Losing Domain

What is the error in the event log?

What sort of DNS setup do you have?
I assume your DC is your primary DNS server, however problems like this have been reported where conflicting DNS servers are present - I.E. the secondary DNS is a DSL router that is not routing internally and so client machines are not able to access internal resources etc.

That's a result of Windows identifying what it refers to as a downgrade attack.  Veriy that your DNS configuration is as it should be.  Verify replication and ensure you don't have two or more computers using the same name?

Can you provide more details regarding your domain's configuration -- DCs, OS versions, domain mode/funcional levels, etc?

Secondary DNS server controls all internet traffic.

Domain is very simple, one DC, 2 shared drives, one administrator and multiple users,

Structure is very simple to match my knowledge which is why I am struggling when something goes wrong.

Cheers

How many computers in total?

Can you verify that the time (and equally as important) and time zone on the DC and members is synchronized.

What is the IP address of the DC and what IP address or addresses do the clients DNS settings point toward?

Between 50 and 70 computers.

Time on server and clients all synchronised to GNT
DC IP address 10.121.28.101

Clients DNS 212.85.15.40 and 212.85.15.10 (all through a third parties proxy server -proxy1.equinoxsolutions.com)

I assume you're using Active Directory since it hasn't been specifically stated.  If so, it _REQUIRES_ a DNS zone named the same as it is stored on a DNS server (typically, that you own and control).  Most of the time, this is a (or the) Domain Controller.  The clients _MUST_ be configured to resolve against this DNS server alone (or this and another private DNS server that also holds the same zone) but they must NOT resolve against anything else.  Without this zone, clients will not function in a predictable fashion and, sometimes, not at all.  The private DNS server is then typically configured to forward requests to the ISP.

In other words, the DNS settings you have mentioned above are likely to be the cause of your problems.
Your client machines should only use your internal DNS server(s) and that DNS server should be configured to forward requests outside it's own zone to the external DNS servers you currently have set on your client machines.

Was I not sufficently clear?  I'm interested since I find no additional content in your post ...

Apologies for sending you into a defensive stance, I claimed no additional content - merely attempting to clarify what I believed may be a bit confusing to some.

Although I won't argue with the 'defensive stance' comment and I do appreciate your courtesy ... but I was serious, which aspect do think is confusing?

OK..
In that case, I thought that the line:
"If so, it _REQUIRES_ a DNS zone named the same as it is stored on a DNS server" may be a bit confusing to someone who does not know much more about DNS than how to get the Windows Server to set it up automatically for them.
DNS zones are something that I have found some users find a confusing topic.
Again I apologise if you believed I was attempting to steal your thunder, I certainly did not intend to do so..

Fair comment ... I asked the wife, she too was confused ;0) ... appreciate the input.

Thanks for all your help - am I right in interpreting this as meaning that on my client machines I should tick the "Obtain DNS server address automatically" box in TCP/IP settingswhich will automatically point DNS queries to the server which will then, in turn, redirect them to the secondary DNS server which is already specified?

If above is the case is there any specific advise as to how the secondary DNS server should be configured / set-up in Windoows Server 2003?

Very much appreciate all the help I am being given - I work in education and there is a zero budget for training (ironic really!)

Not quite.  Ticking that box tells Windows to go and ask another computer for its configuration (specifically, a DHCP server).  It is typical to have a DHCP server but configurating it is an entirely manual process ... it won't just work by simply checking that box.

Could you logon at a client for me, select Start --> Run  ...  type 'CMD' and hit enter.  Then type 'ipconfig /all' without the single-quotes and paste back what it says (feel free to replace anything you feel should remain private).

PS - Are you a Domain Admin?

Will do but not on site today, is tomorrow OK?

Nod, of course - no rush on my end ;0)

Have run ipconfig / all on both a client machine (that regularly drops off server and on server itself; details below:

Client Machine

C:\Documents and Settings\Palm17>ipconfig /all

Windows IP Configuration

               Host Name . . . . . . . . . . . . . . . . . . . . .  : Palm17
               Primary Dns Suffix . . . . . . . . . . . . . . . : Curriculum.local
               Node Type . . . . . . . . . . . . . . . . . . . . . .: Unknown
               IP Routing Enabled . . . . . . . . . . . . . . . .: No
               WINS Proxy Enabled . . . . . . . . . . . . . . : No
               DNS Sufix Search List . . . . . . . . . . . . .: Curriculum.local

Ethernet adapter Local Area Connection:

