We help IT Professionals succeed at work.

DNS Problem I give up!!

4,721 Views
Last Modified: 2012-06-27
Hello I am having this huge problem that I cant figure out how to fix...I am trying to join a windows xp system to my domain but i get an error message every time (error message below).

Funny thing is that the DC is also a DHCP Server and the xp machine can get fine an automatic ip and dns server settings...the DC can ping the xp machine and viceversa...i can also access the DC shares from the xp machine and open files even though the xp machine is setup as a workgroup...error message:

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.

The domain name mydomain might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain mydomain:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child zone:

mydomain
. (the root zone)

For information about correcting this problem, click Help.

when i go to the dns management console on the server and expand my "forward lookup zone" then when i try to expand "mydomain.com" it is not letting me!!...there is no "+" sign to expand the "mydomain.com" folder meaning that there are no _msdcs _sites _tcp __udp etc folders....none of those folders exist.........could that be the reason to my problem??..if so how do i get them back? dont they get created automatically?

I have un-installed and reinstalled DNS as microsoft said in http://support.microsoft.com/kb/310568 but it does not solve the issue, microsoft also asks to modify some registry entries but those registry keys are not in the server... I do not know what else to do I give up..help me please...........is there a way to un-instal dns totally so that when i re install it it wont remember past settings?? i dont know what to do
Comment
Watch Question

PberSolutions Architect
CERTIFIED EXPERT

Commented:
How many DC's do you have?  It sounds like you have only one.

First off all if you are using AD integrated DNS, point the DC to itself for DNS.
Next Make sure you have the DHCP client running on the domain controller.  Even though you have a static IP, the DHCP client is responsible for registering SRV records.
Now stop the netlogon service on the DC.
Do an: Ipconfig /registerdns
Now start the netlogon service.

Wait a few minutes and look in DNS and see if the SRV records appear.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
See this as well:
http://support.microsoft.com/kb/264539

Author

Commented:
Thanks for the reply, yes I only have 1 DC
I am using AD integrated DNS and it is pointing to itself for DNS in its TCP IP properties
In the services windows DHCP client is running and is setup as "automatic"
I have stopped the netlogon service on DC
Did a ipconfig /registerdns

waited 10 minutes...

nothing :-(
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Do you a file called netlogon.dns located in c:\winnt\system32\config

If so open the file with notepad.  Does it look like it has SRV entries?

it should look something like this:
_ldap._tcp.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_ldap._tcp.f9130fa7-4ad6-4149-b112-b9d5a82ea9f7.domains._msdcs.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
fc313fd9-ffe4-4383-bef4-5bc123c9648a._msdcs.yourdomain.com. 600 IN CNAME yourdc.yourdomain.com.
_kerberos._tcp.dc._msdcs.yourdomain.com. 600 IN SRV 0 100 88 yourdc.yourdomain.com.
_ldap._tcp.dc._msdcs.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_kerberos._tcp.yourdomain.com. 600 IN SRV 0 100 88 yourdc.yourdomain.com.
_kerberos._udp.yourdomain.com. 600 IN SRV 0 100 88 yourdc.yourdomain.com.
_kpasswd._tcp.yourdomain.com. 600 IN SRV 0 100 464 yourdc.yourdomain.com.
_kpasswd._udp.yourdomain.com. 600 IN SRV 0 100 464 yourdc.yourdomain.com.
_ldap._tcp.DomainDnsZones.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_ldap._tcp.ForestDnsZones.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_ldap._tcp.default first site name._sites.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_kerberos._tcp.default first site name._sites.dc._msdcs.yourdomain.com. 600 IN SRV 0 100 88 yourdc.yourdomain.com.
_ldap._tcp.default first site name._sites.dc._msdcs.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_kerberos._tcp.default first site name._sites.yourdomain.com. 600 IN SRV 0 100 88 yourdc.yourdomain.com.
_ldap._tcp.default first site name._sites.DomainDnsZones.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_ldap._tcp.default first site name._sites.ForestDnsZones.yourdomain.com. 600 IN SRV 0 100 389 yourdc.yourdomain.com.
_ldap._tcp.gc._msdcs.yourdomain.com. 600 IN SRV 0 100 3268 yourdc.yourdomain.com.
_ldap._tcp.default first site name._sites.gc._msdcs.yourdomain.com. 600 IN SRV 0 100 3268 yourdc.yourdomain.com.
_gc._tcp.yourdomain.com. 600 IN SRV 0 100 3268 yourdc.yourdomain.com.
_gc._tcp.default first site name._sites.yourdomain.com. 600 IN SRV 0 100 3268 yourdc.yourdomain.com.
yourdomain.com. 600 IN A 192.168.0.1
gc._msdcs.yourdomain.com. 600 IN A 192.168.0.1
DomainDnsZones.yourdomain.com. 600 IN A 192.168.0.1
ForestDnsZones.yourdomain.com. 600 IN A 192.168.0.1
PberSolutions Architect
CERTIFIED EXPERT

Commented:
You restarted the netlogon service right?
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Hey guys,

Just a quick question.

Is the Domain Name like this:

mydomain

Or like this:

mydomain.com

From the error message you're receiving above it suggests it's the former. If that is the case extra configuration steps will be necessary. Windows doesn't like Single Label Domain Names:

http://support.microsoft.com/kb/300684

If that's not the case then ignore that and I'll leave you in Pber's capable hands :)

Chris

Author

Commented:
Pber yes I did restarte the service...here is the output of my netlogon.dns file:

mydomain.com. 600 IN A 192.168.1.100
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.pdc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
gc._msdcs.mydomain.com. 600 IN A 192.168.1.100
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs.mydomain.com. 600 IN CNAME dellserver.
_kerberos._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_ldap._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_kerberos._tcp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_gc._tcp.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_gc._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_kerberos._udp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kpasswd._tcp.mydomain.com. 600 IN SRV 0 100 464 dellserver.
_kpasswd._udp.mydomain.com. 600 IN SRV 0 100 464 dellserver.

PberSolutions Architect
CERTIFIED EXPERT

Commented:
Are per Chris's suggestions (BTW: thanks Chris)...Are you using a single Lable domain name?

Also I noticed your netlogon.dns doesn't have FQDN's for the server name (i.e. dellserver.).  It should be dellserver.mydomain.com.

Do you have the DNS suffix correctly configured as "mydomain.com" in the TCP/IP settings on the DC?
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Note the DNS suffix can be configured a few ways:

One: in the TCP/IP settings DNS TAB in "Append these DNS suffixes (in order)"

two: in the TCP/IP settings DNS TAB in "DNS suffix for this connection"

Also make sure the DNS suffix appears in the system properties page.  Right click My Computer, Properties, Network Identification, Properties.  At this point is should be the same location that you use to add the machine to the domain.  Click the More button.

The "Primary DNS suffix of this computer"  be mydomain.com.  You should also check the checkbox there are well, but that isn't a deal breaker.  Just prevents this entry from being wrong if you switch domain membership.

Author

Commented:
In the DC TCP IP Properties DNS suffix for this connection is blank
Register this connections addresses in DNS is checked

What do you mean if I am using a single label domain name? How do I check that?....(sorry new to this)

Should I edit my netlogon.dns and add dellserver.mydomain.com?

Thanks for all your help guys

Author

Commented:
Pber the "properties" button on the network identification tab is grayed out, I cannot click on it... :-)..

should i add mydomain.com to both of those locations?? : "Append these DNS suffixes (in order)" and in "DNS suffix for this connection"?? or only in one of them?
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Well from looking at your netlogon.dns.  Your FQDN should be mydomain.com and that is what should be entered in as your DNS suffix.  I don't know if this is your actual production name, or if you changed it to protect your network.  That same information should also show up in your DNS in your forward lookup zone.

As per Chris's post above.  A single label domain will just be "mydomain." with nothing at the end.  A normal domain would be "mydomain.com" or "mydomain.local" or "mydomain.int".  Don't confuse this with the NetBIOS name which is usually the the single label domain.  In this case "mydomain".
What you setup AD, it asks for a FQDN domain name and the NetBIOS domain name.

If your domain is actually "mydomain.com"  Enter that in the suffix information as per my previous post and redo the ipconfig /registerdns and the restarting of netlogon.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
As far as the suffix, either or both will work.  I usually only configure the "DNS suffix for this connection".
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Normally that shouldn't be grayed out unless you have certificate services installed.  It should tell you why it is grayed out right under that grayed out area.

Author

Commented:
ok I just entered the DNS suffix for this connection: mydomain.com...

how do i know if i am using a single label domain?

Author

Commented:
the properties button is grayed out and there is no explanation below.....the text to the left of that button that says "to rename this computer or join a domain click properties" is also grayed out.,,doesn't this make sense since it is a domain controller? isn't that why is grayed out?
PberSolutions Architect
CERTIFIED EXPERT

Commented:
I think you are mydomain.com.

Reason being, your netlogon.dns says that as well as the forward lookup zone indicates that as well.

did you do the registerdns and netlogon restart?

Author

Commented:
yes I did......... :-(...........I guess there is no way to fix this unless i totally un install  DNS in a way where when I reinstall it wont remember prior settings or configuration that way i can start fresh
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Just to make sure. Have you made sure Dynamic Updates is set to Secure Only on the Forward Lookup Zone for your domain?

Are you still without a Primary DNS Suffix?

If it won't let you change the computer identity it suggests that there's something there to stop it. The reason normally appears just beneath the Change button.

