broadcasting a DHCP Discover command, but the server isn't responding with an offer.  I can paste the results, but like I said it's 8 pages and might be too much for here.

Would any of the info for the results help?  If so, what parts should I post?
0
 

Author Comment

by:mikecamden
ID: 19658067
Duffman,
Yes; I did authorize the server when I rebuilt the scope.
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19658097
You should not have to activate WINS unless you are using WINS on your machines.  Most places don't use it anymore.  It was used more before active directory.  If you have WINS running then you need to have have option 44 Wins with your Wins server listed under scope options.  You don't have a Linksys router or another router that is setup dhcp and trying to assign addresses as well do you?  I ask that only because you are using the 192.168 range which is generally their default.  
0
 

Author Comment

by:mikecamden
ID: 19658324
I have a router, but it is configured to NOT assign DHCP.  I used 192.168.1.x at the time because I was having a hard time getting a different range to work with the Verizon DSL router we use.  The other range worked for internal addresses but wouldn't find the router.

OK on the WINS; I thought it wasn't necesary.  How about the routing and remote access service?  SHould I set it up and have it running?  My understanding was that I only needed that if I had a multi-cast scope, but I may be reading things incorrectly.

Thanks,
Mike
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19658394
The client is issuing a DHCPDISCOVERY but it never receives a DHCPOFFER.  That makes me wonder if the dhcp server is even getting the DHCPDISCOVERY.  Can you look at the DHCP audit logs located at c:\windows\system32\dhcp folder to see if is has any insight to what it is doing?  CheifIT maybe can help more with the routing and remot access service.  It is for vpn and RAS/dial-up clients so you may not have to have that but I can't say for sure.  

0
 

Author Comment

by:mikecamden
ID: 19658486
In the DHCP audit logs, it isn't receiving anything from a computer that didn't already have an IP address assigned by DHCP.  It does have info logged for workstations that had previously received IP addresses through DHCP (i.e. lease renewal info).  

I just saw something else while looking through an online guide to setting up DHCP.  I saw that it requires a server to have the RIS service authorized.  When I tried to start the service, I got an error that the specified procedure could not be found.  I am now going through the process of installing RIS.  We'll see if that helps.
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19658632
You can try running the dhcploc.exe that comes with this support pack and see what it finds.
http://www.microsoft.com/downloads/details.aspx?familyid=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en

Just to make sure on everything that was confirmed throughout this"
Server is authorized
Scope is setup
Scope has been activated
Server is on the same subnet as the scope
dhcp server is bound to the connection
and scope's network ID matches that of DHCP server

The router cannot be the problem because active leases get renewed.
Reconcile works but addresses return
ipconfig /renew and ipconfig /flushdns does not help on the clients
scope was rebuilt with but has the same problem
Audit logs show renew requests but no new requests.
0
 

Author Comment

by:mikecamden
ID: 19658671
I tried dhcploc validdhcpServerList and I get the following error OpenReceiveSocket failed 10049.  It sounds like something that needs to be open is closed.  Any idea what that means that I need to do.  Is there another command line I should be using for dhcploc?  I tried it earlier at ChiefIT's suggestion to look for rogue servers and didn't find any.
0
 

Author Comment

by:mikecamden
ID: 19658700
Your confirmation points above are all correct.

I think I may have used dhcploc incorrectly above.  When I type dhcploc 192.168.1.7 validdhcpServerList nothing happens.  It just sits there.  Is it listening for a valid DHCP server to broadcast?  If so, I guess that is significant that nothing is happening.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19660120
Mike,

Are you using the DHCP Wizard to setup your DHCP Service?

Let me give you some information I was looking at.

10049 - WSAEADDRNOTAVAIL - Cannot assign requested address.

The requested address is not valid in its context. Normally results from an attempt to bind to an address that is not valid for the local machine, or connect/sendto an address or port that is not valid for a remote machine (e.g. port 0).
___________________________________________________________________________________
1. Initial DHCP discovery
A basic DHCP exchange will on the local subnet appear as follows:

   UDP 0.0.0.0:68 (00:00:39:1C:0C:32) > 
       255.255.255.255:67 (FF:FF:FF:FF:FF:FF) DHCP DISCOVER


At this point the client has no IP address and so uses a source address of 0.0.0.0 and source port of 68 (often referred to as bootpc, the BOOTP client port - BOOTP being the forerunner of DHCP). The packet is sent as a UDP broadcast on port 67 (bootps). Normally this packet will be seen by any host on the local subnet.

