Problem accessing AD

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

Our server is having problem in accessing the content by users as well as
modifying the ACL in folders / files. Users first reported that accessing
files are rather slow (a lot slower than it used to be). Also, when trying
to change items in security of the properties of folder, not all the items
in <domain> can be seen. When choose "Entire Domain" from the pull down
window it shows only the followings :

Cannot display objects from the location because of the following error:

The server is not operational.

Also, when trying to add a user to the list it prompts an error as "unable
to lookup user names for display".

I have tried to reset the computer account for this server, then disjoin and
rejoin the server back to the domain. But that did not help where the
situaion remains.

This only happens today as it wasn't like this last Friday. Our server is
running Windows Powered. Would anyone able to shed some light on this
problem?


Thanks,
15 answers Last reply
More about problem accessing
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Also,

    Only Domain users cannot be seen, or even saw them they cannot be added.
    Users / Groups from local computer can be added to the ACL.

    Thx,

    "YMan" <yyyy@yyyy.com> wrote in message
    news:OVbgzwdsFHA.1168@TK2MSFTNGP10.phx.gbl...
    > Hi,
    >
    > Our server is having problem in accessing the content by users as well as
    > modifying the ACL in folders / files. Users first reported that accessing
    > files are rather slow (a lot slower than it used to be). Also, when trying
    > to change items in security of the properties of folder, not all the items
    > in <domain> can be seen. When choose "Entire Domain" from the pull down
    > window it shows only the followings :
    >
    > Cannot display objects from the location because of the following error:
    >
    > The server is not operational.
    >
    > Also, when trying to add a user to the list it prompts an error as "unable
    > to lookup user names for display".
    >
    > I have tried to reset the computer account for this server, then disjoin
    > and rejoin the server back to the domain. But that did not help where the
    > situaion remains.
    >
    > This only happens today as it wasn't like this last Friday. Our server is
    > running Windows Powered. Would anyone able to shed some light on this
    > problem?
    >
    >
    > Thanks,
    >
    >
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    In news:OVbgzwdsFHA.1168@TK2MSFTNGP10.phx.gbl,
    YMan <yyyy@yyyy.com> made this post, which I then commented about below:
    > Hi,
    >
    > Our server is having problem in accessing the content by users as
    > well as modifying the ACL in folders / files. Users first reported
    > that accessing files are rather slow (a lot slower than it used to
    > be). Also, when trying to change items in security of the properties
    > of folder, not all the items in <domain> can be seen. When choose
    > "Entire Domain" from the pull down window it shows only the
    > followings :
    > Cannot display objects from the location because of the following
    > error:
    > The server is not operational.
    >
    > Also, when trying to add a user to the list it prompts an error as
    > "unable to lookup user names for display".
    >
    > I have tried to reset the computer account for this server, then
    > disjoin and rejoin the server back to the domain. But that did not
    > help where the situaion remains.
    >
    > This only happens today as it wasn't like this last Friday. Our
    > server is running Windows Powered. Would anyone able to shed some
    > light on this problem?
    >
    >
    > Thanks,

    These issues, such as slow access, server not operational, etc, is normally
    due to DNS misconfiguration. The one thing I can suggest, which is required
    for AD properly function, is to ONLY use the IP address of your internal DNS
    server (which maybe the DC), on ALL machines, including DCs, clients and
    member servers. If you use your ISP, even if mixing ISP and internal DNS,
    the results can be what you are seeing. If the DC is multihomed, this may
    cause it too.

    If you are not sure what I am referring to, post some info below and we can
    specifically point out the errors, if there are any. If not, then the
    problem may lie elsewhere, but my bet is DNS/