For example, if you have a Certificate Authority installed it'll say:

Note: The identification of the computer cannot be changed because:
 - The Certification Authority Service is installed on this computer.

Do you have anything like that?

Chris

Author

Commented:
yes Dynamic Updates is to secure only on the forward look up zone on the domain.....
I added the primary dns suffix in tcp ip properties dns tab..i added my domain.com...
I do not have anything below the properties button.........nothing at all.........i thought it was normal that the button is grayed out since that server is the domain controller....
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

That shouldn't be the case. You can change the name of a Domain Controller using that button. You just get a warning message stating the limitations of the action.

Admitedly there are better ways to rename a DC, but since we just want access to the Primary DNS Suffix it would help for it to let you in.

If would be worth checking the netlogon.dns file in config again. If it's still listing "dellserver." without the domain name suffixed onto the end then you will still need a way to change it.

Chris

Author

Commented:
If you are referring to the very first line of that netlogon.dns file : mydomain.com. 600 IN A 192.168.1.100

I have manually edited that line using notepad to say dellserver.mydomain.com. 600 IN A 192.168.1.100

Author

Commented:
There is no explanation on why the properties button is grayed out :-(

Author

Commented:
The vent log shows error 1004 and 1004:

The DNS server could not open the file dns\mydomain.com.dns.  Check that the file exists in the %SystemRoot%\System32\Dns directory and that it contains valid data. The event data is the error code.

The DNS server could not find or open zone file dns\mydomain.com.dns.  in the %SystemRoot%\System32\Dns directory.  Verify that the zone file is located in this directory and that it contains valid data.

Author

Commented:
this is what my file looks like:

dellserver.mydomain.com. 600 IN A 192.168.1.100
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.pdc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
gc._msdcs.mydomain.com. 600 IN A 192.168.1.100
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs.mydomain.com. 600 IN CNAME dellserver.
_kerberos._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_ldap._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_kerberos._tcp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_gc._tcp.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_gc._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_kerberos._udp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kpasswd._tcp.mydomain.com. 600 IN SRV 0 100 464 dellserver.
_kpasswd._udp.mydomain.com. 600 IN SRV 0 100 464 dellserver.
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Odd that you're getting the could not open file error. We should probably have a look at flushing out the DNS information entirely and adding it back in.

First, lets have another quick look at that Primary DNS Suffix. If you run "ipconfig /all" the first bit of information it shows you includes the Primary DNS Suffix. Could you confirm what that is at present?

That's just in case it's right and not reporting correctly in netlogon.dns. If it's right there then we can stop worrying about the greyed out Change button.

Moving on, if you want to completely delete the information from DNS there's a little KB article to follow:

http://support.microsoft.com/?kbid=305967

It applies to Windows 2000, and domains upgraded from Windows 2000. If you don't see the zone there just yell and I'll tell you where the 2003 version hides.

Hopefully Pber will be back soon as well, two minds are better than one :)

Chris

Author

Commented:
This is what i get when i do an ipconfig /all


Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : dellserver
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Intel Pro 1000 MT Gigabit Ethernet Adapter - onboard:

        Connection-specific DNS Suffix  . : mydomain.com
        Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connect
ion
        Physical Address. . . . . . . . . : 00-C0-9F-23-5B-55
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 192.168.1.100

C:\Documents and Settings\administrator.SDCSERVER>

ummmmm i just noticed that the very last word in that text above says "SDCSERVER" shouldnt that say DELLSERVER???...does this matter at all??

Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

No, don't worry about that bit. I just don't like the complete lack of DNS Suffix, it's just not a good sign.

I didn't realise it was a 2000 box, that would explain why we can't change the domain information. Although you did link it into the 2000 AD area, so I don't have much of an excuse.

I would be reluctant to try to change the primary DNS suffix in the registry if it's refusing to allow it in the GUI, more likely to break something there.

We could manually enter the Service Records and attempt to bring a new Domain Controller online beside the current one. That may allow you to demote this one, fix the problem and promote it again.

Chris

Author

Commented:
Thanks for the advice however I do not have another server available to bring online. :-( I wold be willing to change the DNS suffix in the registry to see if that works. ..in the tcp ip properties should  I check "use this connections DNS suffix in DNS registration" box??.....should i also add "my domain.com in "append these DNS suffixes (in order)???...........as of now the boxes that i have checked are "append primary and connection  specific dns suffixes" with append parent suffixes of the primary DNS suffix  also checked....

reister this connections addresses in DNS is checked also
use this connections DNS suffix in DNS registration is checked as well

DNS suffix for this connection says my domain.com

Author

Commented:
more weird things............now when i tried to open AD users and computers i get an error:

---------------------------
Active Directory
---------------------------
Naming information cannot be located because:

The network path was not found.

Contact your system administrator to verify that your domain is properly configured and is currently online.
---------------------------
OK  
---------------------------

then there is a red x next to ad users and computers
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

The connection specific suffixes are used by the DNS Resolver, but not really by the server system. They won't change the values it's trying to write back into DNS and such.

Okay, well we still have a number of things open to us. I don't think we've had one yet, so could you run DCDiag please? Really only interested in the failures generated from that.

And don't worry too much about the lack of a physical server. VMWare (or MS Virtual Server) are going to give us everything we need for temporary measures. We need to get that box working first though.

Chris

Author

Commented:
here are the results of DCDIAG:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   An error cocured during DNS host lookup

C:\Documents and Settings\administrator.SDCSERVER>

:-) this is not good, should i just demote this server to a regualr server and then install cdpromo again?
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Not entirely unexpected, but also not entirely helpful.

Do you need to keep what's on the domain at present? We can manually create the necessary DNS entries if it's really required, should work, but there's the chance it might not.

Chris

Author

Commented:
here is an image of my dns..

http://picasaweb.google.com/carlosb2005/Carlos/photo#5101909673270514418

Author

Commented:
what do you mean by wha'ts on the domain present? u mean users created?? i can always recreate users there is only 25...i do not have group policies or anything like that....i just use that server as a DC to authenticate  users to the domain so that they can access shares....and iuse it as a dns server ans as a dhcp server

Author

Commented:
mpre config here

http://picasaweb.google.com/carlosb2005/Carlos/photo#5101911537286320914

http://picasaweb.google.com/carlosb2005/Carlos/photo#5101911532991353602

Author

Commented:
http://picasaweb.google.com/carlosb2005/Carlos/photo#5101912207301219106

Author

Commented:
here is an output of dcdiag

Netcard queries test . . . . . . . : Passed
Per interface results:
    Adapter : Intel Pro 1000 MT Gigabit Ethernet Adapter - onboard
        Netcard queries test . . . : Passed
        Host Name. . . . . . . . . : dellserver.mydomain.com
        IP Address . . . . . . . . : 192.168.1.100
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Dns Servers. . . . . . . . : 192.168.1.100
        AutoConfiguration results. . . . . . : Passed
        Default gateway test . . . : Passed
        NetBT name test. . . . . . : Passed
        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{011287A0-B788-49E1-A826-B5B3B6FED0CD}
    1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Failed
    Failed to get UDP packet size information. The error occurred was: The reque
sted service provider could not be loaded or initialized.
DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'dellserver.mydomain.com.'. [DNS_ERROR_NO_TCPIP]
            The name 'dellserver.mydomain.com.' may not be registered in
DNS.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.1.100'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{011287A0-B788-49E1-A826-B5B3B6FED0CD}
    The redir is bound to 1 NetBt transport.
    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{011287A0-B788-49E1-A826-B5B3B6FED0CD}
    The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
    'SDC': No DCs are up.
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'dellserver'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
    No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.
The command completed successfully
C:\Documents and Settings\administrator.SDCSERVER>

Author

Commented:
here is an output of netdiag /fix

    Adapter : Intel Pro 1000 MT Gigabit Ethernet Adapter  onboard
        Netcard queries test . . . : Passed
        Host Name. . . . . . . . . : dellserver.mydomain.com
        IP Address . . . . . . . . : 192.168.1.100
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Dns Servers. . . . . . . . : 192.168.1.100
        AutoConfiguration results. . . . . . : Passed
        Default gateway test . . . : Passed
        NetBT name test. . . . . . : Passed
        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{011287A0-B788-49E1-A826-B5B3B6FED0CD}
    1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Failed
    Failed to get UDP packet size information. The error occurred was: The reque
sted service provider could not be loaded or initialized.
DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'dellserver.mydomain.com.'. [DNS_ERROR_NO_TCPIP]
            The name 'dellserver.mydomain.com.' may not be registered in
DNS.
    [FATAL] Failed to fix: DC DNS entry mydomain.com. re-registeration on
 DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.mydomain.com. re-regis
teration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.mydomain.com. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.stainlessdesign.co
m. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.mydomain.com
. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.mydomain.com. re-registeration on DNS server '192.168.1.100'
failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317
946f9cd.domains._msdcs.mydomain.com. re-registeration on DNS server '192.
168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry gc._msdcs.mydomain.com. re-regist
eration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry bff6401a-7add-4579-b4cd-c03aaedefd6e._ms
dcs.mydomain.com. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.stainlessdesign
.com. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.mydomain.com. re-registeration on DNS server '192.168.1.1
00' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.mydomain.com
. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.mydomain.com. re-registeration on DNS server '192.168.1.100'
failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.mydomain.com. re-r
egisteration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.mydomain.com. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.mydomain.com. re-registe
ration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.
mydomain.com. re-registeration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.mydomain.com. re-r
egisteration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.mydomain.com. re-re
gisteration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.mydomain.com. re-re
gisteration on DNS server '192.168.1.100' failed.
DNS Error code: 0x0000267B
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '192.168.1.100'.
    [FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{011287A0-B788-49E1-A826-B5B3B6FED0CD}
    The redir is bound to 1 NetBt transport.
    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{011287A0-B788-49E1-A826-B5B3B6FED0CD}
    The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
    'SDC': No DCs are up.
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'dellserver'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
    No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.
The command completed successfully
C:\Documents and Settings\administrator.SDCSERVER>
PberSolutions Architect
CERTIFIED EXPERT

Commented:
If you load nslookup and attempt to resolve host names, can you resolve non FQDN host names?
i.e.
If you do a: nslookup dellserver
Do you get an address?  This would implay your connection specific suffix is working.

