Solved

How to fix errors when computers join the domain????

Posted on 2008-06-19
44
278 Views
Last Modified: 2011-10-19
we have a fresh new domain controller and we are attaching computers to the domain and we are running into 2 major issues

1) when the computers try to attach we sometimes get the error that the domain controller is not available but when we reboot the computer then it attaches fine

2) when a computer is attached to the domain and a user try to navigate through network neighborhood to find the domain controller a lot of times they are not able to get to the domain controller through network neighborhood on their pc or they get the error of "you might not have permissions to do this"

how do i fix these issues???
0
Comment
Question by:amoos
  • 21
  • 13
  • 5
  • +1
44 Comments
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
Double check your DNS settings. Make sure your primary DNS server has 127.0.0.1 as the Primary DNS in the LAN adapter settings. Are you using DHCP on a server? or a router?
0
 

Author Comment

by:amoos
Comment Utility
we are not using DHCP everything is static

the LAN settings primary DNS is set to 127.0.0.1

i think the biggest issue that we are seeing now is when a user wants to get to a share through network neighborhood on their machine sometimes they can and others are getting the error of they do not have permissions to do this
0
 

Author Comment

by:amoos
Comment Utility
on the primary domain controller which is also the DNS server i set the LAN settings primary DNS to 127.0.0.1, what should i set the secondary to??  my isp has a DNS server that i can put in there
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 150 total points
Comment Utility
You should not put your ISP's DNS server in there, as that could cause problems.  Even though it's not likely that it would ever get used, if the DNS services on your server stopped for some reason, then the ISP's DNS server would take over and you would have no DNS resolution for your local network.  I would try setting the primary DNS on the server's NIC to the actual IP address of the server instead of 127.0.0.1; you can leave the secondary blank.  I know that a lot of people use the loopback, but I've always used the actual IP address and have not had any problems.  Do you have more than one DNS server?
0
 

Author Comment

by:amoos
Comment Utility
ok great that is what i originally did was had the primary DNS settings on the DC which is also the DNS server set to the IP address of the server.

for my isp's DNS servers i put them into the forwarders so that anything not resolved internally goes out to them.

we only have one DNS server

what would be the cause of users not being able to navigate to the domain controller through network neighborhood on their computers??
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 150 total points
Comment Utility
Do you have a WINS server?  If not, have you enabled NetBIOS over TCP/IP on all client and server NICs?  Can you confirm that this happens randomly on all clients, or is it just one or two or a group of clients that experience the problem?  If you can narrow it down to just a few clients, there may be a network hardware problem (i.e., cables, switch, NICs) causing random connectivity issues.
0
 

Author Comment

by:amoos
Comment Utility
we have no WINS servers

every computer has NETBIOS over TCP/IP enabled

this issue with network neighborhood is happening on all clients not just one or two.

i have checked all the switches that we have and they are perfectly fine.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
Frzlbuck! Browsing issues are one of the hardest things to troubleshoot. Are you seeing anything in the system log of the server?  Even warnings or informational messages indicating either LSASRV or other types of issues? Any messages about forced elections on the network because something thinks it is the master browser?
0
 

Author Comment

by:amoos
Comment Utility
i am not seeing any errors at all on the server

i do know that all the client computers are set to NETBIOS over TCP/IP,  is that the right setting on the computers??

if it is a master browser issue how do i fix that because my users have to be able to navigate from their computers to the server shares that are not mapped to them

also we did migrate from novell and all of these computers had novell clients on them, but they were cleaned off and reimaged and no novell is in any of the computers anymore
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
Ok to rule out DNS being the issue, I would add your DC name and the name of your domain to a HOSTS file on one of the client computers. Then reboot it a few times and confirm that the problem still exists. Your host file is located in:

C:\windows\system32\drivers\etc\HOSTS

note that the file has no file ending, open it with notepad. Once you are done it should look like this:


# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
192.168.1.2     servername
192.168.1.2    domainname



make sure to swap out the names and IPs with your information.
0
 

Author Comment

by:amoos
Comment Utility
ah great point.  i do know that the all the computers hosts files were statically set on the novell network when they had it and i think the hosts files are still there with novell servers in them,  could that be the issue with the network neighborhood??
0
 
LVL 12

Assisted Solution

by:alikaz3
alikaz3 earned 100 total points
Comment Utility
oooo it could.... Try clearing them to default first, and test. If it persists, then add my suggestion to it, and test again
0
 

Author Comment

by:amoos
Comment Utility
ok i will do this and post again tomorrow

awesome help and i will post again tomorrow

cheers
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
Yes, definitely clean out those hosts files.  Regardless of DNS, WINS or anything else, the HOSTS file is checked first, so it could definitely be interfering.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Browser is one of my favorites to troubleshoot.

Is this a multi homed server?

What is your network topology, include any VPNs.

0
 

Author Comment

by:amoos
Comment Utility
we have no VPNs available to anyone.  this server is for internal use only
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
If they are all on the same subnet, I think this will cover you:

For anyone with browser issues, I always provide this article as a good reference: (I think your problem is cached Netbios transports or edited and saved LMHost records.)
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23316668.html

1) Try a NBTSAT -rr. This flushes the netbios cach, also known as the WINS cache. These cached entries may be pointing to the wrong computer.
2) Check out the problem child computer's LMHOST file and remove all entries except the loopback address.  A text editor, like notepad, can open this file. A computer will first go to the local computer's cached entries then look to the LMHOST file before using the netbios connection to your other servers for a WINS lookup or netbios broadcast.  
3) In the network bindings under TCP/IP properties>>advanced tab, make sure Netbios over TCP/IP and also allow LMHost lookup.
4) Under services, make sure the Browser Service on the server is started by going to the Start button selecting "RUN" and typing "SERVICES.MSC"
5) Make sure the registry keys allow this to participate in the browser service. You will see these registry keys in the NT4 article that was provided. (By default, the clients and servers will look to the highest operating system with roles as its domain master browser. So, that key may not need to be set.)
6) You could try to disable netbios over TCP/IP on a second NIC for a multi homed server.
7) If all that is in place, look towards a firewall. The domain master browser service uses Netbios port 137, and UDP ports138 and 139.

Here is another article for your reference, but get back in touch if you run into any snags:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23316668.html

0
 

Author Comment

by:amoos
Comment Utility
ok i cleaned out the host files and put in the host file below

127.0.0.1  localhost
server ip   servername
server ip   domainname.local


so of the machines that fixed the browsing issue

on a lot of the others it did not fix anything.  and those computers i rebooted three or four times and nothing
0
 

Author Comment

by:amoos
Comment Utility
ok great post.  it helps thank you, am i doing most of this on the computers or on the DC???

also all my computer are not on the same subnet, but it is happening on all subnets with multiple computers

i looked at the LMHost file on the computers and there is nothing in there except the default examples

 but i have to get it fixed.  please let me know if you have any other ideas.
0
 

Author Comment

by:amoos
Comment Utility
i looked all over the server and on the computers and i see no errors or anything bad in the event logs that pertains to the master browser.

i am still looking and i will let you know if i see anything weird.  but please if you have any suggestions please let me know.
0
 

Author Comment

by:amoos
Comment Utility
ok when i run NBTSAT -rr as suggested above i get an error that says "NBTSAT is not a recognized internal command""

any suggestions??
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
That was just a typo on Chief's part - it's NBTSTAT.
0
 

Author Comment

by:amoos
Comment Utility
when i run NBTSTAT -rr on a computer it now gives me the error "failed to access NetBT driver--NetBT may not be loaded

how do i load it??
0
 
LVL 12

Expert Comment

by:alikaz3
Comment Utility
Are you logged on as admin?

Failed to access NetBT Driver - NetBT may not be loaded.

