Start Free Trial

asked on

Vista Business Machines cannot communicate with Domain controller (Windows Server 2003x64) m Windows XP machines work fine

I have a point to Point T1 connection between the main Site and the remote site (Site A (192.168.1.X scheme) and Site B (192.168.9.x scheme)) Site A contains the main network with our exchange server, original domain controllers. Site B contains a Backup domain controller. The domain Controllers in Site A are Running Windows Server 2003 Standard SP2, The backup domain controller at Site B is running Windows Server 2003 Standard X64. The problem is My windows Vista clients while in the site B environment cannot communicate with the Domain controller at Site B. Windows XP Machine works perfect. If windows Vista client is in the Site A environment it works with no problem. If I give my windows vista client a static DNS entry for site A's domain controller it works perfectly. Windows Vista in the Site B can ping anything on either side while getting all of it's dhcp information from Site B Controller except for the Site B server, very odd.

Is this a single domain setup? And does this happen with all Vista clients (e.g. Domain trust and workgroups?).

ASKER

Yes it is a single domain Yes is happens with any vista client. I am a networking consultant so my laptop is in a different domain than the Domain at this place and I have the same issue. Also I just took 6 new desktops there yesterday and they were all experiencing the same problem right out of the box.

Ok, have they all been activated?

ASKER

Yes they have

Also, the servers are setup using AD? or are users registered on the domain, but validating with workgroup credentials? (e.g. part of a domain, but logged in as a local user).

ASKER

The servers are all using AD and are setup to replicate everything. DC's are replicating AD and DNS

Try this on one PC and let me know if it works?

1. Go to Start > Run > cmd

2. Copy/paste the following line and hit your Enter key:

Net localgroup Administrators localservice /add

3. Reboot your computer.

ASKER

O.K. I will try it and let you know, give me a minute

If the above fails try thisperhaps Authentication is the issue? By default Vista security is set to use only NTLMv2 authentication.

On the Vista PC run the secpol.msc to get into the Local Security Policy screen. Goto "Security Options" and then find "Network Security: LAN Manager authentcation level". Change it from "NTVLM2 responses only" to "LM and NTLM - use NTLMv2 session security if negociated".

Your not getting a "Server execution failed" tray message are you?

ASKER

I am rebooting now.. I will know in about 2 minutes of the "Net localgroup Administrators localservice /add " command worked, what did that do exactly? All users are local administrators..

ASKER

Where would I see the "server execution failed" message at?

ASKER

It didn't appear to work, oddly enough after reboot I could ping my server "wmserver" it resolved and replied once and then I couldn't ping anymore.. back to the same problem.

Try this then:

On the Vista PC run the secpol.msc to get into the Local Security Policy screen. Goto "Security Options" and then find "Network Security: LAN Manager authentcation level". Change it from "NTVLM2 responses only" to "LM and NTLM - use NTLMv2 session security if negociated".

ASKER

I tried changing that policy, no change. I have never seen the "server execution failed" on the workstation or the server

ASKER

On this workstation without giving it my static DNS from Site A I am unable to surf the web or ping anything..

This is extremely odd, I have deployed 50+ Vista Business PC's to a domain (Windows 2003 Forest) without any issues. Perhaps there is a 3rd party Firewall or Application that is blocking traffic?

ASKER

No there are not any firewalls or software installed, no anti virus installed yet. . This is 64 bit Windows server 2003. I wasn't sure if there was some sort of discrepancy between 64 bit (doesn't seem logical but I can't think of anything else!) And what is the difference in XP and vista?? I have alread y disabled 1pv6..no joy there.

Do me a favor, check the event logs on one of the culprit Vista PC's?

The only thing I did different is disable UAC on my clients' PC's.

ASKER

That was the first thing I did, I hate UAC

ASKER

At 1:58 I received a new event in the system log

"The Name "WPS_Domain :1d" could not be registered on the interface with AP address 192.168.9.57. The computer with the IP address 192.168.1.4 did not allot the name to be claimed by this computer."