If not, does this work: nslookup dellserver.mydomain.com

During Disaster Recovery testing that I have done to see what happens if DNS is completely deleted and you can't restore it.  I've successfully got AD back up and running by manually entering in all the DNS SRV records via the information in the netlogon.dns file.  It usually takes a bit of time since you have to get all the SRV records in the right nodes.

Author

Commented:
This is  what I get when i use nslookup:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>nslookup dellserver
*** Can't find server name for address 192.168.1.100: No response from server
*** Default servers are not available
Server:  UnKnown
Address:  192.168.1.100

*** UnKnown can't find dellserver: No response from server

C:\Documents and Settings\administrator.SDCSERVER>nslookup dellserver.mydomain.com
*** Can't find server name for address 192.168.1.100: No response from server
*** Default servers are not available
Server:  UnKnown
Address:  192.168.1.100

*** UnKnown can't find dellserver.mydomain.com: No response from server

C:\Documents and Settings\administrator.SDCSERVER>

Author

Commented:
How can I completely uninstall DNS ( also entries form the registry) and AD? I guess I need to uninstall AD too since I cant access AD users and computers
PberSolutions Architect
CERTIFIED EXPERT

Commented:
When we are referring to "mydomain.com"  you are substituting your actual domain name for that right?  I noticed in your DNS screenshots you blocked out the actual name for security reasons.

Author

Commented:
Yes that is correct

Author

Commented:
At this point I want to completely un install AD and DNS since both of them are not working, Is there a way to remove those 2 so that when I re install the old settings wont be remembered? ( I guess I need to delete dome registry keys but cant find anywhere on line what and where  those keys are
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Is this a test network or is this your production?  Do you have client machines on it?

Since AD is so messed up, I don't think dcpromo will work to make it a normal server as it won't be able to connect to AD to remove itself.
You might just be best off rebuilding the OS and then dcpromo it again.  If you can, rebuild it as Server 2003 as AD is much better on 2003 than 2000.

Author

Commented:
This is a production network. The server is used to authenticate users and access server shares. This server is the only Domain Controller, DNS Server Print server and DHCP Server in the network. At this point I do not think it is authenticating users and that they are able to login to their system  based on local cache information in their computers. They can access shares OK. Rebuilding the entire server is not an option.

Is there  a way to completely remove DNS and AD?? ( from the registry and add remove programs so that it wont remember old settings when re installed  )
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

I agree with Pber entirely. The particular problem we bumped into here could have been resolved without rebuild with 2003.

Chris
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Do you have backups of the server.  Doing a restore from a point where AD wasn't messed up might be the only way.

Another attempt at DNS fix...since DNS is so messed up on that machine, try anther if possible.
Do you have another server around?  If so, install DNS on that server and make a primary zone with the same name as your mydomain.com zone.  Make sure you allow Nonsecure and secure updates
Now point your DC at that machine.
Do an ipconfig /registerdns on the AD machine.
Does it show up in that DNS.

If so, try re-starting your netlogon service.  or doing a netdiag /fix

Author

Commented:
I do not have a system state backup, and I do not have another server around. This network has only 10 client machines. This is why I am thinking my only option is to un -install AD and DNS completely.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
So if you try to resolve any name that is currently listed in your DNS via Nslookup, you don't resolve anything?

What if you load: nslookup
then type: set d2
then enter a any host name like: dellserver, mail, marys
What do you get for results on that.

It sounds to me like you DNS server isn't running properly.  If you load the DNS mmc and select the properties for the server, select the interfaces TAB, what is the Listen On set to?



Author

Commented:
here is the output for that command

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>nslookup
*** Can't find server name for address 192.168.1.100: No response from server
*** Default servers are not available
Default Server:  UnKnown
Address:  192.168.1.100

> set d2
> dellserver
Server:  UnKnown
Address:  192.168.1.100

------------
SendRequest(), len 28
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        dellserver, type = A, class = IN

------------
socket (dg) failed: No error
SendRequest failed
*** UnKnown can't find dellserver: No response from server
>

AS far as the itnerfaces tabe it is set to "all IP addresses" is this correct??
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Since your zone is AD integrated and AD can't find itself, you are in a catch 22 situation where DNS can't talk to AD to get DNS entries for AD.  
Have you tried to do a reload on the DNS zone?

Author

Commented:
Yes I deleted my forward lookup zone and recreated it. Still the automatic folders that are suppose to get created mydomain.com DO NOT get created automatically.

PberSolutions Architect
CERTIFIED EXPERT

Commented:
Ho are you creating the new zone?  Primary or AD integrated?
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

I still think you'd have to manually add them to get it to come close to resembling normal behaviour.

Chris

Author

Commented:
I have tried both way, Primary and AD integrated.......

Manually add what Chris?? you mean the _msdcs _sites _tcp __udp etc folders.??
PberSolutions Architect
CERTIFIED EXPERT

Commented:
That's what I'm thinking.

Try this:

Create a new Primary zone call it the same as your domain (as you have already been trying)
Once that is done, go to: c:\winnt\system32\config\
Open your netlogon.dns file and copy all the text.
Go to: c:\winnt\system32\dns\
You should have a file called: mydomain.dns <- this is the zone file for your new primary zone mydomain.com
Open that file and at the paste the text from the netlogon.dns.

The mydomain.dns file should look something this:

;
;  Database file mydomain.dns for mydomain.com zone.
;      Zone version:  2
;

@                       IN  SOA dellserver.mydomain.com.  something.mydomain.com (
                              2            ; serial number
                              900          ; refresh
                              600          ; retry
                              86400        ; expire
                              3600       ) ; default TTL

;
;  Zone NS records
;

@                       NS      dellserver.mydomain.com
;
;  Zone records
;

1                       A      0.0.0.0
dellserver.mydomain.com. 600 IN A 192.168.1.100
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.pdc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
gc._msdcs.mydomain.com. 600 IN A 192.168.1.100
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs.mydomain.com. 600 IN CNAME dellserver.
_kerberos._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_ldap._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_kerberos._tcp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_gc._tcp.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_gc._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_kerberos._udp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kpasswd._tcp.mydomain.com. 600 IN SRV 0 100 464 dellserver.
_kpasswd._udp.mydomain.com. 600 IN SRV 0 100 464 dellserver

Save that file and then in the DNS console, right click your mydomain.com zone and select reload
What does your dns look like?
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

I'm thinking it might be good to fake "dellserver." as "dellserver.mydomain.com.", otherwise it'll fail on lookup for "dellserver.".

Either that, or add a new Forward Lookup Zone called dellserver, then put the IP Address into there with no name (so it ends up with "Same as Parent Folder").

Chris
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Good point.

Normally all the entries would be like this:
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.

They should look like this:
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.mydomain.com.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.mydomain.com.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Woops, a slight typo there:

Normally all the entries wouldn't be like this (missing mydomain.com as per Chris's comment):
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.

They should look like this:
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.mydomain.com.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.mydomain.com.

Author

Commented:
pber I cant create a new primary zone with my domain name, there si already one there. It wojnt allow me to  create another forwardlookup zone with the same name.....should I delete it?
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Since DNS seems fried and you've deleted it and recreated it already, go ahead and delete it and do the process above.  Make sure you make it a primary zone and don't store it in AD.



Author

Commented:
ok i am trying that now....(crossing fingers)

Author

Commented:
oh wow,,i think it worked! ,i did what you suggested...this is what  mydomain.com.dns file looks like :

;
;  Database file mydomain.com.dns for mydomain.com zone.
;      Zone version:  1
;

@                       IN  SOA dellserver.mydomain.com  admin. (
                              1            ; serial number
                              900          ; refresh
                              600          ; retry
                              86400        ; expire
                              3600       ) ; minimum TTL

;
;  Zone NS records
;

@                       NS      dellserver.mydomain.com

;
;  Zone records
;

1      A      0.0.0.0

dellserver.mydomain.com. 600 IN A 192.168.1.100
mydomain.com. 600 IN A 169.254.188.253
_ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.pdc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
gc._msdcs.mydomain.com. 600 IN A 192.168.1.100
gc._msdcs.mydomain.com. 600 IN A 169.254.188.253
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs.mydomain.com. 600 IN CNAME dellserver.
_kerberos._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_ldap._tcp.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com. 600 IN SRV 0 100 389 dellserver.
_kerberos._tcp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_gc._tcp.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_gc._tcp.Default-First-Site-Name._sites.mydomain.com. 600 IN SRV 0 100 3268 dellserver.
_kerberos._udp.mydomain.com. 600 IN SRV 0 100 88 dellserver.
_kpasswd._tcp.mydomain.com. 600 IN SRV 0 100 464 dellserver.
_kpasswd._udp.mydomain.com. 600 IN SRV 0 100 464 dellserver.

below is a screenshot of what my dns console looks like, i think there are some erros on it because on the SOA and Name Server data values, mydomain,com is listed twice...(llok at link below).....can i just edit this  in dns management so that it is only listed once??? or should i leave it the way it is?

http://picasaweb.google.com/carlosb2005/Carlos/photo#5102308297775190834


PberSolutions Architect
CERTIFIED EXPERT

Commented:
That's a start.

