[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 803
  • Last Modified:

Unable to resolve domain UNC path on Domain Controllers

Greetings,

This one should be worth double the points for all the trouble it is causing us.

IOur domain is say city.company.com.  PDC emulator in domain is running 2003 and there are two domain controllers running 2000.

1.  On 2000 domain controllers we cannot resolve UNC \\city.company.com but it can be resolved (points to SYSVOL NETLOGON etc) on the 2003 domain controllers. It can also be resolved form PCs - and all have the same network settings?

2.  Also, we used to be able to resolve the "domain" share of \\company and it would open up and display SYSVOL etc.  Now it can only be resolved by PCs - no domain controllers?

I've checked DNS and everything seems to be where it is supposed to be so I'm completely stumped on this one.  When I do an NS Lookup city.company.com I get back the IP addreses for all my domain controllers just like I'm supposed to. but open up explore.exe and type in \\city.company.com and I get nothing.
0
yccdadmins
Asked:
yccdadmins
  • 9
  • 2
1 Solution
 
yccdadminsAuthor Commented:
Just for  a little more clarity - our "Domain name (pre-Windows 2000) is "company" and our "Cononical name of object" is austin.amcu.org.

You should be able to resolve both by typing in \\company or \\city.company.com and they should botih point ot the same data.  At least - that is how it was in domains I have set up.  Unfortunately, I did not set this one up....
0
 
Mike ThomasConsultantCommented:
Check that the DNS zones are AD integrated and are replicating to all domain controllers in the domain.

Also run a dcdiag /test:dns on the dc's and post the output.



0
 
yccdadminsAuthor Commented:
Zones are all integrated and replicating.

Ran dcdiag /test:dns and system came back with:

"Test not found. Please re-enter a valid test name"

This question shoudl get more that 500 points.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
yccdadminsAuthor Commented:
I see what you are getting at though - I'm going through the dcdiag help to find applicable tests.
0
 
Mike ThomasConsultantCommented:
here is some info on dcdiag

http://technet.microsoft.com/en-us/library/cc776854%28WS.10%29.aspx

are you running it on 2003? if so has the 2003 server been patched to SP1 or above?
0
 
yccdadminsAuthor Commented:
Apologize for the delay.  DCDiag comes back clean.  Something to note.  I am taking over this domain after a revolving door or Admins have made changes to the Directory and DNS.  I am the process of cleaning up one of the worst internal DNS implementations I have seen.  Workstations can resolve \\Company but DCs cannot. My intuition is telling me his is one of two things:  1. a missing DNS/WINS entry that is needed to resolve \\Company 2. A permissions issue

I doubt it is 2 because Worstations can resolve \\Company

\\Company is defined in systems as "Domain name (pre-Windows 2000)"

This must be  a tough one - not getting many bites...

0
 
yccdadminsAuthor Commented:
UPDATE:  

1.I resolved the inability to resolve \\city.company.com.  This was a DNS issue as I suspected.  Ancient static DNS entries linked hostname/IP addresses to systems that are no longer domain controllers. When you have an AD domain and use nslookup to resolve your domain, such as city.company.com, you should get back a list of IP addresses for domain controllers.  I was not because DNS entries did not match actual DC IP address. Explorer could not resolve any more than nslookup.  I corrected this by updating DNS with the correct IP addresses for domain controllers and name servers.

2. I have not fixed the inability to display DFS shares when using \\company in Windows Explorer.  Generally you can key in \\domain in an AD DS environment and all DFS shares will be displayed.  I'm pretty sure SYSVOL and NETLOGON are displayed as well.  I'm thinking this may also be DNS but I am looking into permissions as well.

Help.
ShortName.jpg
0
 
yccdadminsAuthor Commented:
I'm not sure how but I need to close this question without a solution.  This will be a call to Microsoft Support.
0
 
yccdadminsAuthor Commented:
No one has been able to assist with this issue.  I am going to accept this as the solution and create another question that is perhaps more clear.
0
 
yccdadminsAuthor Commented:
No one was able to assist with this question.  I am going to attempt to restructure the question to ensure it is clear and easy to understand.
0
 
yccdadminsAuthor Commented:
I believe that the way I worded the question was too broad, generic and/or unclear to generate an adequate response.  I am going to restructure the question to ensure that it is more clear and submit the updated version.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 9
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now