?
Solved

Kerberos Authentication failing (reported on NetDiag)

Posted on 2009-04-24
31
Medium Priority
?
3,072 Views
Last Modified: 2013-12-24
Our server had viruses on it. Having (we think) resolved this issue, we are now having intermittent problems with PCs connecting to it.

Issue Description:
I can duplicate the following fault repeatedly.
1) Boot PC
2) Log on as a user (called test in this example and created with an "empty" profile on the server)
3) User's profile fails to load
4) when logged on (with temporary profile), I try and connect to \\server\netlogon and am asked for a username and password. If I supply Domain\test as the username, I cannot (The username you have typed is the same user name you logged in with. That username has already been tried. A domain controller cannot be found to verify that username). If I use Domain\another I can see the Netlogon share
5) having connected to netlogon as another user, if I delete all mappings and map a drive to NETLOGON as Test, I connect correctly.

I can repeat this logging on as domain\another and connecting to netlogon as domain\test i.e. reversing the account roles.

NETDIAG -v reports as follows

Testing Kerberos authentication... Failed
DC list test ... failed
Kerberos test. . . . . . . . . . . : Failed
LDAP test. . . . . . . . . . . . . : Failed

I'm at a loss as to what to do.
Gathering IPX configuration information.
    Querying status of the Netcard drivers... Passed
    Testing IpConfig - pinging the DHCP Server... Passed
    Testing IpConfig - pinging the Primary WINS server... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing for autoconfiguration... Passed
    Testing IP loopback ping... Passed
    Testing default gateways... Passed
    Enumerating local and remote NetBT name cache... Passed
    Testing the WINS server
        Local Area Connection
            Sending name query to primary WINS server 192.168.0.1 - Failed
            There is no secondary WINS server defined for this adapter.
    Gathering Winsock information.
    Testing DNS
          The DNS registration for CHWS-15.churchhouse.local is correct on all DNS servers
    Testing redirector and browser... Passed
    Testing DC discovery. 
        Looking for a DC
        Looking for a PDC emulator
        Looking for a Windows 2000 DC
    Gathering the list of Domain Controllers for domain 'CHURCHHOUSE'
    Testing trust relationships... Passed
    Testing Kerberos authentication... Failed
    Testing LDAP servers in Domain CHURCHHOUSE ... 
    Gathering routing information
    Gathering network statistics information. 
    Gathering configuration of bindings.
    Gathering RAS connection information 
    Gathering Modem information
    Gathering Netware information
    Gathering IP Security information
 
    Tests complete.
 
 
    Computer Name: CHWS-15
    DNS Host Name: CHWS-15.churchhouse.local
    DNS Domain Name: churchhouse.local
    System info : Windows 2000 Professional (Build 2600)
    Processor : x86 Family 15 Model 4 Stepping 9, GenuineIntel
    Hotfixes :
        Installed?      Name
           Yes          KB902344
           Yes          KB911564
           Yes          KB917734_WMP10
           Yes          KB923561
           Yes          KB923689
           Yes          KB925398_WMP64
           Yes          KB936782_WMP10
           Yes          KB938127-IE7
           Yes          KB938464
           Yes          KB938464-v2
           Yes          KB941569
           Yes          KB944533-IE7
           Yes          KB946648
           Yes          KB947864-IE7
           Yes          KB950759-IE7
           Yes          KB950760
           Yes          KB950762
           Yes          KB950974
           Yes          KB951066
           Yes          KB951072-v2
           Yes          KB951376
           Yes          KB951376-v2
           Yes          KB951698
           Yes          KB951748
           Yes          KB951978
           Yes          KB952004
           Yes          KB952069_WM9
           Yes          KB952287
           Yes          KB952954
           Yes          KB953838-IE7
           Yes          KB953839
           Yes          KB954211
           Yes          KB954459
           Yes          KB954600
           Yes          KB955069
           Yes          KB955839
           Yes          KB956390-IE7
           Yes          KB956391
           Yes          KB956572
           Yes          KB956802
           Yes          KB956803
           Yes          KB956841
           Yes          KB957095
           Yes          KB957097
           Yes          KB958215-IE7
           Yes          KB958644
           Yes          KB958687
           Yes          KB958690
           Yes          KB959426
           Yes          KB960225
           Yes          KB960714-IE7
           Yes          KB960715
           Yes          KB960803
           Yes          KB961260-IE7
           Yes          KB961373
           Yes          KB963027-IE7
           Yes          KB967715
           Yes          Q147222
           No           ServicePackUninstall
 
 
Netcard queries test . . . . . . . : Passed
 
    Information of Netcard drivers: 
 
    ---------------------------------------------------------------------------
    Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
    Device: \DEVICE\{DEE1B2B7-CB83-4E0B-92E5-56986064AC84}
 
    Media State:                     Connected
 
    Device State:                    Connected
    Connect Time:                    02:43:43
    Media Speed:                     100 Mbps
 
    Packets Sent:                    25753
    Bytes Sent (Optional):           0
 
    Packets Received:                29845
    Directed Pkts Recd (Optional):   28484
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0
 
    ---------------------------------------------------------------------------
    Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
    Device: \DEVICE\{5F166796-4D58-4261-A4B1-BD6F62E804CC}
 
    Media State:                     Connected
 
    Device State:                    Connected
    Connect Time:                    02:43:43
    Media Speed:                     100 Mbps
 
    Packets Sent:                    25753
    Bytes Sent (Optional):           0
 
    Packets Received:                29845
    Directed Pkts Recd (Optional):   28484
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0
 
    ---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.
 
 
 
Per interface results:
 
    Adapter : Local Area Connection
        Adapter ID . . . . . . . . : {5F166796-4D58-4261-A4B1-BD6F62E804CC}
 
        Netcard queries test . . . : Passed
 
        Adapter type . . . . . . . : Ethernet
        Host Name. . . . . . . . . : CHWS-15.churchouse.local
        Description. . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
        Physical Address . . . . . : 00-17-31-28-3B-4F
        Dhcp Enabled . . . . . . . : Yes
        DHCP ClassID . . . . . . . : 
        Autoconfiguration Enabled. : Yes
        IP Address . . . . . . . . : 192.168.0.47
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.2
        DHCP Server. . . . . . . . : 192.168.0.1
        Primary WINS Server. . . . : 192.168.0.1
        Lease Obtained . . . . . . : 24 April 2009 12:01:26
        Lease Expires. . . . . . . : 02 May 2009 12:01:26
        Dns Servers. . . . . . . . : 192.168.0.1
 
        IpConfig results . . . . . : Passed
            Pinging DHCP server - reachable
            Pinging the Primary WINS server 192.168.0.1 - reachable
 
        AutoConfiguration results. . . . . . : Passed
            AutoConfiguration is not in use. 
 
