LFoArano
asked on
Unable to login to domain controller (DC=2008, Client=2003)
Good Day,
I am unable to login to my domain controller from a member (server 2003). DNS Services are currently running. Here is a log file from dcdiag test:dns
Domain Name: coop.tor
DC Name: TOR-DC01.coop.tor
2003 Box: TOR-DB02.coop.tor
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\TO R-DC01
Starting test: Connectivity
......................... TOR-DC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\TO R-DC01
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : coop
Running enterprise tests on : coop.tor
Starting test: DNS
Test results for domain controllers:
DC: TOR-DC01.coop.tor
Domain: coop.tor
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
TEST: Delegations (Del)
Warning: DNS server: tor_dc01.coop.tor. IP: <Unavailable> Failure:Missing glue A record
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network adapters
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ ________
Domain: coop.tor
TOR-DC01 PASS PASS PASS FAIL PASS FAIL n/a
......................... coop.tor failed test DNS
Any and all help is always appreciated!
I am unable to login to my domain controller from a member (server 2003). DNS Services are currently running. Here is a log file from dcdiag test:dns
Domain Name: coop.tor
DC Name: TOR-DC01.coop.tor
2003 Box: TOR-DB02.coop.tor
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\TO
Starting test: Connectivity
......................... TOR-DC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\TO
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : coop
Running enterprise tests on : coop.tor
Starting test: DNS
Test results for domain controllers:
DC: TOR-DC01.coop.tor
Domain: coop.tor
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
TEST: Delegations (Del)
Warning: DNS server: tor_dc01.coop.tor. IP: <Unavailable> Failure:Missing glue A record
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network adapters
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: coop.tor
TOR-DC01 PASS PASS PASS FAIL PASS FAIL n/a
......................... coop.tor failed test DNS
Any and all help is always appreciated!
ASKER
Thank you, but the dcdiag above was from a 2008 DC
Did you want me to try to update my root certs on my tor-db02 box (Server 2003)
Did you want me to try to update my root certs on my tor-db02 box (Server 2003)
Sorry. Yes, you should try to update root certs on your 2008 DC
here is what I am getting for those roots
b.root-servers.net has address 192.228.79.201
l.root-servers.net has address 199.7.83.42
here is what I am getting for those roots
b.root-servers.net has address 192.228.79.201
l.root-servers.net has address 199.7.83.42
ASKER
No luck, at least not all the way through.
Please review the new DCDiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\TO R-DC01
Starting test: Connectivity
......................... TOR-DC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\TO R-DC01
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : coop
Running enterprise tests on : coop.tor
Starting test: DNS
Test results for domain controllers:
DC: TOR-DC01.coop.tor
Domain: coop.tor
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
TEST: Delegations (Del)
Warning: DNS server: tor_dc01.coop.tor. IP: <Unavailable> Failure:Missing glue A record
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ ________
Domain: coop.tor
TOR-DC01 PASS PASS PASS FAIL PASS PASS n/a
......................... coop.tor failed test DNS
Please review the new DCDiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\TO
Starting test: Connectivity
......................... TOR-DC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\TO
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : coop
Running enterprise tests on : coop.tor
Starting test: DNS
Test results for domain controllers:
DC: TOR-DC01.coop.tor
Domain: coop.tor
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
TEST: Delegations (Del)
Warning: DNS server: tor_dc01.coop.tor. IP: <Unavailable> Failure:Missing glue A record
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: coop.tor
TOR-DC01 PASS PASS PASS FAIL PASS PASS n/a
......................... coop.tor failed test DNS
can you send the results of ipconfig /all from your 2008 DC?
Appears like you have invalid DNS forwarders listed
Appears like you have invalid DNS forwarders listed
ASKER
sure thing, here you go:
Windows IP Configuration
Host Name . . . . . . . . . . . . : TOR-DC01
Primary Dns Suffix . . . . . . . : coop.tor
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : coop.tor
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Citrix XenServer PV Ethernet Adapter
Physical Address. . . . . . . . . : EA-3F-C3-15-49-8C
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.200
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{874DE82C-F12D-43DA -A1BC-9970 7A704A7A}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Windows IP Configuration
Host Name . . . . . . . . . . . . : TOR-DC01
Primary Dns Suffix . . . . . . . : coop.tor
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : coop.tor
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Citrix XenServer PV Ethernet Adapter
Physical Address. . . . . . . . . : EA-3F-C3-15-49-8C
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.200
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{874DE82C-F12D-43DA
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Ok, I think we are almost there.
What does ipconfig /all from the 2003 server contain?
What does ipconfig /all from the 2003 server contain?
ASKER
Here we go:
Windows IP Configuration
Host Name . . . . . . . . . . . . : TOR-DB02
Primary Dns Suffix . . . . . . . : coop.tor
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : coop.tor
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Citrix XenServer PV Ethernet Adapter
Physical Address. . . . . . . . . : FA-45-32-3A-AB-36
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.241
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.200
Windows IP Configuration
Host Name . . . . . . . . . . . . : TOR-DB02
Primary Dns Suffix . . . . . . . : coop.tor
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : coop.tor
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Citrix XenServer PV Ethernet Adapter
Physical Address. . . . . . . . . : FA-45-32-3A-AB-36
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.241
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.200
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The issue description says:
I am unable to login to my domain controller from a member (server 2003)
Could you please elaborate?
Are you trying to RDP into the domain controller from the member server or are you trying to logon to the member server using the domain credentials?
What is the error message that you are seeing?
I am unable to login to my domain controller from a member (server 2003)
Could you please elaborate?
Are you trying to RDP into the domain controller from the member server or are you trying to logon to the member server using the domain credentials?
What is the error message that you are seeing?
ASKER
Thank you kindly!!!! You, sir, were great!
Update your root certificates on your 2003 server.
Windows Update Catalog
look for “root update” or the KB article for the Root Certificate Program, “KB931125”.