Because the OUCS DHCP Service has two servers acting for many different subnets, the packets must be passed from the local subnet to the servers at OUCS. This is done at the router, which will forward any broadcast packet received on an interface to the central DHCP servers (163.1.2.2 and 129.67.1.2: any change to their IP addresses will be announced in advance on the itss-announce mailing list). The forwarding is performed as unicast packets from the router to each server in turn.
____________________________________________________________________________________
2. Server response: DHCP OFFER
Because the central DHCP service is provided by two DHCP servers, normally a client will receive two offers of an IP address in response to its initial DISCOVER request. There are exceptions if one server is down, or has no free addresses available.

Because the DHCP servers see the request as originating from the router address, they will return it to the router interface on the subnet in question. The router is responsible for forwarding the responses to the client. For a client on the 163.1.14.0/255.255.254.0 subnet, the reponses will be along the following lines:

   UDP 163.1.15.254:67 (00:D0:BC:00:11:22) > 
       163.1.15.99:68 (00:00:39:1C:0C:32) DHCP OFFER
   UDP 163.1.15.254:67 (00:D0:BC:00:11:22) > 
       163.1.15.94:68 (00:00:39:1C:0C:32) DHCP OFFER


Note that the destination IP address is that which the server is offering to the client while the destination MAC address is that of the client's network interface. Thus the packet will reach the client even though it does not yet have its IP address.


OUCS DHCP Service and firewalls
_______________________________________________________________________________
3. Client response: DHCP REQUEST
This stage is similar to the first, except that the client now requests a particular IP address from the DHCP server. Additionally, some clients will use this method to request the IP address they previously used (for instance last bootup); if it is denied (DHCP NAK) they will fall back to the first stage.

   UDP 0.0.0.0:68 (00:00:39:1C:0C:32) > 
       255.255.255.255:67 (FF:FF:FF:FF:FF:FF) DHCP REQUEST
------------------------------------------------------------------------------------------------------------------------
With all that said, it looks like we need to configure the router in The DHCP Configuration. Then we need to make sure the Firewalls are not blocking the UDP port of 67. Also, if you are using a WINS server, it will need to be configured in the DHCP configuration. Once done, purgre your ARPcache and reconcile scopes


0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19660215
To reduce the number of address resolution requests, a client normally caches resolved addresses for a (short) period of time. The arp cache is of a finite size, and would become full of incomplete and obsolete entries for computers that are not in use if it was allowed to grow without check. The arp cache is therefore periodically flushed of all entries. This deletes unused entries and frees space in the cache. It also removes any unsuccessful attempts to contact computers which are not currently running.

This goes for servers too.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19660231
Message number three for me tonight,  Mike.

If you are using the windows firewall, here is a whitepaper on how to configure it to work with 2003 server. This is especially important if you have two servers that replicate.

 http://support.microsoft.com/kb/555381
0
 

Author Comment

by:mikecamden
ID: 19661177
John,
What is being explained in your first mesage really sound slike what I saw happening when I read through the results of the Network monitor capture.  I have the router configured in the DHCP management console.  At least IO think I do -- it's listed in the scope options as follows:
003 Router 192.168.1.3.  This is he correct address for the router -- it works fine as the gateway when I manually assign the IP address.  Is there something else that I need to do to ensure that it's correctly configured.

When I get to work, I'll look up the command for clearning the AAR cache.

As to the firewall.  I followed those exact steps early on (before I posted here).  I've tried it with Windows firewall on an doff for the server.

Thanks,

Mike
0
 

Author Comment

by:mikecamden
ID: 19662664
Ok I got somewhere with the netsh interface ip delete ARPcache and reset commands.  I ran a delete ARPcahce and reset IP on the server.  I then went back into the network properties for the server and reassigned the manual Ip address (192.168.1.7), Gateway (192.168.1.3), and DNS address (192.168.1.7).  I went to my laptop and ran the delete ARPcahce and reset IP command.  My laptop connected with a DHCP assigned address (I was happy thinking it was fixed); however, when I checked the IP address, it turned out to be one of the local ones windows assigne when it can't find a DHCP server (169.254.142.188).

John, to answer your first question, yes, I have used the wizard set up DHCP?

Did you see what I posted about the network capture?  It really sounds as if either the server isn't listening for new DHCPDiscover commands because it isn't responding with offers.  However, it is responding when lease renewals are requested by computers that already have IP addresses through DHCP from when it was working (so it's listening responding to some, just not new computers).