Back to the top
CAUSE
This issue occurs because users without administrator rights, including power users, do not have sufficient permissions to run nbtstat when the user includes a command-line switch.

http://support.microsoft.com/kb/888373
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
NBTSTAT is a tool on the 2003 support tools. Though these tools were for a 2003 server, it works with XP boxes.

LMhost.SAM file can be found in two places:
1) C:\i386\LMHOST.SAM
2) C:\windows\system32\dirvers\etc\LMHost.sam

If you have addresses configured in the host file, this will mess up your DNS settings. LMHOST is for Netbios and WINS, Host is for DNS. On both, you want the server to provide you with the translation record. But, the client will go to those records first before going to the server. Remember DNS and WINS are separate entities, so don't confuse them.

I should have mentioned that NBTSTAT and Browstat are a part of XP support tools.
You will need to download the XP SP2 support tools. It is also known as 2003 server support tools. On those tools, you will have two files you need {{download bot the CAB and MSI file}}. The tools you want are 1) browstat.exe  2) nbtstat.exe
(You may have them, try a Browstat /status)
http://www.microsoft.com/downloads/details.aspx?FamilyID=96a35011-fd83-419d-939b-9a772ea2df90&DisplayLang=en#filelist )

OK: Let's define what's done on client and what's done on server, (good question)

Client and server:
1) Remove all addressess except the loopback address in C:\i386\host.sam and C:\i386\LMhost.sam, and C:\windows\system32\dirvers\etc\LMHost.sam. These can be edited by a text editor, like notepad.
2) Go into the NIC configuration(NIC bindings)>>TCP/IP properties>>advanced>>WINS tab>>enable netbios over tcpip.
3) Go to start>>Run>>type in "services.msc" and scroll down to make sure the Browser service is set for atuomatic and is started.

On client:
Download the XP tools provided above:
Go to the command prompt and type NBTstat -rr
then type:
Browstat /status and let's see what you have.

Also check My Network places and see where you are at.
0
 

Author Comment

by:amoos
Comment Utility
ok i ran the NBTSTAT -rr comand and everything was 0 except that the registered by broadcast was 6

the browser is set to automatic

on the server there is nothing in the host file except 127.0.0.1

should i put in

server ip  servername
server ip  domainname.local

like i did on the workstations??
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
When you are done with that, I'll bet you want an idea of what we are doing:

So, let me show you:

The anser to the below link is a chronology to a DNS query. WINS queries operate the exact same way.

The client will try to resolve a query, (either DNS or WINS), itself prior to seaking out your domain controller for translation to an IP. You are basically removing old records and cache from the client that may be pointed in the wron direction. When the records are removed, the client has no choice but to go to your server for the Netbios translation or DNS translation.

http://www.experts-exchange.com/Networking/Protocols/DNS/Q_23204162.html
Here are the subtle differences between a DNS and WINS query:
~~Instead of DNS we have WINS
~~Instead of a FQDN Host record (computername.domain.local) we have a netbios LMHost record (computername)
~~Instead of a Host file, we have a LMHost file.
~~Instead of DNS cache, we have Wins cache (AKA: Netbios cache)
~~Instead of DNS IP port 53, You have WINS IP port 137


After reading that link, this is what we are doing for DNS and WINS:
1) so we are removing Host (DNS records on the client) and LMHost (WINS records on the client) records and therefore forcing the client to go to the server for translation instead of the client taking it upon itself to figure it out.
2) We are deleting the cached records so a bad cached record can't provide you with a bad resolution.
3) We are enabling the browser service on client and server. This is the service that allows the clients and server to communicate with. The client will send out a netbios broadcast saying "I am here" and the Domain master will pick that up and populate the browselist with that, then send a broadcast back that says "I see you" so the client doesn't randomly elect a browser.
4) Finally, we are enabling netbios over TCP/IP- netbios over TCP/IP is the medium that these broadcast go over. It's like your phone line.
5) Then, I asked what your status was.

If this doesn't resolve your issue, you should look into what blocks ports 137,138 and 139. (Probably a firewall)
Or your server is multihomed. Multihomed is defined as a server with multiple IPs, (this could mean 2 or more nics, or multiple IPs on the same nic)

If you still have errors: we can troubleshoot firewall and multihomed nics together.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
should i put in

server ip  servername
server ip  domainname.local

like i did on the workstations??