               Connection-specific DNS Suffix . . . . . :
               Description . . . . . . . . . . . . . . . . . . . . .  : Realtek RTL8139/810x Family Fast Ethernet NIC
               Physical Address . . . . . . . . . . . . . . . . .: 00-16-17-7C-0C-12
               Dhcp Enabled . . . . . . . . . . . . . . . . . . . .: Yes
               Autoconfiguration Enabled . . . . . . . . . .: Yes
               IP Address . . . . . . . . . . . . . . . . . . . . . . : 10.121.28.36
               Subnet Mask . . . . . . . . . . . . . . . . . . . . .: 255.255.255.0
               Default Gateway . . . . . . . . . . . . . . . . . .:
               DHCP Server . . . . . . . . . . . . . . . . . . . . .: 10.121.28.101
               DNS Server . . . . . . . . . . . . . . . . . . . . . . :212.85.15.40
                                                                                212.85.15.10
               Lease Obtained . . . . . . . . . . . . . . . . . . . : 17 October 2007 09:32:42
               Lease Expires . . . . . . . . . . . . . . . . . . . . .: 27 October 2007 12:32:42


Server

C:\Documents and Settings\Administrator.CTS-CURRICULUM>ipconfig /all

Windows IP Configuration

               Host Name . . . . . . . . . . . . . . . . . . . . .  : cts-curriculum
               Primary Dns Suffix . . . . . . . . . . . . . . . : Curriculum.local
               Node Type . . . . . . . . . . . . . . . . . . . . . .: Hybrid
               IP Routing Enabled . . . . . . . . . . . . . . . .: No
               WINS Proxy Enabled . . . . . . . . . . . . . . : No
               DNS Sufix Search List . . . . . . . . . . . . .: Curriculum.local

Ethernet adapter Local Area Connection:

               Connection-specific DNS Suffix . . . . . :
               Description . . . . . . . . . . . . . . . . . . . . .  : SMC EZ Card 10/100 Fast Ethernet PCI Network Adapter
               Physical Address . . . . . . . . . . . . . . . . .: 00-04-E2-18-38-8D
               Dhcp Enabled . . . . . . . . . . . . . . . . . . . .: No
               IP Address . . . . . . . . . . . . . . . . . . . . . . : 10.121.28.101
               Subnet Mask . . . . . . . . . . . . . . . . . . . . .: 255.255.255.0
               Default Gateway . . . . . . . . . . . . . . . . . .: 10.121.28.1
               DNS Server . . . . . . . . . . . . . . . . . . . . . . :10.121.28.101
               
Server Gateway address is for a web caching server which redirects all  web traffic through an educational proxy server (proxy1.equinoxsolutions.com)

Hope I have supplied sufficient information - have not bothered to disguise address details as no secure data stored on this network. Thanks again for all the help I am being given.

Notice that the workstation's DNS server is configured to a public name server (equinoxIT), although based on the names you've provided that may well be under your control.  Regardless, though not impossible, it's likely your clients should have their DNS resolver configured to the same address as the server (this does assume that the DNS zone was setupin the first place).

PS - the ipconfig /all that you ran on the 'server', was that a Domain Controller?

DNS zone was initially set up but quite possible not all that well - any advice?

Sadly we have only one server so yes it is the DC

1. Logon to the DC as the Administrator
2. Select Start --> Run --> DNSMGMT.MSC
3. Expand <SERVER NAME> --> Forward Lookup Zone -
4. Is there a zone listed that named the same as your AD domain
5. If it's there, right click it and select Export List and paste the file here (again, feel free to change what you think is too revealing).

... your domain is almost certainly named 'Curriculum.local'.

Domain name is Curriculum.local and this is listed in Forward Lookup Zones but when I right click there is no option to export, can I extract data and send another way? No issue in revealing data, this server holds pupils work files within a special needs school; any sensitive data stored on a wholly separate system.

Try left clicking the zone first, then right click ...

Notwithstanding my previous comment fiddling about a bit I managed to extract following data - hope helpful



13:49 17/10/2007Name      Type      Data
_msdcs            
_sites            
_tcp            
_udp            
DomainDnsZones            
ForestDnsZones            
TAPI3Directory            
(same as parent folder)      Start of Authority (SOA)      [1186], cts-curriculum.curriculum.local., hostmaster.
(same as parent folder)      Name Server (NS)      cts-curriculum.curriculum.local.
(same as parent folder)      Host (A)      10.121.28.101
cachepilot      Host (A)      10.121.28.200
cts-curriculum      Host (A)      10.121.28.101
LAPTOP-S-Mills      Host (A)      10.121.28.19
PC10      Host (A)      10.121.28.11
PC11      Host (A)      10.121.28.14
PC13      Host (A)      10.121.28.113
PC15      Host (A)      10.121.28.187
PC3      Host (A)      10.121.28.103
PC5      Host (A)      10.121.28.105
PC6      Host (A)      10.121.28.106
PC9      Host (A)      10.121.28.109
WILLOW1      Host (A)      10.121.28.14

Our communications crossed, following your instructions exported following:

Name      Type      Status
_msdcs.Curriculum.local      Active Directory-Integrated Primary      Running
Curriculum.local      Active Directory-Integrated Primary      Running
Equinox Solutions      Secondary      Running

You got it right the first time, apologies if my directions were slightly off.