Doesn't this sound like I have a setting messed up somewhere (I know, duh)?  I'm thinking it's something to do with the handshake between DNS and DHCP.  In the DHCP window, I have the following typed under scope options for 015 DNS Name: mountdechantal.local
In the DNS management console, the entry immediately under forward lookup zone is mountdechantal.local  That area of DNS is populated with the Host A records for workstations that are conencted (both the ones that were able to renew their IP addresses through DHCP and the ones that I assigned manual IP addresses to).  It also has the Host A and NS record for the sevrer (Server2003) and the SOA.  
Under Reverse Lookup Zone, I have 192.168.1.x subnet listed.  The only records listed here are PTR records for computers that are part of the AD domain (mountdechantal.local. both the ones that renewed their IPs through DHCP and ones with manual assigned IPs),  the PTR and SRV for Server2003, and the SOA.

What am I missing?  Any idea on what else can be impacting this?  I have no idea why this is so hard.  I've setup DHCP on a smaller network running Server 2003, and it was a case of pretty much just following the wizards.
Thanks!
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19664043
Mike:

I think this has everything to do with the middle man. Your clients are going out with a discover request and your server is sending out DHCP requests to clients that have been around. The only component between the two linking up for DHCP is the router.

I am assuming you are using a NAT box router that translates your WAN IP, on one side to the LAN ip side. Both your Clients and Server need to know what the router IP address is. Then the router needs to be under scrutiny.

Under a faulty client, make sure you manually enter in the gateway address under the advanced tab. Sounds like you did this.

On the server, you need to manually enter your router IP twice. One is for your bindings on the NIC settings. The second is in the Scope configuration. In the scope configuration, there is a little checkbox that needs to be checked for the router and the LAN side of the router's IP address needs to be entered in order to communicate with the router.

Once these three settings are for sure, we need to scrutinize the router.

Go to the internet explorer on a machine that is getting internet service and put in the URL of HTTP://192.168.1.3. This should bring you to a web page for the router where we can check the settings. You are savy and I beleive you know how to set the router.  On the WAN side, the router may be looking for a DNS server that no longer exists. That server would be 192.168.1.6. That is the NIC connection you disabled. Also in the router configuration, DHCP on the LAN side should be disabled and DHCP on the WAN side should be enabled.

It sounds like somewhere in the mixed of things you still have that disabled NIC IP as a goto IP for DHCP. And I believe that is on the router. That's why you can't ping the server from a troubled client using the computer name and that's why you can't get DHCP from some of these clients.

Once you have checked this, Reduce the IP Lease duration to one hour. That should help clean up the scope from any leftover data, (Metadata), from IP addresses that are not being used.  After that hour, reconcile the scope again and we should have a clean database.
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19664341
I think we are on the right track.  We have checked everything on the client side and server side so I believe like ChiefIT that the router has to be the problem.  
0
 

Author Comment

by:mikecamden
ID: 19664977
Hi Guys,
I have the router info added twice on my server side (in the LAN Connection properties as the default gateway and in the scope options in my DHCP console.
Couldn't find anything in my router configuration that points to the old secondary dns server address.  The router had been setup as you suggested.  Dynamic WAN address; no dhcp for LAN side.  

I agree that it does sound like the router is the likely problem child in all this.  I have to push this aside for the rest of today, but I'm going to try swapping routers tomorrow AM to see if it makes a difference.

I'll let you know then.
Thanks again,
Mike
0
 

Author Comment

by:mikecamden
ID: 19665147
Change to my last.  I was looking under the DNS tab of the router, which just showed the primary DNS address.  When I clicked the Basic set up, I found a location for DNS Primary and two alternates.  I had the 192.168.1.6 in for the 1st alt and the router's IP address in for the second.  I cleared both out.  I tried to get an IP after that with DHCP, but no luck.  I changed the lease life in the DHCP console scope to 1 hour.  I'll let it work through the leases this evening and try again in the morning.

Thanks.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19665464
Mike

Before replacing the router, give the client a release/renew IP and see if it works.
 
The router may take a little time to adjust and I think some of these adjustments, my fix the problem in a short amount of time.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19665576
If that doesn't work try going to the command prompt on the faulty client and typing

ARP -RR

This releases ARP and Renews it.
0
 

Author Comment

by:mikecamden
ID: 19666683
Thanks  I'l post back to let you guys know one way or the other if it works.
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19669899
If you are still having problems here are some great tools for determining problems. With the first one you can have it send a dchp discovery and it will tell you what servers respond.  You can also do a ton of troubleshooting with the tools.

Download IP Sniffer.  
http://www.scanwith.com/download/IP_Sniffer.htm

This download is good for a simple way to find a rouge dhcp server which you have alredy checked but for the future this is pretty cool.

