Cannot find Global Catalog
Greetings!
I manage a small 80+ user shop with a single domain controller and a seperate, dedicated Exchange server. (All 2003, Sp2)
When running Active Directory Users & Computers on anyother system, other than the DC, I run into error warnings.
For example, when clicking on the 'Members' tab of a security group, I get this message:
"A global catalog cannot be located to retrieve the icons for the members list..."
This does NOT happen when I am using ADUC on the Domain Controller.
My Question:
What could prevent Global Catalog from being available to other member servers or workstations? (Yes, Global Catalog IS checked in NTDS settings in ADSS -- there is only 1 DC.) I sometimes get similar errors from Outlook.
BTW, Exchange is working fine -- but there are problems when adding new users mailboxes when I use the ADUC on the exchange server. Fine when on DC.
Thanks in advance!!!
Jon
I manage a small 80+ user shop with a single domain controller and a seperate, dedicated Exchange server. (All 2003, Sp2)
When running Active Directory Users & Computers on anyother system, other than the DC, I run into error warnings.
For example, when clicking on the 'Members' tab of a security group, I get this message:
"A global catalog cannot be located to retrieve the icons for the members list..."
This does NOT happen when I am using ADUC on the Domain Controller.
My Question:
What could prevent Global Catalog from being available to other member servers or workstations? (Yes, Global Catalog IS checked in NTDS settings in ADSS -- there is only 1 DC.) I sometimes get similar errors from Outlook.
BTW, Exchange is working fine -- but there are problems when adding new users mailboxes when I use the ADUC on the exchange server. Fine when on DC.
Thanks in advance!!!
Jon
Check member server and client ip configuration settings, maybe flush their dns cache using ipconfig/flushdns, hve you changed IP of the DC's or anything like that recently?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All servers and workstation have the DC's IP addreess as the Primary DSN server.
The secondary is the DNS server across the WAN in Corporate which forwards to the ISP.
I have forwarding set up on the DC's DNS AD zone which also points to this secondary.
The secondary is the DNS server across the WAN in Corporate which forwards to the ISP.
I have forwarding set up on the DC's DNS AD zone which also points to this secondary.
Please restart your netlogon service on DNS server.
net stop netlogon
net start netlogon
and check again
net stop netlogon
net start netlogon
and check again
If it won't help run DNS test from command-line and put results here
dcdiag /test:dns
thanks in advance
dcdiag /test:dns
thanks in advance
ASKER
SjoerdvW: this command returns "*** Can't Find __________: Non existent domain."
In fact, I usually get errors from "nslookup [hostname]" even though I've checked through DNS server properties and reverse lookups.
In fact, I usually get errors from "nslookup [hostname]" even though I've checked through DNS server properties and reverse lookups.
ASKER
DCDIAG was run FROM the Exchange server, but added the /s: tag which identifies BALAD as the DC.
The DC IS 1292.168.7.10
Definately something funky going on. It's like our DNS server is forwarding everything...
DNStest.jpg
The DC IS 1292.168.7.10
Definately something funky going on. It's like our DNS server is forwarding everything...
DNStest.jpg
ASKER
In fact, ANY "nslookup [hostname] returns: *** dc.domain.com can't find hostname: Query refused.
Again, all primary dns servers ARE the domain controller AND dns server.
Again, all primary dns servers ARE the domain controller AND dns server.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
do you have more than 1 nic on dns server?
ASKER
Only 1 NIC on DC/DNS server.
iSiek: I have just done this -- although there WAS a _msdcs folder inside the AD zone.
Still getting 'Cant find ... query refused' on all nslookups.
iSiek: I have just done this -- although there WAS a _msdcs folder inside the AD zone.
Still getting 'Cant find ... query refused' on all nslookups.
ASKER
Starting to think the real question is: Why is my DNS server refusing queries?
ASKER
I guess everyone is giving up, but I wanted to mention one other thing I noticed:
When I perform "nslookup hostname" it fails as before, but when I perform
"nslookup hostname.fully.qualified.d
Any final ideas?
When I perform "nslookup hostname" it fails as before, but when I perform
"nslookup hostname.fully.qualified.d
Any final ideas?
Can you add fully.qualified.domain.nam
(this can also be done through DHCP, Server Options, 15 DNS domain Name)
(this can also be done through DHCP, Server Options, 15 DNS domain Name)
ASKER
SjoerdvW: This is already done -- and if also done mannually, does not resolve this problem.
Adding this "DNS Suffix" only insures that connections (pings, etc.) get resolved within the domain. One can ping HOSTNAME without needing to qualify it.
Adding this "DNS Suffix" only insures that connections (pings, etc.) get resolved within the domain. One can ping HOSTNAME without needing to qualify it.
ASKER
SjoerdvW:
You asked me to do this: "Can you run the following command to confirm that the GC is registered to DNS properly: nslookup gc._msdcs.[yourdomain.com]
What do I need to do to properly register GC in DNS?
You get full points when you show me how.
Thanks!
You asked me to do this: "Can you run the following command to confirm that the GC is registered to DNS properly: nslookup gc._msdcs.[yourdomain.com]
What do I need to do to properly register GC in DNS?
You get full points when you show me how.
Thanks!
ASKER
Found answer here:
http://www.windowsitpro.com/article/domains2/jsi-tip-2904-you-must-manually-register-the-global-catalog-server-when-you-disable-a-record-registration-on-your-domain-controller-.aspx
Everything works fine now.
http://www.windowsitpro.com/article/domains2/jsi-tip-2904-you-must-manually-register-the-global-catalog-server-when-you-disable-a-record-registration-on-your-domain-controller-.aspx
Everything works fine now.
ASKER
Comments led me to my own resolution, but did not provide a solution.
ipconfig /all
please?
I suppose that is a problem of DNS server misconfiguration.