        Default gateway test . . . : Passed
            Pinging gateway 192.168.0.2 - reachable
            At least one gateway reachable for this adapter. 
 
        NetBT name test. . . . . . : Passed
            NetBT_Tcpip_{5F166796-4D58-4261-A4B1-BD6F62E804CC}
            CHWS-15        <00>  UNIQUE      REGISTERED
            CHURCHHOUSE    <00>  GROUP       REGISTERED
            CHWS-15        <20>  UNIQUE      REGISTERED
            CHURCHHOUSE    <1E>  GROUP       REGISTERED
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
 
            NetBios Resolution : via DHCP 
 
		Netbios Remote Cache Table
            Name           Type              HostAddress         Life [sec]
            ---------------------------------------------------------------
            CHOUSE-SVR01.CH<55>  UNIQUE      192.168.0.1           117
 
 
        WINS service test. . . . . : Failed
            Sending name query to primary WINS server 192.168.0.1 - Failed
            There is no secondary WINS server defined for this adapter.
            The test failed.  We were unable to query the WINS servers.
        IPX test : IPX is not installed on this machine.
 
 
Global results:
 
 
IP General configuration 
    LMHOSTS Enabled. . . . . . . . : Yes
    DNS for WINS resolution. . . . : Enabled
    Node Type. . . . . . . . . . . : Hybrid
    NBT Scope ID . . . . . . . . . : 
    Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled . . . . . . : No
    DNS resolution for NETBIOS . . : No
 
 
 
Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Member Workstation
    Netbios Domain name. . . . . . : CHURCHHOUSE
    Dns domain name. . . . . . . . : churchhouse.local
    Dns forest name. . . . . . . . : churchhouse.local
    Domain Guid. . . . . . . . . . : {D006232E-0C01-4AFA-A2B8-5F0A857B3C90}
    Domain Sid . . . . . . . . . . : S-1-5-21-1202660629-1292428093-839522115
    Logon User . . . . . . . . . . : test
    Logon Domain . . . . . . . . . : CHURCHHOUSE
    Logon Server . . . . . . . . . : \\CHOUSE-SVR01
 
 
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{5F166796-4D58-4261-A4B1-BD6F62E804CC}
    1 NetBt transport currently configured.
 
 
Autonet address test . . . . . . . : Passed
    PASS - you have at least one non-autoconfigured IP address
 
 
IP loopback ping test. . . . . . . : Passed
    PASS - pinging IP loopback address was successful.
    Your IP stack is most probably OK.
 
 
Default gateway test . . . . . . . : Passed
    PASS - you have at least one reachable gateway.
 
 
NetBT name test. . . . . . . . . . : Passed
   No NetBT scope defined
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
 
 
Winsock test . . . . . . . . . . . : Passed
    The number of protocols which have been reported : 10
        Description: MSAFD Tcpip [TCP/IP]
            Provider Version   :2
            Max message size  : Stream Oriented
        Description: MSAFD Tcpip [UDP/IP]
            Provider Version   :2
        Description: RSVP UDP Service Provider
            Provider Version   :6
        Description: RSVP TCP Service Provider
            Provider Version   :6
            Max message size  : Stream Oriented
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F166796-4D58-4261-A4B1-BD6F62E804CC}] SEQPACKET 0
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F166796-4D58-4261-A4B1-BD6F62E804CC}] DATAGRAM 0
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C1CB8D61-958B-4269-A0AD-1BD6BD2AAD64}] SEQPACKET 1
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C1CB8D61-958B-4269-A0AD-1BD6BD2AAD64}] DATAGRAM 1
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{46DCDE0A-35C1-498B-9F9E-E9FA61B4B62E}] SEQPACKET 2
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{46DCDE0A-35C1-498B-9F9E-E9FA61B4B62E}] DATAGRAM 2
            Provider Version   :2
 
    Max UDP size : 65507 bytes
 
 
DNS test . . . . . . . . . . . . . : Passed
      Interface {5F166796-4D58-4261-A4B1-BD6F62E804CC}
        DNS Domain: churchouse.local
        DNS Servers: 192.168.0.1 
        IP Address: 192.168.0.47 
        Expected registration with PDN (primary DNS domain name):
          Hostname: CHWS-15.churchhouse.local.
          Authoritative zone: churchhouse.local.
          Primary DNS server: chouse-svr01.churchhouse.local 192.168.0.1
          Authoritative NS:192.168.0.1 
        Expected registration with adapter's DNS Domain Name:
          Hostname: CHWS-15.churchouse.local.
          Registration with adapter's DNS domain name is disabled.
      Verify DNS registration:
        Name: CHWS-15.churchhouse.local
        Expected IP: 192.168.0.47 
          Server 192.168.0.1: NO_ERROR
    The DNS registration for CHWS-15.churchhouse.local is correct on all DNS servers
 
 
Redir and Browser test . . . . . . : Passed
    List of transports currently bound to the Redir
        NetbiosSmb
        NetBT_Tcpip_{5F166796-4D58-4261-A4B1-BD6F62E804CC}
    The redir is bound to 1 NetBt transport.
 
    List of transports currently bound to the browser
        NetBT_Tcpip_{5F166796-4D58-4261-A4B1-BD6F62E804CC}
    The browser is bound to 1 NetBt transport.
    Mailslot test for CHURCHHOUSE* passed.
 
 
DC discovery test. . . . . . . . . : Passed
 
    Find DC in domain 'CHURCHHOUSE':
    Found this DC in domain 'CHURCHHOUSE':
        DC. . . . . . . . . . . : \\chouse-svr01.churchhouse.local
        Address . . . . . . . . : \\192.168.0.1
        Domain Guid . . . . . . : {D006232E-0C01-4AFA-A2B8-5F0A857B3C90}
        Domain Name . . . . . . : churchhouse.local
        Forest Name . . . . . . : churchhouse.local
        DC Site Name. . . . . . : Default-First-Site
        Our Site Name . . . . . : Default-First-Site
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
 
    Find PDC emulator in domain 'CHURCHHOUSE':
    Found this PDC emulator in domain 'CHURCHHOUSE':
        DC. . . . . . . . . . . : \\chouse-svr01.churchhouse.local
        Address . . . . . . . . : \\192.168.0.1
        Domain Guid . . . . . . : {D006232E-0C01-4AFA-A2B8-5F0A857B3C90}
        Domain Name . . . . . . : churchhouse.local
        Forest Name . . . . . . : churchhouse.local
        DC Site Name. . . . . . : Default-First-Site
        Our Site Name . . . . . : Default-First-Site
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
 
    Find Windows 2000 DC in domain 'CHURCHHOUSE':
    Found this Windows 2000 DC in domain 'CHURCHHOUSE':
        DC. . . . . . . . . . . : \\chouse-svr01.churchhouse.local
        Address . . . . . . . . : \\192.168.0.1
        Domain Guid . . . . . . : {D006232E-0C01-4AFA-A2B8-5F0A857B3C90}
        Domain Name . . . . . . : churchhouse.local
        Forest Name . . . . . . : churchhouse.local
        DC Site Name. . . . . . : Default-First-Site
        Our Site Name . . . . . : Default-First-Site
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
 
 
DC list test . . . . . . . . . . . : Failed
    [WARNING] Cannot call DsBind to chouse-svr01.churchhouse.local (192.168.0.1). [ERROR_INTERNAL_ERROR]
    List of DCs in Domain 'CHURCHHOUSE':
        chouse-svr01.churchhouse.local
 
 
Trust relationship test. . . . . . : Passed
    Test to ensure DomainSid of domain 'CHURCHHOUSE' is correct.
    Secure channel for domain 'CHURCHHOUSE' is to '\\chouse-svr01.churchhouse.local'.
    Secure channel for domain 'CHURCHHOUSE' was successfully set to DC '\\chouse-svr01.churchhouse.local'.
 