Ok, now can you resolve anything in your DNS using nslookup?

Author

Commented:
if you look at the data values of those 2 entires you will see it says dellserver.mydomain.com.mydomain.com

i know is hard to tell because i ahve it with red over it

should i change this??
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
You need to correct those records, so they look like this:


@                       IN  SOA dellserver.mydomain.com.  admin. (
                              1            ; serial number
                              900          ; refresh
                              600          ; retry
                              86400        ; expire
                              3600       ) ; minimum TTL

;
;  Zone NS records
;

@                       NS      dellserver.mydomain.com.


It just adds a trailing ".", that stops it suffixing "mydomain.com" onto the end of the name.

Chris
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Yeah, you need to change those records via the properties of the zone.  One in the SOA TAB, and the other in the Name Server TAB (change it, then click resolve, then you'll be allowed to click ok).

Once that is done, and it looks good, you can then push that setting back into the zone file via "Update Server Data file" for that zone.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Or quicker yet, just change the file as per Chris's suggestion and just do another Reload.
thanks Chris. (:

Author

Commented:
Chirs ok this is what it looks like now please let me know if it looks ok:

;
;  Database file mydomain.com.dns for mydomain.com zone.
;      Zone version:  4
;

@                       IN  SOA dellserver.mydomain.com.  admin. (
                              4            ; serial number
                              900          ; refresh
                              600          ; retry
                              86400        ; expire
                              3600       ) ; minimum TTL

;
;  Zone NS records
;

@                       NS      dellserver.mydomain.com.

;
;  Zone records
;

@                       600      A      169.254.188.253
1                       A      0.0.0.0
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs 600      CNAME      dellserver.
_kerberos._tcp.default-first-site-name._sites.dc._msdcs 600      SRV      0 100 88      dellserver.
_ldap._tcp.default-first-site-name._sites.dc._msdcs 600      SRV      0 100 389      dellserver.
_kerberos._tcp.dc._msdcs 600      SRV      0 100 88      dellserver.
_ldap._tcp.dc._msdcs    600      SRV      0 100 389      dellserver.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs 600      SRV      0 100 389      dellserver.
gc._msdcs               600      A      192.168.1.100
                        600      A      169.254.188.253
_ldap._tcp.default-first-site-name._sites.gc._msdcs 600      SRV      0 100 3268      dellserver.
_ldap._tcp.gc._msdcs    600      SRV      0 100 3268      dellserver.
_ldap._tcp.pdc._msdcs   600      SRV      0 100 389      dellserver.
_gc._tcp.default-first-site-name._sites 600      SRV      0 100 3268      dellserver.
_kerberos._tcp.default-first-site-name._sites 600      SRV      0 100 88      dellserver.
_ldap._tcp.default-first-site-name._sites 600      SRV      0 100 389      dellserver.
_gc._tcp                600      SRV      0 100 3268      dellserver.
_kerberos._tcp          600      SRV      0 100 88      dellserver.
_kpasswd._tcp           600      SRV      0 100 464      dellserver.
_ldap._tcp              600      SRV      0 100 389      dellserver.
_kerberos._udp          600      SRV      0 100 88      dellserver.
_kpasswd._udp           600      SRV      0 100 464      dellserver.
dellserver              A      192.168.1.100
PberSolutions Architect
CERTIFIED EXPERT

Commented:
That looks good.  You may also want to put the proper FQDN addresses for the dellserver. entries that Chris mentioned earlier.

thus:

;
;  Database file mydomain.com.dns for mydomain.com zone.
;      Zone version:  4
;

@                       IN  SOA dellserver.mydomain.com.  admin. (
                              4            ; serial number
                              900          ; refresh
                              600          ; retry
                              86400        ; expire
                              3600       ) ; minimum TTL

;
;  Zone NS records
;

@                       NS      dellserver.mydomain.com.

;
;  Zone records
;

@                       600      A      169.254.188.253
1                       A      0.0.0.0
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs 600      CNAME      dellserver.mydomain.com.
_kerberos._tcp.default-first-site-name._sites.dc._msdcs 600      SRV      0 100 88      dellserver.mydomain.com.
_ldap._tcp.default-first-site-name._sites.dc._msdcs 600      SRV      0 100 389      dellserver.mydomain.com.
_kerberos._tcp.dc._msdcs 600      SRV      0 100 88      dellserver.mydomain.com.
_ldap._tcp.dc._msdcs    600      SRV      0 100 389      dellserver.mydomain.com.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs 600      SRV      0 100 389      dellserver.mydomain.com.
gc._msdcs               600      A      192.168.1.100
                        600      A      169.254.188.253
_ldap._tcp.default-first-site-name._sites.gc._msdcs 600      SRV      0 100 3268      dellserver.mydomain.com.
_ldap._tcp.gc._msdcs    600      SRV      0 100 3268      dellserver.mydomain.com.
_ldap._tcp.pdc._msdcs   600      SRV      0 100 389      dellserver.mydomain.com.
_gc._tcp.default-first-site-name._sites 600      SRV      0 100 3268      dellserver.mydomain.com.
_kerberos._tcp.default-first-site-name._sites 600      SRV      0 100 88      dellserver.mydomain.com.
_ldap._tcp.default-first-site-name._sites 600      SRV      0 100 389      dellserver.mydomain.com.
_gc._tcp                600      SRV      0 100 3268      dellserver.mydomain.com.
_kerberos._tcp          600      SRV      0 100 88      dellserver.mydomain.com.
_kpasswd._tcp           600      SRV      0 100 464      dellserver.mydomain.com.
_ldap._tcp              600      SRV      0 100 389      dellserver.mydomain.com.
_kerberos._udp          600      SRV      0 100 88      dellserver.mydomain.com.
_kpasswd._udp           600      SRV      0 100 464      dellserver.mydomain.com.
dellserver              A      192.168.1.100
PberSolutions Architect
CERTIFIED EXPERT

Commented:
What does a dcdiag do now?

Author

Commented:
dc diag still gives the error "an error ocurred during dns host lookup"..below is a link to ns lookup output and  dns management...do i need the host 1 listed there?? also do i need the same as parent folder entry that points to 169.....??

http://picasaweb.google.com/carlosb2005/Carlos/photo#5102314246304895810
PberSolutions Architect
CERTIFIED EXPERT

Commented:
What about nslookup dellserver.mydomain.com

PberSolutions Architect
CERTIFIED EXPERT

Commented:
BTW, the error:

C:\Documents and Settings\administrator.SDCSERVER>nslookup dellserver
*** Can't find server name for address 192.168.1.100: No response from server  <- normal if no reverse lookup zone

*** Default servers are not available  <- normal if no reverse lookup zone

Server:  UnKnown   <- normal if no reverse lookup zone
Address:  192.168.1.100

*** UnKnown can't find dellserver: No response from server  <- this bothers me, it would seem that you can't even talk to your DNS server.

I suppose I should have asked this question first... What happened to make this problem occur?  Do you have IPsec or TCP/IP filtering set in the TCP/IP properties of the client on the AD server?

Author

Commented:
same result for dellserver.mydomain.com

By the way I truly aprreciate all of this help guys

Author

Commented:
also now when i try to join a new client to the domain now at least i get asked for my user name and password..before it wouldnt do that............the only thing is that after i enter the user name and password for the admin account on the domain i then get a message back saying 'the specified server could not perform theo operation"

Author

Commented:
still when i try to open active directory users and computers i get the error message :

Naming information cannot be located because:

The network path was not found.

Contact your system administrator to verify that your domain is properly configured and is currently online.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
It would seem the client can read your DNS, but your server itself can't read DNS.
I presume if you do the same nslookup on the client, you would get a response as expected as it seems it can find the required SRV records.

Back to my previous question:
"What happened to make this problem occur?  Do you have IPsec or TCP/IP filtering set in the TCP/IP properties of the client on the AD server?"

At this point (barring the responce my the question above), I would be tempted to rebuild the TCP/IP stack.  This would involve deleting the NIC from device Manager and then rescanning for hardware changes.  Let it rediscover the nic.
Once it does that, reconfigure the TCP/IP settings as per what they were before.  DNS should pick up the NIC as you said before it was listening on all interfaces.

Author

Commented:
Pber you are correct on your first paragraph.....seems like server itself cant read dns, doing an ns lookujp on the client i do get the same response (it doesnt work).....

I do not have an answer to what happened when this started happening..as far as i know nothing happened but we had an admin that left the company recently and who knows if he did something..

