Solved

Server issue with AD

Posted on 2015-01-01
33
75 Views
Last Modified: 2015-01-17
I have a server that is part of the domain.  The issue is domain users cannot connect to the machine nor when I go to add another domain user to the server (server 2003 sp1) can it see the domain structure only the local server structure.  Does anyone know how to fix this?
0
Comment
Question by:Jack_son_
  • 14
  • 13
  • 4
  • +1
33 Comments
 
LVL 2

Expert Comment

by:phil435
ID: 40526837
Are you saying that you cannot login with a domain account to the server, only local users? Have you checked DNS to make sure it is pointing to your ad dns server on this server?

What error messages are you receiving?
0
 

Author Comment

by:Jack_son_
ID: 40526842
it is pointing to the right internal dns servers.  I also notice that there is an issue resolving dns sites - like google.com.  The dns is working for all the other servers, just not this one.
0
 
LVL 2

Expert Comment

by:phil435
ID: 40526848
Can you ping internal servers/workstations by DNS name?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Jack_son_
ID: 40526861
not from this server
0
 
LVL 11

Expert Comment

by:andreas
ID: 40526868
was it ever working before?

if yes, defective NIC?

if no check IP config.
0
 
LVL 2

Expert Comment

by:phil435
ID: 40526872
I assume that you can ping from this server via IP address just not dns name?
0
 

Author Comment

by:Jack_son_
ID: 40526877
correct
0
 
LVL 2

Expert Comment

by:phil435
ID: 40526882
So you can ping the DNS server by IP address and you have verified that this DNS server is configured as primary DNS but cannot resolve any hostnames for this server. Have you tried pinging the DNS server by the fqdn such as dns1.somedomain.local?
0
 

Author Comment

by:Jack_son_
ID: 40526884
yes, neither works.  Would there be somewhere else on the server that someone would add a pointer?  Perhaps its getting the information somewhere other than the network card.
0
 
LVL 2

Expert Comment

by:phil435
ID: 40526889
Could you post the output of ipconfig /all?
0
 

Author Comment

by:Jack_son_
ID: 40526899
Physical address:  00-50-56-B8-xx-xx
DHCP Enabled:      yes
Autoconfiguration Enabled:  Yes
IP Address:  10.1.100.101
Subnet Mask:  255.255.255.0
Default Gateway:  10.1.100.1
DHCP Server:   192.168.100.15
DNS Servers:  192.168.100.15
                          192.168.100.20
Primary Wins:  192.168.100.15
0
 
LVL 11

Expert Comment

by:andreas
ID: 40526915
Does the server get its correct IP-Address? Can you ping the default gateway by IP? Can you ping the DHCP-Server by IP?

Can you ping the servers by IP from other PCs/Servers, not that pings are blocked in your network...
0
 
LVL 2

Expert Comment

by:phil435
ID: 40526925
Since this is in a different subnet have you verified that there are no acls on the routers that would block port 53? Also check windows firewall on the DNS server to make sure its not blocking this as well.
0
 
LVL 2

Expert Comment

by:phil435
ID: 40526933
Another thing that you can try is using this command:

telnet 192.168.100.15 53

This will test TCP port 53 to the server. Although your client requests will use UDP this will at least check TCP port 53. Since you have pulled an IP address from this same server it appears that routing it functioning properly.
0
 

Author Comment

by:Jack_son_
ID: 40526953
Yes, I can ping the gateway and the servers too by ip; I am testing the tcp port now
0
 
LVL 2

Expert Comment

by:phil435
ID: 40526972
The other thing that I should have asked is do you have other clients in the 10.1.100.0 subnet and can they resolve hostnames to the 192.168.100.15 server?
0
 

Author Comment

by:Jack_son_
ID: 40526990
yes, they can all resolve to the .15 server
0
 

Author Comment

by:Jack_son_
ID: 40526992
I just noticed when I do ipconfig /displaydns the server is pointing to 1.0.0.127.in-addr.arpa. and localhost.

Do you know where i can change this?
0
 
LVL 2

Expert Comment

by:phil435
ID: 40527000
That command is only displaying the cache which in your case is empty.

Without knowing your network setup this sounds like a firewall\access issue from this server. Have you turned off any firewalls on this server and could there be acls on your router blocking this?

Did you run the telnet command above?
0
 

Author Comment

by:Jack_son_
ID: 40527044
yes I can telnet and there are no firewalls between the servers, plus the software firewall is turned off
0
 
LVL 2

Expert Comment

by:phil435
ID: 40527104
Ok, can you open up a cmd prompt and type nslookup? Do you see any errors when executing this?
0
 

Author Comment

by:Jack_son_
ID: 40527861
says the request timed out.  Of course I can ping it and several hundred other computers work fine with it.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40527929
Try ipconfig /flushdns and try nslookup again. Also, clear all stagnant records in DNS, right click DNS server go to properties.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40527932
What is the server NIC hardcoded with in the DNS settings? You may want to update the NIC card driver and and confirm the correct binding in the DHCP server. What does the DNS logs report?
0
 

Author Comment

by:Jack_son_
ID: 40528057
I dont have DNS logs report.   It seems the server can ping the dc's both by name and ip, although it cant add users from the domain, only the local pc.  I do have error 1053.
0
 
LVL 2

Expert Comment

by:phil435
ID: 40528059
Do you have multiple NICs in this machine and are they active?
0
 

Author Comment

by:Jack_son_
ID: 40528104
I do have multiple nics, this is virtual, only 1 is active
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40528120
how is your virtual switch configured?
0
 

Author Comment

by:Jack_son_
ID: 40528125
the switch is really just a passthrough.  All the other servers on this network are working, only this one has an issue
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 40528184
not if it's a virtual switch, every other device is connected physically through a physical switch and VM's are configure to go through a virtual switch between the host and VM.
0
 
LVL 2

Expert Comment

by:phil435
ID: 40528196
Strange that you can ping the dc's by name. Check under system32/drivers/etc and check the hosts file for entries for these servers.
0
 
LVL 2

Accepted Solution

by:
phil435 earned 500 total points
ID: 40528533
With this odd behavior you may have something corrupt on the TCP/IP stack. Since this is a VM I would create a snapshot and reset the TCP/IP stack. You can follow the instructions here to do so:

http://support.microsoft.com/kb/299357
0
 

Author Comment

by:Jack_son_
ID: 40529274
I agree, this is an old server.  Also is there a way to run a repair on the registry?  Not sure if someone modified it in the post to create some issues.....
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question