Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

2 Problem

Posted on 2011-02-22
21
Medium Priority
?
377 Views
Last Modified: 2012-05-11
Hi all
I have 2 problem that i will be needing your help
I have network 6 server (2 DC's (one virtual server)& 4 applications server)& 3 workstations (all fixed LAN ip)
Problem 1:
DNS problem, when i do from the workstations & application server simple dns query i receive the fallowing error (see picture 1).
 NSLOOKUP - Problem 1
Problem 2:
In the workstations i receive error 1054 & the group policy don't implemented.
(See picture 2)
 Group Policy - Problem 2
Thenx
Tal
0
Comment
Question by:IT_Group1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
21 Comments
 

Author Comment

by:IT_Group1
ID: 34950603
I forget to write that the domain is 2008 R2
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34950639
Strange DNS IP address (not private). Looks like public. All DNS server on clients should point to internal DNS servers. PLease ensure that you didn't make mistake )6 is near 7) during DNS set up (DHCP or statically)

Regards,
Krzysztof
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34950641
are the DNS servers for your domain operational ?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 20

Expert Comment

by:woolnoir
ID: 34950645
and what is providing your clients with DNS information, DHCP ? is this set correctly with the DNS servers for your AD domain (generally the DC's ).
0
 

Author Comment

by:IT_Group1
ID: 34950684
iSiek:
Strange DNS IP address (not private). Looks like public. All DNS server on clients should point to internal DNS servers. PLease ensure that you didn't make mistake )6 is near 7) during DNS set up (DHCP or statically)

Regards,
Krzysztof

The IP range of the lan 172.17.100.0 full class c

woolnoir:
are the DNS servers for your domain operational ?

[b] Yes [/b]

and what is providing your clients with DNS information, DHCP ? is this set correctly with the DNS servers for your AD domain (generally the DC's ).

All the lan are fixed ip & i double checked the dns setting - all defined correctly

0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34950695
start nslookup, and then once started (and you will get the above error message) type the name of one of your DC's just to verify that it isnt providing resolution.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34950700
Do client machines have FW software installed ? try switching off and testing nslookup too.. just to check it isnt stopping DNS requests.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34950706
And does the server have any FW enabled ? (the DC/DNS if they are the same ? )
0
 

Author Comment

by:IT_Group1
ID: 34950708
woolnoir:
start nslookup, and then once started (and you will get the above error message) type the name of one of your DC's just to verify that it isnt providing resolution.

The problem is appending in the init start of the nslookup if you try to resolve it working.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34950716
run a DCDIAG on the DC and paste the results..
0
 

Author Comment

by:IT_Group1
ID: 34950722
woolnoir:
Do client machines have FW software installed ? try switching off and testing nslookup too.. just to check it isn't stopping DNS requests.
And does the server have any FW enabled ? (the DC/DNS if they are the same ? )

on all the machines the firewall is disabled
the DC/DNS 2 machines
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34950735
cool - the DCDIAG should identify any DNS or domain issues... lets see the output :)
0
 

Author Comment

by:IT_Group1
ID: 34950797
The DCDIAG Result
DCDIAG
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34950836
it would have been better to give us it in text format, i.e

dcdiag > output.txt

and post that...

Does it give any errors at all ?
0
 

Author Comment

by:IT_Group1
ID: 34950910
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34951156
have you installed updates recently ? or made any configuration changes to the BDC or DC ?
0
 

Author Comment

by:IT_Group1
ID: 34951300
This a closed lan not connected to the world
no changes as been made between the DC's
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34952193
Anything in the event log on the DC ? the DCDiag is suggesting that the KDC is having issues.
0
 
LVL 3

Accepted Solution

by:
InterframeGap earned 2000 total points
ID: 34960755
Hey-
Ok - I'll give this idea a try-

So from a workstation you get a timeout when starting an nslookup cmd prompt:

nslookup -querytype=ptr -timeout=5 172.17.100.100 >>  %TEMP%\w1-date-of-test1.txt

1) 172.16.0.0-172.31.0.0 is part of rfc1918 and is fine for use.  172.16/12, 10/8, 192.168/16 are the private address ranges.
2) the workstation is complaining about a missing PTR record.  So-
3) lets see about getting dns resolved and then deal with the other errors from the dcdiag etc.

=========CUT below and past into a dos window send us the file=================

echo "Start cut"
echo ""
echo "==================================">>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
echo %COMPUTERNAME% >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
nbtstat -an >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
set >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
net view \\172.17.100.100 >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
net use  \\172.17.100.100 >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
date /t >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
ipconfig /all >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
nbtstat -c >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
ipconfig /displaydns >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
echo "end cut"

6) On the SOA (Primary DNS Server) - If you have a master/slave setup (2 DCs with DNS) run the command on both

echo "Start cut"
echo ""
echo "==================================">>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
echo %COMPUTERNAME% >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
nslookup -querytype=ptr -timeout=5 172.17.100.100 >>  %TEMP%\w1-date-of-test1.txt
nslookup -querytype=ptr -timeout=5 127.0.0.1 >>  %TEMP%\w1-date-of-test1.txt
nslookup -querytype=soa -timeout=5 172.17.100.100 >>  %TEMP%\w1-date-of-test1.txt
nslookup -querytype=ns -timeout=5 172.17.100.100 >>  %TEMP%\w1-date-of-test1.txt
nbtstat -an >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
set >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
net view \\172.17.100.100 >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
net use  \\172.17.100.100 >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
date /t >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
ipconfig /all >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
nbtstat -c >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
ipconfig /displaydns >>%TEMP%\%COMPUTERNAME%-date-of-test1.txt
echo "end cut"


I hope the above works with no mistakes.  I'm just looking at how the network is configured and the dns and workstation setup.  This may help us, that is the hope.  
Please send the files - if needed remove any confidential data -

Douglas
0
 

Author Comment

by:IT_Group1
ID: 34967711
0
 

Author Comment

by:IT_Group1
ID: 34967714
I didnt see any kdc problem in the eventlog
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question