I do not have ipsec or filtering at all ...never used that..

i will uninstall  the nic form dev manager then scan for hardware changes and then see what happens

just remember something...that server has 2 nics...we were using only one that was 100 mbps but recently we switch the network cable to use the other card because it is a 1000 mbps........could this have cause the problem??....
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Two NICS can cause this problem.  If you want to keep the 1000Mbps NIC, make sure you unconfigure and disable the 1000MBPs NIC.  I'm not sure if your network, but if your switch  that your DC is connected to supports Gbps Nics, then both ends should have matching configs.

i.e.  The switch might have been configured at 100Mbps/Full duplex and now that you've started using the  1000Mbps NIC, the duplex is set to auto.

Make sure with your network guys what the port is set to.  Chances are it is configured for 100/Full, if so set your NIC speed/duplex to match at 100/Full.
If your switch is configured as Auto/Auto, set your NIC speed/duplex to Auto/Auto.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Further to my previous post, you could use both NICs at once, following the Speed/Duplex rules that I stated earlier, but you need teaming software.  Teaming allows you to use fail on fault or bandwidth aggregation to provide better availability or speeds.

I'm not sure of the model of Dell server you have.  Dells use one of two NIC types, Intel or Broadcom.  Each requires a different Teaming software.  Intel NIC use the ProSET software to team, while Broadcom uses

Long story short, I would not team for now and see if we can get this to work without teaming.

Also make sure that since you have multiple NICS that you configure the DNS server to only listen on the configured NIC and not on all interfaces or both NICS.

Author

Commented:
there was no switch configuration done or nic configuration........the switchb supports 100/1000 on all ports

si i guess both ends are st to auto..

the server has interl nics

where do i configure the dns server to only listen on the 1000mbps nic? i cant find it

Author

Commented:
nevermind i found where to configure it..it is in the interface tab an it is set to listen to only 192.168.1.100........should i make the zone AD integrated?
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Is AD now working?

Author

Commented:
no it's no, i still get the error:
Naming information cannot be located because:

The network path was not found.

Contact your system administrator to verify that your domain is properly configured and is currently online.
back to top
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Can you resolve yet with nslookup?

Author

Commented:
no, cant resolve netiher :-(
PberSolutions Architect
CERTIFIED EXPERT

Commented:
If you do a netstat -e on the DC, Do you see Errors?

Author

Commented:
funny thin is that now i see host entries in the dns forward lookup zone for my clients..so i guess now clients are registering correctly in dns....there is a while bunch of new hosts records that i did not add manually...

output for netstat -e is:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>netstat -e
Interface Statistics

                           Received            Sent

Bytes                    1699964933       353981210
Unicast packets            15811650        22950897
Non-unicast packets           59166            7349
Discards                          0               0
Errors                            0               0
Unknown protocols                37

C:\Documents and Settings\administrator.SDCSERVER>

Author

Commented:
wow i was able to join the client machine to the domain!!!...........problem now is that i AD is down so I cant access users and computers to create users:-(.........
PberSolutions Architect
CERTIFIED EXPERT

Commented:
So AD is kinda up....?

It still stumps me that you can't resolve dns queries on the client and yet they are doing DDNS registration and you can add computers to the domain.

When you load the AD users and Computers, right lcick Ad users and computer at the top and select Connect to Domain and try your FQDN.  If that does work, try Connect to Domain Controller and pick either just dellserver or dellserver.mydomain.com
You can also load the ADminpak.msi on a client machine and attempt to connect to the DC that way.

What kind of event log entries are you getting now?
PberSolutions Architect
CERTIFIED EXPERT

Commented:
I have to take off now for the weekend.  I may check in now and then over the weekend.  If not, I'll talk to you next week.

Anyhow, it sounds like we are close to getting this back up.  

good luck.

Author

Commented:
thanks.........now when i rebooted the server it can not get online:-(
PberSolutions Architect
CERTIFIED EXPERT

Commented:
I was afraid of that.

When you reboot, press F8 while rebooting and boot into Active Directory Restore mode (Essentially Safe mode for AD).

AD will not attempt to run, but you might be able to play around with the DNS suffix (the area that was grayed out).
Also we need to get this server to resolve dns because that seems to be the entire problem.  The machine can't read its own dns.

You might need to boot into safe mode with networking.  But see if you can ping 127.0.0.1 as well as 192.168.1.100.  Also try some nslookups again.

Author

Commented:
wish I got your message before a few things I did......from client computers I was able to ping the server but was not able to access any server shares at all...it was as if the nic card was not working but ibviously it was since I was able to ping it....anyway I made both nics to get ips and dns servers automatically....reboot it the server and nothing...for now I made the router give ips ....so now clients get ips and dns form the router..(192.168.1.1) ...i un installed dns from the server...delted the dns folder from system 32 and the dns files from the config folder....at this point I do not want this server to give ips or be the dns server since the router is doing that fine.......i just want client computers to be able to access server shares , this is critical.....im thinking aobut removing both nics from device manager and then reboot the server so that they get installed automatically and hopefully it will get an ip from the router and client computers can access the server shares..........what do u think??...if I get that to work I would dcpromo to un install ad and then reisntall ad from scratch gving it a new domain name

Author

Commented:
I just need to do something so that client computers can once again access server shares...i need to make one of those nics to work properly...i cannot access that server anymore, I was doing that using gotomypc but the server does not go on line anymore but I have a guy that is physsically near the server and he can do whatever we need to do to it
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Hey again,

Decorating this weekend, but I should be able to pop back to see how you're getting on if you're working on this now.

The problem with using the Router to handle the DNS for your network is that it won't support the service records that we had to put in manually. If it won't do that then your clients will have a lot of trouble logging on, and therefore a lot of problems accessing network resources.

At this point that may not be such a big impact of course.

What's the current state of the NICs?

All the PCs on your network are joined to the domain right? If we go down the route of redoing AD they will all need joining again. Clearly we need the NICs present for that, and it must have a static IP because we won't be able to get around the need to run DNS on the server.

Chris

Author

Commented:
The NIC's are enabled but for some reason they are not working, I cannot get online. I don't know why all of this started when I rebooted the server. I don't want that server to be DNS server anymore nor DHCP. Clients are joined to the domain and even  though the server is  down they can login fine and access the internet fine. They just cant access the server shares.. I just want the nic to work again so that clients pcs can see the server and access the shares, that's all I want at this point, so im going to uninstall the nics from device manager and reboot the server so that they can get installed again automatically to see if that fixes the issue and hopefully the server will get an ip from the router and can access the internet....

Author

Commented:
Hi guys, as I said I uninstalled DNS and DHCP server from the server. I then re-installed TCP/IP and now the nic's are working again! The server can go online and clients can access server shares. I tried re installing DNS server but when I recreate the forward lookup zone again it does not automatically re-create the subfolders and in the event viewer  log i see and error that it cannot find the mydomain.com.dns file which is weird because i checked the dns folder and it is there.. it is a new created file because i deleted the old one so it is very small there are not _ldap entries or anything like that...this sucks
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Sometimes if there is a slight typo in the dns file it does that.

Try re-doing the procedure again.  Delete the old zone, then re-create the forward primary zone non-AD integrated.  Then open the mydomain.com.dns file and re-paste the netlogon.dns info back in and then try a reload.  
Essentially the info at the post above with the ID of: 19763738






Author

Commented:
Pber is this below  EXACTLY what is suppose to look like? (of course mydomain.com is replaced by my real domain name.com)


;
;  Database file mydomain.com.dns for mydomain.com zone.
;      Zone version:  4
;

@                       IN  SOA dellserver.mydomain.com.  admin. (
                              4            ; serial number
                              900          ; refresh
                              600          ; retry
                              86400        ; expire
                              3600       ) ; minimum TTL

;
;  Zone NS records
;

@                       NS      dellserver.mydomain.com.

;
;  Zone records
;

@                       600      A      169.254.188.253
1                       A      0.0.0.0
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs 600      CNAME      dellserver.
_kerberos._tcp.default-first-site-name._sites.dc._msdcs 600      SRV      0 100 88      dellserver.
_ldap._tcp.default-first-site-name._sites.dc._msdcs 600      SRV      0 100 389      dellserver.
_kerberos._tcp.dc._msdcs 600      SRV      0 100 88      dellserver.
_ldap._tcp.dc._msdcs    600      SRV      0 100 389      dellserver.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs 600      SRV      0 100 389      dellserver.
gc._msdcs               600      A      192.168.1.100
                        600      A      169.254.188.253
_ldap._tcp.default-first-site-name._sites.gc._msdcs 600      SRV      0 100 3268      dellserver.
_ldap._tcp.gc._msdcs    600      SRV      0 100 3268      dellserver.
_ldap._tcp.pdc._msdcs   600      SRV      0 100 389      dellserver.
_gc._tcp.default-first-site-name._sites 600      SRV      0 100 3268      dellserver.
_kerberos._tcp.default-first-site-name._sites 600      SRV      0 100 88      dellserver.
_ldap._tcp.default-first-site-name._sites 600      SRV      0 100 389      dellserver.
_gc._tcp                600      SRV      0 100 3268      dellserver.
_kerberos._tcp          600      SRV      0 100 88      dellserver.
_kpasswd._tcp           600      SRV      0 100 464      dellserver.
_ldap._tcp              600      SRV      0 100 389      dellserver.
_kerberos._udp          600      SRV      0 100 88      dellserver.
_kpasswd._udp           600      SRV      0 100 464      dellserver.
dellserver              A      192.168.1.100

PberSolutions Architect
CERTIFIED EXPERT

Commented:
Looks good.  I don't know why this wouldn't load.  Possible the version number needs to be higher than what your current zone is:
 4            ; serial number  < jack this up to something bigger than the currect zone number.