NO, if your workstations are on the same subnet and IP space, they should have those files cleaned out as well. Netbios broadcasts will pick them up and will be added to the browselist.

First, go to all machines and make sure the Browser service is started and all have Netbios over TCP/IP enabled. That is the medium in which they communicate. Start with the servers first. Then remove the cached and LMhost records on servers first, then clients.

0
 

Author Comment

by:amoos
Comment Utility
ok we only have one NIC on the DC and it only has one ip

the windows firewall is the only firewall out there and it is disabled

what do i have to do on the server itself?????

should i put in

server ip  servername
server ip  domainname.local

like i did on the workstations??

i ran the browstat /status on the workstations and it will not run says bad internal command.  all the workstations have SP2 on them but i guess not the support tools

what can i do next????

i can ping by name and by ip from the server and workstations.

the only browser that i see on the workstations and the server is computer browser which is in services.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
should i put in

server ip  servername
server ip  domainname.local

like i did on the workstations??

Nope, these records should not exist anywhere on ANY machine, in the Host or LMHost files. Doing so, would prevent your client, workstation, or member server from going to the prefered DNS server, or to the domain controller for the browselist. You should only use HOST and LMHOST files if you don't have a DNS server.

See DNS chronology:
If you have Host files configured on either client, workgroup computer, or server will look at those records prior to looking at the preferred DNS server's host A record. These records mess up the DNS server.

If you have LMHOST files configured, the client will skip netbios query to the DC and you will NOT get a browselist populated from the DC. Also, if you have WINS, WINS is effected the same way as DNS. WINS in your case is not necessary for the browser service.

Take all HOST files and LMHOST files back to the default state by removing all records on all computers except the loopback address. In doing so, your clients and servers will go to the PREFERED DNS AND WINS SERVER instead of trying to resolve the query on its own. The PREFERED DNS server is your server.
0
 

Author Comment

by:amoos
Comment Utility
awesome.  ok below is what my configurations are on the server and workstations

on the server
all i did was enable netbios over tcp/ip

on the workstations
the host files have
127.0.0.1   localhost
serverip   servername
serverip   domainname.local

i ran the NBTSTAT -rr command

enabled netbios over tcp/ip

now it all works, yeah

now have said all that what stays and what goes????



0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
You are close, but there is one more thing:

I am glad the browser service is working. However, I am pretty sure you will have DNS problems on your workgroup computers.

***These are bad records and are not needed if you have a DNS server:***
serverip   servername
serverip   domainname.local

If your workstations are using your DNS server as the prefered DNS server, You do not need or want these records. Otherwise the clients will revert to the HOST file, see those records, and think those are the only records to go by for DNS translation. With these two lines in the record, your workgroup computer will not go to the prefered DNS server to get a Host A record. It will skip your server or at the very least slow down your DNS query. I recommend you delete these two lines in the HOST files and leave DNS translation up to the DNS server.

I have workgroup computers on my LANs all the time. A prefered method to DNS on a workgroup computer is to do is go to the workstation's nic>> TCP/IP settings>>advaced>>DNS tab and type in your DNS suffix, (your FQDN Example: domainname.local). Then, click the box that says "register this connections address in DNS". Now go to the command prompt and type IPconfig /registerDNS. That creates a HOST A record for your workgroup computer in DNS. Now, domain computers can find it through DNS. And with those host file lines deleted, your workgroup can find domain computers with DNS.