    1. An unedited ipconfig /all from a client AND of the DC.
    2. Name of the AD DNS Domain name as it shows in ADUC.
    3. Do the SRV folders exist under the zone in AD (_msdcs, _sites, _udp and
    _tcp)?
    4. Any errors in the DC's event viewer (under any logs)? If so, post the
    Event ID# and the Source please.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services
    Infinite Diversities in Infinite Combinations.
    =================================
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Ace Fekay [MVP]"
    <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
    message news:%23Mi1t3nsFHA.2540@TK2MSFTNGP09.phx.gbl...
    > In news:OVbgzwdsFHA.1168@TK2MSFTNGP10.phx.gbl,
    > YMan <yyyy@yyyy.com> made this post, which I then commented about below:
    >> Hi,
    >>
    >> Our server is having problem in accessing the content by users as
    >> well as modifying the ACL in folders / files. Users first reported
    >> that accessing files are rather slow (a lot slower than it used to
    >> be). Also, when trying to change items in security of the properties
    >> of folder, not all the items in <domain> can be seen. When choose
    >> "Entire Domain" from the pull down window it shows only the
    >> followings :
    >> Cannot display objects from the location because of the following
    >> error:
    >> The server is not operational.
    >>
    >> Also, when trying to add a user to the list it prompts an error as
    >> "unable to lookup user names for display".
    >>
    >> I have tried to reset the computer account for this server, then
    >> disjoin and rejoin the server back to the domain. But that did not
    >> help where the situaion remains.
    >>
    >> This only happens today as it wasn't like this last Friday. Our
    >> server is running Windows Powered. Would anyone able to shed some
    >> light on this problem?
    >>
    >>
    >> Thanks,
    >
    > These issues, such as slow access, server not operational, etc, is
    > normally due to DNS misconfiguration. The one thing I can suggest, which
    > is required for AD properly function, is to ONLY use the IP address of
    > your internal DNS server (which maybe the DC), on ALL machines, including
    > DCs, clients and member servers. If you use your ISP, even if mixing ISP
    > and internal DNS, the results can be what you are seeing. If the DC is
    > multihomed, this may cause it too.
    >
    > If you are not sure what I am referring to, post some info below and we
    > can specifically point out the errors, if there are any. If not, then the
    > problem may lie elsewhere, but my bet is DNS/
    >
    > 1. An unedited ipconfig /all from a client AND of the DC.
    > 2. Name of the AD DNS Domain name as it shows in ADUC.
    > 3. Do the SRV folders exist under the zone in AD (_msdcs, _sites, _udp and
    > _tcp)?
    > 4. Any errors in the DC's event viewer (under any logs)? If so, post the
    > Event ID# and the Source please.
    >
    > --
    > Regards,
    > Ace

    Still don't know what the problem is. But so far the server is able to login
    to the domain again. The only thing that I did was to switch to use another
    NIC in the server.

    Originally the server has two NICs. With one configured to connect to the
    company LAN, the other one is connected to a seperate gigabit switch to
    access an EMC AX100 storage using iSCSI. When the problem occurs I saw some
    events in the System Log :

    Event ID Source
    ---------- ---------
    8021, 8022 BROWSER
    50 TERMDD
    2006 Srv
    15 Appletalk
    11, 56 W32time
    3034 MRxSmb
    105 MSFTPSVC, SMTPSVC, W3SVC

    Still head-scratching with what these events mean. However one thing I also
    noticed is that after the swapping of NICs the access to the iSCSI storage
    started to have problems. Currently I can connect to it but cannot format
    the partition reserved for this server.

    Is it a coincidence or is the problem might be rooted to a NIC problem with
    the server?
  4. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    In news:OiSHXP4sFHA.1028@TK2MSFTNGP12.phx.gbl,
    YMan <yyyy@yyyy.com> made this post, which I then commented about below:
    > Still don't know what the problem is. But so far the server is able
    > to login to the domain again. The only thing that I did was to switch
    > to use another NIC in the server.
    >
    > Originally the server has two NICs. With one configured to connect to
    > the company LAN, the other one is connected to a seperate gigabit
    > switch to access an EMC AX100 storage using iSCSI. When the problem
    > occurs I saw some events in the System Log :
    >
    > Event ID Source
    > ---------- ---------
    > 8021, 8022 BROWSER
    > 50 TERMDD
    > 2006 Srv
    > 15 Appletalk
    > 11, 56 W32time
    > 3034 MRxSmb
    > 105 MSFTPSVC, SMTPSVC, W3SVC
    >
    > Still head-scratching with what these events mean. However one thing
    > I also noticed is that after the swapping of NICs the access to the
    > iSCSI storage started to have problems. Currently I can connect to it
    > but cannot format the partition reserved for this server.
    >
    > Is it a coincidence or is the problem might be rooted to a NIC
    > problem with the server?