 
Kerberos test. . . . . . . . . . . : Failed
    Cached Tickets:
        [FATAL] Kerberos does not have a ticket for krbtgt/churchhouse.local.
        [FATAL] Kerberos does not have a ticket for host/CHWS-15.churchhouse.local.
 
 
LDAP test. . . . . . . . . . . . . : Failed
 
    Do un-authenticated LDAP call to 'chouse-svr01.churchhouse.local'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20090424134507.0Z
        Attr: subschemaSubentry
            Val: 63 CN=Aggregate,CN=Schema,CN=Configuration,DC=churchhouse,DC=local
        Attr: dsServiceName
            Val: 115 CN=NTDS Settings,CN=CHOUSE-SVR01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=churchhouse,DC=local
        Attr: namingContexts
            Val: 23 DC=churchhouse,DC=local
            Val: 40 CN=Configuration,DC=churchhouse,DC=local
            Val: 50 CN=Schema,CN=Configuration,DC=churchhouse,DC=local
            Val: 41 DC=DomainDnsZones,DC=churchhouse,DC=local
            Val: 41 DC=ForestDnsZones,DC=churchhouse,DC=local
        Attr: defaultNamingContext
            Val: 23 DC=churchhouse,DC=local
        Attr: schemaNamingContext
            Val: 50 CN=Schema,CN=Configuration,DC=churchhouse,DC=local
        Attr: configurationNamingContext
            Val: 40 CN=Configuration,DC=churchhouse,DC=local
        Attr: rootDomainNamingContext
            Val: 23 DC=churchhouse,DC=local
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
            Val: 23 2.16.840.1.113730.3.4.9
            Val: 24 2.16.840.1.113730.3.4.10
            Val: 23 1.2.840.113556.1.4.1504
            Val: 23 1.2.840.113556.1.4.1852
            Val: 22 1.2.840.113556.1.4.802
            Val: 23 1.2.840.113556.1.4.1907
            Val: 23 1.2.840.113556.1.4.1948
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
            Val: 11 MaxValRange
        Attr: highestCommittedUSN
            Val: 7 4266792
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
            Val: 8 EXTERNAL
            Val: 10 DIGEST-MD5
        Attr: dnsHostName
            Val: 30 chouse-svr01.churchhouse.local
        Attr: ldapServiceName
            Val: 49 churchhouse.local:chouse-svr01$@CHURCHHOUSE.LOCAL
        Attr: serverName
            Val: 98 CN=CHOUSE-SVR01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=churchhouse,DC=local
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1670
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE
        Attr: domainFunctionality
            Val: 1 2
        Attr: forestFunctionality
            Val: 1 0
        Attr: domainControllerFunctionality
            Val: 1 2
 
    Do NTLM authenticated LDAP call to 'chouse-svr01.churchhouse.local'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20090424134507.0Z
        Attr: subschemaSubentry
            Val: 63 CN=Aggregate,CN=Schema,CN=Configuration,DC=churchhouse,DC=local
        Attr: dsServiceName
            Val: 115 CN=NTDS Settings,CN=CHOUSE-SVR01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=churchhouse,DC=local
        Attr: namingContexts
            Val: 23 DC=churchhouse,DC=local
            Val: 40 CN=Configuration,DC=churchhouse,DC=local
            Val: 50 CN=Schema,CN=Configuration,DC=churchhouse,DC=local
            Val: 41 DC=DomainDnsZones,DC=churchhouse,DC=local
            Val: 41 DC=ForestDnsZones,DC=churchhouse,DC=local
        Attr: defaultNamingContext
            Val: 23 DC=churchhouse,DC=local
        Attr: schemaNamingContext
            Val: 50 CN=Schema,CN=Configuration,DC=churchhouse,DC=local
        Attr: configurationNamingContext
            Val: 40 CN=Configuration,DC=churchhouse,DC=local
        Attr: rootDomainNamingContext
            Val: 23 DC=churchhouse,DC=local
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
            Val: 23 2.16.840.1.113730.3.4.9
            Val: 24 2.16.840.1.113730.3.4.10
            Val: 23 1.2.840.113556.1.4.1504
            Val: 23 1.2.840.113556.1.4.1852
            Val: 22 1.2.840.113556.1.4.802
            Val: 23 1.2.840.113556.1.4.1907
            Val: 23 1.2.840.113556.1.4.1948
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
            Val: 11 MaxValRange
        Attr: highestCommittedUSN
            Val: 7 4266792
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
            Val: 8 EXTERNAL
            Val: 10 DIGEST-MD5
        Attr: dnsHostName
            Val: 30 chouse-svr01.churchhouse.local
        Attr: ldapServiceName
            Val: 49 churchhouse.local:chouse-svr01$@CHURCHHOUSE.LOCAL
        Attr: serverName
            Val: 98 CN=CHOUSE-SVR01,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=churchhouse,DC=local
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1670
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE
        Attr: domainFunctionality
            Val: 1 2
        Attr: forestFunctionality
            Val: 1 0
        Attr: domainControllerFunctionality
            Val: 1 2
 
    Do Negotiate authenticated LDAP call to 'chouse-svr01.churchhouse.local'.
    [FATAL] Cannot do Negotiate authenticated ldap_bind to 'chouse-svr01.churchhouse.local': Local Error.
    [WARNING] Failed to query SPN registration on DC 'chouse-svr01.churchhouse.local'.
    [FATAL] No LDAP servers work in the domain 'CHURCHHOUSE'.
 
 
Routing table test . . . . . . . . : Passed
Active Routes :
Network Destination        Netmask           Gateway         Interface  Metric
         0.0.0.0           0.0.0.0       192.168.0.2      192.168.0.47      20
       127.0.0.0         255.0.0.0         127.0.0.1         127.0.0.1       1
     192.168.0.0     255.255.255.0      192.168.0.47      192.168.0.47      20
    192.168.0.47   255.255.255.255         127.0.0.1         127.0.0.1      20
   192.168.0.255   255.255.255.255      192.168.0.47      192.168.0.47      20
       224.0.0.0         240.0.0.0      192.168.0.47      192.168.0.47      20
 255.255.255.255   255.255.255.255      192.168.0.47      192.168.0.47       1
No persistent route entries.
 