Download DHCP Explorer
http://www.networksecurityhome.com/ 
0
 

Author Comment

by:mikecamden
ID: 19670679
No luck with the changes made last night.  I couldn't get arp -rr to work; it told me bad syntax on a Win XP client.  I tried arp -a; results are below.  I then used arp -d to delete the table and get it to rebuild.

arp -aa results after the arp -d and when I tried to use DHCP to obtain an IP address:
Interface: 192.168.1.240 --- 0x3
  Internet Address      Physical Address      Type
  192.168.1.3           00-f3-57-e4-fa-57     dynamic
  192.168.1.7           00-10-18-18-e3-1c     dynamic
  192.168.1.16          00-04-00-3b-d8-4d     dynamic
  192.168.1.108         00-00-f0-a8-ea-c2     dynamic
  192.168.1.119         00-00-f0-a7-95-ec     dynamic
  192.168.1.148         00-04-00-c3-22-77     dynamic
  192.168.1.241         00-11-2f-92-70-cc     dynamic

Interface: 169.254.210.245 --- 0x60002
  Internet Address      Physical Address      Type
  169.254.17.126        00-03-47-a0-b9-72     dynamic

C:\Documents and Settings\Administrator.MOUNTDECHANTAL>

Duffman, thanks for the two tools.  I'll give them a whirl next.
0
 

Author Comment

by:mikecamden
ID: 19671180
When I try the DHCP Explorer and ask it to send a DHCP request, I don't get a response.  I think this confirms that something is amiss with the DHCP server listening/responding.  The three computers I have it on all have IP addresses that I manually assigned though, so I'm not sure if that has anything to do with it.  I'm going to run upstairs and try it from a system that I know has a working address that was assigned dynamically from the server.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19671811
Mike,

On your troubled computers, what IP version are you using?

I don't think 2003 server DHCP will assign IP version 6 addresses.

I also know for a fact that IP version 4 routers will not work with IP version 6.

To check your IP version, go to the command prompt and type IPconfig /all and look for a line that says something like " toredo tunnel".  Also look for an line that has an IP address that is alpha numeric. Another way to check is to go in and look at the Network  connection properties that will either say TCP/IP or TCP/IP ver6. If you have IP version 6 installed AT ALL, it will overrule IP version 4.

The solution is to remove IP version 6 and install IP version 4.

Some computers are coming new to the consumer with IP version 6 as the default.
0
 

Author Comment

by:mikecamden
ID: 19672092
John,
If only it could be that easy :-) None of the troubled clients are using Version 6.  

I ran into that problem with a couple of student laptops during the school year that weren't able to get IP addresses.  After removing ver 6, I was able to get them conencted through DHCP.  

Here's some more info.  After DHCP explorer was unable to get a response from the DHCP server on the troubled computers, I went to two computers that I know still have active IP leases through DHCP.  They both were able to discover the DHCP server using DHCP explorer.  The results for both were similar (the only differences were the times for the lease, bind, and renewal):
DHCP Server      192.168.1.7      
Subnet Mask      255.255.255.0      
Domain Name      mountdechantal.local      
DNS Server      192.168.1.7       
Gateway Address      192.168.1.3      
IP Lease Time      Wednesday, May 05, 2010 13:29:46      
DHCP Renewal Time      Monday, December 22, 2008 00:29:46      
DHCP Rebind Time      Thursday, December 31, 2009 15:29:46
I was curious, so I figured I'd run the DHCP explorer app on the server (192.168.1.7).  It was unable to discover itself.  Am I right in assuming that this means that the server isn't listening (or isn't listening on the correct port)?  If so, how do I troubleshoot that?
0
 

Author Comment

by:mikecamden
ID: 19672321
Another avenue -- I read somewhere (can't remember where) that IPSEC must be activated and properly configured to allow DHCP to work properly.  My understanding is that this should be configured automatically when the DHCP wizard is run.  When I read a couple of articles just now about Ipsec, it seems like if it's not configured properly, it could cause the server to not respond to DHCP discover requests.

Anyone have any insight into how I check/troubleshoot the configuration of IPSEC on the server?  I checked services, and it's running.  I checked the default domain controller settings, and it's listed as policy assigned for Server(request security). In the default domain security settings, it's also listed as policy assigned for Server (request security),  I have no idea what the individual options do inside the properties for this, so I'm a little hesitant to mess around with them unless one of you guys can tell me what they should read.

Thanks,

Mike
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19672624
I am going to refer you to a blog site. You can email this person who seems to be pretty keen on helping folks out and posting results on his web page.

His credentials are Microsoft Systems Development Engineer here in Seattle. His main project was DHCP.

http://blogs.msdn.com/anto_rocks/archive/2004/10.aspx

Let him know this is from a school and that might expedite your query.

