?
Solved

active directory issues on vpn'd networks

Posted on 2010-01-11
12
Medium Priority
?
242 Views
Last Modified: 2012-05-08
Computers on vpn'd networks will not join domain.  If the computer is already joined to the domain and set up on the main network they behave fine even when i move them to outside networks.  
in the dns error log i see this error.  

The DNS server was unable to complete directory service enumeration of the zone 6.168.192.in-addr.arpa.  This DNS server si configured to use information obtaine from the Active Directory for thi szone and is unable to laod the zone without it.  Check that Active Directory is functioning properly and repeat enumeration of the zone.  the extended error debug information( which may be empity is "".  The event data contains the error.

Any Suggestions.  i have an error for every subnet in the dns event log like this
0
Comment
Question by:jamesmetcalf74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +1
12 Comments
 
LVL 7

Accepted Solution

by:
powereds earned 500 total points
ID: 26286188
0
 

Author Comment

by:jamesmetcalf74
ID: 26286381
The ip addresses are not correct as far as what is suggested above.  restarted one server and restarted workstation and can still not join domain.  does it take awhile for that error to work out.
0
 
LVL 33

Assisted Solution

by:Todd Gerbert
Todd Gerbert earned 1000 total points
ID: 26286466
What DNS server are the remotely connected computers using?  They should be using only the Active Directory authorized DNS servers.

Is that error message from the DNS server, or from a workstation?

Did you configure the IP networks in Active Directory Sites & Services?
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:jamesmetcalf74
ID: 26286510
i googled authorized dns servers but i think that is referenced to dhcp servers.
error message from the server
dns servers are active directory integrated so i would assume thats ok.
have not configured networks in Active Directory Sites & Services.
but i never had done that and we have been fine for 4 years up until now
0
 
LVL 33

Assisted Solution

by:Todd Gerbert
Todd Gerbert earned 1000 total points
ID: 26286559
I meant the DNS server must be your Active Directory DNS server - so the remote networks aren't using their local router for DNS, they're pointing to the Active Directory DNS servers?

The DNS server seems to be complaining it can't find a reverse lookup zone for 192.168.6.0.  Does this reverse zone exist?
0
 

Author Comment

by:jamesmetcalf74
ID: 26286615
yes the client workstation i am trying to join to the domain has the correct ip settings.  its dns server is the active directory integrated dns server at our home station and it can ping it fine.  all the reverse zones show up in the reverse zones section of the dns and is populated with correct devices in those zones.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 26286671
Try running dcdiag on your DC, post results.
0
 

Author Comment

by:jamesmetcalf74
ID: 26287044
This is the first domain controller.  this is the  server that shows up as the primary dns server on the ipconfig for the workstation i am trying to join to the domain


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: *******\******
      Starting test: Connectivity
         ......................... ******** passed test Connectivity

Doing primary tests
   
   Testing server: **********Site\********
      Starting test: Replications
         ......................... ******** passed test Replications
      Starting test: NCSecDesc
         ......................... ******** passed test NCSecDesc
      Starting test: NetLogons
         ......................... ******** passed test NetLogons
      Starting test: Advertising
         ......................... ******** passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ******** passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... ******** passed test RidManager
      Starting test: MachineAccount
         Warning:  Attribute userAccountControl of ******** is: 0x82020 = ( UF_PASSWD_NOTREQD | UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         This may be affecting replication?
         ......................... ******** passed test MachineAccount
      Starting test: Services
         ......................... ******** passed test Services
      Starting test: ObjectsReplicated
         ......................... ******** passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... ******** passed test frssysvol
      Starting test: frsevent
         ......................... ******** passed test frsevent
      Starting test: kccevent
         ......................... ******** passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x40011006
            Time Generated: 01/11/2010   14:30:49
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002715
            Time Generated: 01/11/2010   14:31:02
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x40011006
            Time Generated: 01/11/2010   15:00:49
            (Event String could not be retrieved)
         ......................... ******** failed test systemlog
      Starting test: VerifyReferences
         ......................... ******** passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : ci
      Starting test: CrossRefValidation
         ......................... ci passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ci passed test CheckSDRefDom
   
   Running enterprise tests on : **.**********.*****.***
      Starting test: Intersite
         ......................... ********.******.**** passed test Intersite
      Starting test: FsmoCheck
         ......................... ********.******.**** passed test FsmoCheck
0
 
LVL 20

Expert Comment

by:MightySW
ID: 26287205
Hi, Try attaching with the FQDN (host.msft.com) rather than using the Netbios domain name, or vice versa.  Also ensure that you are not blocking all AD ports on a local F/W.

HTH
0
 

Author Comment

by:jamesmetcalf74
ID: 26288790
tried it Mighty Sw.
it didnt help
0
 
LVL 20

Assisted Solution

by:MightySW
MightySW earned 500 total points
ID: 26288834
Remove the computer account from DNS.  It should have registered if you are allowing unsecured registrants.  Also remove the pointer record.

Ensure there are no computer objects in ADUC with that name.  If there are then remove them.

While you are connected to the VPN, run:

ipconfig /flushdns
ipconfig /registerdns

Try to attach your computer  to the domain.
0
 
LVL 20

Expert Comment

by:MightySW
ID: 26288885
Also, what are you VPN'd into?
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question