We help IT Professionals succeed at work.

Windows Server 2008 IPV6 and IPV4 Issues

Hey everyone,

 I have a weird issue going on here on my server. For some reason on some of my computers i have to disable ipv6 to join the domain. Then renable it on the restart. Some computers i dont have to do it and it joins to the domain fine. I disabled IPV6 on my server running the microsoft fix utility and it disabled it from the registry however, it still didnt fix my issue on the client side. Other thing i noticed is i cant do gpupdate from a cmd prompt if ipv6 is disabled on that client others it works with it disabled. Im stumped. All Clients are Windows 7 enterprise 32bit. Any ideas on how to fix this ?
Comment
Watch Question

Commented:
Try typing in the FQDN of your domain when joining a work station on your network .... For example, if you domain name is mydomain

try typing in the fully qualified domain name such as mydomain.abc

then when you are prompted for username & password use mydomain.abc\administrator as the UN & what ever password you have.
Ray ZuchowskiIT Director

Author

Commented:
I will try that next time however, what is causing some computers not to update the gpupdate as explained above ?

Commented:
That really don't make any sense unless there is something messed up in active directory or on your DNS server.....try disabling the firewall before you join the domain, that could be it. There could be some type of funky corupt rule in there screwing around with stuff when you try to join the domain. After you join the domain, in Win 7, another firewall, by default, is turned on & I always go in & disable it as well after I join my clients to the domain.
Ray ZuchowskiIT Director

Author

Commented:
Do i need the windows firewall on the domain if im behind my router and tons of security ?
CERTIFIED EXPERT
Top Expert 2012

Commented:
How did you disable the firewall on the server?
Ray ZuchowskiIT Director

Author

Commented:
I disabled it on the main gpo to disable the setting protect all connections and set that to disable for computer configuration. Also in control panel i disabled the firewall on the domain.  So right now... My computer with IPV6 disabled ... i can run gpupdate from cmd no problem. If i enable ipv6 it wont process gpupdate.
Ray ZuchowskiIT Director

Author

Commented:
Also when i run gpresult /r the results come up instant. Earlier it would lag. However i noticed my domain type says win2000 . Im guessing thats because when i set up the domain i set it to work with compatability to work with older servers.
CERTIFIED EXPERT
Top Expert 2012
Commented:
Run dcdiag post results.

Make sure IPv4 is listed first in the binding order

http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/
Ray ZuchowskiIT Director

Author

Commented:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\TAdministrator>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = WTASS-SERVER
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\WTASS-SERVER
      Starting test: Connectivity
         ......................... WTASS-SERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\WTASS-SERVER
      Starting test: Advertising
         ......................... WTASS-SERVER passed test Advertising
      Starting test: FrsEvent
         ......................... WTASS-SERVER passed test FrsEvent
      Starting test: DFSREvent
         ......................... WTASS-SERVER passed test DFSREvent
      Starting test: SysVolCheck
         ......................... WTASS-SERVER passed test SysVolCheck
      Starting test: KccEvent
         ......................... WTASS-SERVER passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... WTASS-SERVER passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... WTASS-SERVER passed test MachineAccount
      Starting test: NCSecDesc
         ......................... WTASS-SERVER passed test NCSecDesc
      Starting test: NetLogons
         [WTASS-SERVER] User credentials does not have permission to perform
         this operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... WTASS-SERVER failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... WTASS-SERVER passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,WTASS-SERVER] DsReplicaGetInfo(PENDING_OPS, NULL)
         failed, error 0x2105 "Replication access was denied."
         ......................... WTASS-SERVER failed test Replications
      Starting test: RidManager
         ......................... WTASS-SERVER passed test RidManager
      Starting test: Services
            Could not open NTDS Service on WTASS-SERVER, error 0x5
            "Access is denied."
         ......................... WTASS-SERVER failed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/03/2011   14:30:18
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/03/2011   14:36:53
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         ......................... WTASS-SERVER failed test SystemLog
      Starting test: VerifyReferences
         Some objects relating to the DC WTASS-SERVER have problems:
            [1] Problem: Missing Expected Value
             Base Object:
            CN=WTASS-SERVER,OU=Domain Controllers,DC=WarrenTASS,DC=local
             Base Object Description: "DC Account Object"
             Value Object Attribute Name: frsComputerReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

         ......................... WTASS-SERVER failed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : WarrenTASS
      Starting test: CheckSDRefDom
         ......................... WarrenTASS passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... WarrenTASS passed test CrossRefValidation