    Is this a DC or just a member server? I bleive it's a DC because of the
    W32time error.

    Either way, the problem seems to be based on multi NICs and not configuring
    it correctly.

    Here's a start, follow these steps:

    On the EMC NIC:
    1. Disable File and Print Service
    2. Disable Microsoft Client Services (this may be questionable)
    3. Only use the internal DNS server IP address in the NIC
    4. Disable NetBIOS (eliminates the Browser error)

    If this is a DC, there are a few registry changes you have to make. Honestly
    it would be easier tojust use a member server for multihoming. Many issues
    arise and addtional administrative overhead is required to resolve them.

    Ace
  5. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    >
    > Is this a DC or just a member server? I bleive it's a DC because of the
    > W32time error.
    >
    > Either way, the problem seems to be based on multi NICs and not
    configuring
    > it correctly.
    >
    > Here's a start, follow these steps:
    >
    > On the EMC NIC:
    > 1. Disable File and Print Service
    > 2. Disable Microsoft Client Services (this may be questionable)
    > 3. Only use the internal DNS server IP address in the NIC
    > 4. Disable NetBIOS (eliminates the Browser error)
    >
    > If this is a DC, there are a few registry changes you have to make.
    Honestly
    > it would be easier tojust use a member server for multihoming. Many issues
    > arise and addtional administrative overhead is required to resolve them.
    >
    > Ace
    >

    This server is member server, and the EMC NIC has not configured to have any
    DNS entry. Since the connection to the EMC storage is on an isolated switch,
    so I kinda leave the gateway and Preferred DNS blank. The server has its
    motherboard replaced a few weeks ago (one of the NIC is on-board, the other
    is using one of the PCI slot). It was functioning normally, including
    connection to the EMC storage, until last weekend.

    I will try that out and see how it goes.

    Speaking of replacing hardware, that brings another question. If a member
    server has hardware problem and needs to replace either a NIC or motherboard
    (or both). What should be done in order for the server to operate normally
    after the replacement of hardware? Is there anything that needs to be done
    before hardware replacement, such as IP address settings, domain membership
    etc? What about the computer account in AD? Does it need to be reset and the
    server has to rejoin the domain?

    Thanks,
  6. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    In news:O6du4t8sFHA.2072@TK2MSFTNGP14.phx.gbl,
    YMan <yyyy@yyyy.com> made this post, which I then commented about below:

    > This server is member server, and the EMC NIC has not configured to
    > have any DNS entry. Since the connection to the EMC storage is on an
    > isolated switch, so I kinda leave the gateway and Preferred DNS
    > blank. The server has its motherboard replaced a few weeks ago (one
    > of the NIC is on-board, the other is using one of the PCI slot). It
    > was functioning normally, including connection to the EMC storage,
    > until last weekend.
    >
    > I will try that out and see how it goes.
    >
    > Speaking of replacing hardware, that brings another question. If a
    > member server has hardware problem and needs to replace either a NIC
    > or motherboard (or both). What should be done in order for the server
    > to operate normally after the replacement of hardware? Is there
    > anything that needs to be done before hardware replacement, such as
    > IP address settings, domain membership etc? What about the computer
    > account in AD? Does it need to be reset and the server has to rejoin
    > the domain?
    >
    > Thanks,

    If you are replacing hardware, as far as the interface goes, as long as the
    interface has it's IP configured correctly for that subnet it's to
    communicate on, you should be good to go.

    One other thing I forgot to mention. You should make the production
    network's interface the default by putting it on top of the binding order.
    That's found in network windows, Advanced menu, advanced.

    And yes, the DNS IP should be put on all interfaces to insure the system is
    sending any DNS queries, especially "where is my domain?" query to the
    correct DNS server.