Also, you may opt to add "mydomain.com." to suffix all your references to "dellserver."

Author

Commented:
what should I change the zone number 4 to??...5? 6? 7?

Yes to every dellserver entry I will add mydomain.com next to it
PberSolutions Architect
CERTIFIED EXPERT

Commented:
I would only change the zone number if modifying the dns file won't load or re-load.  The actual number isn't too important, just as long as it is larger than the current zone number that is currectly displayed in the DNS MMC.

Make sure the when adding mydomain.com to the end of dellserver. is mydomain.com.  <- note the "." at the end.

Author

Commented:
ok I will try it, thanks :-)

Author

Commented:
every time i re install DNS server the mydomaincom.dns file that gets created  looks like the text below..is that normal?? is that what it should look like when i gets created??

;
;  Database file mydomain.com.dns for mydomain.com zone.
;      Zone version:  3
;

@                       IN  SOA dellserver.  admin. (
                              3            ; serial number
                              900          ; refresh
                              600          ; retry
                              86400        ; expire
                              3600       ) ; minimum TTL

;
;  Zone NS records
;

@                       NS      dellserver.
dellserver.             A      192.168.1.100

;
;  Zone records
;

stuartw                 1200      A      192.168.1.132
PberSolutions Architect
CERTIFIED EXPERT

Commented:
When you re-install DNS and recreate a zone, it will do that.  Normally you don't uninstall DNS, that is a major change, so it likely will clear out the dns folder.  If you just delete a zone, it usually will leave the .dns file there, so later you can re-create the zone and select the existing zone file.  

You can always just modify the file as we've been doing and just select reload and it should load the new changes.

Author

Commented:
ok here is my final mydoamin.com.dns this is exacly what I will place in the config folder....file can you please take a quick look at it and make sure its ok?....i added mydmain.com. after every entry that says dellserver except the very last line:


;
;  Database file mydomain.com.dns for stainlessdesign.com zone.
;      Zone version:  3
;

@                       IN  SOA dellserver.  admin. (
                              3            ; serial number
                              900          ; refresh
                              600          ; retry
                              86400        ; expire
                              3600       ) ; minimum TTL

;
;  Zone NS records
;

@                       NS      dellserver.mydomain.com.
dellserver.mydomain.com.             A      192.168.1.100

;
;  Zone records
;

@                       600      A      169.254.188.253
1                       A      0.0.0.0
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs 600      CNAME      dellserver.mydomain.com.
_kerberos._tcp.default-first-site-name._sites.dc._msdcs 600      SRV      0 100 88      dellserver.mydomain.com.
_ldap._tcp.default-first-site-name._sites.dc._msdcs 600      SRV      0 100 389      dellserver.mydomain.com.
_kerberos._tcp.dc._msdcs 600      SRV      0 100 88      dellserver.mydomain.com.
_ldap._tcp.dc._msdcs    600      SRV      0 100 389      dellserver.mydomain.com.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs 600      SRV      0 100 389      dellserver.mydomain.com.
gc._msdcs               600      A      192.168.1.100
                        600      A      169.254.188.253
_ldap._tcp.default-first-site-name._sites.gc._msdcs 600      SRV      0 100 3268      dellserver.mydomain.com.
_ldap._tcp.gc._msdcs    600      SRV      0 100 3268      dellserver.mydomain.com.
_ldap._tcp.pdc._msdcs   600      SRV      0 100 389      dellserver.mydomain.com.
_gc._tcp.default-first-site-name._sites 600      SRV      0 100 3268      dellserver.mydomain.com.
_kerberos._tcp.default-first-site-name._sites 600      SRV      0 100 88      dellserver.mydomain.com.
_ldap._tcp.default-first-site-name._sites 600      SRV      0 100 389      dellserver.mydomain.com.
_gc._tcp                600      SRV      0 100 3268      dellserver.mydomain.com.
_kerberos._tcp          600      SRV      0 100 88      dellserver.mydomain.com.
_kpasswd._tcp           600      SRV      0 100 464      dellserver.mydomain.com.
_ldap._tcp              600      SRV      0 100 389      dellserver.mydomain.com.
_kerberos._udp          600      SRV      0 100 88      dellserver.mydomain.com.
_kpasswd._udp           600      SRV      0 100 464      dellserver.mydomain.com.
dellserver              A      192.168.1.100
PberSolutions Architect
CERTIFIED EXPERT

Commented:
good except for the SOA record (i've can load this into my dns server with no problems):

;
;  Database file mydomain.com.dns for stainlessdesign.com zone.
;      Zone version:  3
;

@                       IN  SOA dellserver.mydomain.com.  admin. (
                              3            ; serial number
                              900          ; refresh
                              600          ; retry
                              86400        ; expire
                              3600       ) ; minimum TTL

;
;  Zone NS records
;

@                       NS      dellserver.mydomain.com.
dellserver.mydomain.com.             A      192.168.1.100

;
;  Zone records
;

@                       600      A      169.254.188.253
1                       A      0.0.0.0
bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs 600      CNAME      dellserver.mydomain.com.
_kerberos._tcp.default-first-site-name._sites.dc._msdcs 600      SRV      0 100 88      dellserver.mydomain.com.
_ldap._tcp.default-first-site-name._sites.dc._msdcs 600      SRV      0 100 389      dellserver.mydomain.com.
_kerberos._tcp.dc._msdcs 600      SRV      0 100 88      dellserver.mydomain.com.
_ldap._tcp.dc._msdcs    600      SRV      0 100 389      dellserver.mydomain.com.
_ldap._tcp.834ba9da-ca09-4aaf-ad06-8d317946f9cd.domains._msdcs 600      SRV      0 100 389      dellserver.mydomain.com.
gc._msdcs               600      A      192.168.1.100
                        600      A      169.254.188.253
_ldap._tcp.default-first-site-name._sites.gc._msdcs 600      SRV      0 100 3268      dellserver.mydomain.com.
_ldap._tcp.gc._msdcs    600      SRV      0 100 3268      dellserver.mydomain.com.
_ldap._tcp.pdc._msdcs   600      SRV      0 100 389      dellserver.mydomain.com.
_gc._tcp.default-first-site-name._sites 600      SRV      0 100 3268      dellserver.mydomain.com.
_kerberos._tcp.default-first-site-name._sites 600      SRV      0 100 88      dellserver.mydomain.com.
_ldap._tcp.default-first-site-name._sites 600      SRV      0 100 389      dellserver.mydomain.com.
_gc._tcp                600      SRV      0 100 3268      dellserver.mydomain.com.
_kerberos._tcp          600      SRV      0 100 88      dellserver.mydomain.com.
_kpasswd._tcp           600      SRV      0 100 464      dellserver.mydomain.com.
_ldap._tcp              600      SRV      0 100 389      dellserver.mydomain.com.
_kerberos._udp          600      SRV      0 100 88      dellserver.mydomain.com.
_kpasswd._udp           600      SRV      0 100 464      dellserver.mydomain.com.
dellserver              A      192.168.1.100

Author

Commented:
in line 2 of the file should there be a dot after stainlessdesign??? I noticed that there is no dot in the last file thatyou posted (the second line of the file)

Author

Commented:
line 2 of the file  "stainlessdesisgn.com" should there be a dot after .com ??
PberSolutions Architect
CERTIFIED EXPERT

Commented:
nope.  anything after a ";" is a comment and ignored.

Author

Commented:
ok so the file is ready then...I will re-install DNS, after that I need to look at the zone number of the newly created zone, and if it is 3 or more then i need to edit the mydomain.comdns file to say 4 or higher correct? i would then paste the new mydomain.com.dns file in the dns folder and then reload..right?....then ill reboot the server and pray that tcp/ip wont get messed up again

PberSolutions Architect
CERTIFIED EXPERT

Commented:
If the zone loads from the mydomain.com.dns file don't mess with the serial numbers.  The only reason why I mentioned that is because you were having some issues with getting DNS to load the zone several posts ago.

Author

Commented:
It seems like it worked (partially). Clients are now showing as hosts in dns mangement , I guess they are properly registering. However hen I do nslookup it still not working.below is the outout (i did ithis form the server)

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>nslookup
*** Can't find server name for address 192.168.1.100: Non-existent domain
*** Default servers are not available
Default Server:  UnKnown
Address:  192.168.1.100

>

also when i try to browse through my network places from a client computer and when i go to "entire network" and click on mydomain.com i get a message that it is not available..however I can access the server from the client if click on START then  click on RUN then type \\servername and hit enter.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
C:\Documents and Settings\administrator.SDCSERVER>nslookup
*** Can't find server name for address 192.168.1.100: Non-existent domain
*** Default servers are not available
Default Server:  UnKnown
Address:  192.168.1.100

As per (https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2000_Active_Directory/Q_22780042.html?cid=238#a19763949), this is normal when you have no reverse lookup.

What happens if you try and nslookup dellserver?

Author

Commented:
I do have a reverse lookup zone ...........however there are no pointers in it ...there are only 2 records there SOA and nameserver....if i do nslookupdellserver or nslookup dellservermydomain.com i get the same results.......should i delete and recreate the recerse lookup zone???...please look at the image below..

http://picasaweb.google.com/carlosb2005/Carlos/photo#5103757402560992082



Author

Commented:
here is on of the reverse lookup zone...should i deleted and recreate it??...if so is there any special way I should do that?..look below please

http://picasaweb.google.com/carlosb2005/Carlos/photo#5103758394698437474

Author

Commented:
also i do not know if it matter but the forward lookup zone zone number is 22 and for the reverse lookup zone is 1....does that matter??
PberSolutions Architect
CERTIFIED EXPERT

Commented:
The reverse looks fine.