The zone, from what I can tell, looks good.  Now, your clients are getting their IP addresses from  the Domain Controller/DNS server/DHCP server so we'll need to edit its scope and possibly reconfigure DNS to restore most of the current name resolution behaviors.  Let's start with DNS -

1. Run DNSMGMT.MSC
2. Right click 'cts-curriculum'
3. Select Properties
4. Select Forwarders

... what do you see?

Now let's move on to DHCP -

1. Run DHCPMGMT.MSC
2. Expand 'cts-curriculum'
3. Expand (something like) Scope [10.121.28.0]
4. Select Scope Options

... what do you see?

DNS

No "Forwarders" tab in properties - sorry if I am being thick; as you've obviously realised i am way out of my depth here.

DHCP

002 Time Offset             Standard                       0x0
003 Router       t             Standard                       <None>
004 Time server             Standard                       <None>
003 Name server           Standard                        <None>

DNS-

There has to be tab.  Let's try this again.  First, ensure you're logged on to the Domain Controller as the or an Administrator.  Run DNSMGMT.MSC, left click the computer's name, now right click it and select Properties.  The highlighted tab should be 'Interfaces', to its right is 'Forwarders'.

DHCP-

Run DHCPMGMT.MSC and expand per the previous instructions, this time, however, we want to expand 'Global options' not the scope ... what do you see in there?  In addiion, within the DHCP Manager, when you expand the server name, what do you see there?

DNS

Sorry DNSMGMT.MSC was still in state I last accessed it in, have gone back up a couple of levels and found exactly what you told me; info is:

DNS domain
All other DNS domains

Selected domain's forwarder IP adddress list
212.85.15.40
212.85.15.10

Number of seconds before forward queries time out: 5

DHCP
Hoping you mean Server Options as this and Scope only options available to me - info though is identical to Scope with one additional column "Class" for which each entry is "None"


Expanding server name gives me:

cts-curriculum.local [10.121.28.101]
-Scope [10.121.28.0] Scope1
    -Address Pool
    -Address Leases
    -Reservations
              [10.121.28.200] cachepilot
    -Scope Options
-Server Options

OK, the DNS server is already configured to forward name resolution requests it cannot answer itself.

As for DHCP, we're going to need to configure your DHCP server to provide the address of your Domain Controller for the DNS server instead of the 212.85.15.40 and 212.85.15.10 it's handing out right now.  My problem is this, we haven't yet determined where those addresses are coming from unless they're configured statically ... hmmm (thinking out loud [so to speak] now), you somewhat implied that they are in an earlier part of our conversation.  Let's work on that basis, we'll need to do the following -

1. Within the DHCP Manager, expand the Scope [10.121.28.0], select Scope Options, right click Scope Options and select Configure Options, scroll down to item #6 and check the box.  The dialog below becomes available, in the server name enter cts-curriculum.curriculum.local, click resolve, you should see the IP address appear below, click Add followed by OK.

2. Now, this will need to be done on every Windows client computer assuming it's not serving some specialized purpose beyond that of a general user workstation.  Each computer needs to have its TCPIP configuration's DNS server configured to 'Obtain DNS server address automatically'.  I'd suggest for now that we do that only one one test machine, once done ... reboot the box and let me know what happens.  I'll also need the ipconfig /all output of that client following the reboot.

Thanks - unfortunately I am once again off site (I am employed as desktop support to several schools - reasonably competent at that but rapidly become lost supporting networks; schools fail to recognise my limitations and, the way UK state schools are funded, don't have budget to pay for suitable training nor for external support!).

Once back on site will do as you suggest and forward relevant output data to you.

By the way your assumptions are correct.

Thanks again

OK now have data listed below and it seems to work perfectly. To further my education can you explain two points:

1)  IP Address of DHCP server has has changed from 10.121.28.10 to 10.121.28.252

                       and

2) Lease now expires after 1 hour.

Neither of these creates a problem for me but I would like to understand what is happening.