    Ace
  7. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Ace Fekay [MVP]"
    <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
    message news:eM9w799sFHA.3188@TK2MSFTNGP14.phx.gbl...
    > In news:O6du4t8sFHA.2072@TK2MSFTNGP14.phx.gbl,
    > YMan <yyyy@yyyy.com> made this post, which I then commented about below:
    >
    >> This server is member server, and the EMC NIC has not configured to
    >> have any DNS entry. Since the connection to the EMC storage is on an
    >> isolated switch, so I kinda leave the gateway and Preferred DNS
    >> blank. The server has its motherboard replaced a few weeks ago (one
    >> of the NIC is on-board, the other is using one of the PCI slot). It
    >> was functioning normally, including connection to the EMC storage,
    >> until last weekend.
    >>
    >> I will try that out and see how it goes.
    >>
    >> Speaking of replacing hardware, that brings another question. If a
    >> member server has hardware problem and needs to replace either a NIC
    >> or motherboard (or both). What should be done in order for the server
    >> to operate normally after the replacement of hardware? Is there
    >> anything that needs to be done before hardware replacement, such as
    >> IP address settings, domain membership etc? What about the computer
    >> account in AD? Does it need to be reset and the server has to rejoin
    >> the domain?
    >>
    >> Thanks,
    >
    > If you are replacing hardware, as far as the interface goes, as long as
    > the interface has it's IP configured correctly for that subnet it's to
    > communicate on, you should be good to go.
    >
    > One other thing I forgot to mention. You should make the production
    > network's interface the default by putting it on top of the binding order.
    > That's found in network windows, Advanced menu, advanced.
    >
    > And yes, the DNS IP should be put on all interfaces to insure the system
    > is sending any DNS queries, especially "where is my domain?" query to the
    > correct DNS server.
    >
    > Ace
    >
    >
    Hi Ace,

    For the case in our EMC NIC there is no DNS server connected in that
    isolated switch. That switch only connects to the EMC storage plus a couple
    of domain member servers (which none is a DNS). In that case how should the
    DNS be configured? Is it possible just point it back to its own IP?
  8. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    In news:ub5GUyBtFHA.3040@TK2MSFTNGP14.phx.gbl,
    YMan <yyyy@yyyy.com> made this post, which I then commented about below:
    > Hi Ace,
    >
    > For the case in our EMC NIC there is no DNS server connected in that
    > isolated switch. That switch only connects to the EMC storage plus a
    > couple of domain member servers (which none is a DNS). In that case
    > how should the DNS be configured? Is it possible just point it back
    > to its own IP?

    Well, it's good to have all interfaces directed to the internal DNS server.
    If you are saying DNS is installed on this machine so as to pi=oint to
    itself, yes, you can do that if this is the case, but I assumed since it's a
    member server, it doesn't have DNS installed on it. By default, as long as
    the internal NIC is at the top of the binding order, for the most part it
    will use that interface first anyway.

    Back to the original issue about ACLs and such on this machine and users
    having difficulty accessing it. The way AD works, and not sure if you are
    aware of the DNS implications, is that AD relies on DNS. All members will
    "look" for the domain and all of it's services by querying DNS, specifically
    the SRV folders under the zone name (the _msdcs, _sites, _tcp, and _udp
    folders). If they are missing , which can be caused by numerous reasons, or
    the AD member (DC, clients and member servers) are not configured with the
    internal DNS server's IP address, numerous issues will result. That was the
    reason I asked for specific config info in my previous post.

    At this point were guessing and conjecturing. The info I previously asked
    for will be *extremely* helpful to come to a better diagnosis. If reluctant
    because of security reasons, I can understand, but please do realize that
    more than likely you have private IPs and no one will be able to connect to
    them across the Internet.

