Sign in with
Sign up | Sign in
Your question

Problem accessing AD

Last response: in Windows 2000/NT
Share
Anonymous
September 5, 2005 5:38:43 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

Our server is having problem in accessing the content by users as well as
modifying the ACL in folders / files. Users first reported that accessing
files are rather slow (a lot slower than it used to be). Also, when trying
to change items in security of the properties of folder, not all the items
in <domain> can be seen. When choose "Entire Domain" from the pull down
window it shows only the followings :

Cannot display objects from the location because of the following error:

The server is not operational.

Also, when trying to add a user to the list it prompts an error as "unable
to lookup user names for display".

I have tried to reset the computer account for this server, then disjoin and
rejoin the server back to the domain. But that did not help where the
situaion remains.

This only happens today as it wasn't like this last Friday. Our server is
running Windows Powered. Would anyone able to shed some light on this
problem?


Thanks,

More about : problem accessing

Anonymous
September 5, 2005 7:40:43 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Also,

Only Domain users cannot be seen, or even saw them they cannot be added.
Users / Groups from local computer can be added to the ACL.

Thx,

"YMan" <yyyy@yyyy.com> wrote in message
news:o VbgzwdsFHA.1168@TK2MSFTNGP10.phx.gbl...
> Hi,
>
> Our server is having problem in accessing the content by users as well as
> modifying the ACL in folders / files. Users first reported that accessing
> files are rather slow (a lot slower than it used to be). Also, when trying
> to change items in security of the properties of folder, not all the items
> in <domain> can be seen. When choose "Entire Domain" from the pull down
> window it shows only the followings :
>
> Cannot display objects from the location because of the following error:
>
> The server is not operational.
>
> Also, when trying to add a user to the list it prompts an error as "unable
> to lookup user names for display".
>
> I have tried to reset the computer account for this server, then disjoin
> and rejoin the server back to the domain. But that did not help where the
> situaion remains.
>
> This only happens today as it wasn't like this last Friday. Our server is
> running Windows Powered. Would anyone able to shed some light on this
> problem?
>
>
> Thanks,
>
>
Anonymous
September 6, 2005 12:55:06 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:o VbgzwdsFHA.1168@TK2MSFTNGP10.phx.gbl,
YMan <yyyy@yyyy.com> made this post, which I then commented about below:
> Hi,
>
> Our server is having problem in accessing the content by users as
> well as modifying the ACL in folders / files. Users first reported
> that accessing files are rather slow (a lot slower than it used to
> be). Also, when trying to change items in security of the properties
> of folder, not all the items in <domain> can be seen. When choose
> "Entire Domain" from the pull down window it shows only the
> followings :
> Cannot display objects from the location because of the following
> error:
> The server is not operational.
>
> Also, when trying to add a user to the list it prompts an error as
> "unable to lookup user names for display".
>
> I have tried to reset the computer account for this server, then
> disjoin and rejoin the server back to the domain. But that did not
> help where the situaion remains.
>
> This only happens today as it wasn't like this last Friday. Our
> server is running Windows Powered. Would anyone able to shed some
> light on this problem?
>
>
> Thanks,

These issues, such as slow access, server not operational, etc, is normally
due to DNS misconfiguration. The one thing I can suggest, which is required
for AD properly function, is to ONLY use the IP address of your internal DNS
server (which maybe the DC), on ALL machines, including DCs, clients and
member servers. If you use your ISP, even if mixing ISP and internal DNS,
the results can be what you are seeing. If the DC is multihomed, this may
cause it too.

If you are not sure what I am referring to, post some info below and we can
specifically point out the errors, if there are any. If not, then the
problem may lie elsewhere, but my bet is DNS/

1. An unedited ipconfig /all from a client AND of the DC.
2. Name of the AD DNS Domain name as it shows in ADUC.
3. Do the SRV folders exist under the zone in AD (_msdcs, _sites, _udp and
_tcp)?
4. Any errors in the DC's event viewer (under any logs)? If so, post the
Event ID# and the Source please.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
Related resources
Anonymous
September 7, 2005 8:11:15 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:%23Mi1t3nsFHA.2540@TK2MSFTNGP09.phx.gbl...
> In news:o VbgzwdsFHA.1168@TK2MSFTNGP10.phx.gbl,
> YMan <yyyy@yyyy.com> made this post, which I then commented about below:
>> Hi,
>>
>> Our server is having problem in accessing the content by users as
>> well as modifying the ACL in folders / files. Users first reported
>> that accessing files are rather slow (a lot slower than it used to
>> be). Also, when trying to change items in security of the properties
>> of folder, not all the items in <domain> can be seen. When choose
>> "Entire Domain" from the pull down window it shows only the
>> followings :
>> Cannot display objects from the location because of the following
>> error:
>> The server is not operational.
>>
>> Also, when trying to add a user to the list it prompts an error as
>> "unable to lookup user names for display".
>>
>> I have tried to reset the computer account for this server, then
>> disjoin and rejoin the server back to the domain. But that did not
>> help where the situaion remains.
>>
>> This only happens today as it wasn't like this last Friday. Our
>> server is running Windows Powered. Would anyone able to shed some
>> light on this problem?
>>
>>
>> Thanks,
>
> These issues, such as slow access, server not operational, etc, is
> normally due to DNS misconfiguration. The one thing I can suggest, which
> is required for AD properly function, is to ONLY use the IP address of
> your internal DNS server (which maybe the DC), on ALL machines, including
> DCs, clients and member servers. If you use your ISP, even if mixing ISP
> and internal DNS, the results can be what you are seeing. If the DC is
> multihomed, this may cause it too.
>
> If you are not sure what I am referring to, post some info below and we
> can specifically point out the errors, if there are any. If not, then the
> problem may lie elsewhere, but my bet is DNS/
>
> 1. An unedited ipconfig /all from a client AND of the DC.
> 2. Name of the AD DNS Domain name as it shows in ADUC.
> 3. Do the SRV folders exist under the zone in AD (_msdcs, _sites, _udp and
> _tcp)?
> 4. Any errors in the DC's event viewer (under any logs)? If so, post the
> Event ID# and the Source please.
>
> --
> Regards,
> Ace

