Solved

Unable to login to domain controller (DC=2008, Client=2003)

Posted on 2013-01-21
11
478 Views
Last Modified: 2013-01-22
Good Day,
I am unable to login to my domain controller from a member (server 2003). DNS Services are currently running. Here is a log file from dcdiag test:dns

Domain Name: coop.tor
DC Name: TOR-DC01.coop.tor
2003 Box:  TOR-DB02.coop.tor


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\TOR-DC01
      Starting test: Connectivity
         ......................... TOR-DC01 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\TOR-DC01

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : coop
   
   Running enterprise tests on : coop.tor
      Starting test: DNS
         Test results for domain controllers:
           
            DC: TOR-DC01.coop.tor
            Domain: coop.tor

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
                  Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
                 
               TEST: Delegations (Del)
                  Warning: DNS server: tor_dc01.coop.tor. IP: <Unavailable> Failure:Missing glue A record
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 128.9.0.107 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
               
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: coop.tor
               TOR-DC01                     PASS PASS PASS FAIL PASS FAIL n/a  
         
         ......................... coop.tor failed test DNS



Any and all help is always appreciated!
0
Comment
Question by:LFoArano
  • 5
  • 5
11 Comments
 
LVL 13

Expert Comment

by:Ugo Mena
Comment Utility
The automatic root update mechanism is enabled on Windows Server 2008 and later, but not on Windows Server 2003.

Update your root certificates on your 2003 server.

Windows Update Catalog

look for “root update” or the KB article for the Root Certificate Program, “KB931125”.
0
 

Author Comment

by:LFoArano
Comment Utility
Thank you, but the dcdiag above was from a 2008 DC

Did you want me to try to update my root certs on my tor-db02 box (Server 2003)
0
 
LVL 13

Expert Comment

by:Ugo Mena
Comment Utility
Sorry. Yes, you should try to update root certs on your 2008 DC

here is what I am getting for those roots

b.root-servers.net has address 192.228.79.201
l.root-servers.net has address 199.7.83.42
0
 

Author Comment

by:LFoArano
Comment Utility
No luck, at least not all the way through.
Please review the new DCDiag /test:dns



Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\TOR-DC01
      Starting test: Connectivity
         ......................... TOR-DC01 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\TOR-DC01

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : coop
   
   Running enterprise tests on : coop.tor
      Starting test: DNS
         Test results for domain controllers:
           
            DC: TOR-DC01.coop.tor
            Domain: coop.tor

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
                  Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
                 
               TEST: Delegations (Del)
                  Warning: DNS server: tor_dc01.coop.tor. IP: <Unavailable> Failure:Missing glue A record
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 128.9.0.107 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
               
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: coop.tor
               TOR-DC01                     PASS PASS PASS FAIL PASS PASS n/a  
         
         ......................... coop.tor failed test DNS
0
 
LVL 13

Expert Comment

by:Ugo Mena
Comment Utility
can you send the results of ipconfig /all from your 2008 DC?

Appears like you have invalid DNS forwarders listed
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:LFoArano
Comment Utility
sure thing, here you go:


Windows IP Configuration

   Host Name . . . . . . . . . . . . : TOR-DC01
   Primary Dns Suffix  . . . . . . . : coop.tor
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : coop.tor

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Citrix XenServer PV Ethernet Adapter
   Physical Address. . . . . . . . . : EA-3F-C3-15-49-8C
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.200(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.200
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{874DE82C-F12D-43DA-A1BC-99707A704A7A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
0
 
LVL 13

Expert Comment

by:Ugo Mena
Comment Utility
Ok, I think we are almost there.

What does ipconfig /all from the 2003 server contain?
0
 

Author Comment

by:LFoArano
Comment Utility
Here we go:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : TOR-DB02
   Primary Dns Suffix  . . . . . . . : coop.tor
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : coop.tor

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Citrix XenServer PV Ethernet Adapter
   Physical Address. . . . . . . . . : FA-45-32-3A-AB-36
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.241
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.200
0
 
LVL 13

Accepted Solution

by:
Ugo Mena earned 500 total points
Comment Utility
OK. This should be it

If your 2008 DC is the only DNS server on your network, then you will need to enable (with at least 1) DNS forwarder (use your ISPs DNS servers) within Forwarders tab. Select allow DNS recursion (by unchecking disable box) and Secure cache against pollution within the Advanced tab. Both are done from within the DNS Server Properties.

If you find that you already have a forwarder listed, then it is not responding correctly. The TEST: Forwarders/Root hints (Forw) results are showing that your server is set to use root servers when forwarders are not responding.

But your server's root hints are not up to date and it is failing to get to the correct b.root-servers.net and l.root-servers.net

You should edit your root hints and update b.root-servers.net to address 192.228.79.201 and  l.root-servers.net to address 199.7.83.42 too.

Your DNS server will have to perform all the queries whether recursive or iterative queries are being used, but when recursion is used, most of the name resolution requests are handled by your DNS server and are kept off of your network. This reduces the amount of traffic flowing across the network, thereby improving performance.
0
 
LVL 4

Expert Comment

by:mgpremkumar
Comment Utility
The issue description says:
I am unable to login to my domain controller from a member (server 2003)

Could you please elaborate?
Are you trying to RDP into the domain controller from the member server or are you trying to logon to the member server using the domain credentials?
What is the error message that you are seeing?
0
 

Author Closing Comment

by:LFoArano
Comment Utility
Thank you kindly!!!! You, sir, were great!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article covers how to install the Microsoft Windows Operating System (OS). What is covered in this article:  > Different Versions and Editions of the Windows OS  > Upgrading versus Fresh Installation of the OS           - Steps to take pr…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now