• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 823
  • Last Modified:

workgroup computers can't browse network after gpupdate on domain controller

This one stumps me- We recently made some minor changes to group policy (set intranet site for new WSUS server) and ran gpupdate on the PDC.

immediately after, a few workstations that are not joined to the domain stopped seeing the server via DNS. I can ping by IP address, but nothing I do lets those workgroup PCs browse to or connect to the server by name.

I've checked DNS on the server- it's functioning fine, , checked network settings on the affected workstations- zip. I can browse by IP, and file sharing etc is working, but DNS went poof.

from the server, I can not see the names of any of the clients or workstations in network neighborhood, even though they show up in the DNS server!

from the workstations, i can not contact the domain controller(i.e., try to join domain) or see it in the NN, but i can see all the other clients and workstations, both on the domain and off.

my gut says DNS problem, but where?

we use a router forDHCP- the server is the DNS, PDC and file shares.
0
TechRescue
Asked:
TechRescue
  • 7
  • 6
1 Solution
 
MightySWCommented:
Check to see if DNS is set for unsecure.

Also, when you check the DNS table are the clients listed?  Can you do a reverse lookup on them with the DNS server or any computer connected to the domain?  Can you resolve any names after IPCONFIG /flushdns ?

You can also delete both the A records and the reverse lookup records for all of those clients and whatever else is still holding onto those IP's and then IPCONFIG /registerdns.   After this see if you can ping the DNS server by name and then try ping -a.

Also, what mode is the DNS server in?  I would assume that it is not AD integrated since you have non domain users on it (unless it is unsecure).  

HTH
0
 
Ghoti_AZCommented:
Is the DNS server on the troublesome workstations set to the address of the Domain Controller?
0
 
TechRescueAuthor Commented:
DNS is set for nonsecure and secure updates

it IS AD-integrated- why would that make it suddenly go blind to the workstations?

clients are listed in the DNS- workstations not joined to the domain do NOT show up anymore after flushdns and etc. I trying manually deleteing the records and reregistering- only the clients show up, and not the unjoined workstations.


-------------------------------------------------
Check to see if DNS is set for unsecure.

Also, when you check the DNS table are the clients listed?  Can you do a reverse lookup on them with the DNS server or any computer connected to the domain?  Can you resolve any names after IPCONFIG /flushdns ?

You can also delete both the A records and the reverse lookup records for all of those clients and whatever else is still holding onto those IP's and then IPCONFIG /registerdns.   After this see if you can ping the DNS server by name and then try ping -a.

Also, what mode is the DNS server in?  I would assume that it is not AD integrated since you have non domain users on it (unless it is unsecure).  

HTH
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
TechRescueAuthor Commented:
yes- and I can browse the internet just fine; just cannot browse locally by name.

------------------------------
Is the DNS server on the troublesome workstations set to the address of the Domain Controller?
0
 
MightySWCommented:
This may be insane, but can you check your DNS settings on the clients and see if the advanced settings are set to register this connection's addresses in DNS and Use this connection's DNS suffinx in DNS reg is not checked...

I have seen this before and the issues were similar.

Also, is your FW on?  Try turning it off.

I am just trying to think of things that would cause an ordinary GPupdate to cause this.
0
 
TechRescueAuthor Commented:
these are set as normal - still no joy.

I am going to blow away the DNS zones and remake them, will report back. at least the sun is shining....


------------------------------------------------------------
MightySW:
This may be insane, but can you check your DNS settings on the clients and see if the advanced settings are set to register this connection's addresses in DNS and Use this connection's DNS suffinx in DNS reg is not checked...

I have seen this before and the issues were similar.

Also, is your FW on?  Try turning it off.

I am just trying to think of things that would cause an ordinary GPupdate to cause this.
0
 
TechRescueAuthor Commented:
update- I recreated the DNS zone and now the DNS will not recreate the AD components correctly.
I went back to basics and now we have a problem.

dcdiag shows "the host 'GUID.domain.foo'  couldn't be resolved. the server name was pingable" etc.

rats. i fear I'm in for some work today.
0
 
MightySWCommented:
Is Allow Dynamic Updates is set to Yes and are the _msdcs, _sites, _tcp and _udp folders present?
0
 
MightySWCommented:
When you say that you recreated the zone, you did it manually or with Netdiag?
0
 
TechRescueAuthor Commented:
I recreated the zone manually, and no, the  _msdcs, _sites, _tcp and _udp sites are not returning as they should.
0
 
MightySWCommented:
Be sure that this isn't a dot (.) zone in your zone.  If you do then delete it as I wouldn't think that you want this as a root server.  You will need to do an IPconfig /registedns on the NS if there is a dot record.

More than likely the above will not be the case.  You will need to repopulate the zone by running netdiag /fix on the DNS server.  Refresh the view in DNS and the AD DNS records should be there.

you may have to do another IPconfig /registerdns and also restart the netlogon service or reboot.

If that doesn't work, then blow out the zone that you have, run netdiag /fix, create the zone manually and then run netdiag /fix again.

You should be able to create the folders all by hand.  As you said earlier, might be a long day...


0
 
TechRescueAuthor Commented:
I did not create a root zone:). I ran netdaig /fix and etc, and now the aone is lookinmg the way it should. the original problem remains. I'm calling Server Down, we'll see what happens. thanks for all the input!
0
 
TechRescueAuthor Commented:
solved- out of the blue, netbois was disabled on the NIC. why? nobody knows how? again, no answer. re-enabled NB, restrarted computer browser and presto = all fixed.

nobody cops to changing any settings on the NIC, so it's a "mystery". my lesson? always start with the basics.

thanks for the continued help and responses.
0
 
MightySWCommented:
Awesome.  That is strange because I was going to ask about Netbios too, but I thought that it was a fairly straightforward thing so I didn't bother.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now