 
Netstat information test . . . . . : Passed
 
 
    Interface Statistics
 
                                    Received             Sent
    Unicast Packets                 21769390          3538925
    Non-unicast packets                 1431               71
    Discards                               0                0
    Errors                                 0                0
    Unknown protocols                      0           458244
 
    Interface index         =  1
    Description             =  MS TCP Loopback interface
    Type                    =  24
    MTU                     =  1520
    Speed                   =  10000000
    Physical Address        =  00-00-00-00-00-00
    Administrative Status   =  1
    Operational Status      =  1
    Last Changed            =  14259168
    Output Queue Length     =  0
 
 
    Interface index         =  2
    Description             =  Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
    Type                    =  6
    MTU                     =  1500
    Speed                   =  100000000
    Physical Address        =  00-17-31-28-3B-4F
    Administrative Status   =  1
    Operational Status      =  1
    Last Changed            =  14259170
    Output Queue Length     =  0
 
 
 
    Active Connections
 
  Proto Local Address         Foreign Address                           State
    TCP   CHWS-15:epmap         CHWS-15.churchhouse.local:6298            LISTENING
    TCP   CHWS-15:microsoft-ds  CHWS-15.churchhouse.local:36872           LISTENING
    TCP   CHWS-15:3389          CHWS-15.churchhouse.local:24775           LISTENING
    TCP   CHWS-15:5225          CHWS-15.churchhouse.local:34826           LISTENING
    TCP   CHWS-15:5226          CHWS-15.churchhouse.local:30923           LISTENING
    TCP   CHWS-15:8008          CHWS-15.churchhouse.local:39070           LISTENING
    TCP   CHWS-15:1048          CHWS-15.churchhouse.local:14381           LISTENING
    TCP   CHWS-15:1505          localhost:5225                            CLOSE_WAIT
    TCP   CHWS-15:1506          localhost:5225                            CLOSE_WAIT
    TCP   CHWS-15:1508          localhost:5225                            CLOSE_WAIT
    TCP   CHWS-15:1509          localhost:5225                            CLOSE_WAIT
    TCP   CHWS-15:1510          localhost:5226                            ESTABLISHED
    TCP   CHWS-15:1514          localhost:5225                            CLOSE_WAIT
    TCP   CHWS-15:1515          localhost:5225                            CLOSE_WAIT
    TCP   CHWS-15:1516          localhost:5225                            CLOSE_WAIT
    TCP   CHWS-15:5226          localhost:1510                            ESTABLISHED
    TCP   CHWS-15:8005          CHWS-15.churchhouse.local:16566           LISTENING
    TCP   CHWS-15:netbios-ssn   CHWS-15.churchhouse.local:4202            LISTENING
    TCP   CHWS-15:1775          chouse-svr01.churchhouse.local:microsoft-ds  ESTABLISHED
    TCP   CHWS-15:2373          chouse-svr01.churchhouse.local:8014       ESTABLISHED
    TCP   CHWS-15:2376          chouse-svr01.churchhouse.local:microsoft-ds  TIME_WAIT
    TCP   CHWS-15:2384          chouse-svr01.churchhouse.local:microsoft-ds  TIME_WAIT
    TCP   CHWS-15:2392          chouse-svr01.churchhouse.local:microsoft-ds  TIME_WAIT
    TCP   CHWS-15:2400          chouse-svr01.churchhouse.local:microsoft-ds  TIME_WAIT
    TCP   CHWS-15:2408          chouse-svr01.churchhouse.local:microsoft-ds  TIME_WAIT
    TCP   CHWS-15:2416          chouse-svr01.churchhouse.local:microsoft-ds  TIME_WAIT
    TCP   CHWS-15:2423          chouse-svr01.churchhouse.local:epmap      TIME_WAIT
    TCP   CHWS-15:2424          chouse-svr01.churchhouse.local:1026       TIME_WAIT
    TCP   CHWS-15:2430          chouse-svr01.churchhouse.local:microsoft-ds  ESTABLISHED
    TCP   CHWS-15:2437          chouse-svr01.churchhouse.local:epmap      ESTABLISHED
    TCP   CHWS-15:2438          chouse-svr01.churchhouse.local:1026       ESTABLISHED
    TCP   CHWS-15:2440          chouse-svr01.churchhouse.local:1026       ESTABLISHED
    TCP   CHWS-15:2441          chouse-svr01.churchhouse.local:1026       ESTABLISHED
    TCP   CHWS-15:2443          chouse-svr01.churchhouse.local:ldap       TIME_WAIT
    TCP   CHWS-15:2444          chouse-svr01.churchhouse.local:ldap       TIME_WAIT
    TCP   CHWS-15:2445          chouse-svr01.churchhouse.local:ldap       ESTABLISHED
    TCP   CHWS-15:2451          chouse-svr01.churchhouse.local:ldap       TIME_WAIT
    TCP   CHWS-15:3389          CDBFSQLSERVER:4079                        ESTABLISHED
    UDP  CHWS-15:microsoft-ds  *:*                                     
    UDP  CHWS-15:isakmp        *:*                                     
    UDP  CHWS-15:4500          *:*                                     
    UDP  CHWS-15:ntp           *:*                                     
    UDP  CHWS-15:1025          *:*                                     
    UDP  CHWS-15:1038          *:*                                     
    UDP  CHWS-15:1793          *:*                                     
    UDP  CHWS-15:1900          *:*                                     
    UDP  CHWS-15:2442          *:*                                     
    UDP  CHWS-15:ntp           *:*                                     
    UDP  CHWS-15:netbios-ns    *:*                                     
    UDP  CHWS-15:netbios-dgm   *:*                                     
    UDP  CHWS-15:1900          *:*                                     
 
 
    IP  Statistics
 
    Packets Received              =   29,866
    Received Header Errors        =   0
    Received Address Errors       =   11
    Datagrams Forwarded           =   0
    Unknown Protocols Received    =   0
    Received Packets Discarded    =   7
    Received Packets Delivered    =   29,857
    Output Requests               =   26,500
    Routing Discards              =   0
    Discarded Output Packets      =   0
    Output Packet No Route        =   0
    Reassembly  Required          =   0
    Reassembly Successful         =   0
    Reassembly Failures           =   0
    Datagrams successfully fragmented  =   0
    Datagrams failing fragmentation    =   0
    Fragments Created                  =   0
    Forwarding                        =    2
    Default TTL                       =    128
    Reassembly  timeout               =    60
 