Generally when I create a reverse lookup I'll make it for a more broad subnet range as opposed to creating one for each subnet as this will become a maintenance issue.  If you have only one subnet or very few, it's not that bad.  If if you have lots, you'll want to do it more general.

What I'm getting at is instead of 192.168.1.X, I'll make it 192.168.x.x (192.168.in-addr.arpa).  This way it will autocreate the subnet folder under the 192.168.x.x as records are created.  In this case, you should see a "1" folder under that 192.168.x.x.

If you don't plan on creating more subnets, don't worry about the above.

Once you create a PTR record for dellserver under 192.168.1.x, the nslookup errors will clear up as nslookup will be able to resolve 192.168.1.100 to dellserver.

The zone serial numbers are nothing to worry about.  They increment after each change to that zone.  It is used by internal DNS processing as well as it helps for DNS troubleshooting to see if your dns is updating.


Author

Commented:
should i create the ptr record 192.168.1.100 for dellserver or for dellserver.mydomain.com??

Author

Commented:
also should there be a "dot"? after dellserver / dellserver.mydomain.com?

Author

Commented:
I added two pointers with out a "dot". one for dellserver and one for dellserver.myhdomain.com.... still below is what i get..did i do something wrong or do i need to ait a few minutes?

C:\Documents and Settings\administrator.SDCSERVER>nslookup dellserver
Server:  dellserver.stainlessdesign.com
Address:  192.168.1.100

*** dellserver.stainlessdesign.com can't find dellserver: Server failed

C:\Documents and Settings\administrator.SDCSERVER>
PberSolutions Architect
CERTIFIED EXPERT

Commented:
AFAIK all dns entries as a ".' at the end.

Reverse lookups should be FQDN.  Forward lookups can be left as just the servername as DNS will make it inherit the zone name of the parent if it is left blank.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
That should have been...

AFAIK all dns entries should have a "." at the end.

Author

Commented:
shouldn't the SOA on the reverse lookup zone point to the FQDN?...it is now pointing only to "dellserver"

Author

Commented:
the name server in the reverse lookup zone is also pointing to dellserver and not the FQDN is this ok?
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Yes it should.  The reverse lookup requires FQDN as it needs to know what forward zone to query.

How is your AD working?

Author

Commented:
ok i will edit those reverse lookup zones to have the FQDN instead of just dellserver. I can access AD fine now.
PberSolutions Architect
CERTIFIED EXPERT

Commented:
That's great.

Author

Commented:
i just saw that the reverse lookup zone is Active Directory integrated...maybe this is why nslookups are not working???? since the forward lookup zone is not Active directory integrated??...also it was not allowing dynamic updates.............should i  change the reverse lookup zone to be standard primary and to allow dynamic updates??

Author

Commented:
or will it be better if i delete the reverse lookup zone and recreate it??
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Now what AD seems to be alive, we should tweak your DNS a little.  Normally you would allow "Secure Only" dynamic updates.  This is for security reasons.  It means, just trusted computers on your AD network can do DDNS updates in the applicable zone.  Non-secure and secure means anyone can insert new DNS records in your network.
Normally I would also suggest making all DNS zones AD integrated as this would optimize the DNS replication to all your DC's.  Since you only have 1 DC (and with all the problem you had), this isn't a huge issue.  That being said I strongly suggest getting (or at least budgeting for) a second domain controller.  As you seen, this is very important to be up and having two will help lots if one starts failing.

Author

Commented:
thanks, should i delete and recreate the reverse lookup zone?? nslookup is not working and I think thats has something to do with why my client computer cannot browse mydomain from my network places....

Author

Commented:
there is something wrong because from the server if i go to the run window and type \\client_name i get a network path was not found message...but if i do the same thing and type the ip adress of the client instead , i can access the client fine.......I can only access the client by ip address and not name. i even addedd the pionter for the client in the recerse lookup zone but still nothing :-(........this is why i was asking if i should delete and recreate the recreate the reverse lookup zone
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Lets not worry about reverse for now because that isn't needed for name to ip resolution.

If you try and do a \\client_name.mydomain.com do you get something?

I'm thinking you still have the DNS suffix problem.
What do your DCdiag and Netdiags show?  Are they coming up cleaner?

Author

Commented:
when i do  a \\client_name.mydomain.com form the server  it works...lol..but when i do \\client_name it doesnt work.

PberSolutions Architect
CERTIFIED EXPERT

Commented:
That is definitely a DNS suffix issue.

Since you've removed and re-installed TCP/IP several times... Do you have a DNS suffix defined as "mydomain.com" in your TCP/IP settings?

Author

Commented:
Also in the DNS tab in the advanced  tcp ip settings under DNS suffix for this connection: there is nothing there...... is blank.............

i went to the client again and when i go to network neighborhood and double click on mydomain i get the an error message.........im not able to see any of the client computers in the network however i can access them via the run windows and typing their client name
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Add mydomain.com in there and see what happens.

Also this might be some help:
http://technet.microsoft.com/en-us/library/aa998420.aspx
PberSolutions Architect
CERTIFIED EXPERT

Commented:
It would seem that NV Domain doesn't contain "mydomain.com".  I'm not what effect changing that via the registry would do to the domain.

Author

Commented:
wow adding mydomain.com worked!!!!..the client can now browse mydomain via my network places and from the server i can only use client_name to access clients..NICE!!...nslookup from the server works only if i use the FQDN but it doesnt work if I just use the client name..should i even care about that?..does that mean that there is something worng??...this is great!
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Where did you add mydomain.com in the suffix search order or the NV Domain?

how are your dcgiag and netdiags?

Also the dreadded reboot...

Author

Commented:
in the dns tab....right next to "DNS Suffix for this connection:"

dcdiag output

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DELLSERVER
      Starting test: Connectivity
            *** Warning: could not confirm the identity of this server in
               the directory versus the names returned by DNS servers.
               If there are problems accessing this directory server then
               you may need to check that this server is correctly registered
               with DNS
         ......................... DELLSERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DELLSERVER
      Starting test: Replications
         ......................... DELLSERVER passed test Replications
      Starting test: NCSecDesc
         ......................... DELLSERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... DELLSERVER passed test NetLogons
      Starting test: Advertising
         ......................... DELLSERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... DELLSERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... DELLSERVER passed test RidManager
      Starting test: MachineAccount
         ......................... DELLSERVER passed test MachineAccount
      Starting test: Services
         ......................... DELLSERVER passed test Services
      Starting test: ObjectsReplicated
         ......................... DELLSERVER passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... DELLSERVER passed test frssysvol
      Starting test: kccevent
         An Error Event occured.  EventID: 0xC0000583
            Time Generated: 08/28/2007   13:49:53
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80000677
            Time Generated: 08/28/2007   13:49:53
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000583
            Time Generated: 08/28/2007   13:49:53
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80000677
            Time Generated: 08/28/2007   13:49:53
            (Event String could not be retrieved)
         ......................... DELLSERVER failed test kccevent
      Starting test: systemlog
         ......................... DELLSERVER passed test systemlog

   Running enterprise tests on : mydomain.com
      Starting test: Intersite
         ......................... mydomain.com passed test Intersite
      Starting test: FsmoCheck
         ......................... mydomain.com passed test FsmoCheck

C:\Documents and Settings\administrator.SDCSERVER>

netdiag output:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>netdiag
.....................................
    Computer Name: DELLSERVER
    DNS Host Name: dellserver
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
Netcard queries test . . . . . . . : Passed
Per interface results:
    Adapter : Local Area Connection
        Netcard queries test . . . : Passed
        Host Name. . . . . . . . . : dellserver.mydomain.com
        IP Address . . . . . . . . : 192.168.1.100
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Dns Servers. . . . . . . . : 192.168.1.100
        AutoConfiguration results. . . . . . : Passed
        Default gateway test . . . : Passed
        NetBT name test. . . . . . : Passed
        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
    1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.1.100'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
    The redir is bound to 1 NetBt transport.
    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
    The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Failed
    [WARNING] The default SPN registration for 'HOST/DELLSERVER' is missing on D
C 'dellserver'.
    [FATAL] The default SPNs are not properly registered on any DCs.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
    No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.
The command completed successfully
C:\Documents and Settings\administrator.SDCSERVER>

not good uh?? :-(

Author

Commented:
LDAP test failed and DNS test failed I guess thats not good uh??
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Could be SPN related.

what is the output of an: setspn -L dellserver

Author

Commented:
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\administrator.SDCSERVER>setspn -L dellserver
'setspn' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\administrator.SDCSERVER>

Author

Commented:
should that command work on a windows 2000 server?? did i have  typo?

Author

Commented:
i had to download that utility........here is the output

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Program Files\Resource Kit>setspn -l dellserver
Registered ServicePrincipalNames for CN=DELLSERVER,OU=Domain Controllers,DC=stai
nlessdesign,DC=com:
    MSSQLSvc/dellserver
    MSSQLSvc/dellserver:1433
    SMTPSVC/dellserver
    NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/dellserver
    DNS/dellserver
    GC/dellserver/mydomain.com
    HOST/dellserver/SDC
    HOST/dellserver
    HOST/dellserver/mydomain.com
    E3514235-4B06-11D1-AB04-00C04FC2DCD2/bff6401a-7add-4579-b4cd-c03aaedefd6e/mydomain.com
    LDAP/bff6401a-7add-4579-b4cd-c03aaedefd6e._msdcs.mydomain.com
    LDAP/dellserver/SDC
    LDAP/dellserver
    LDAP/dellserver/mydomain.com

C:\Program Files\Resource Kit>
PberSolutions Architect
CERTIFIED EXPERT

Commented:
I think the connection specific dns suffix is burning us.

