Link to home
Start Free TrialLog in
Avatar of Jim Metcalf
Jim MetcalfFlag for United States of America

asked on

active directory issues on vpn'd networks

Computers on vpn'd networks will not join domain.  If the computer is already joined to the domain and set up on the main network they behave fine even when i move them to outside networks.  
in the dns error log i see this error.  

The DNS server was unable to complete directory service enumeration of the zone 6.168.192.in-addr.arpa.  This DNS server si configured to use information obtaine from the Active Directory for thi szone and is unable to laod the zone without it.  Check that Active Directory is functioning properly and repeat enumeration of the zone.  the extended error debug information( which may be empity is "".  The event data contains the error.

Any Suggestions.  i have an error for every subnet in the dns event log like this
ASKER CERTIFIED SOLUTION
Avatar of powereds
powereds
Flag of Philippines image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jim Metcalf

ASKER

The ip addresses are not correct as far as what is suggested above.  restarted one server and restarted workstation and can still not join domain.  does it take awhile for that error to work out.
SOLUTION
Avatar of Todd Gerbert
Todd Gerbert
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
i googled authorized dns servers but i think that is referenced to dhcp servers.
error message from the server
dns servers are active directory integrated so i would assume thats ok.
have not configured networks in Active Directory Sites & Services.
but i never had done that and we have been fine for 4 years up until now
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
yes the client workstation i am trying to join to the domain has the correct ip settings.  its dns server is the active directory integrated dns server at our home station and it can ping it fine.  all the reverse zones show up in the reverse zones section of the dns and is populated with correct devices in those zones.
Try running dcdiag on your DC, post results.
This is the first domain controller.  this is the  server that shows up as the primary dns server on the ipconfig for the workstation i am trying to join to the domain


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: *******\******
      Starting test: Connectivity
         ......................... ******** passed test Connectivity

Doing primary tests
   
   Testing server: **********Site\********
      Starting test: Replications
         ......................... ******** passed test Replications
      Starting test: NCSecDesc
         ......................... ******** passed test NCSecDesc
      Starting test: NetLogons
         ......................... ******** passed test NetLogons
      Starting test: Advertising
         ......................... ******** passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ******** passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... ******** passed test RidManager
      Starting test: MachineAccount
         Warning:  Attribute userAccountControl of ******** is: 0x82020 = ( UF_PASSWD_NOTREQD | UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         This may be affecting replication?
         ......................... ******** passed test MachineAccount
      Starting test: Services
         ......................... ******** passed test Services
      Starting test: ObjectsReplicated
         ......................... ******** passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... ******** passed test frssysvol
      Starting test: frsevent
         ......................... ******** passed test frsevent
      Starting test: kccevent
         ......................... ******** passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x40011006
            Time Generated: 01/11/2010   14:30:49
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002715
            Time Generated: 01/11/2010   14:31:02
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x40011006
            Time Generated: 01/11/2010   15:00:49
            (Event String could not be retrieved)
         ......................... ******** failed test systemlog
      Starting test: VerifyReferences
         ......................... ******** passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : ci
      Starting test: CrossRefValidation
         ......................... ci passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ci passed test CheckSDRefDom
   
   Running enterprise tests on : **.**********.*****.***
      Starting test: Intersite
         ......................... ********.******.**** passed test Intersite
      Starting test: FsmoCheck
         ......................... ********.******.**** passed test FsmoCheck
Hi, Try attaching with the FQDN (host.msft.com) rather than using the Netbios domain name, or vice versa.  Also ensure that you are not blocking all AD ports on a local F/W.

HTH
tried it Mighty Sw.
it didnt help
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Also, what are you VPN'd into?