 
    TCP Statistics 
 
    Active Opens               =    924
    Passive Opens              =    18
    Failed Connection Attempts =    19
    Reset Connections          =    51
    Current Connections        =    18
    Received Segments          =    27,950
    Segment Sent               =    24,900
    Segment Retransmitted      =    37
    Retransmission Timeout Algorithm  =   vanj
    Minimum Retransmission Timeout  = 300
    Maximum Retransmission Timeout  = 120,000
    Maximum Number of Connections   = -1
 
 
    UDP Statistics
 
    Datagrams Received    =   1,740
    No Ports              =   201
    Receive Errors        =   2
    Datagrams Sent        =   1,444
 
 
    ICMP Statistics 
 
                              Received           Sent
    Messages                       116            116
    Errors                           0              0
    Destination  Unreachable         1              1
    Time    Exceeded                 0              0
    Parameter Problems               0              0
    Source Quenchs                   0              0
    Redirects                        0              0
    Echos                            8              8
    Echo Replies                   107            107
    Timestamps                       0              0
    Timestamp Replies                0              0
    Address Masks                    0              0
    Address Mask Replies             0              0
 
 
Bindings test. . . . . . . . . . . : Passed
    Component Name : NDIS Usermode I/O Protocol
    Bind Name: Ndisuio
    Binding Paths:
        Owner of the binding path : NDIS Usermode I/O Protocol
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: ndis5
            Upper Component: NDIS Usermode I/O Protocol
            Lower Component: Realtek RTL8139 Family PCI Fast Ethernet NIC
 
 
    Component Name : Point to Point Protocol Over Ethernet
    Bind Name: RasPppoe
    Binding Paths:
        Owner of the binding path : Point to Point Protocol Over Ethernet
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: ndis5
            Upper Component: Point to Point Protocol Over Ethernet
            Lower Component: Realtek RTL8139 Family PCI Fast Ethernet NIC
 
 
    Component Name : Point to Point Tunneling Protocol
    Bind Name: mspptp
    Binding Paths:
 
    Component Name : Layer 2 Tunneling Protocol
    Bind Name: msl2tp
    Binding Paths:
 
    Component Name : Remote Access NDIS WAN Driver
    Bind Name: NdisWan
    Binding Paths:
        Owner of the binding path : Remote Access NDIS WAN Driver
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: ndiscowan
            Upper Component: Remote Access NDIS WAN Driver
            Lower Component: Direct Parallel
 
        Owner of the binding path : Remote Access NDIS WAN Driver
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: ndiswan
            Upper Component: Remote Access NDIS WAN Driver
            Lower Component: WAN Miniport (PPPOE)
 
        Owner of the binding path : Remote Access NDIS WAN Driver
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: ndiswan
            Upper Component: Remote Access NDIS WAN Driver
            Lower Component: WAN Miniport (PPTP)
 
        Owner of the binding path : Remote Access NDIS WAN Driver
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: ndiscowan
            Upper Component: Remote Access NDIS WAN Driver
            Lower Component: WAN Miniport (L2TP)
 
        Owner of the binding path : Remote Access NDIS WAN Driver
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: ndiswanasync
            Upper Component: Remote Access NDIS WAN Driver
            Lower Component: RAS Async Adapter
 
 
    Component Name : Message-oriented TCP/IP Protocol (SMB session)
    Bind Name: NetbiosSmb
    Binding Paths:
 
    Component Name : WINS Client(TCP/IP) Protocol
    Bind Name: NetBT
    Binding Paths:
        Owner of the binding path : WINS Client(TCP/IP) Protocol
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: Realtek RTL8139 Family PCI Fast Ethernet NIC
 
        Owner of the binding path : WINS Client(TCP/IP) Protocol
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)
 
 
    Component Name : Internet Protocol (TCP/IP)
    Bind Name: Tcpip
    Binding Paths:
        Owner of the binding path : Internet Protocol (TCP/IP)
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: Realtek RTL8139 Family PCI Fast Ethernet NIC
 
        Owner of the binding path : Internet Protocol (TCP/IP)
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)
 
 
    Component Name : Client for Microsoft Networks
    Bind Name: LanmanWorkstation
    Binding Paths:
        Owner of the binding path : Client for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: netbios_smb
            Upper Component: Client for Microsoft Networks
            Lower Component: Message-oriented TCP/IP Protocol (SMB session)
 
        Owner of the binding path : Client for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: netbios
            Upper Component: Client for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: Realtek RTL8139 Family PCI Fast Ethernet NIC
 
        Owner of the binding path : Client for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: netbios
            Upper Component: Client for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)
 
 
    Component Name : WebClient
    Bind Name: WebClient
    Binding Paths:
 
    Component Name : Wireless Zero Configuration
    Bind Name: wzcsvc
    Binding Paths:
 
    Component Name : Steelhead
    Bind Name: RemoteAccess
    Binding Paths:
 
    Component Name : Dial-Up Server
    Bind Name: msrassrv
    Binding Paths:
 
    Component Name : Remote Access Connection Manager
    Bind Name: RasMan
    Binding Paths:
 
    Component Name : Dial-Up Client
    Bind Name: msrascli
    Binding Paths:
 
    Component Name : File and Printer Sharing for Microsoft Networks
    Bind Name: LanmanServer
    Binding Paths:
        Owner of the binding path : File and Printer Sharing for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: netbios_smb
            Upper Component: File and Printer Sharing for Microsoft Networks
            Lower Component: Message-oriented TCP/IP Protocol (SMB session)
 
        Owner of the binding path : File and Printer Sharing for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: netbios
            Upper Component: File and Printer Sharing for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: Realtek RTL8139 Family PCI Fast Ethernet NIC
 
        Owner of the binding path : File and Printer Sharing for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: netbios
            Upper Component: File and Printer Sharing for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)
 
 
    Component Name : NetBIOS Interface
    Bind Name: NetBIOS
    Binding Paths:
        Owner of the binding path : NetBIOS Interface
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: netbios
            Upper Component: NetBIOS Interface
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: Realtek RTL8139 Family PCI Fast Ethernet NIC
 
        Owner of the binding path : NetBIOS Interface
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: netbios
            Upper Component: NetBIOS Interface
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)
 
 
    Component Name : QoS Packet Scheduler
    Bind Name: PSched
    Binding Paths:
        Owner of the binding path : QoS Packet Scheduler
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: ndis5
            Upper Component: QoS Packet Scheduler
            Lower Component: Realtek RTL8139 Family PCI Fast Ethernet NIC
 
        Owner of the binding path : QoS Packet Scheduler
        Binding Enabled: Yes
    Interfaces of the binding path: 
        -Interface Name: ndiswanip
            Upper Component: QoS Packet Scheduler
            Lower Component: WAN Miniport (IP)
 
 
    Component Name : QoS RSVP
    Bind Name: RSVP
    Binding Paths:
 