Delete thse lines is the prefered method:
serverip   servername
serverip   domainname.local

Manually configured HOST files are bad JOOJOO when you have a DNS server that provides the full list of DNS addresses. Manually configured LMHOST files are bad JOOJOO when you have a WINS server or are trying to populate the browselist.
0
 

Author Comment

by:amoos
Comment Utility
alright cool i will fix this.

so what do i do about the settings that i enabled on the server and workstations for netbios over tcp/ip???

do i leave those as is or do i change those back to the default???

awesome help
0
 

Author Comment

by:amoos
Comment Utility
another question

in the LAN connection properties on the workstations and the DC i enabled netbios over tcp/ip is this right or do i have to change them all back to the default??

since i changed the host files on all the workstations to have
127.0.0.1   localhost
serverip   servername
serverip   domainname.local

will this mess up my AD or DNS???
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
in the LAN connection properties on the workstations and the DC i enabled netbios over tcp/ip is this right or do i have to change them all back to the default??

leave netbios over TCP/IP enabled. That's how you got the browser service up. That is your medium for the browser and other netbios functions.
_________________________________________________________________
since i changed the host files on all the workstations to have
127.0.0.1   localhost
serverip   servername
serverip   domainname.local

will this mess up my AD or DNS???

Just DNS: Let me give you a diagram to follow. If you have a host file configured with those two lines manually, the client will stop its DNS query at that host file and NOT go to the preferred DNS server for DNS.

Follow along with me on this pic:
Client tries to resolve DNS by istelf. It sees the Host file is configured with two lines. Client thinks this is all it has to work with whent trying to do a DNS query. So, it stops right there and comes back with an error that says something like "host can not be found or you do not have access to that resource". You do not want the host file configured so the client reaches the Prefered DNS server with its query.
DNS-query.gif
0
 

Author Comment

by:amoos
Comment Utility
awesome.  no problem i completely understand.  great description and picture.  this really helped.

i guess the last question is since i went to local area connection---properties----advanced----WINS---enable netbios over tcp/ip is this good to leave alone or do i have to cahnge them all back to default in the WINS tab???

awesome picture and explaination
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Yes:

You need netbios over TCP/IP for the browser and other netbios functions.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
I should have said:

Leave Netbios over TCP/IP enabled.
0
 

Author Comment

by:amoos
Comment Utility
awesome so i need to do then is clean the host file and the only thing that should be ion the host file on the machines is

127.0.0.1  localhost

right??  and nothing else should be there except that right???

you are the best.  awesome truely awesome help
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Yep, only that loopback address:
127.0.0.1  localhost

Don't forget to register your workgroup DNS address on the server:
1)go to the workstation's nic>> TCP/IP settings>>advaced>>DNS tab and type in your DNS suffix, (Example: domainname.local).

2) Then, click the box that says "register this connections address in DNS".

3) go to the command prompt and type ipconfig /registerdns.
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 250 total points
Comment Utility
To sum it up:

For the browser service, we:
1)Removed manually configured LMHOST addresses except the loopback address.
2) enabled Netbios over TCP/IP on all computers
3) Enabled the browser service on all computers {and left it enabled ; ' ) }
4) flushed the Netbios cache  with NBTSTAT -rr

For DNS, we:
1) removed manually configured HOST files addresses except the loopback address on all computers
2) flushed the DNS cache with ipconfig /flushdns
3) gave each workgroup computer a DNS suffix for workgroup computers.
4) registered that DNS suffix with the DNS server so your workgroup computers will have a HOST A record.
5) Other experts taught you how to make sure your DNS server is the "PREFERED" DNS server on your network.

___________________________________________________________
Results:
Your server sees all netbios broadcasts from the clients and used that to populate the browselist. Also the clients Look at your server to resolve DNS and Netbios translation instead of cached or saved records.




0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
@ amoos: I am going to request a moderator come in and distribute points to hypercat and alikaz3 because some of the things they said prior we used in the fix to your systems. It is only fair to them.

I really appreciate the good comments. That means a lot more than points to me. Thank you!

@hypercat and alikaz3:
I hope this agrees with you all.
http://www.experts-exchange.com/Community_Support/General/Q_23503998.html
0
 

Author Closing Comment

by:amoos
Comment Utility
truely the best help i have gotten.  it was through and perfect in everyway.  thank you very much
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Resolve DNS query failed errors for Exchange
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now