Solved

Workstations can't connect to WS2003R2 domain or network printers

Posted on 2008-10-22
8
234 Views
Last Modified: 2012-05-05
I'm running Windows Server 2003 R2 which runs a domain controller that's mirrored on a second server. The problems outlined below started in the last couple of days, and may be related to the last round of Microsoft security updates installed on the server.

When configuring a network printer from a workstation, I can't see the list of network printers.When done from a from the server, I get the list of network printers.

On a workstation with administrator rights, the Active Directory Sites and Services program shows a red "X" instead a list of showing a list of sites that appear when on a server. On the server, the domain controllers appear. The same is true of the Active Directory Users and Computers and Active Directory Domains and Trusts program which can't contact the domain when run from a workstation, either.

When connecting to sysvol via the Run, CMD command:

\\hm\sysvol - which points to the domain, doesn't connect anymore on a workstation
\\HM-01\sysvol - which points to a specific server, does connect anymore on a workstation

Both forms work when executed on the server.

Workstations can still log in, connect to volumes on the server, and print to network printers.

I ran dcdiag /v /e with no errors and dcdiag /c /e had errors which are shown below.

Any ideas as to how to fix this would be greatly appreciated.

Tom

dcdiag /c /e

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (199.7.83.42)
                  Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)


            DC: HM-01.hm.local
            Domain: hm.local


               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (199.7.83.42)
                  Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 202.12.27.33 (m.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33

            DNS server: 199.7.83.42 (l.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42

            DNS server: 198.41.0.4 (a.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4

            DNS server: 198.32.64.12 (l.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12

            DNS server: 193.0.14.129 (k.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129

            DNS server: 192.58.128.30 (j.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30

            DNS server: 192.5.5.241 (f.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241

            DNS server: 192.36.148.17 (i.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17

            DNS server: 192.33.4.12 (c.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12

            DNS server: 192.228.79.201 (b.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.228.79.201

            DNS server: 192.203.230.10 (e.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10

            DNS server: 192.112.36.4 (g.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4

            DNS server: 128.8.10.90 (d.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90

            DNS server: 128.63.2.53 (h.root-servers.net.)
               2 test failures on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: hm.local
               IHM-01                       PASS PASS FAIL PASS PASS PASS n/a
               HM-01                        PASS PASS FAIL PASS PASS PASS n/a

         ......................... hm.local failed test DNS

C:\Documents and Settings\Administrator>
0
Comment
Question by:hrtmath
  • 5
  • 3
8 Comments
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22782835
For now, let's get your ISP's DNS servers and put them in the forwarders tab. Then, enable recursive lookups.

right now, you have reverse DNS problems and a root hint list of invalid root hint servers. We will have to fix this.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22782869
Wait a second:

These are valid Root hint servers.

Those root hints servers are telling you that 12.0.0.1 is not a valid IP to query.

So, it looks like you are trying to resolve to 12.0.0.1 and the remote DNS servers are saying, I can't provide you with DNS resolution, because I can't find it in my Reverse DNS.

0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22782897
So, let's see if you are blocked on the SMB shares:

Go to a DC command prompt and type:

netstat -na

Look for port 445 and 139 to make sure they are listening.

Then, go to a workstation's command prompt and:

(where xxx.xxx.xxx.xxx is the IP of your DC) type:

portqry -n xxx.xxx.xxx.xxx -o 139,445 -p both

and make sure 139 and 445 are listening.

If not, you probably have a software firewall blocking SMB shares.

0
 

Author Comment

by:hrtmath
ID: 22783605
netstat -na on a DC shows that there are a lot of port 139 and 445 connections established.

portquery on a workstation shows that port 139 and 445 on the DC are listening.

Many normal activities work. It just that things like connecting to a network printer, sysvol access via the domain name, and connecting a new computer to the domain don't work.

Tom
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 38

Expert Comment

by:ChiefIT
ID: 22784216
OH, i see what is going on here:

You have the loopback address as the preferred DNS server (127.0.0.1) That has to be a defined IP.

Once done. Let me know what DCdiag errors you see.


0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
ID: 22784275
I am trying to think of the scope of the issues that are effected by the loopback address as the preferred DNS server to include AD logons, printers and other services that you are having issues with.

SRV records, you might have to fix your SRV records as well as changing your loopback address to your domain server's fixed IP. So:
Verifying SRV records: (This should effect AD logons and user rights to printers)
http://support.microsoft.com/kb/241515

Host A and SOA records for the DC:
You might need to fix those as well.

0
 

Author Comment

by:hrtmath
ID: 22823954
I think I figured out what the problem is. In Active Directory Sites and Services, the hm.local entry that's just above the Servers entry, changed to Default-First-Site-Name. Can I simply rename it back to hm.local and restart the DNS service?

Tom
0
 

Author Comment

by:hrtmath
ID: 22827801
figured it out. The DHCP server had an external DNS server listed as the first DNS server. So users had no general DNS problems, but the external DNS server had no reference to our local domain. Ergo local domain references didn't work. Changing the default DNS server to the IP address of the domain controller and rebooting the workstations fixed the problem.

Thanks for your help. I'll assign the points to you.

Tom
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now