    Component Name : Generic Packet Classifier
    Bind Name: Gpc
    Binding Paths:
 
    Component Name : Application Layer Gateway
    Bind Name: ALG
    Binding Paths:
 
    Component Name : WAN Miniport (IP)
    Bind Name: NdisWanIp
    Binding Paths:
 
    Component Name : Direct Parallel
    Bind Name: {7DDA9096-CA3E-4235-B1BD-989A7EDA6D9C}
    Binding Paths:
 
    Component Name : WAN Miniport (PPPOE)
    Bind Name: {64A59686-534B-4FBF-A42C-AAD7F06F71FA}
    Binding Paths:
 
    Component Name : WAN Miniport (PPTP)
    Bind Name: {513FDAC2-3EAE-4EE1-BBCB-7CF31E9914F1}
    Binding Paths:
 
    Component Name : WAN Miniport (L2TP)
    Bind Name: {604114C1-6AA0-438F-8B01-DA1D15121710}
    Binding Paths:
 
    Component Name : RAS Async Adapter
    Bind Name: {FFABC96A-D98A-48EF-A240-D8431D70C9BD}
    Binding Paths:
 
    Component Name : Realtek RTL8139 Family PCI Fast Ethernet NIC
    Bind Name: {5F166796-4D58-4261-A4B1-BD6F62E804CC}
    Binding Paths:
 
 
 
WAN configuration test . . . . . . : Skipped
    No active remote access connections.
 
 
Modem diagnostics test . . . . . . : Passed
 
IP Security test . . . . . . . . . : Passed
    Service status  is: Started
    Service startup is: Automatic
    IPSec service is available, but no policy is assigned or active
    Note: run "ipseccmd /?" for more detailed information
 
 
The command completed successfully

Open in new window

0
Comment
Question by:west-com
  • 13
  • 8
  • 5
  • +1
31 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24225514
The problem is that the client isn't pointing to your internal DNS server your router isn't a internal DNS server it is a external DNS server because it doesn't have any knowledge of your internal domain.

All clients and servers should be pointing to your internal DNS servers. You set DNS forwarding up for external DNS resolution.

Remove 192.168.0.1 and put the internal DNS server.
0
 

Author Comment

by:west-com
ID: 24225723
192.168.0.1 is the Domain Controller and therefore the internal DNS

192.168.0.1 is the DC
192.168.0.2 is the router

I could remove WINS from DHCP as WINS is no longer installed on the server, but I though that DNS took priority over WINS and therefore this setting should not be an issue.

Domain Controller:
Windows IP Configuration

   Host Name . . . . . . . . . . . . : chouse-svr01
   Primary Dns Suffix  . . . . . . . : churchhouse.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : churchhouse.local

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
   Physical Address. . . . . . . . . : 00-16-E6-4A-63-5E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.2
   DNS Servers . . . . . . . . . . . : 127.0.0.1

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : churchhouse.local
        Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
        Physical Address. . . . . . . . . : 00-17-31-28-3B-4F
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.47
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.2
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.1
        Primary WINS Server . . . . . . . : 192.168.0.1
        Lease Obtained. . . . . . . . . . : 24 April 2009 15:03:43
        Lease Expires . . . . . . . . . . : 02 May 2009 15:03:43
0
 

Author Comment

by:west-com
ID: 24225750
on the LAST comment, the second IPConfig list refers to the PC with the repeatable fault
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24225822
Change 127.0.0.1 to the actual IP address 192.168.0.1. WINS is still in the ip config.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24225992
Run ipconfig /registerdns then netdiag /fix
0
 

Author Comment

by:west-com
ID: 24226189
Not sure whether to run these on the server or the client so I've done both since I don't think there will be issues.

Run on the server:
C:\Documents and Settings\Administrator.CHURCHHOUSE>netdiag /fix
 
....................................
 
    Computer Name: CHOUSE-SVR01
    DNS Host Name: chouse-svr01.churchhouse.local
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
    List of installed hotfixes :
        KB923561
        KB924667-v2
        KB925398_WMP64
        KB925876
        KB925902-v2
        KB927891
        KB929123
        KB930178
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936357
        KB936782
        KB938127
        KB938127-IE7
        KB938464
        KB941569
        KB942830
        KB942831
        KB943055
        KB943460
        KB943485
        KB943729
        KB944338-v2
        KB944653
        KB945553
        KB946026
        KB948496
        KB949014
        KB950760
        KB950762
        KB950974
        KB951066
        KB951698
        KB951746
        KB951748
        KB952004
        KB952069
        KB952954
        KB953838-IE7
        KB954211
        KB954550-v5
        KB954600
        KB955069
        KB955839
        KB956390-IE7
        KB956572
        KB956802
        KB956803
        KB956841
        KB957097
        KB958215
        KB958644
        KB958687
        KB958690
        KB959426
        KB960225
        KB960714
        KB960715
        KB960803
        KB961063
        KB961064
        KB961118
        KB961260-IE7
        KB961373
        KB963027-IE7
        KB967715
        Q147222
 
 
Netcard queries test . . . . . . . : Passed
 
 
 
Per interface results:
 
    Adapter : Local Area Connection 3
 
        Netcard queries test . . . : Passed
 
        Host Name. . . . . . . . . : chouse-svr01
        IP Address . . . . . . . . : 192.168.0.1
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.2
        Dns Servers. . . . . . . . : 192.168.0.1
 
 
        AutoConfiguration results. . . . . . : Passed
 
        Default gateway test . . . : Passed
 
        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
 
        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.
 
 
Global results:
 
 
Domain membership test . . . . . . : Passed
 
 
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{7F26FE54-59EA-4AFF-9445-CF61C949BD02}
    1 NetBt transport currently configured.
 
 
Autonet address test . . . . . . . : Passed
 
 
IP loopback ping test. . . . . . . : Passed
 
 
Default gateway test . . . . . . . : Passed
 
 
NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
 
 
Winsock test . . . . . . . . . . . : Passed
 
 
DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.0.1'
.
 
 
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{7F26FE54-59EA-4AFF-9445-CF61C949BD02}
    The redir is bound to 1 NetBt transport.
 
    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{7F26FE54-59EA-4AFF-9445-CF61C949BD02}
    The browser is bound to 1 NetBt transport.
 
 
DC discovery test. . . . . . . . . : Passed
 
 
DC list test . . . . . . . . . . . : Passed
 
 
Trust relationship test. . . . . . : Skipped
 
 
Kerberos test. . . . . . . . . . . : Passed
 
 
LDAP test. . . . . . . . . . . . . : Passed
 
 
Bindings test. . . . . . . . . . . : Passed
 
 
WAN configuration test . . . . . . : Skipped
    No active remote access connections.
 
