[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 379
  • Last Modified:

2 Problem

Hi all
I have 2 problem that i will be needing your help
I have network 6 server (2 DC's (one virtual server)& 4 applications server)& 3 workstations (all fixed LAN ip)
Problem 1:
DNS problem, when i do from the workstations & application server simple dns query i receive the fallowing error (see picture 1).
 NSLOOKUP - Problem 1
Problem 2:
In the workstations i receive error 1054 & the group policy don't implemented.
(See picture 2)
 Group Policy - Problem 2
Thenx
Tal
0
IT_Group1
Asked:
IT_Group1
1 Solution
 
IT_Group1Author Commented:
I forget to write that the domain is 2008 R2
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Strange DNS IP address (not private). Looks like public. All DNS server on clients should point to internal DNS servers. PLease ensure that you didn't make mistake )6 is near 7) during DNS set up (DHCP or statically)

Regards,
Krzysztof
0
 
woolnoirCommented:
are the DNS servers for your domain operational ?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
woolnoirCommented:
and what is providing your clients with DNS information, DHCP ? is this set correctly with the DNS servers for your AD domain (generally the DC's ).
0
 
IT_Group1Author Commented:
iSiek:
Strange DNS IP address (not private). Looks like public. All DNS server on clients should point to internal DNS servers. PLease ensure that you didn't make mistake )6 is near 7) during DNS set up (DHCP or statically)

Regards,
Krzysztof

The IP range of the lan 172.17.100.0 full class c

woolnoir:
are the DNS servers for your domain operational ?

[b] Yes [/b]

and what is providing your clients with DNS information, DHCP ? is this set correctly with the DNS servers for your AD domain (generally the DC's ).

All the lan are fixed ip & i double checked the dns setting - all defined correctly

0
 
woolnoirCommented:
start nslookup, and then once started (and you will get the above error message) type the name of one of your DC's just to verify that it isnt providing resolution.
0
 
woolnoirCommented:
Do client machines have FW software installed ? try switching off and testing nslookup too.. just to check it isnt stopping DNS requests.
0
 
woolnoirCommented:
And does the server have any FW enabled ? (the DC/DNS if they are the same ? )
0
 
IT_Group1Author Commented:
woolnoir:
start nslookup, and then once started (and you will get the above error message) type the name of one of your DC's just to verify that it isnt providing resolution.

The problem is appending in the init start of the nslookup if you try to resolve it working.
0
 
woolnoirCommented:
run a DCDIAG on the DC and paste the results..
0
 
IT_Group1Author Commented:
woolnoir:
Do client machines have FW software installed ? try switching off and testing nslookup too.. just to check it isn't stopping DNS requests.
And does the server have any FW enabled ? (the DC/DNS if they are the same ? )

on all the machines the firewall is disabled
the DC/DNS 2 machines
0
 
woolnoirCommented:
cool - the DCDIAG should identify any DNS or domain issues... lets see the output :)
0
 
IT_Group1Author Commented:
The DCDIAG Result
DCDIAG
0
 
woolnoirCommented:
it would have been better to give us it in text format, i.e

dcdiag > output.txt

and post that...

Does it give any errors at all ?
0
 
IT_Group1Author Commented:
0
 
woolnoirCommented:
have you installed updates recently ? or made any configuration changes to the BDC or DC ?
0
 
IT_Group1Author Commented:
This a closed lan not connected to the world
no changes as been made between the DC's
0
 
woolnoirCommented:
Anything in the event log on the DC ? the DCDiag is suggesting that the KDC is having issues.
0
 
InterframeGapCommented:
Hey-
Ok - I'll give this idea a try-

So from a workstation you get a timeout when starting an nslookup cmd prompt:

nslookup -querytype=ptr -timeout=5 172.17.100.100 >>  %TEMP%\w1-date-of-test1.txt

1) 172.16.0.0-172.31.0.0 is part of rfc1918 and is fine for use.  172.16/12, 10/8, 192.168/16 are the private address ranges.
2) the workstation is complaining about a missing PTR record.  So-
3) lets see about getting dns resolved and then deal with the other errors from the dcdiag etc.

=========CUT below and past into a dos window send us the file=================

echo "Start cut"
echo ""
echo "==================================">>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
echo %COMPUTERNAME% >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
nbtstat -an >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
set >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
net view \\172.17.100.100 >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
net use  \\172.17.100.100 >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
date /t >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
ipconfig /all >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
nbtstat -c >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
ipconfig /displaydns >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
echo "end cut"

6) On the SOA (Primary DNS Server) - If you have a master/slave setup (2 DCs with DNS) run the command on both

echo "Start cut"
echo ""
echo "==================================">>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
echo %COMPUTERNAME% >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
nslookup -querytype=ptr -timeout=5 172.17.100.100 >>  %TEMP%\w1-date-of-test1.txt
nslookup -querytype=ptr -timeout=5 127.0.0.1 >>  %TEMP%\w1-date-of-test1.txt
nslookup -querytype=soa -timeout=5 172.17.100.100 >>  %TEMP%\w1-date-of-test1.txt
nslookup -querytype=ns -timeout=5 172.17.100.100 >>  %TEMP%\w1-date-of-test1.txt
nbtstat -an >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
set >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
net view \\172.17.100.100 >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
net use  \\172.17.100.100 >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
date /t >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
ipconfig /all >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
nbtstat -c >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
ipconfig /displaydns >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
echo "end cut"


I hope the above works with no mistakes.  I'm just looking at how the network is configured and the dns and workstation setup.  This may help us, that is the hope.  
Please send the files - if needed remove any confidential data -

Douglas
0
 
IT_Group1Author Commented:
0
 
IT_Group1Author Commented:
I didnt see any kdc problem in the eventlog
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now