All instances of dellserver should have a .mydomain.com at the end.  

Try adding these as see what happens with a netdiag:

setspn -a LDAP/dellserver.mydomain.com dellserver
setspn -a LDAP/dellserver.mydomain.com/SDC dellserver
setspn -a LDAP/dellserver.mydomain.com/mydomain.com dellserver
setspn -a DNS/dellserver.mydomain.com
setspn -a GC/dellserver.mydomain.com
setspn -a HOST/dellserver.mydomain.com
setspn -a HOST/dellserver.mydomain.com/mydomain.com

Author

Commented:
shoul i enter those commands one by one in a DOS PROMPT?
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Yes one by one at the command prompt.  I left out a few, but those shouldn't matter in regards to getting the domain happier.   We'll also clean out the bad ones after as needed.

Author

Commented:
when i get to the 4th command (setspn -a DNS/dellserver.mydomain.com)  i get an error:


C:\Program Files\Resource Kit>setspn -a DNS/dellserver.mydomain.com
Usage: setspn [switches data] computername
  Where "computername" can be the name or domain\name

  Switches:
   -R = reset HOST ServicePrincipalName
    Usage:   setspn -R computername
   -A = add arbitrary SPN
    Usage:   setspn -A SPN computername
   -D = delete arbitrary SPN
    Usage:   setspn -D SPN computername
   -L = list registered SPNs
    Usage:   setspn [-L] computername
Examples:
setspn -R daserver1
   It will register SPN "HOST/daserver1" and "HOST/{DNS of daserver1}"
setspn -A http/daserver daserver1
   It will register SPN "http/daserver" for computer "daserver1"
setspn -D http/daserver daserver1
   It will delete SPN "http/daserver" for computer "daserver1"

C:\Program Files\Resource Kit>

:-(

Author

Commented:
also the rest of the commands after the 4th one give the same error
PberSolutions Architect
CERTIFIED EXPERT

Commented:
I'm so sorry I gave you the wrong syntax, dellserver needs to be at the end of each:

setspn -a LDAP/dellserver.mydomain.com dellserver
setspn -a LDAP/dellserver.mydomain.com/SDC dellserver
setspn -a LDAP/dellserver.mydomain.com/mydomain.com dellserver

setspn -a DNS/dellserver.mydomain.com dellserver
setspn -a GC/dellserver.mydomain.com dellserver
setspn -a HOST/dellserver.mydomain.com dellserver
setspn -a HOST/dellserver.mydomain.com/mydomain.com dellserver

PberSolutions Architect
CERTIFIED EXPERT

Commented:
I have to take off for the day.
cya tomorrow.

Author

Commented:
ok have a great day:-) talk to you tomorrow and Thanks!

Author

Commented:
ok, all commands completes successfully, however I dont think it fixed the issue..by the way reverse lookup zone has new pointers now that got created automatically, i guess this is a good sign...here ia a netdiag: do u see anything?


Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\administrator.SDCSERVER>netdiag
.....................................
    Computer Name: DELLSERVER
    DNS Host Name: dellserver
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel  
Netcard queries test . . . . . . . : Passed
Per interface results:
    Adapter : Local Area Connection
        Netcard queries test . . . : Passed
        Host Name. . . . . . . . . : dellserver.mydomain.com
        IP Address . . . . . . . . : 192.168.1.100
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Dns Servers. . . . . . . . : 192.168.1.100
        AutoConfiguration results. . . . . . : Passed
        Default gateway test . . . : Passed
        NetBT name test. . . . . . : Passed
        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
    1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.1.100'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
    The redir is bound to 1 NetBt transport.
    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
    The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Failed
    [WARNING] The default SPN registration for 'HOST/DELLSERVER' is missing on DC 'dellserver'.    [FATAL] The default SPNs are not properly registered on any DCs.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
    No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.
The command completed successfully
C:\Documents and Settings\administrator.SDCSERVER>
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Can you do a ipconfig /registerdns and restart the netlogon service.
Also do a netdiag /fix and a dcdiag /fix

Once you do that, Re-post the netdiag and dcdiag results

Author

Commented:
should i stop the netlogon service before i do the ipconfig /registerdns??

Author

Commented:
ok here is anew netdiag, seems ike the DNS error message is gone however there is still a SPN error..:

C:\Documents and Settings\administrator.SDCSERVER>netdiag
....................................
    Computer Name: DELLSERVER
    DNS Host Name: dellserver
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel    
Netcard queries test . . . . . . . : Passed
Per interface results:
    Adapter : Local Area Connection
        Netcard queries test . . . : Passed
        Host Name. . . . . . . . . : dellserver.stainlessdesign.com
        IP Address . . . . . . . . : 192.168.1.100
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Dns Servers. . . . . . . . : 192.168.1.100
        AutoConfiguration results. . . . . . : Passed
        Default gateway test . . . : Passed
        NetBT name test. . . . . . : Passed
        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
    1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.10
0' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
    The redir is bound to 1 NetBt transport.
    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{C028FA40-CDEE-45D5-9501-0CAA6CFE2100}
    The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Failed
    [WARNING] The default SPN registration for 'HOST/DELLSERVER' is missing on D
C 'dellserver'.
    [FATAL] The default SPNs are not properly registered on any DCs.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
    No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.
The command completed successfully
C:\Documents and Settings\administrator.SDCSERVER>

Author

Commented:
i just thought of something that I should have mentioned..................i have a "www" and a "mail" host entries in the forward lookup zone that point to a public ip address where my website (mydomain.com) and email are being hosted....is this related to the LDAP Test failed problem???????
PberSolutions Architect
CERTIFIED EXPERT

Commented:
That doesn't have anything to do with it.

I want to go back to the "primary dns suffix for this computer"

I'm wondering if there is a GPO that has this option enabled, but the value is set to blank and is being applied to the DC.

See this:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/92767.mspx?mfr=true

I'm not sure how many GPO's you have, but check the default Domain controller policy or whatever policies that are above or assigned to the Domain Controllers OU.
Look here:
Computer Configuration\Administrative Templates\System\DNS Client
the Primary DNS suffix should be: mydomain.com

If it was set blank, try disabling it.  If it isn't set, set it to above.
Now update the GPOs via command line:

secedit /refreshpolicy machine_policy /enforce

Now look at the "Primary DNS suffix for this computer" via the GUI that was greyed out.  Does it have an entry now?

Author

Commented:
the seeting for primary dns suffix  in in the default GPO is set as "not configured"...i changes that and pinted it to mydomain.com.

i did the secedit command

i then right click on "my computer" selected "properties" then in the network identification tab the "properties button is grayed out...

here is a pic of that and ipconfig:  http://picasaweb.google.com/carlosb2005/Carlos/photo#5104167640657236850
PberSolutions Architect
CERTIFIED EXPERT

Commented:
What about after the dreaded reboot.  

Author

Commented:
im too scared to reboot now, that server needs to be up 100% of the time at least for another week then I can try reboot..........do you think rebooting may fix some things?
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Fair enough.

So your AD seems to be kind of happy.  Can you add/remove computers and users?

Author

Commented:
Yes I can add/remove computers and users so I guess that's a good sign:-)
PberSolutions Architect
CERTIFIED EXPERT

Commented:
This works out well.  I have to take off for the rest of the week.

I would stongly suggest performing a full backup (using NTbackup) of your machine and place it on DVD or TAPE media so you can recover if thing suddenly go south.  You can also just do a system state backup as well (considerably smaller), but this will only cover the server and domain controller functions, not the file shares, etc.  

Anyhow, I should be in and out next week.  I'll check in with you on Tuesday and see how things are going.

Author

Commented:
Thanks so much for all of your help:-)
PberSolutions Architect
CERTIFIED EXPERT

Commented:
good luck while I'm off.

Author

Commented:
rebooted the server TCP/IP works!!
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Sorry, I was out most of last week.

Anyhow, that sounds like good news.  How are the dcdiag and netdiags?

Author

Commented:
when i do a netdiag everything apsses but one thing........:

"LDAP Test..warning the default spn registration for HOST?DELLSERVER is missing on DC 'DELLSERVER'
Fatal the defaults spn's are not properly registered on any DC"s"

shouldnt say "is missing on DC 'MyDOMAIN.COM"????....why does it say "missing onDC DELLSERVER"... is that normal??....
Solutions Architect
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
OK Pber I can' t thank you enought for all of your help. Great work!!........obviously ill upgrade that server to a 2003 DC but we are going to open another location about 100 miles from where this server is......... this new  location will wil have another windows 2003 now i dont know if i  I should create an entire different domain name at the new location or also make it the same (mydomain.com) as where this server that gave me problem is?......or should both locations have  total different domain names.....lol fun fun fun
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Not a problem.  Glad to help.

You probably don't want to create a whole new domain unless you have different security policies or you have a different user base.  Anyhow, when you come to that and you have any questions, just post a new question and we'll give you a hand.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.