workgroup computers can't browse network after gpupdate on domain controller

This one stumps me- We recently made some minor changes to group policy (set intranet site for new WSUS server) and ran gpupdate on the PDC.

immediately after, a few workstations that are not joined to the domain stopped seeing the server via DNS. I can ping by IP address, but nothing I do lets those workgroup PCs browse to or connect to the server by name.

I've checked DNS on the server- it's functioning fine, , checked network settings on the affected workstations- zip. I can browse by IP, and file sharing etc is working, but DNS went poof.

from the server, I can not see the names of any of the clients or workstations in network neighborhood, even though they show up in the DNS server!

from the workstations, i can not contact the domain controller(i.e., try to join domain) or see it in the NN, but i can see all the other clients and workstations, both on the domain and off.

my gut says DNS problem, but where?

we use a router forDHCP- the server is the DNS, PDC and file shares.
TechRescueAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MightySWCommented:
Check to see if DNS is set for unsecure.

Also, when you check the DNS table are the clients listed?  Can you do a reverse lookup on them with the DNS server or any computer connected to the domain?  Can you resolve any names after IPCONFIG /flushdns ?

You can also delete both the A records and the reverse lookup records for all of those clients and whatever else is still holding onto those IP's and then IPCONFIG /registerdns.   After this see if you can ping the DNS server by name and then try ping -a.

Also, what mode is the DNS server in?  I would assume that it is not AD integrated since you have non domain users on it (unless it is unsecure).  

HTH
0
Ghoti_AZCommented:
Is the DNS server on the troublesome workstations set to the address of the Domain Controller?
0
TechRescueAuthor Commented:
DNS is set for nonsecure and secure updates

it IS AD-integrated- why would that make it suddenly go blind to the workstations?

clients are listed in the DNS- workstations not joined to the domain do NOT show up anymore after flushdns and etc. I trying manually deleteing the records and reregistering- only the clients show up, and not the unjoined workstations.


-------------------------------------------------
Check to see if DNS is set for unsecure.

Also, when you check the DNS table are the clients listed?  Can you do a reverse lookup on them with the DNS server or any computer connected to the domain?  Can you resolve any names after IPCONFIG /flushdns ?

You can also delete both the A records and the reverse lookup records for all of those clients and whatever else is still holding onto those IP's and then IPCONFIG /registerdns.   After this see if you can ping the DNS server by name and then try ping -a.

Also, what mode is the DNS server in?  I would assume that it is not AD integrated since you have non domain users on it (unless it is unsecure).  

HTH
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

TechRescueAuthor Commented:
yes- and I can browse the internet just fine; just cannot browse locally by name.

------------------------------
Is the DNS server on the troublesome workstations set to the address of the Domain Controller?
0
MightySWCommented:
This may be insane, but can you check your DNS settings on the clients and see if the advanced settings are set to register this connection's addresses in DNS and Use this connection's DNS suffinx in DNS reg is not checked...

I have seen this before and the issues were similar.

Also, is your FW on?  Try turning it off.

I am just trying to think of things that would cause an ordinary GPupdate to cause this.
0
TechRescueAuthor Commented:
these are set as normal - still no joy.

I am going to blow away the DNS zones and remake them, will report back. at least the sun is shining....


------------------------------------------------------------
MightySW:
This may be insane, but can you check your DNS settings on the clients and see if the advanced settings are set to register this connection's addresses in DNS and Use this connection's DNS suffinx in DNS reg is not checked...

I have seen this before and the issues were similar.

Also, is your FW on?  Try turning it off.

I am just trying to think of things that would cause an ordinary GPupdate to cause this.
0
TechRescueAuthor Commented:
update- I recreated the DNS zone and now the DNS will not recreate the AD components correctly.
I went back to basics and now we have a problem.

dcdiag shows "the host 'GUID.domain.foo'  couldn't be resolved. the server name was pingable" etc.

rats. i fear I'm in for some work today.
0
MightySWCommented:
Is Allow Dynamic Updates is set to Yes and are the _msdcs, _sites, _tcp and _udp folders present?
0
MightySWCommented:
When you say that you recreated the zone, you did it manually or with Netdiag?
0
TechRescueAuthor Commented:
I recreated the zone manually, and no, the  _msdcs, _sites, _tcp and _udp sites are not returning as they should.
0
MightySWCommented:
Be sure that this isn't a dot (.) zone in your zone.  If you do then delete it as I wouldn't think that you want this as a root server.  You will need to do an IPconfig /registedns on the NS if there is a dot record.

More than likely the above will not be the case.  You will need to repopulate the zone by running netdiag /fix on the DNS server.  Refresh the view in DNS and the AD DNS records should be there.

you may have to do another IPconfig /registerdns and also restart the netlogon service or reboot.

If that doesn't work, then blow out the zone that you have, run netdiag /fix, create the zone manually and then run netdiag /fix again.

You should be able to create the folders all by hand.  As you said earlier, might be a long day...


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TechRescueAuthor Commented:
I did not create a root zone:). I ran netdaig /fix and etc, and now the aone is lookinmg the way it should. the original problem remains. I'm calling Server Down, we'll see what happens. thanks for all the input!
0
TechRescueAuthor Commented:
solved- out of the blue, netbois was disabled on the NIC. why? nobody knows how? again, no answer. re-enabled NB, restrarted computer browser and presto = all fixed.

nobody cops to changing any settings on the NIC, so it's a "mystery". my lesson? always start with the basics.

thanks for the continued help and responses.
0
MightySWCommented:
Awesome.  That is strange because I was going to ask about Netbios too, but I thought that it was a fairly straightforward thing so I didn't bother.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.