First off - the pc name is joey.beavers.wpsgroup.local??
192.168.9.57 is the computers IP
192.168.1.4 is the Main Domain controller at Site A

ASKER

that is event 4321 source netbt

So first thing, did you assign the WINS or DNS to the Vista PC?

Also did you create DNS Search order?

ASKER

No I haven't, not sure what that means actually...

Oh, no problem...do you know what the DNS server is on the domain?

also, are you able to UNC to network resources on either domain? (e.g. \\servernaME\SHARE)

ASKER

Oh yeah..

ASKER

Yes from any machine at site A and from all XP machines at site B. On vista I can to any computer via the ip address, not name..except for the DC at Site b and I can't see it by ip or name

So it sounds like the Vista PC's are not able to resolve IP to FQDN's (fully qualified domain names)?

So they are not able to connect to the "Net logon server" either at Cntrl+Alt+Delete"?

ASKER

That is correct, I also just noticed while inspecting DNS servers, the Site B DC does not show a dns record for the vista PC's but there are DNS records for the Vista PC'a at Site A. Almost like the Vista PC's won't speak to the DC at Site b at all. Which explains why they work with static DNS for the servers at Site A??? (When I say work, they can get on the internet, and see shares at Site A, they still can't See Site B DC)

ASKER

Well, they can I think because of cached username.. With static DNS it doesn't matter because they will authenticate across the point to point T1. If the ptp t1 went down, they would be completely SOL

But these are registered on the domain?

When you said BDC are you referring to a AD DC? Or do you mean a Global Catalog Server as well?

We will figure this out if it kill's us...lol

ASKER

It is an AD DC and a Global Catalog Server

Ok, so you were able to register the Vista PC's in both the A and B?

ASKER

And yes they are registered on the domain

ASKER

I am only able to register the PC's on B by setting the DNS to a static server at Site A, otherwise I can't register them to the domain.

It almost sounds like site A and B do not have a transitive trust?

ASKER

How would I check that?

Go to the Active Directory Domains and Trusts snap-in (domain.msc).

Once in there, right click on the a domain and select "Properties", Click Trusts then select a domain and click "Properties" again.

You will be able to see whether its "Transitive" after clicking "Trusts", but for more info you can click "Properties".

ASKER

There is no domain under trusts... The domain is all the same name "wpsgroup.local"

You are running one Domain that was upgraded then, correct? If so, are you running down level servers also? (e.g. NT 40)

Is this Vista Business or Home?

ASKER

No this domain has all Windows server 2003 has always been called wpsgroup.local..It is Vista Business (They are on the domain wpsgroup.local) The Server at Site B was recently replaced it was windows server 2003 sp2 named wmo-server.wpsgroup.local (ip 192.168.9.1) it was replaced by

Windows Server 2003 SP2 64 Bit - wmserver.wpsgroup.local (Ip - 192.168.9.1)

Test the DNS:
you can test DNS using NSLOOKUP %Server%, where %Server% is an IP address or a domain name first use the IP address form; it should return the domain.name. Then try the domain name and it should return the same ip address...

Hmmm, to your last statement...maybe there are dead/false pointer records on the network?

ASKER

This is ns lookup to ip of Site B server (wmserver, 192.168.9.1)

and dns server at Site a (itserver, 192.168.1.3)
it-server-and-1.3.jpg
wmserver-and-9.1.jpg

ASKER

Here is a screen shot from a good PC
nslookup-from-XP.jpg

ASKER

I also made sure to change any pointer records to the new server name the day they were switched over

Ok, I have to go to a meeting, then a poker tournament :-(

Do this, assign a Static IP, SM, Gateway and DNS servers to one of the Vista machines, and post how it reacts/performs?

You have File and printer sharing enabled on the Vista PC's?

Make sure these settings are setup this way under the Network Card's properties...
NetworkAuth.jpg

ASKER

No to the second question, I understand to the first

ASKER

Hey man, I am about to be done for the weekend too, we can certainly pick this up on Monday

ASKER

Static Everything works ... That is the first time I have tried with all static...

ASKER CERTIFIED SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial