• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 256
  • Last Modified:

Workstations can't connect to WS2003R2 domain or network printers

I'm running Windows Server 2003 R2 which runs a domain controller that's mirrored on a second server. The problems outlined below started in the last couple of days, and may be related to the last round of Microsoft security updates installed on the server.

When configuring a network printer from a workstation, I can't see the list of network printers.When done from a from the server, I get the list of network printers.

On a workstation with administrator rights, the Active Directory Sites and Services program shows a red "X" instead a list of showing a list of sites that appear when on a server. On the server, the domain controllers appear. The same is true of the Active Directory Users and Computers and Active Directory Domains and Trusts program which can't contact the domain when run from a workstation, either.

When connecting to sysvol via the Run, CMD command:

\\hm\sysvol - which points to the domain, doesn't connect anymore on a workstation
\\HM-01\sysvol - which points to a specific server, does connect anymore on a workstation

Both forms work when executed on the server.

Workstations can still log in, connect to volumes on the server, and print to network printers.

I ran dcdiag /v /e with no errors and dcdiag /c /e had errors which are shown below.

Any ideas as to how to fix this would be greatly appreciated.

Tom

dcdiag /c /e

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (199.7.83.42)
                  Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)


            DC: HM-01.hm.local
            Domain: hm.local


               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (199.7.83.42)
                  Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 202.12.27.33 (m.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33

            DNS server: 199.7.83.42 (l.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42

            DNS server: 198.41.0.4 (a.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4

            DNS server: 198.32.64.12 (l.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12

            DNS server: 193.0.14.129 (k.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129

            DNS server: 192.58.128.30 (j.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30

            DNS server: 192.5.5.241 (f.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241

            DNS server: 192.36.148.17 (i.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17

            DNS server: 192.33.4.12 (c.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12

            DNS server: 192.228.79.201 (b.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.228.79.201

            DNS server: 192.203.230.10 (e.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10

            DNS server: 192.112.36.4 (g.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4

            DNS server: 128.8.10.90 (d.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90

            DNS server: 128.63.2.53 (h.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: hm.local
               IHM-01                       PASS PASS FAIL PASS PASS PASS n/a
               HM-01                        PASS PASS FAIL PASS PASS PASS n/a

         ......................... hm.local failed test DNS

C:\Documents and Settings\Administrator>
0
hrtmath
Asked:
hrtmath
  • 5
  • 3
1 Solution
 
ChiefITCommented:
For now, let's get your ISP's DNS servers and put them in the forwarders tab. Then, enable recursive lookups.

right now, you have reverse DNS problems and a root hint list of invalid root hint servers. We will have to fix this.
0
 
ChiefITCommented:
Wait a second:

These are valid Root hint servers.

Those root hints servers are telling you that 12.0.0.1 is not a valid IP to query.

So, it looks like you are trying to resolve to 12.0.0.1 and the remote DNS servers are saying, I can't provide you with DNS resolution, because I can't find it in my Reverse DNS.

0
 
ChiefITCommented:
So, let's see if you are blocked on the SMB shares:

Go to a DC command prompt and type:

netstat -na

Look for port 445 and 139 to make sure they are listening.

Then, go to a workstation's command prompt and:

(where xxx.xxx.xxx.xxx is the IP of your DC) type:

portqry -n xxx.xxx.xxx.xxx -o 139,445 -p both

and make sure 139 and 445 are listening.

If not, you probably have a software firewall blocking SMB shares.

0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
hrtmathAuthor Commented:
netstat -na on a DC shows that there are a lot of port 139 and 445 connections established.

portquery on a workstation shows that port 139 and 445 on the DC are listening.

Many normal activities work. It just that things like connecting to a network printer, sysvol access via the domain name, and connecting a new computer to the domain don't work.

Tom
0
 
ChiefITCommented:
OH, i see what is going on here:

You have the loopback address as the preferred DNS server (127.0.0.1) That has to be a defined IP.

Once done. Let me know what DCdiag errors you see.


0
 
ChiefITCommented:
I am trying to think of the scope of the issues that are effected by the loopback address as the preferred DNS server to include AD logons, printers and other services that you are having issues with.

SRV records, you might have to fix your SRV records as well as changing your loopback address to your domain server's fixed IP. So:
Verifying SRV records: (This should effect AD logons and user rights to printers)
http://support.microsoft.com/kb/241515

Host A and SOA records for the DC:
You might need to fix those as well.

0
 
hrtmathAuthor Commented:
I think I figured out what the problem is. In Active Directory Sites and Services, the hm.local entry that's just above the Servers entry, changed to Default-First-Site-Name. Can I simply rename it back to hm.local and restart the DNS service?

Tom
0
 
hrtmathAuthor Commented:
figured it out. The DHCP server had an external DNS server listed as the first DNS server. So users had no general DNS problems, but the external DNS server had no reference to our local domain. Ergo local domain references didn't work. Changing the default DNS server to the IP address of the domain controller and rebooting the workstations fixed the problem.

Thanks for your help. I'll assign the points to you.

Tom
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now