workgroup computers can't browse network after gpupdate on domain controller

This one stumps me- We recently made some minor changes to group policy (set intranet site for new WSUS server) and ran gpupdate on the PDC.

immediately after, a few workstations that are not joined to the domain stopped seeing the server via DNS. I can ping by IP address, but nothing I do lets those workgroup PCs browse to or connect to the server by name.

I've checked DNS on the server- it's functioning fine, , checked network settings on the affected workstations- zip. I can browse by IP, and file sharing etc is working, but DNS went poof.

from the server, I can not see the names of any of the clients or workstations in network neighborhood, even though they show up in the DNS server!

from the workstations, i can not contact the domain controller(i.e., try to join domain) or see it in the NN, but i can see all the other clients and workstations, both on the domain and off.

my gut says DNS problem, but where?

we use a router forDHCP- the server is the DNS, PDC and file shares.
TechRescueAsked:
Who is Participating?
 
MightySWConnect With a Mentor Commented:
Be sure that this isn't a dot (.) zone in your zone.  If you do then delete it as I wouldn't think that you want this as a root server.  You will need to do an IPconfig /registedns on the NS if there is a dot record.

More than likely the above will not be the case.  You will need to repopulate the zone by running netdiag /fix on the DNS server.  Refresh the view in DNS and the AD DNS records should be there.

you may have to do another IPconfig /registerdns and also restart the netlogon service or reboot.

If that doesn't work, then blow out the zone that you have, run netdiag /fix, create the zone manually and then run netdiag /fix again.

You should be able to create the folders all by hand.  As you said earlier, might be a long day...


0
 
MightySWCommented:
Check to see if DNS is set for unsecure.

Also, when you check the DNS table are the clients listed?  Can you do a reverse lookup on them with the DNS server or any computer connected to the domain?  Can you resolve any names after IPCONFIG /flushdns ?

You can also delete both the A records and the reverse lookup records for all of those clients and whatever else is still holding onto those IP's and then IPCONFIG /registerdns.   After this see if you can ping the DNS server by name and then try ping -a.

Also, what mode is the DNS server in?  I would assume that it is not AD integrated since you have non domain users on it (unless it is unsecure).  

HTH
0
 
Ghoti_AZCommented:
Is the DNS server on the troublesome workstations set to the address of the Domain Controller?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
TechRescueAuthor Commented:
DNS is set for nonsecure and secure updates

it IS AD-integrated- why would that make it suddenly go blind to the workstations?

clients are listed in the DNS- workstations not joined to the domain do NOT show up anymore after flushdns and etc. I trying manually deleteing the records and reregistering- only the clients show up, and not the unjoined workstations.


-------------------------------------------------
Check to see if DNS is set for unsecure.

Also, when you check the DNS table are the clients listed?  Can you do a reverse lookup on them with the DNS server or any computer connected to the domain?  Can you resolve any names after IPCONFIG /flushdns ?

You can also delete both the A records and the reverse lookup records for all of those clients and whatever else is still holding onto those IP's and then IPCONFIG /registerdns.   After this see if you can ping the DNS server by name and then try ping -a.

Also, what mode is the DNS server in?  I would assume that it is not AD integrated since you have non domain users on it (unless it is unsecure).  

HTH
0
 
TechRescueAuthor Commented:
yes- and I can browse the internet just fine; just cannot browse locally by name.

------------------------------
Is the DNS server on the troublesome workstations set to the address of the Domain Controller?
0
 
MightySWCommented:
This may be insane, but can you check your DNS settings on the clients and see if the advanced settings are set to register this connection's addresses in DNS and Use this connection's DNS suffinx in DNS reg is not checked...

I have seen this before and the issues were similar.

Also, is your FW on?  Try turning it off.

I am just trying to think of things that would cause an ordinary GPupdate to cause this.
0
 
TechRescueAuthor Commented:
these are set as normal - still no joy.

I am going to blow away the DNS zones and remake them, will report back. at least the sun is shining....


------------------------------------------------------------
MightySW:
This may be insane, but can you check your DNS settings on the clients and see if the advanced settings are set to register this connection's addresses in DNS and Use this connection's DNS suffinx in DNS reg is not checked...

I have seen this before and the issues were similar.

Also, is your FW on?  Try turning it off.

I am just trying to think of things that would cause an ordinary GPupdate to cause this.
0
 
TechRescueAuthor Commented:
update- I recreated the DNS zone and now the DNS will not recreate the AD components correctly.
I went back to basics and now we have a problem.

dcdiag shows "the host 'GUID.domain.foo'  couldn't be resolved. the server name was pingable" etc.

rats. i fear I'm in for some work today.
0
 
MightySWCommented:
Is Allow Dynamic Updates is set to Yes and are the _msdcs, _sites, _tcp and _udp folders present?
0
 
MightySWCommented:
When you say that you recreated the zone, you did it manually or with Netdiag?
0
 
TechRescueAuthor Commented:
I recreated the zone manually, and no, the  _msdcs, _sites, _tcp and _udp sites are not returning as they should.
0
 
TechRescueAuthor Commented:
I did not create a root zone:). I ran netdaig /fix and etc, and now the aone is lookinmg the way it should. the original problem remains. I'm calling Server Down, we'll see what happens. thanks for all the input!
0
 
TechRescueAuthor Commented:
solved- out of the blue, netbois was disabled on the NIC. why? nobody knows how? again, no answer. re-enabled NB, restrarted computer browser and presto = all fixed.

nobody cops to changing any settings on the NIC, so it's a "mystery". my lesson? always start with the basics.

thanks for the continued help and responses.
0
 
MightySWCommented:
Awesome.  That is strange because I was going to ask about Netbios too, but I thought that it was a fairly straightforward thing so I didn't bother.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.