Solved

Communication problems between single computer and domain controller

Posted on 2010-08-25
36
3,562 Views
Last Modified: 2013-12-09
Hi everyone,

I have a really interesting problem that presented itself tonight when I was attempting to make some changes. I have a domain running in 2003 functionality (domain and forest level) with a 2008 R2 primary domain controller (which also does DNS, DHCP and WINS). My secondary domain controller is running 2003 and also does DNS, WINS and has some shared printers installed on it.

I was attempting to change the IP address of the 2003 domain controller and ran in to nothing but problems. Long story short I ended up moving it back due to all kinds of errors I was getting that could not be resolved with dns updates, dcdiag, netdiag, etc.

Everything seems to be working fine for the rest of the network, however I have a Windows 7 machine that cannot access the shared files and printers on the 2003 domain controller. It can ping the server and it successfully resolves the DNS names using either server (in other words it can still use the 2003 server for DNS), but if I attempt to connect to the server via a UNC path, it times out and fails. It doesn't matter if I use \\computername or \\computername.fqdn.tld - it fails every time. The really odd this is it will work for a few seconds right after boot, but stops working shortly after. I've also noticed that the problem is 2-way, meaning I can log in to the 2003 server and cannot access the PC via UNC.

I've also noticed that startup and logon is taking much longer than usual on this machine as well. I've double and triple checked IP settings on all servers and this PC making sure it wasn't referencing a bunk IP address, but everything is correct. I've also tried flushing the various caches (netbios, dns, arp, etc).

Does anyone have any idea as to what might be causing this? It's the only computer that is having difficulty so I suspect it's a setting somewhere but I cannot narrow it down.
0
Comment
Question by:rmmccann
  • 17
  • 8
  • 4
  • +4
36 Comments
 

Author Comment

by:rmmccann
Comment Utility
Just some additional information I forgot to add:

Using IP addresses in the UNC paths doesn't work either.

MSTSC (RDP Client) can not connect to the 2003 server from the Win 7 machine
0
 
LVL 1

Expert Comment

by:dazza98
Comment Utility
Check the time on the machine to make sure it matches the servers.
I had a similar problem yesterday....
0
 

Author Comment

by:rmmccann
Comment Utility
Good suggestion but unfortunately that wasn't it. Time was in sync between both machines. My login scripts synchronize the time with the primary domain controller automatically.
0
 
LVL 10

Expert Comment

by:Casey Herman
Comment Utility
You may need to purge wins on the servers.  
0
 
LVL 1

Expert Comment

by:gdemiro
Comment Utility
I would re-join it to the domain.
0
 

Author Comment

by:rmmccann
Comment Utility
I've already purged and scavenged WINS on both servers.

I won't know for sure until tomorrow when everyone is at their computers again, but I've only noticed a problem on one computer. I would think if it was DNS, WINS or something of that nature that it would affect more workstations?
0
 

Author Comment

by:rmmccann
Comment Utility
Will try a rejoin tomorrow.
0
 
LVL 1

Expert Comment

by:dazza98
Comment Utility
Also, don't forget to check the windows firewall.
0
 

Author Comment

by:rmmccann
Comment Utility
Firewall was disabled just to test and didn't help. Win7 machine has no trouble with any other fileservers on the network- just this one machine which also happens to be a dc.
0
 
LVL 1

Expert Comment

by:dazza98
Comment Utility
If the re-join doesn't work try putting the machine in an OU that doesn't have any Group Policy Objects linked to it.
0
 
LVL 3

Expert Comment

by:Shaun
Comment Utility
I am suspecting this as a Win7 problem, is this the only Win7 machine in the domain?
0
 
LVL 4

Expert Comment

by:Malajlo
Comment Utility
1) ipconfig /flushdns
2) ipconfig /all (check if everything is as it should be)
3) open \\ip_address
4) try to utilize network (download from internet, network share) - monitor speed

And disable WINS... It is realy useless since we throw away win3.x, win9x
0
 
LVL 6

Expert Comment

by:mkuehngoe
Comment Utility
On your 2003 server install the support tools. After that run
ipconfig /registerdns
nltest /DSregDNS
netdiag /fix
Changing IP on a DC is always a problem, but fortunately on 2003 you have the netdiag command. Maybe, you have to run it twice and don´t forget to boot.
0
 
LVL 10

Expert Comment

by:Casey Herman
Comment Utility
You may just need to flush the arp tables on both the client and the server.
0
 

Author Comment

by:rmmccann
Comment Utility
Okay, update on the issue which is only affecting this one machine (and this is 1 of about 7 or 8 Win7 machines on the domain):

- rejoining did not fix the issue

- it's definitely not a group policy issue or a firewall issue; firewalls have been disabled for testing and I was still unable to connect even when the computer was removed from the domain

- it's not an arp issue; both computers resolved the correct IP/MAC address mappings

- internet works fine on this machine and it has no troubles accessing the other domain controller or any of the other servers on the network

- it's not DNS! I can ping the server and the server can ping the workstation; basic connectivity is there

This is a real head scratcher. Has me completely stumped.
0
 
LVL 6

Expert Comment

by:mkuehngoe
Comment Utility
what is the brand of your nic?
0
 

Author Comment

by:rmmccann
Comment Utility
Intel on server, Realtek on client (Win7).

