Unable to login to domain controller (DC=2008, Client=2003)

Good Day,
I am unable to login to my domain controller from a member (server 2003). DNS Services are currently running. Here is a log file from dcdiag test:dns

Domain Name: coop.tor
DC Name: TOR-DC01.coop.tor
2003 Box:  TOR-DB02.coop.tor


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\TOR-DC01
      Starting test: Connectivity
         ......................... TOR-DC01 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\TOR-DC01

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : coop
   
   Running enterprise tests on : coop.tor
      Starting test: DNS
         Test results for domain controllers:
           
            DC: TOR-DC01.coop.tor
            Domain: coop.tor

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
                  Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
                 
               TEST: Delegations (Del)
                  Warning: DNS server: tor_dc01.coop.tor. IP: <Unavailable> Failure:Missing glue A record
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 128.9.0.107 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
               
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: coop.tor
               TOR-DC01                     PASS PASS PASS FAIL PASS FAIL n/a  
         
         ......................... coop.tor failed test DNS



Any and all help is always appreciated!
LFoAranoAsked:
Who is Participating?
 
Ugo MenaCommented:
OK. This should be it

If your 2008 DC is the only DNS server on your network, then you will need to enable (with at least 1) DNS forwarder (use your ISPs DNS servers) within Forwarders tab. Select allow DNS recursion (by unchecking disable box) and Secure cache against pollution within the Advanced tab. Both are done from within the DNS Server Properties.

If you find that you already have a forwarder listed, then it is not responding correctly. The TEST: Forwarders/Root hints (Forw) results are showing that your server is set to use root servers when forwarders are not responding.

But your server's root hints are not up to date and it is failing to get to the correct b.root-servers.net and l.root-servers.net

You should edit your root hints and update b.root-servers.net to address 192.228.79.201 and  l.root-servers.net to address 199.7.83.42 too.

Your DNS server will have to perform all the queries whether recursive or iterative queries are being used, but when recursion is used, most of the name resolution requests are handled by your DNS server and are kept off of your network. This reduces the amount of traffic flowing across the network, thereby improving performance.
0
 
Ugo MenaCommented:
The automatic root update mechanism is enabled on Windows Server 2008 and later, but not on Windows Server 2003.

Update your root certificates on your 2003 server.

Windows Update Catalog

look for “root update” or the KB article for the Root Certificate Program, “KB931125”.
0
 
LFoAranoAuthor Commented:
Thank you, but the dcdiag above was from a 2008 DC

Did you want me to try to update my root certs on my tor-db02 box (Server 2003)
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
Ugo MenaCommented:
Sorry. Yes, you should try to update root certs on your 2008 DC

here is what I am getting for those roots

b.root-servers.net has address 192.228.79.201
l.root-servers.net has address 199.7.83.42
0
 
LFoAranoAuthor Commented:
No luck, at least not all the way through.
Please review the new DCDiag /test:dns



Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\TOR-DC01
      Starting test: Connectivity
         ......................... TOR-DC01 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\TOR-DC01

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : coop
   
   Running enterprise tests on : coop.tor
      Starting test: DNS
         Test results for domain controllers:
           
            DC: TOR-DC01.coop.tor
            Domain: coop.tor

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
                  Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
                 
               TEST: Delegations (Del)
                  Warning: DNS server: tor_dc01.coop.tor. IP: <Unavailable> Failure:Missing glue A record
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 128.9.0.107 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
               
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: coop.tor
               TOR-DC01                     PASS PASS PASS FAIL PASS PASS n/a  
         
         ......................... coop.tor failed test DNS
0
 
Ugo MenaCommented:
can you send the results of ipconfig /all from your 2008 DC?

Appears like you have invalid DNS forwarders listed
0
 
LFoAranoAuthor Commented:
sure thing, here you go:


Windows IP Configuration

   Host Name . . . . . . . . . . . . : TOR-DC01
   Primary Dns Suffix  . . . . . . . : coop.tor
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : coop.tor

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Citrix XenServer PV Ethernet Adapter
   Physical Address. . . . . . . . . : EA-3F-C3-15-49-8C
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.200(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.200
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{874DE82C-F12D-43DA-A1BC-99707A704A7A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
0
 
Ugo MenaCommented:
Ok, I think we are almost there.

What does ipconfig /all from the 2003 server contain?
0
 
LFoAranoAuthor Commented:
Here we go:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : TOR-DB02
   Primary Dns Suffix  . . . . . . . : coop.tor
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : coop.tor

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Citrix XenServer PV Ethernet Adapter
   Physical Address. . . . . . . . . : FA-45-32-3A-AB-36
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.241
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.200
0
 
mgpremkumarCommented:
The issue description says:
I am unable to login to my domain controller from a member (server 2003)

Could you please elaborate?
Are you trying to RDP into the domain controller from the member server or are you trying to logon to the member server using the domain credentials?
What is the error message that you are seeing?
0
 
LFoAranoAuthor Commented:
Thank you kindly!!!! You, sir, were great!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.