Solved

Server issue with AD

Posted on 2015-01-01
33
72 Views
Last Modified: 2015-01-17
I have a server that is part of the domain.  The issue is domain users cannot connect to the machine nor when I go to add another domain user to the server (server 2003 sp1) can it see the domain structure only the local server structure.  Does anyone know how to fix this?
0
Comment
Question by:Jack_son_
  • 14
  • 13
  • 4
  • +1
33 Comments
 
LVL 2

Expert Comment

by:phil435
Comment Utility
Are you saying that you cannot login with a domain account to the server, only local users? Have you checked DNS to make sure it is pointing to your ad dns server on this server?

What error messages are you receiving?
0
 

Author Comment

by:Jack_son_
Comment Utility
it is pointing to the right internal dns servers.  I also notice that there is an issue resolving dns sites - like google.com.  The dns is working for all the other servers, just not this one.
0
 
LVL 2

Expert Comment

by:phil435
Comment Utility
Can you ping internal servers/workstations by DNS name?
0
 

Author Comment

by:Jack_son_
Comment Utility
not from this server
0
 
LVL 11

Expert Comment

by:andreas
Comment Utility
was it ever working before?

if yes, defective NIC?

if no check IP config.
0
 
LVL 2

Expert Comment

by:phil435
Comment Utility
I assume that you can ping from this server via IP address just not dns name?
0
 

Author Comment

by:Jack_son_
Comment Utility
correct
0
 
LVL 2

Expert Comment

by:phil435
Comment Utility
So you can ping the DNS server by IP address and you have verified that this DNS server is configured as primary DNS but cannot resolve any hostnames for this server. Have you tried pinging the DNS server by the fqdn such as dns1.somedomain.local?
0
 

Author Comment

by:Jack_son_
Comment Utility
yes, neither works.  Would there be somewhere else on the server that someone would add a pointer?  Perhaps its getting the information somewhere other than the network card.
0
 
LVL 2

Expert Comment

by:phil435
Comment Utility
Could you post the output of ipconfig /all?
0
 

Author Comment

by:Jack_son_
Comment Utility
Physical address:  00-50-56-B8-xx-xx
DHCP Enabled:      yes
Autoconfiguration Enabled:  Yes
IP Address:  10.1.100.101
Subnet Mask:  255.255.255.0
Default Gateway:  10.1.100.1
DHCP Server:   192.168.100.15
DNS Servers:  192.168.100.15
                          192.168.100.20
Primary Wins:  192.168.100.15
0
 
LVL 11

Expert Comment

by:andreas
Comment Utility
Does the server get its correct IP-Address? Can you ping the default gateway by IP? Can you ping the DHCP-Server by IP?

Can you ping the servers by IP from other PCs/Servers, not that pings are blocked in your network...
0
 
LVL 2

Expert Comment

by:phil435
Comment Utility
Since this is in a different subnet have you verified that there are no acls on the routers that would block port 53? Also check windows firewall on the DNS server to make sure its not blocking this as well.
0
 
LVL 2

Expert Comment

by:phil435
Comment Utility
Another thing that you can try is using this command:

telnet 192.168.100.15 53

This will test TCP port 53 to the server. Although your client requests will use UDP this will at least check TCP port 53. Since you have pulled an IP address from this same server it appears that routing it functioning properly.
0
 

Author Comment

by:Jack_son_
Comment Utility
Yes, I can ping the gateway and the servers too by ip; I am testing the tcp port now
0
 
LVL 2

Expert Comment

by:phil435
Comment Utility
The other thing that I should have asked is do you have other clients in the 10.1.100.0 subnet and can they resolve hostnames to the 192.168.100.15 server?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:Jack_son_
Comment Utility
yes, they can all resolve to the .15 server
0
 

Author Comment

by:Jack_son_
Comment Utility
I just noticed when I do ipconfig /displaydns the server is pointing to 1.0.0.127.in-addr.arpa. and localhost.

Do you know where i can change this?
0
 
LVL 2

Expert Comment

by:phil435
Comment Utility
That command is only displaying the cache which in your case is empty.

Without knowing your network setup this sounds like a firewall\access issue from this server. Have you turned off any firewalls on this server and could there be acls on your router blocking this?

Did you run the telnet command above?
0
 

Author Comment

by:Jack_son_
Comment Utility
yes I can telnet and there are no firewalls between the servers, plus the software firewall is turned off
0
 
LVL 2

Expert Comment

by:phil435
Comment Utility
Ok, can you open up a cmd prompt and type nslookup? Do you see any errors when executing this?
0
 

Author Comment

by:Jack_son_
Comment Utility
says the request timed out.  Of course I can ping it and several hundred other computers work fine with it.
0
 
LVL 17

Expert Comment

by:WORKS2011
Comment Utility
Try ipconfig /flushdns and try nslookup again. Also, clear all stagnant records in DNS, right click DNS server go to properties.
0
 
LVL 17

Expert Comment

by:WORKS2011
Comment Utility
What is the server NIC hardcoded with in the DNS settings? You may want to update the NIC card driver and and confirm the correct binding in the DHCP server. What does the DNS logs report?
0
 

Author Comment

by:Jack_son_
Comment Utility
I dont have DNS logs report.   It seems the server can ping the dc's both by name and ip, although it cant add users from the domain, only the local pc.  I do have error 1053.
0
 
LVL 2

Expert Comment

by:phil435
Comment Utility
Do you have multiple NICs in this machine and are they active?
0
 

Author Comment

by:Jack_son_
Comment Utility
I do have multiple nics, this is virtual, only 1 is active
0
 
LVL 17

Expert Comment

by:WORKS2011
Comment Utility
how is your virtual switch configured?
0
 

Author Comment

by:Jack_son_
Comment Utility
the switch is really just a passthrough.  All the other servers on this network are working, only this one has an issue
0
 
LVL 17

Expert Comment

by:WORKS2011
Comment Utility
not if it's a virtual switch, every other device is connected physically through a physical switch and VM's are configure to go through a virtual switch between the host and VM.
0
 
LVL 2

Expert Comment

by:phil435
Comment Utility
Strange that you can ping the dc's by name. Check under system32/drivers/etc and check the hosts file for entries for these servers.
0
 
LVL 2

Accepted Solution

by:
phil435 earned 500 total points
Comment Utility
With this odd behavior you may have something corrupt on the TCP/IP stack. Since this is a VM I would create a snapshot and reset the TCP/IP stack. You can follow the instructions here to do so:

http://support.microsoft.com/kb/299357
0
 

Author Comment

by:Jack_son_
Comment Utility
I agree, this is an old server.  Also is there a way to run a repair on the registry?  Not sure if someone modified it in the post to create some issues.....
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now