In the meantime, I am still going to research this project.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19672763
Another thought I was thinking was how we disabled the 2nd NIC port. Did you disable through the network properties or BIOS. Disabling the network port using network properties only puts that port in passive mode and leaves it as an optional port. Disabling it in BIOS really disables the port. What I am trying to say is, even though the port is disabled, It may still be causing problems.

We all agreed this sounds like a routing problem. So,  let me quote a solution to a different computer that used dual NICs.

"You have NetBIOS over TCP/IP disabled on one NIC and enabled on the other.  Plus you have a default gateway setting on both NICs.  Unless you have these NICs aggregated together in some way, which they don't appear to be, then you are going to have routing problems as well as browsing problems.  The only NIC that should have a default gateway is the one that is handling traffic going out to the Internet or networks other than the local one. The opposite goes for the NetBIOS transport - only your internal NIC should have NetBIOS over TCP/IP enabled.  Plus you want to be sure that your external NIC is not dynamically registering with DNS, which will also cause routing problems.  Only your internal NIC IP address should be registered in DNS."
0
 

Author Comment

by:mikecamden
ID: 19672941
Interesting.  I didn't realize that it was still in passove mode.  I'll try disabling it in the bios as well.

Thanks also for the link.  I've dropped him an email to see if he can help <fingers crossed>,
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19673118
It seems like we are so close but so far away.  I will keep researching as well.  This is becoming a life goal to solve this.  :)
0
 

Author Comment

by:mikecamden
ID: 19673149
Thanks, duffman.  I feel the same way -- it just seems like it's one little thing. I can configure the laptops with manual IP addresses, but it really limits the laptops' effectiveness if the teachers have to worry about configuring manual IP addresses everytime they switch between home and work (it also limits my ability to excerise effective security because I would have to give each at least power user account to change the IP addresses).
0
 
LVL 39

Assisted Solution

by:ChiefIT
ChiefIT earned 1000 total points
ID: 19674549
Holy bolagna,

I think I have it, Mike.

Are you using ISA?

If so, check out these rules.

http://www.microsoft.com/technet/isa/2004/plan/isaondhcpserver.mspx

Please, let me know if we make progress. I am making this my life's mission.
0
 

Author Comment

by:mikecamden
ID: 19674581
I'm not too sure what ISA is, buthat doesn't mean that I don't have it installed.  I'm going into work late Sunday morning/early afternoon; I'll check then.  This would be awesome if it's the problem.
0
 

Author Comment

by:mikecamden
ID: 19679835
John and Duffman,
It appears that the issue is resolved.  I did not have ISA server installed, but based on your suggestion, I figured I might as well remove all roles that I'm not using for my server to see if that clears up any conflict.  When I removed the Application Server Role, the server started responding to new DHCP Discovery requests.  Thanks, guys for all of the suggestions.  I have learned more than I ever cared to about DNS and DHCP (not bad for a Middle/High School History and MS Science teacher), but we're functional again.

Thanks Again!!!!
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19680185
YES!!!!

YES!!!

That's great, but I wouldn't bee comfortable to not share points with DM. He hung in there with us.
0
 

Author Comment

by:mikecamden
ID: 19680201
That's true.  I meant to give both of you guys points, but I think I clicked the wrong thing (my eyes were square by the time it all worked itself out).  Any idea how I can go back to distribute points to him as well?
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19680388
Awesome.  I can sleep at night now. I ran out of every possible situation I could think of.  
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19681214
LOL, I can sleep too.

I asked for an administrator to divide the points in half for Duffman. Duffman, thanks for you help.

Mike,  Well Done.

John
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19683380
Thanks ChiefIT.  That was a long road of problems.  You can put the accepted answer for me as the removing one network card configuration to get DNS working.  That was the other half of this battle.  Just remember Mike, if you ever have to build another server like this take off for a week and let someone else have the fun.  :)
0
 

Author Comment

by:mikecamden
ID: 19683817
Great suggestion - unfortunately, we're a small school, and I'm a one man IT shop (as well as the computer science teacher, web developer, and part time social studies teacher).  Thanks again for all of the help, guys.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 19684898
Hey DM:

How do we divide points? Can Mike do this? I am not getting an advisor response and your NIC card configuration worked for DNS.
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19686155
I wish I knew.  Honestly, I have never asked a question only answered them.  I think the advisor requestst take awhile but I don't know.  I belive you submit a question under community support with 0 points and list the details and they make the change.  
0
 

Author Comment

by:mikecamden
ID: 19710078
Looks like it's fixed now -- I have reassigned the solution points.  Thanks again, guys!
0
 
LVL 10

Expert Comment

by:duffman76
ID: 19711309
alright!!! Thanks.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question