 
Modem diagnostics test . . . . . . : Passed
 
IP Security test . . . . . . . . . : Skipped
 
    Note: run "netsh ipsec dynamic show /?" for more detailed information
 
 
The command completed successfully

Open in new window

0
 

Author Comment

by:west-com
ID: 24226192
Run on the client:
C:\Documents and Settings\administrator>netdiag /fix
 
........................................
 
    Computer Name: CHWS-15
    DNS Host Name: CHWS-15.churchhouse.local
    System info : Windows 2000 Professional (Build 2600)
    Processor : x86 Family 15 Model 4 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB902344
        KB911564
        KB917734_WMP10
        KB923561
        KB923689
        KB925398_WMP64
        KB936782_WMP10
        KB938127-IE7
        KB938464
        KB938464-v2
        KB941569
        KB944533-IE7
        KB946648
        KB947864-IE7
        KB950759-IE7
        KB950760
        KB950762
        KB950974
        KB951066
        KB951072-v2
        KB951376
        KB951376-v2
        KB951698
        KB951748
        KB951978
        KB952004
        KB952069_WM9
        KB952287
        KB952954
        KB953838-IE7
        KB953839
        KB954211
        KB954459
        KB954600
        KB955069
        KB955839
        KB956390-IE7
        KB956391
        KB956572
        KB956802
        KB956803
        KB956841
        KB957095
        KB957097
        KB958215-IE7
        KB958644
        KB958687
        KB958690
        KB959426
        KB960225
        KB960714-IE7
        KB960715
        KB960803
        KB961260-IE7
        KB961373
        KB963027-IE7
        KB967715
        Q147222
 
 
Netcard queries test . . . . . . . : Passed
 
 
 
Per interface results:
 
    Adapter : Local Area Connection
 
        Netcard queries test . . . : Passed
 
        Host Name. . . . . . . . . : CHWS-15.churchhouse.local
        IP Address . . . . . . . . : 192.168.0.47
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.2
        Primary WINS Server. . . . : 192.168.0.1
        Dns Servers. . . . . . . . : 192.168.0.1
 
 
        AutoConfiguration results. . . . . . : Passed
 
        Default gateway test . . . : Passed
 
        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
 
        WINS service test. . . . . : Failed
            The test failed.  We were unable to query the WINS servers.
 
 
Global results:
 
 
Domain membership test . . . . . . : Passed
 
 
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{5F166796-4D58-4261-A4B1-BD6F62E804CC}
    1 NetBt transport currently configured.
 
 
Autonet address test . . . . . . . : Passed
 
 
IP loopback ping test. . . . . . . : Passed
 
 
Default gateway test . . . . . . . : Passed
 
 
NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
 
 
Winsock test . . . . . . . . . . . : Passed
 
 
DNS test . . . . . . . . . . . . . : Passed
 
 
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{5F166796-4D58-4261-A4B1-BD6F62E804CC}
    The redir is bound to 1 NetBt transport.
 
    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{5F166796-4D58-4261-A4B1-BD6F62E804CC}
    The browser is bound to 1 NetBt transport.
 
 
DC discovery test. . . . . . . . . : Passed
 
 
DC list test . . . . . . . . . . . : Failed
    [WARNING] Cannot call DsBind to chouse-svr01.churchhouse.local (192.168.0.1)
. [ERROR_INTERNAL_ERROR]
 
 
Trust relationship test. . . . . . : Passed
    Secure channel for domain 'CHURCHHOUSE' is to '\\chouse-svr01.churchhouse.lo
cal'.
 
 
Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Kerberos does not have a ticket for krbtgt/churchhouse.local.
        [FATAL] Kerberos does not have a ticket for host/CHWS-15.churchhouse.loc
al.
 
 
LDAP test. . . . . . . . . . . . . : Failed
    [FATAL] Cannot do Negotiate authenticated ldap_bind to 'chouse-svr01.churchh
ouse.local': Local Error.
    [WARNING] Failed to query SPN registration on DC 'chouse-svr01.churchhouse.l
ocal'.
    [FATAL] No LDAP servers work in the domain 'CHURCHHOUSE'.
 
 
Bindings test. . . . . . . . . . . : Passed
 
 
WAN configuration test . . . . . . : Skipped
    No active remote access connections.
 
 
Modem diagnostics test . . . . . . : Passed
 
IP Security test . . . . . . . . . : Passed
    Service status  is: Started
    Service startup is: Automatic
    IPSec service is available, but no policy is assigned or active
    Note: run "ipseccmd /?" for more detailed information

Open in new window

0
 
LVL 12

Expert Comment

by:Hugh Fraser
ID: 24226517
Check the times on the DC and the client. Kerberos isn't very tolerant of clock skew. The DC's indicate that they are time servers, but it's an easy check to ensure the client agree.
0
 

Author Comment

by:west-com
ID: 24226624
time is consistent within 2 or three seconds between client and server.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24226652
The client will fail.
0
 
LVL 12

Expert Comment

by:Hugh Fraser
ID: 24227248
2-3 seconds should be adequate unless you've changed the skew tolerance. But it is a large difference for machines within a domain, which tends to indicate other connectivity problems with the DC.

The DC list test failure indicates that the problem has to do with the RPC endpoint mapper on the DC. Check the event logs for error messages as you're running the netdiag on the client.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24227288
The DC netdiag is passing which is correct but the client is failing because those tests can't be run on a client. So, I don't see any issues.
0
 
LVL 12

Expert Comment

by:Hugh Fraser
ID: 24229650
I believe the DC List Test should work from a client that's a member of the domain. It simply tries to get a list of domain controllers in the domain from the directory service.  I won't have access to a domain environment to validate this for a couple of days, but I did go over the support page again for Netdiag and don't see anything that should preclude the test from running on a Windows client, unless I've missed something. If I haven't missed something, there should be an error in the event logs (check the server and client).
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24234619
Your client computer lost its computer password. I believe you will have to use netdom to reinitiate the computer password in order to get a kerberose ticket for it.  

http://support.microsoft.com/kb/260575

An easier way to do this is to just rejoin the domain with the client computer.

Also, another thing that can cause this issue is a software firewall. some software firewalls will block the Kerberose to grant a ticket to the client machine. Check to see if you have a software firewall on client or server. I think Windows firewall will do just that.

Some of the newer viruses will shut down services on your DC as well as infect client computers without user interaction needed to spread the virus. One is called conflicker. What virus did you have on the server that you found?
0
 

Author Comment

by:west-com
ID: 24239691
The engineer who removed the viruses does not believe that conflicker was one of them.

However, I have removed the client from the domain and re attached it (even changing its name the second attempt) without a resolution.

I had already removed Windows Firewall and Symantec EPP firewall software from the client when the problems were first discovered.

I am wondering if Acive Directory can be corrupted by viruses and cause this, forcing me to build a new installation of the Domain and recreating Comuter and User accounts.