   Running enterprise tests on : WarrenTASS.local
      Starting test: LocatorCheck
         ......................... WarrenTASS.local passed test LocatorCheck
      Starting test: Intersite
         ......................... WarrenTASS.local passed test Intersite

C:\Users\TAdministrator>
CERTIFIED EXPERT
Top Expert 2012

Commented:
Well you are having Netlogon permissions issues. Are you running the command prompt at an Elevated permissions
Ray ZuchowskiIT Director

Author

Commented:
What do you mean by that... ? when i ran cmd i didnt right click on it and hit run as administrator.
Ray ZuchowskiIT Director

Author

Commented:

This is the results with cmd ran as administrator.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = WTASS-SERVER
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\WTASS-SERVER
      Starting test: Connectivity
         ......................... WTASS-SERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\WTASS-SERVER
      Starting test: Advertising
         ......................... WTASS-SERVER passed test Advertising
      Starting test: FrsEvent
         ......................... WTASS-SERVER passed test FrsEvent
      Starting test: DFSREvent
         ......................... WTASS-SERVER passed test DFSREvent
      Starting test: SysVolCheck
         ......................... WTASS-SERVER passed test SysVolCheck
      Starting test: KccEvent
         ......................... WTASS-SERVER passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... WTASS-SERVER passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... WTASS-SERVER passed test MachineAccount
      Starting test: NCSecDesc
         ......................... WTASS-SERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... WTASS-SERVER passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... WTASS-SERVER passed test ObjectsReplicated
      Starting test: Replications
         ......................... WTASS-SERVER passed test Replications
      Starting test: RidManager
         ......................... WTASS-SERVER passed test RidManager
      Starting test: Services
         ......................... WTASS-SERVER passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/03/2011   14:30:18
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/03/2011   14:36:53
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         ......................... WTASS-SERVER failed test SystemLog
      Starting test: VerifyReferences
         Some objects relating to the DC WTASS-SERVER have problems:
            [1] Problem: Missing Expected Value
             Base Object:
            CN=WTASS-SERVER,OU=Domain Controllers,DC=WarrenTASS,DC=local
             Base Object Description: "DC Account Object"
             Value Object Attribute Name: frsComputerReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

         ......................... WTASS-SERVER failed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : WarrenTASS
      Starting test: CheckSDRefDom
         ......................... WarrenTASS passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... WarrenTASS passed test CrossRefValidation

   Running enterprise tests on : WarrenTASS.local
      Starting test: LocatorCheck
         ......................... WarrenTASS.local passed test LocatorCheck
      Starting test: Intersite
         ......................... WarrenTASS.local passed test Intersite

C:\Windows\system32>
Ray ZuchowskiIT Director

Author

Commented:
Also IPV4 is listed first in the binding order.
CERTIFIED EXPERT
Top Expert 2012

Commented:
So, running as an admin fixed the netlogon error but you are getting another error with FRS.
http://support.microsoft.com/kb/312862

      Starting test: VerifyReferences
         Some objects relating to the DC WTASS-SERVER have problems:
            [1] Problem: Missing Expected Value
             Base Object:
            CN=WTASS-SERVER,OU=Domain Controllers,DC=WarrenTASS,DC=local
             Base Object Description: "DC Account Object"
             Value Object Attribute Name: frsComputerReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

         ......................... WTASS-SERVER failed test VerifyReferences
Ray ZuchowskiIT Director

Author

Commented:
I noticed in GPO Managment that under the OU Domain Controllers, nothing is under it. What should be under it ?
Ray ZuchowskiIT Director

Author

Commented:
Ok so i put put the default domain controllers policy back under domain controllers OU. I dont know how that got deleted. Also what i discoverd. If i have IPV6 enabled and i do a gpresult /r it says my domain type is Windows NT 4 but if i have it unchecked... it states my domain type is Windows 2000.
CERTIFIED EXPERT
Top Expert 2012