    Ace
  9. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    > Well, it's good to have all interfaces directed to the internal DNS
    > server.
    > If you are saying DNS is installed on this machine so as to pi=oint to
    > itself, yes, you can do that if this is the case, but I assumed since it's
    > a member server, it doesn't have DNS installed on it. By default, as long
    > as the internal NIC is at the top of the binding order, for the most part
    > it will use that interface first anyway.
    >
    > Back to the original issue about ACLs and such on this machine and users
    > having difficulty accessing it. The way AD works, and not sure if you are
    > aware of the DNS implications, is that AD relies on DNS. All members will
    > "look" for the domain and all of it's services by querying DNS,
    > specifically the SRV folders under the zone name (the _msdcs, _sites,
    > _tcp, and _udp folders). If they are missing , which can be caused by
    > numerous reasons, or the AD member (DC, clients and member servers) are
    > not configured with the internal DNS server's IP address, numerous issues
    > will result. That was the reason I asked for specific config info in my
    > previous post.
    >
    > At this point were guessing and conjecturing. The info I previously asked
    > for will be *extremely* helpful to come to a better diagnosis. If
    > reluctant because of security reasons, I can understand, but please do
    > realize that more than likely you have private IPs and no one will be able
    > to connect to them across the Internet.
    >
    > Ace
    >
    Hi Ace,

    Thanks again for replying.
    For the information you have asked for I will need some time to gather them.
    Please allow me some time before I post those back in the group. I should be
    able to post them before next Monday. Sorry about that.
  10. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    In news:O6tc20QtFHA.3188@TK2MSFTNGP14.phx.gbl,
    YMan <yyyy@yyyy.com> made this post, which I then commented about below:

    > Hi Ace,
    >
    > Thanks again for replying.
    > For the information you have asked for I will need some time to
    > gather them. Please allow me some time before I post those back in
    > the group. I should be able to post them before next Monday. Sorry
    > about that.

    Thanks YMan. Looking forward to the config info.

    Ace
  11. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    >
    > Thanks YMan. Looking forward to the config info.
    >
    > Ace

    Hi Ace,

    Sorry for delay as I got hung up with something else.

    First of all the domain name is being replaced with a dummy one (hope you'll
    understand).

    Here is the ipconfig /all from a client PC :

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : MyXP
    Primary Dns Suffix . . . . . . . : mydomain.com
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : mydomain.com

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : mydomain.com
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
    Connection
    Physical Address. . . . . . . . . : 00-08-74-F1-D1-B1
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.88.241
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.88.1
    DHCP Server . . . . . . . . . . . : 192.168.88.10
    DNS Servers . . . . . . . . . . . : 192.168.88.10
    Lease Obtained. . . . . . . . . . : Monday, September 12, 2005
    8:52:13 AM
    Lease Expires . . . . . . . . . . : Tuesday, September 13, 2005
    8:52:13 AM

    Since we have TWO domain controllers, I will post ipconfig /all for both of
    them :

    DC1 :Windows IP Configuration

    Host Name . . . . . . . . . . . . : dns01
    Primary Dns Suffix . . . . . . . : mydomain.com
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : eastpointhk.com

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
    Connection
    Physical Address. . . . . . . . . : 00-03-47-CF-16-E3
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.88.10
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.88.1
    DNS Servers . . . . . . . . . . . : 192.168.88.10
    210.0.128.120
    203.198.23.208
    218.102.32.208

    For DC2 :
  12. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    >
    > Thanks YMan. Looking forward to the config info.
    >
    > Ace

    Hi Ace,

    Sorry for the delay as I got hung up with something. Please note that I
    chaged the domain name for security reason (hope you'll understand) and
    others stay as they are.

    First of all here is the ipconfig /all from a client computer

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : MyXP
    Primary Dns Suffix . . . . . . . : mydomain.com
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : mydomain.com

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : mydomain.com
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
    Connection
    Physical Address. . . . . . . . . : 00-08-74-F1-D1-B1
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.88.241
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.88.1
    DHCP Server . . . . . . . . . . . : 192.168.88.10
    DNS Servers . . . . . . . . . . . : 192.168.88.10
    Lease Obtained. . . . . . . . . . : Monday, September 12, 2005
    8:52:13 AM
    Lease Expires . . . . . . . . . . : Tuesday, September 13, 2005
    8:52:13 AM

    Since we have two DCs so I am including both their ipconfig /all info :

    DC1 :

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : dns01
    Primary Dns Suffix . . . . . . . : mydomain.com
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : mydomain.com

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
    Connection
    Physical Address. . . . . . . . . : 00-03-47-CF-16-E3
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.88.10
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.88.1
    DNS Servers . . . . . . . . . . . : 192.168.88.10
    210.0.128.120
    203.198.23.208
    218.102.32.208

    For DC 2:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : HKGDNS02
    Primary Dns Suffix . . . . . . . : mydomain.com
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : mydomain.com

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetXtreme 5751 Gigabit
    Controller
    Physical Address. . . . . . . . . : 00-13-20-01-9F-4B
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.88.7
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.88.1
    DNS Servers . . . . . . . . . . . : 192.168.88.10

    The AD DNS domain name shown in Active Directory Users and Computers is
    "mydomain.com", which is same as in the above ipconfig /all info.