Client Machine

C:\Documents and Settings\Palm17>ipconfig /all

Windows IP Configuration

               Host Name . . . . . . . . . . . . . . . . . . . . .  : Palm17
               Primary Dns Suffix . . . . . . . . . . . . . . . : Curriculum.local
               Node Type . . . . . . . . . . . . . . . . . . . . . .: Unknown
               IP Routing Enabled . . . . . . . . . . . . . . . .: No
               WINS Proxy Enabled . . . . . . . . . . . . . . : No
               DNS Sufix Search List . . . . . . . . . . . . .: Curriculum.local

Ethernet adapter Local Area Connection:

               Connection-specific DNS Suffix . . . . . :
               Description . . . . . . . . . . . . . . . . . . . . .  : Realtek RTL8139/810x Family Fast Ethernet NIC
               Physical Address . . . . . . . . . . . . . . . . .: 00-16-17-7C-0C-12
               Dhcp Enabled . . . . . . . . . . . . . . . . . . . .: Yes
               Autoconfiguration Enabled . . . . . . . . . .: Yes
               IP Address . . . . . . . . . . . . . . . . . . . . . . : 10.121.28.110
               Subnet Mask . . . . . . . . . . . . . . . . . . . . .: 255.255.255.0
               Default Gateway . . . . . . . . . . . . . . . . . .:
               DHCP Server . . . . . . . . . . . . . . . . . . . . .: 10.121.28.252
               DNS Server . . . . . . . . . . . . . . . . . . . . . . :212.85.15.40
                                                                                212.85.15.10
               Lease Obtained . . . . . . . . . . . . . . . . . . . : 18 October 2007 14:12:22
               Lease Expires . . . . . . . . . . . . . . . . . . . . .: 18 October 2007 15:12:22

Finally, should I now manually change each machine to 'Obtain DNS server address automatically'? I assume so but given all the help you have given me I don't want to mar things by jumping the gun.

Best regards,

Robin

Correction to DNS server addresses quoted above, second entry (212.85.15.10) does not exist; I cut and pasted from previous comment and was careless with my editing.

It's still incorrect, the client's DNS configuration must point to 10.121.28.101 not the 212 address.

... the new DHCP server address should NOT have occurred, I don't have an explanation as to why other than you have 2 competing DHCP servers servicing your clients.

You're right it has just replicated original problem - have noticed (though I dont know how relevant this is) that in DNSMGMT forward lookup zones Equinox Solutions (Secondary DNS Server) has an exclamation mark over its icon which, if expanded, yeild message " Zone Not Loaded by DNS Server".

Does this have any bearing on this issue and if so do you have any guidance on how I can correct?

Have just discovered someone has arbitrarily accessed one of the wireless access points on our network and set it up as a DHCP server - don't know what this is intended to acheive but I now have to track down which WAP has been fiddled with and once I have corrected its configuration will once again send you the data output from ipconfig /all. Sorry to have wasted your time

Eureka!  I think success is looming; WAP was bought in by member of staff to enable wireless access on personal laptop (only needed to ask - but what the hell!). Output data is listed below and looks OK to me - but what do I know - is there anything further I need to do before implementing DNS changes on all workstations?

Client Machine

C:\Documents and Settings\Palm17>ipconfig /all

Windows IP Configuration

               Host Name . . . . . . . . . . . . . . . . . . . . .  : Palm17
               Primary Dns Suffix . . . . . . . . . . . . . . . : Curriculum.local
               Node Type . . . . . . . . . . . . . . . . . . . . . .: Unknown
               IP Routing Enabled . . . . . . . . . . . . . . . .: No
               WINS Proxy Enabled . . . . . . . . . . . . . . : No
               DNS Sufix Search List . . . . . . . . . . . . .: Curriculum.local

Ethernet adapter Local Area Connection:

               Connection-specific DNS Suffix . . . . . :
               Description . . . . . . . . . . . . . . . . . . . . .  : Realtek RTL8139/810x Family Fast Ethernet NIC
               Physical Address . . . . . . . . . . . . . . . . .: 00-16-17-7C-0C-12
               Dhcp Enabled . . . . . . . . . . . . . . . . . . . .: Yes
               Autoconfiguration Enabled . . . . . . . . . .: Yes
               IP Address . . . . . . . . . . . . . . . . . . . . . . : 10.121.28.36
               Subnet Mask . . . . . . . . . . . . . . . . . . . . .: 255.255.255.0
               Default Gateway . . . . . . . . . . . . . . . . . .:
               DHCP Server . . . . . . . . . . . . . . . . . . . . .: 10.121.28.101
               DNS Server . . . . . . . . . . . . . . . . . . . . . . :10.121.28.101
               Lease Obtained . . . . . . . . . . . . . . . . . . . : 19 October 2007 09:19:39
               Lease Expires . . . . . . . . . . . . . . . . . . . . .: 29 October 2007 12:19:39

Once again the time and help you have afforded me is really appreciated.

time difference makes life difficult to respond as quickly as I should but will implement on all machines next time I am on site. Thanks for the massive help you have given.

Best regards

Robin