Tried a system restore to the beginning of the week - that also did not work. Removing the client's static IP and reverting to DHCP also does not help. For whatever reason these two machines are no longer on speaking terms.
0
 

Author Comment

by:rmmccann
Comment Utility
Last ditch effort is going to be a repair install, otherwise I will need to completely wipe and reinstall.

Confirmed that it's not the PC hardware or a firewall policy somewhere - BartPE loaded on the pc can talk to the problematic server, so Windows 7 seems to have puked.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 3

Expert Comment

by:Shaun
Comment Utility
I had a similar issue with Windows7, i really can't remember which feature caused this but this was what i did..

Go to Local Area Connection Settings -> Properties -> Configure -> Advanced
Try to Disable each feature and check the issue..

Request you to try this as a last resort before going for a rebuild

0
 

Author Comment

by:rmmccann
Comment Utility
Still troubleshooting. I have a XP Mode enabled on this particular machine

If I try to connect to the problematic server from the XP guest, I get an error message "<\\servername> is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The remote procedure call failed."

0
 

Author Comment

by:rmmccann
Comment Utility
I'm getting the same error on the Win7 host now. It's at least giving me something to work with instead of just timing out or locking up.

I've tried disabling various components (IPv6, Link Layer topology mapper and responder, Virtual PC network filter, QoS, etc) in the LAN config as suggested and that also did not help..
0
 
LVL 10

Expert Comment

by:Casey Herman
Comment Utility
I have scanned back through the posts and dont recall seeing this... but if it is back there somewhere, my apologies.

Disable IPv6...
0
 

Author Comment

by:rmmccann
Comment Utility
Tried disabling IPv6 (see post directly above yours), no go.

I also tried installing a different network adapter on the workstation just to rule out funky drivers, that also did not help.

Seems as though something in the OS configuration itself is preventing communication to this server.
0
 
LVL 6

Expert Comment

by:mkuehngoe
Comment Utility
Do you have any messages in event.log on thiis machine or on the servers site? You said
'The really odd this is it will work for a few seconds right after boot, but stops working shortly after'
You can try sysinternals 'autoruns' to check, what is started on you w7 computer.
0
 
LVL 6

Expert Comment

by:mkuehngoe
Comment Utility
By the way, do you run any other stuff, which uses a network interface like a VM or a VPN conection?
0
 

Author Comment

by:rmmccann
Comment Utility
After doing the system restore, the connection no longer works at all. Every other reboot seems to hang forever because it's trying to pull GP from the server it can't talk to.

This computer has IIS and Altiris Deployment Solution installed on it. No VPN software installed and nothing in the event log except a failure about applying group policy (which is understandable if it happens to get stuck with the win2003 server instead of the win2008 one). No events logged on the Win2003 server.

Just tried a netsh winsock reset / netsh winsock reset catalog - neither provided any resolution.
0
 
LVL 6

Expert Comment

by:mkuehngoe
Comment Utility
did you try to give only the 2008 server as dns?
0
 

Author Comment

by:rmmccann
Comment Utility
Well I've worked around the issue for now by forcing the computer to talk to the other domain controller (via hosts and some searching in the AD DNS records). This issue is still open so anyone with any suggestions or ideas please advise!
0
 

Author Comment

by:rmmccann
Comment Utility
Yep - I tried removing the other server from the DNS and WINS config on the network adapter of the affected server. Didn't help either unfortunately.
0
 
LVL 6

Accepted Solution

by:
mkuehngoe earned 500 total points
Comment Utility
in your eventlog on this machine. Is your tcp stack inialized after the netlogon message? If it is you should check for a newer driver for your nic or check your switch port for problems. We had a similar issue with a terminalserver once. The communication between server and cisco switch took too long for the server to be in place for the gpos coming.  I cannot remember what it was called at the cisco side, but we had to tell the switch to use fast negotioation. On other switches it is the spanning tree protocol.
0
 

Author Comment

by:rmmccann
Comment Utility
Don't see any messages about TCP/IP. Group Policy errors continue every other reboot. Had some permissions issues with the DCOP IPBusEnum service - that's resolved but hasn't fixed the problem.

Don't think it's a switchport problem. The workstation and server are both pingable shortly after the bootup screen. I haven't rebooted the switch yet as a step, but I won't be able to do that until later.
0
 
LVL 10

Expert Comment

by:Casey Herman
Comment Utility
Could it be as simple as a cabling issue. Can you run a temp drop and see if that works?
0
 
LVL 6

Expert Comment

by:mkuehngoe
Comment Utility
If you have the AEGIS protocol enabled on this computer, disable it.
0
 

Author Comment

by:rmmccann
Comment Utility
I tried another port - not a cabling issue (also remember access was fine via BartPE ie WinXP Live CD).

Another wrinkle to the mix: On the Win2k3 server, I am able to RDP into the IP address of the workstation or access the shares of the workstation via \\ip.address, however if I try to access it via \\computername it fails.
0
 

Author Comment

by:rmmccann
Comment Utility
After hours of wasting time, I uninstalled and deleted the drivers for the NIC in the Win7 machine. Reinstalled and now suddenly everything is chugging along happily again.

mkuehngoe gets credit for this solution as he was the one mentioning the NIC driver.

Thank you everyone for your input!
0
 
LVL 6

Expert Comment

by:mkuehngoe
Comment Utility
you´re welcome :)
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now