    I can see both domain controllers in the SRV folders exist in the DNS in DC,
    except for under the location _msdc -> _pdc -> _tcp where only DC1 (DNS01)
    exists.

    For event logs the only thing I see as related to the problem around the
    time when we were having problem is an event ID 8003, source MRxSmb.

    I certainly appreciate for your help all along. Thanks again, Ace.

    YMan
  13. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    In news:eg$xbq2tFHA.2624@TK2MSFTNGP12.phx.gbl,
    YMan <yyyy@yyyy.com> made this post, which I then commented about below:
    >> Thanks YMan. Looking forward to the config info.
    >>
    >> Ace
    >
    > Hi Ace,
    >
    > Sorry for the delay as I got hung up with something. Please note that
    > I chaged the domain name for security reason (hope you'll understand)
    > and others stay as they are.
    >
    > First of all here is the ipconfig /all from a client computer
    >
    > Windows IP Configuration
    >
    > Host Name . . . . . . . . . . . . : MyXP
    > Primary Dns Suffix . . . . . . . : mydomain.com
    > Node Type . . . . . . . . . . . . : Unknown
    > IP Routing Enabled. . . . . . . . : No
    > WINS Proxy Enabled. . . . . . . . : No
    > DNS Suffix Search List. . . . . . : mydomain.com
    >
    > Ethernet adapter Local Area Connection:
    >
    > Connection-specific DNS Suffix . : mydomain.com
    > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT
    > Network Connection
    > Physical Address. . . . . . . . . : 00-08-74-F1-D1-B1
    > Dhcp Enabled. . . . . . . . . . . : Yes
    > Autoconfiguration Enabled . . . . : Yes
    > IP Address. . . . . . . . . . . . : 192.168.88.241
    > Subnet Mask . . . . . . . . . . . : 255.255.255.0
    > Default Gateway . . . . . . . . . : 192.168.88.1
    > DHCP Server . . . . . . . . . . . : 192.168.88.10
    > DNS Servers . . . . . . . . . . . : 192.168.88.10
    > Lease Obtained. . . . . . . . . . : Monday, September 12, 2005
    > 8:52:13 AM
    > Lease Expires . . . . . . . . . . : Tuesday, September 13, 2005
    > 8:52:13 AM
    >
    > Since we have two DCs so I am including both their ipconfig /all info
    > :
    > DC1 :
    >
    > Windows IP Configuration
    >
    > Host Name . . . . . . . . . . . . : dns01
    > Primary Dns Suffix . . . . . . . : mydomain.com
    > Node Type . . . . . . . . . . . . : Unknown
    > IP Routing Enabled. . . . . . . . : No
    > WINS Proxy Enabled. . . . . . . . : No
    > DNS Suffix Search List. . . . . . : mydomain.com
    >
    > Ethernet adapter Local Area Connection:
    >
    > Connection-specific DNS Suffix . :
    > Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
    > Connection
    > Physical Address. . . . . . . . . : 00-03-47-CF-16-E3
    > DHCP Enabled. . . . . . . . . . . : No
    > IP Address. . . . . . . . . . . . : 192.168.88.10
    > Subnet Mask . . . . . . . . . . . : 255.255.255.0
    > Default Gateway . . . . . . . . . : 192.168.88.1
    > DNS Servers . . . . . . . . . . . : 192.168.88.10
    > 210.0.128.120
    > 203.198.23.208
    > 218.102.32.208
    >
    > For DC 2:
    >
    > Windows IP Configuration
    >
    > Host Name . . . . . . . . . . . . : HKGDNS02
    > Primary Dns Suffix . . . . . . . : mydomain.com
    > Node Type . . . . . . . . . . . . : Unknown
    > IP Routing Enabled. . . . . . . . : No
    > WINS Proxy Enabled. . . . . . . . : No
    > DNS Suffix Search List. . . . . . : mydomain.com
    >
    > Ethernet adapter Local Area Connection:
    >
    > Connection-specific DNS Suffix . :
    > Description . . . . . . . . . . . : Broadcom NetXtreme 5751 Gigabit
    > Controller
    > Physical Address. . . . . . . . . : 00-13-20-01-9F-4B
    > DHCP Enabled. . . . . . . . . . . : No
    > IP Address. . . . . . . . . . . . : 192.168.88.7
    > Subnet Mask . . . . . . . . . . . : 255.255.255.0
    > Default Gateway . . . . . . . . . : 192.168.88.1
    > DNS Servers . . . . . . . . . . . : 192.168.88.10
    >
    > The AD DNS domain name shown in Active Directory Users and Computers
    > is "mydomain.com", which is same as in the above ipconfig /all info.
    >
    > I can see both domain controllers in the SRV folders exist in the DNS
    > in DC, except for under the location _msdc -> _pdc -> _tcp where only
    > DC1 (DNS01) exists.
    >
    > For event logs the only thing I see as related to the problem around
    > the time when we were having problem is an event ID 8003, source
    > MRxSmb.
    > I certainly appreciate for your help all along. Thanks again, Ace.
    >
    > YMan