Also, as another drastic solution, whether to build a new DC and remove the existing DC from the domain. The premise for this is that the DC may have a corruption in Windows that is causing the problems.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24241008
Again the netdiag will fail on the client because it isn't a DC.
0
 
LVL 12

Expert Comment

by:Hugh Fraser
ID: 24241701
Fair enough.

It's curious that the domain/test account fails to authenticate when used to login a user, but succeeds when used as the credentials to map a drive, both from the same machine. Since the domain/another account can be used to log in, it would appear the machine's credentials are OK, and that connectivity to the DC isn't a problem. Are there any unusual events reported in the client and DC event logs when after the domain/test login fails?
0
 

Author Comment

by:west-com
ID: 24250562
Client repeatedly gets in the Application Log:
EventID: 1053
Windows cannot determine the user or computer name. (An internal error occurred. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

....and more occasionally....

Event ID: 15
Automatic certificate enrollment for local system failed to contact the active directory (0x80072095).  A directory service error has occurred.
  Enrollment will not be performed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

..... And in the system Log .....

Event ID: 40961
The Security System could not establish a secured connection with the server LDAP/chouse-svr01.churchhouse.local/churchhouse.local.  No authentication protocol was available.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24252368
Can you ping the domain name? Can you the DC and DNS server?
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24257681
dariusq:

When I see these errors, I usually think a multihomed DC. Both errors can pop up during a multihomed DC.
0
 

Author Comment

by:west-com
ID: 24258399
I can ping both the DC and the domain successfully and it returns the correct IP address.

When you mean Multi-homed, ChiefIT, you mean a server with multiple IP addresses? The DC is the only DC and it only has one IP address.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : chouse-svr01
   Primary Dns Suffix  . . . . . . . : churchhouse.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : churchhouse.local

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
   Physical Address. . . . . . . . . : 00-16-E6-4A-63-5E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.2
   DNS Servers . . . . . . . . . . . : 192.168.0.1
From the client:
 
ping.exe churchhouse.local
 
Pinging churchhouse.local [192.168.0.1] with 32 bytes of data:
 
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 192.168.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
ping.exe chouse-svr01
 
Pinging chouse-svr01.churchhouse.local [192.168.0.1] with 32 bytes of data:
 
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 192.168.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Open in new window

0
 

Author Comment

by:west-com
ID: 24258487
Network configuration:

One DC which is DNS/DHCP server as well
One Database server (was a DC two years ago but was removed from this role.)
30 Client XP PCs
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24259566
I agree Cheif but I don't see that second NIC in this issue. The problem is only occurring on one client as well.

west-com,

Have you tried replacing the NIC on the client?
0
 
LVL 12

Expert Comment

by:Hugh Fraser
ID: 24268566
In addition to changing the NIC, there have been some reports of auto-negotiation problems (ie. setting to 10FD on a 100FD network) causing Kerberos authentication problems. Whiloe you might want to check this as well, it unfortunately doesn't explain the symptoms described in the post, in which the second attempt to map a drive as domain/test works.

Can you verify this sequence as I understand it

1. Create new account domain\test
2. Log in as as domain\test - fails
3. Log in as domain\another - success
4. Map \\server\netlogon as domain\test - fails
5. Map \\server\netlogon as domain\another - success
6. Drop mapping
7. Map \\server\netlogon as domain\test - success

Steps 2-7 are executed from the same machine in sequence.

In short, the domain\test account works for mapping \\server\netlogon, but only the second attempt after mapping it using the domain\another account.

Is this correct?
0
 

Author Comment

by:west-com
ID: 24277382
1. Create new account domain\test
2. Log in as as domain\test - partial success (therefore accepting password)
3. Will not run login script and therefore Map \\server\netlogon as domain\test - fails
4. Map \\server\netlogon as domain\test - fails
5. Map \\server\netlogon as domain\another - success
6. Drop mapping  - net use * /d
7. Map \\server\netlogon as domain\test - success

It does not seem to matter what account I use, the sequence is the same.
0
 

Author Comment

by:west-com
ID: 24277437
Just retested this... and Hummm.... no fault found!!!

Why has this fault just gone away????
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24284708
churchhouse.local and chouse-svr01 are the same computer? You just pinged it with two different netbios names and got the same IP address. You have a records conflict or two nodes on the same IP.

Did you rename this server?
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24284719
Made a mistake in the above comment. You pinged by two DNS names and got the same IP address. Go to the client machine and clear your Netbios cache by typing IPconfig /flushDNS at the command prompt. Then, clear out your HOST file of all names referencing that IP.

Also go to the command prompt and type NBTSTAT -a 192.168.0.1 to see if you have two nodes on the same IP address. If so, your event logs should have warned you about two nodes conflicting with the IP.

192.168.0.1 is the default IP for some mass storage devices and routers. So, be wary of that if you bring a router or mass storage device into the domain.
0
 

Author Comment

by:west-com
ID: 24304478
Ok.
churchhouse.local is the domain name aand chouse-svr01 the Domain Controller.

My understanding of DNS is that if you ping the Domain Name, one of the DC's (in my case I only have one) will respond.

Below is the NBTSTAT results.
I don't think I have any other device connected with this IP address
C:\>NBTSTAT -a 192.168.0.1
 
Local Area Connection 3:
Node IpAddress: [192.168.0.1] Scope Id: []
 
           NetBIOS Remote Machine Name Table
 
       Name               Type         Status
    ---------------------------------------------
    CHOUSE-SVR01   <00>  UNIQUE      Registered
    CHURCHHOUSE    <00>  GROUP       Registered
    CHURCHHOUSE    <1C>  GROUP       Registered
    CHOUSE-SVR01   <20>  UNIQUE      Registered
    CHURCHHOUSE    <1B>  UNIQUE      Registered
    CHURCHHOUSE    <1E>  GROUP       Registered
    CHURCHHOUSE    <1D>  UNIQUE      Registered
    ..__MSBROWSE__.<01>  GROUP       Registered
 
    MAC Address = 00-16-E6-4A-63-5E

Open in new window

0
 
LVL 39

Accepted Solution

by:
ChiefIT earned 1500 total points
ID: 24304637
CHURCHHOUSE    <1B>  UNIQUE      Registered

1B should be a unique name to the server's netbios name, not the domain name. I think what you might do is type:

NBTSTAT -RR at the command prompt and then re-run NBTStat -a 192.168.0.1

Looks like you have a bad netbios cache record. I screwed up above by telling you to flush the netbios cache by typing IPconfig /flushdns
0
 

Author Closing Comment

by:west-com
ID: 31574230
I still am not sure why the problem went away, but am not sure anyone will be able to diagnose that now.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes has been used since a very long time as an e-mail client and is very popular because of it's unmatched security. In this article we are going to learn about  RRV Bucket corruption and understand various methods to Fix "RRV Bucket Corrupt…
In this article, we’ll look at how to deploy ProxySQL.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question