Commented:
Run another dcdiag
Ray ZuchowskiIT Director

Author

Commented:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = WTASS-SERVER
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\WTASS-SERVER
      Starting test: Connectivity
         ......................... WTASS-SERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\WTASS-SERVER
      Starting test: Advertising
         ......................... WTASS-SERVER passed test Advertising
      Starting test: FrsEvent
         ......................... WTASS-SERVER passed test FrsEvent
      Starting test: DFSREvent
         ......................... WTASS-SERVER passed test DFSREvent
      Starting test: SysVolCheck
         ......................... WTASS-SERVER passed test SysVolCheck
      Starting test: KccEvent
         ......................... WTASS-SERVER passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... WTASS-SERVER passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... WTASS-SERVER passed test MachineAccount
      Starting test: NCSecDesc
         ......................... WTASS-SERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... WTASS-SERVER passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... WTASS-SERVER passed test ObjectsReplicated
      Starting test: Replications
         ......................... WTASS-SERVER passed test Replications
      Starting test: RidManager
         ......................... WTASS-SERVER passed test RidManager
      Starting test: Services
         ......................... WTASS-SERVER passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/03/2011   15:40:21
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/03/2011   15:50:58
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/03/2011   15:54:36
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/03/2011   15:58:20
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         A warning event occurred.  EventID: 0x00000024
            Time Generated: 11/03/2011   16:01:56
            Event String:
            The time service has not synchronized the system time for 86400 seco
nds because none of the time service providers provided a usable time stamp. The
 time service will not update the local system time until it is able to synchron
ize with a time source. If the local system is configured to act as a time serve
r for clients, it will stop advertising as a time source to clients. The time se
rvice will continue to retry and sync time with its time sources. Check system e
vent log for other W32time events for more details. Run 'w32tm /resync' to force
 an instant time synchronization.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/03/2011   16:05:41
            Event String:
            Driver Send To Microsoft OneNote 2010 Driver required for printer Se
nd To OneNote 2010 is unknown. Contact the administrator to install the driver b
efore you log in again.
         ......................... WTASS-SERVER failed test SystemLog
      Starting test: VerifyReferences
         Some objects relating to the DC WTASS-SERVER have problems:
            [1] Problem: Missing Expected Value
             Base Object:
            CN=WTASS-SERVER,OU=Domain Controllers,DC=WarrenTASS,DC=local
             Base Object Description: "DC Account Object"
             Value Object Attribute Name: frsComputerReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

         ......................... WTASS-SERVER failed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : WarrenTASS
      Starting test: CheckSDRefDom
         ......................... WarrenTASS passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... WarrenTASS passed test CrossRefValidation

   Running enterprise tests on : WarrenTASS.local
      Starting test: LocatorCheck
         ......................... WarrenTASS.local passed test LocatorCheck
      Starting test: Intersite
         ......................... WarrenTASS.local passed test Intersite

C:\Windows\system32>
Ray ZuchowskiIT Director

Author

Commented:
Its still failing... hmm what does it want for the name under Domain Controllers for the GPO to be ?
CERTIFIED EXPERT
Top Expert 2012

Commented:
Is the Domain Controller under the Domain Controller OU?
Ray ZuchowskiIT Director

Author

Commented:
I dont think so. How do i check this ? Im still having major issues with this ipv6 and ipv4.
Ray ZuchowskiIT Director

Author

Commented:
Here is a screen shot of my GPO Setup. Does this look correct ?
gpo-setup.bmp
Ray ZuchowskiIT Director

Author

Commented:
I've requested that this question be deleted for the following reason:

No solution found. Will need to delete question. Some private information posted within question. Thank you.
Ray ZuchowskiIT Director

Author

Commented:
I think i may have figured out the problem. I have set static on all my client machines two different ip addresses for the DNS. The first DNS is the ip address of the server... that 2nd dns i have set for the internet. Ip is set for dhcp. Do you think the client is getting confused with the two different dns ips ? How can i configure it just with the one dns ip and still have internet working ?
Ray ZuchowskiIT Director
Commented:
This is what fixed the issue for me.

1.Click Start, point to Administrative Tools, and then click DNS.
2.Right-click ServerName, where ServerName is the name of the server, and then click the Forwarders tab.
3.Click a DNS domain in the DNS domain list. Or, click New, type the name of the DNS domain for which you want to forward queries in the DNS domain box, and then click OK.
4.In the Selected domain's forwarder IP address box, type the IP address of the first DNS server to which you want to forward, and then click Add.
5.Repeat step 4 to add the DNS servers to which you want to forward.
6.Click OK.

I configured a fwd address of the other 2 dns ips. Everything works great. Thanks for the help from everyone.
Ray ZuchowskiIT Director

Author

Commented:
uyi
Ray ZuchowskiIT Director

Author

Commented:
The server was getting confused by two different DNS names. Have one solved it.