Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Server 2K /DNS/AD

Posted on 2012-03-13
Medium Priority
Last Modified: 2012-06-27
I am cryng "Uncle!"  About 2 weeks ago our server quit serving.  When I dove into the problem the DNS and WINS were both missing from the server.  How they became MIA is still an unknown.  I thought I had successfully reinstalled the DNS and WINS but there have been pesky issues all along.  We have a Hardware Firewall - Watchguard  Firebox "Edge" that the server (pe600sc) connects to and the rest of the computers are suppose to be connected from the server to firewall.  After much tweaking and testing I thought I had it all configured correctly except that on the NIC card I had to list the Watchguard Firebox as the Primary DNS as well as it being the Gateway while the true primary DNS, (PE600SC) had to be listed as alternative DNS.  If I switched the order - no internet connection for any computer. (No DNS server found)

To complicate matters late last week I was trying to figure this out and must have replaced something in the DNS stuff so I no longer have access to Active Directory.

I tried to do Recovery Console but kept getting blue screen /fatal error (no, I didn't write the # down). But I also did not disconnect the ethernet cable from server to see if logging on w/o connections to firewall etc. would make the program run.

I have tried the nltest/SC_CHANGE_PWD:,domain name> and that portion was successful. Burt when I went to the second command:
netdom reset p3600sc /domain:ns1.acousticalresources
it failed saying that the specified domain could not be contacted or does not exist.

I cannot Bind to AD.

When I run dcdiag I get error 1323, then when I add user name & password to dcdiag I receive Error 31 "Filename, Directory name or Volume Label Syntax is incorrect.

For some reason I cannot attach a file to this request (Netdiag.log)            
 I don't know whether it is because the server is so old and the IE connection is IE 6.0 and it won't update IE because the server is too old

We have 6 client computers all running Windows XP Pro.

Thanks for your help - I am hoping it is something easier than reformatting the  harddrive/server and starting over.
Question by:ARservice
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2

Author Comment

ID: 37716874
Here is the netdiag.log file
I noticed it has some of our ISP provider's DNS stuff in it which I have NOT ever entered into the DNS.  On the Watchguard we have external function, but those DNS #'s are not what is showing up on this report.  
I thought I would go add the #'s found in the report (listed as Alpha.mybirch.net) under "Forwarders" but the check box to add forwarders is grayed out/non-functional.

The DNS NAMES listed are used for Outlook mail POP3 & SMPT authorization.

Hope this gives some better insight into the mess.
LVL 14

Accepted Solution

mds-cos earned 750 total points
ID: 37716894
Here is how you should be able to fix your problem:

1)  Connect server and all workstatoins directly to the Watchguard trusted side (e.g. ALL systems access Internet by using the Watchguard as the gateway)

2)  If I am understanding correctly, the server is a (the) domain controler.  If necessary, uninstall then reinstall DNS service to be sure it is solidly in place.  If you need WINS, so the same for it.

3)  Set IP on server so server points to itself *and only to itself* for DNS.

4)  Set DHCP so all workstations point to the server as primary DNS, to WINS if you are using it, and to Watchguard as gateway.  If you want to you can use another device for secondary DHCP provided DNS.

5)  Reboot all workstations or run ipconfig /refresh so new DHCP settings take affect.

All problems should go away.
LVL 70

Assisted Solution

KCTS earned 750 total points
ID: 37716990
I'll just add that ALL machines - not just the server must point to the server as the one-and-only DNS server. You will need to set up a forwarder in DNS to point to the gateway or external DNS server to resolve external names

see http://support.microsoft.com/kb/323380
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 37716998
We do not use DHCP - only Static IP addresses

Yes, server is the DC and only DC.

The watchguard has one port for the server to connect and one port for the router to connect .

Any trick to unistalling DNS?  Do I just open up the MMC and click on the server / Stop it, then delete it?
LVL 70

Expert Comment

ID: 37717018
Why do you use static IPs ?

One of the problems is that you'll manually have to check EACH and EVERY machine to make sure that the DNS server and default gateway are set correctly....

DHCP has a lot going for it....

Author Comment

ID: 37717160
Seveal years ago a couple Laptops & docking stations for them kept losing connections/trust whenever they were disconnected so I gave up and gave everyone a static IP.

I am reading article now and will follow steps as soon as I am able to take over the server from use by employees.  

Hopefully, this is all I need to do is uninstall/reinstall DNS / to only be the server.

Author Comment

ID: 37717985
OK, the DNS is now working with the solo DNS
HOWEVER - I still cannot get into Active Directory
Same Error 31 about not being able to bind  - no server.
All client computers have connectivity to internet and their email, so that helps alot, but can not get them joined to any domain until it can find or bind or whatever it wants to do to get back the access back to active directory.
Any suggestions on how to do this?

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
A hard and fast method for reducing Active Directory Administrators members.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question