Solved

Workstations can't connect to WS2003R2 domain or network printers

Posted on 2008-10-22
8
232 Views
Last Modified: 2012-05-05
I'm running Windows Server 2003 R2 which runs a domain controller that's mirrored on a second server. The problems outlined below started in the last couple of days, and may be related to the last round of Microsoft security updates installed on the server.

When configuring a network printer from a workstation, I can't see the list of network printers.When done from a from the server, I get the list of network printers.

On a workstation with administrator rights, the Active Directory Sites and Services program shows a red "X" instead a list of showing a list of sites that appear when on a server. On the server, the domain controllers appear. The same is true of the Active Directory Users and Computers and Active Directory Domains and Trusts program which can't contact the domain when run from a workstation, either.

When connecting to sysvol via the Run, CMD command:

\\hm\sysvol - which points to the domain, doesn't connect anymore on a workstation
\\HM-01\sysvol - which points to a specific server, does connect anymore on a workstation

Both forms work when executed on the server.

Workstations can still log in, connect to volumes on the server, and print to network printers.

I ran dcdiag /v /e with no errors and dcdiag /c /e had errors which are shown below.

Any ideas as to how to fix this would be greatly appreciated.

Tom

dcdiag /c /e

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (199.7.83.42)
                  Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)


            DC: HM-01.hm.local
            Domain: hm.local


               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (199.7.83.42)
                  Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 202.12.27.33 (m.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33

            DNS server: 199.7.83.42 (l.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42

            DNS server: 198.41.0.4 (a.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4

            DNS server: 198.32.64.12 (l.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12

            DNS server: 193.0.14.129 (k.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129

            DNS server: 192.58.128.30 (j.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30

            DNS server: 192.5.5.241 (f.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241

            DNS server: 192.36.148.17 (i.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17

            DNS server: 192.33.4.12 (c.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12

            DNS server: 192.228.79.201 (b.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.228.79.201

            DNS server: 192.203.230.10 (e.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10

            DNS server: 192.112.36.4 (g.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4

            DNS server: 128.8.10.90 (d.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90

            DNS server: 128.63.2.53 (h.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: hm.local
               IHM-01                       PASS PASS FAIL PASS PASS PASS n/a
               HM-01                        PASS PASS FAIL PASS PASS PASS n/a

         ......................... hm.local failed test DNS

C:\Documents and Settings\Administrator>
0
Comment
Question by:hrtmath
  • 5
  • 3
8 Comments
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22782835
For now, let's get your ISP's DNS servers and put them in the forwarders tab. Then, enable recursive lookups.

right now, you have reverse DNS problems and a root hint list of invalid root hint servers. We will have to fix this.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22782869
Wait a second:

These are valid Root hint servers.

Those root hints servers are telling you that 12.0.0.1 is not a valid IP to query.

So, it looks like you are trying to resolve to 12.0.0.1 and the remote DNS servers are saying, I can't provide you with DNS resolution, because I can't find it in my Reverse DNS.

0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22782897
So, let's see if you are blocked on the SMB shares:

Go to a DC command prompt and type:

netstat -na

Look for port 445 and 139 to make sure they are listening.

Then, go to a workstation's command prompt and:

(where xxx.xxx.xxx.xxx is the IP of your DC) type:

portqry -n xxx.xxx.xxx.xxx -o 139,445 -p both

and make sure 139 and 445 are listening.

If not, you probably have a software firewall blocking SMB shares.

0
 

Author Comment

by:hrtmath
ID: 22783605
netstat -na on a DC shows that there are a lot of port 139 and 445 connections established.

portquery on a workstation shows that port 139 and 445 on the DC are listening.

Many normal activities work. It just that things like connecting to a network printer, sysvol access via the domain name, and connecting a new computer to the domain don't work.

Tom
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 38

Expert Comment

by:ChiefIT
ID: 22784216
OH, i see what is going on here:

You have the loopback address as the preferred DNS server (127.0.0.1) That has to be a defined IP.

Once done. Let me know what DCdiag errors you see.


0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
ID: 22784275
I am trying to think of the scope of the issues that are effected by the loopback address as the preferred DNS server to include AD logons, printers and other services that you are having issues with.

SRV records, you might have to fix your SRV records as well as changing your loopback address to your domain server's fixed IP. So:
Verifying SRV records: (This should effect AD logons and user rights to printers)
http://support.microsoft.com/kb/241515

Host A and SOA records for the DC:
You might need to fix those as well.

0
 

Author Comment

by:hrtmath
ID: 22823954
I think I figured out what the problem is. In Active Directory Sites and Services, the hm.local entry that's just above the Servers entry, changed to Default-First-Site-Name. Can I simply rename it back to hm.local and restart the DNS service?

Tom
0
 

Author Comment

by:hrtmath
ID: 22827801
figured it out. The DHCP server had an external DNS server listed as the first DNS server. So users had no general DNS problems, but the external DNS server had no reference to our local domain. Ergo local domain references didn't work. Changing the default DNS server to the IP address of the domain controller and rebooting the workstations fixed the problem.

Thanks for your help. I'll assign the points to you.

Tom
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now