    The big mistake I see, which can cause MAJOR ISSUES, is DC1's DNS config:

    DNS Servers . . . . . . . . . . . : 192.168.88.10
    210.0.128.120
    203.198.23.208
    218.102.32.208


    You MUST Remove:
    210.0.128.120
    203.198.23.208
    218.102.32.208

    It should ONLY show 192.168.88.10. Configure a forwarder on each server to
    these ISP DNS servers. Here's how:

    300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000 :
    http://support.microsoft.com/?id=300202

    Then you should be good to go...

    :-)
    Ace
  14. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Ace Fekay [MVP]"
    <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
    message news:ux7TAAFuFHA.1472@TK2MSFTNGP15.phx.gbl...
    > In news:eg$xbq2tFHA.2624@TK2MSFTNGP12.phx.gbl,
    > YMan <yyyy@yyyy.com> made this post, which I then commented about below:
    >>> Thanks YMan. Looking forward to the config info.
    >>>
    >>> Ace
    >>
    >> Hi Ace,
    >>
    >> Sorry for the delay as I got hung up with something. Please note that
    >> I chaged the domain name for security reason (hope you'll understand)
    >> and others stay as they are.
    >>
    >> First of all here is the ipconfig /all from a client computer
    >>
    >> Windows IP Configuration
    >>
    >> Host Name . . . . . . . . . . . . : MyXP
    >> Primary Dns Suffix . . . . . . . : mydomain.com
    >> Node Type . . . . . . . . . . . . : Unknown
    >> IP Routing Enabled. . . . . . . . : No
    >> WINS Proxy Enabled. . . . . . . . : No
    >> DNS Suffix Search List. . . . . . : mydomain.com
    >>
    >> Ethernet adapter Local Area Connection:
    >>
    >> Connection-specific DNS Suffix . : mydomain.com
    >> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT
    >> Network Connection
    >> Physical Address. . . . . . . . . : 00-08-74-F1-D1-B1
    >> Dhcp Enabled. . . . . . . . . . . : Yes
    >> Autoconfiguration Enabled . . . . : Yes
    >> IP Address. . . . . . . . . . . . : 192.168.88.241
    >> Subnet Mask . . . . . . . . . . . : 255.255.255.0
    >> Default Gateway . . . . . . . . . : 192.168.88.1
    >> DHCP Server . . . . . . . . . . . : 192.168.88.10
    >> DNS Servers . . . . . . . . . . . : 192.168.88.10
    >> Lease Obtained. . . . . . . . . . : Monday, September 12, 2005
    >> 8:52:13 AM
    >> Lease Expires . . . . . . . . . . : Tuesday, September 13, 2005
    >> 8:52:13 AM
    >>
    >> Since we have two DCs so I am including both their ipconfig /all info
    >> :
    >> DC1 :
    >>
    >> Windows IP Configuration
    >>
    >> Host Name . . . . . . . . . . . . : dns01
    >> Primary Dns Suffix . . . . . . . : mydomain.com
    >> Node Type . . . . . . . . . . . . : Unknown
    >> IP Routing Enabled. . . . . . . . : No
    >> WINS Proxy Enabled. . . . . . . . : No
    >> DNS Suffix Search List. . . . . . : mydomain.com
    >>
    >> Ethernet adapter Local Area Connection:
    >>
    >> Connection-specific DNS Suffix . :
    >> Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
    >> Connection
    >> Physical Address. . . . . . . . . : 00-03-47-CF-16-E3
    >> DHCP Enabled. . . . . . . . . . . : No
    >> IP Address. . . . . . . . . . . . : 192.168.88.10
    >> Subnet Mask . . . . . . . . . . . : 255.255.255.0
    >> Default Gateway . . . . . . . . . : 192.168.88.1
    >> DNS Servers . . . . . . . . . . . : 192.168.88.10
    >> 210.0.128.120
    >> 203.198.23.208
    >> 218.102.32.208
    >>
    >> For DC 2:
    >>
    >> Windows IP Configuration
    >>
    >> Host Name . . . . . . . . . . . . : HKGDNS02
    >> Primary Dns Suffix . . . . . . . : mydomain.com
    >> Node Type . . . . . . . . . . . . : Unknown
    >> IP Routing Enabled. . . . . . . . : No
    >> WINS Proxy Enabled. . . . . . . . : No
    >> DNS Suffix Search List. . . . . . : mydomain.com
    >>
    >> Ethernet adapter Local Area Connection:
    >>
    >> Connection-specific DNS Suffix . :
    >> Description . . . . . . . . . . . : Broadcom NetXtreme 5751 Gigabit
    >> Controller
    >> Physical Address. . . . . . . . . : 00-13-20-01-9F-4B
    >> DHCP Enabled. . . . . . . . . . . : No
    >> IP Address. . . . . . . . . . . . : 192.168.88.7
    >> Subnet Mask . . . . . . . . . . . : 255.255.255.0
    >> Default Gateway . . . . . . . . . : 192.168.88.1
    >> DNS Servers . . . . . . . . . . . : 192.168.88.10
    >>
    >> The AD DNS domain name shown in Active Directory Users and Computers
    >> is "mydomain.com", which is same as in the above ipconfig /all info.
    >>
    >> I can see both domain controllers in the SRV folders exist in the DNS
    >> in DC, except for under the location _msdc -> _pdc -> _tcp where only
    >> DC1 (DNS01) exists.
    >>
    >> For event logs the only thing I see as related to the problem around
    >> the time when we were having problem is an event ID 8003, source
    >> MRxSmb.
    >> I certainly appreciate for your help all along. Thanks again, Ace.
    >>
    >> YMan
    >
    > The big mistake I see, which can cause MAJOR ISSUES, is DC1's DNS config:
    >
    > DNS Servers . . . . . . . . . . . : 192.168.88.10
    > 210.0.128.120
    > 203.198.23.208
    > 218.102.32.208
    >
    >
    > You MUST Remove:
    > 210.0.128.120
    > 203.198.23.208
    > 218.102.32.208
    >
    > It should ONLY show 192.168.88.10. Configure a forwarder on each server to
    > these ISP DNS servers. Here's how:
    >
    > 300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000 :
    > http://support.microsoft.com/?id=300202
    >
    > Then you should be good to go...
    >
    > :-)
    > Ace
    >
    >

    Got it, Ace. I will give it a go and will let you know later.

    Greatly appreciated your help. Many thanks. :-)
  15. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    In news:eARkNAcuFHA.1196@TK2MSFTNGP10.phx.gbl,
    YMan <yyyy@yyyy.com> made this post, which I then commented about below:
    > Got it, Ace. I will give it a go and will let you know later.
    >
    > Greatly appreciated your help. Many thanks. :-)

    I hope it helps. Let us know.

    Ace
Ask a new question

Read More

Domain Servers Active Directory Windows