Still don't know what the problem is. But so far the server is able to login
to the domain again. The only thing that I did was to switch to use another
NIC in the server.

Originally the server has two NICs. With one configured to connect to the
company LAN, the other one is connected to a seperate gigabit switch to
access an EMC AX100 storage using iSCSI. When the problem occurs I saw some
events in the System Log :

Event ID Source
---------- ---------
8021, 8022 BROWSER
50 TERMDD
2006 Srv
15 Appletalk
11, 56 W32time
3034 MRxSmb
105 MSFTPSVC, SMTPSVC, W3SVC

Still head-scratching with what these events mean. However one thing I also
noticed is that after the swapping of NICs the access to the iSCSI storage
started to have problems. Currently I can connect to it but cannot format
the partition reserved for this server.

Is it a coincidence or is the problem might be rooted to a NIC problem with
the server?
Anonymous
September 7, 2005 8:11:16 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:o iSHXP4sFHA.1028@TK2MSFTNGP12.phx.gbl,
YMan <yyyy@yyyy.com> made this post, which I then commented about below:
> Still don't know what the problem is. But so far the server is able
> to login to the domain again. The only thing that I did was to switch
> to use another NIC in the server.
>
> Originally the server has two NICs. With one configured to connect to
> the company LAN, the other one is connected to a seperate gigabit
> switch to access an EMC AX100 storage using iSCSI. When the problem
> occurs I saw some events in the System Log :
>
> Event ID Source
> ---------- ---------
> 8021, 8022 BROWSER
> 50 TERMDD
> 2006 Srv
> 15 Appletalk
> 11, 56 W32time
> 3034 MRxSmb
> 105 MSFTPSVC, SMTPSVC, W3SVC
>
> Still head-scratching with what these events mean. However one thing
> I also noticed is that after the swapping of NICs the access to the
> iSCSI storage started to have problems. Currently I can connect to it
> but cannot format the partition reserved for this server.
>
> Is it a coincidence or is the problem might be rooted to a NIC
> problem with the server?

Is this a DC or just a member server? I bleive it's a DC because of the
W32time error.

Either way, the problem seems to be based on multi NICs and not configuring
it correctly.

Here's a start, follow these steps:

On the EMC NIC:
1. Disable File and Print Service
2. Disable Microsoft Client Services (this may be questionable)
3. Only use the internal DNS server IP address in the NIC
4. Disable NetBIOS (eliminates the Browser error)

If this is a DC, there are a few registry changes you have to make. Honestly
it would be easier tojust use a member server for multihoming. Many issues
arise and addtional administrative overhead is required to resolve them.

Ace
Anonymous
September 8, 2005 4:46:23 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

>
> Is this a DC or just a member server? I bleive it's a DC because of the
> W32time error.
>
> Either way, the problem seems to be based on multi NICs and not
configuring
> it correctly.
>
> Here's a start, follow these steps:
>
> On the EMC NIC:
> 1. Disable File and Print Service
> 2. Disable Microsoft Client Services (this may be questionable)
> 3. Only use the internal DNS server IP address in the NIC
> 4. Disable NetBIOS (eliminates the Browser error)
>
> If this is a DC, there are a few registry changes you have to make.
Honestly
> it would be easier tojust use a member server for multihoming. Many issues
> arise and addtional administrative overhead is required to resolve them.
>
> Ace
>

This server is member server, and the EMC NIC has not configured to have any
DNS entry. Since the connection to the EMC storage is on an isolated switch,
so I kinda leave the gateway and Preferred DNS blank. The server has its
motherboard replaced a few weeks ago (one of the NIC is on-board, the other
is using one of the PCI slot). It was functioning normally, including
connection to the EMC storage, until last weekend.

I will try that out and see how it goes.

Speaking of replacing hardware, that brings another question. If a member
server has hardware problem and needs to replace either a NIC or motherboard
(or both). What should be done in order for the server to operate normally
after the replacement of hardware? Is there anything that needs to be done
before hardware replacement, such as IP address settings, domain membership
etc? What about the computer account in AD? Does it need to be reset and the
server has to rejoin the domain?

Thanks,
Anonymous
September 8, 2005 4:46:24 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:o 6du4t8sFHA.2072@TK2MSFTNGP14.phx.gbl,
YMan <yyyy@yyyy.com> made this post, which I then commented about below:

> This server is member server, and the EMC NIC has not configured to
> have any DNS entry. Since the connection to the EMC storage is on an
> isolated switch, so I kinda leave the gateway and Preferred DNS
> blank. The server has its motherboard replaced a few weeks ago (one
> of the NIC is on-board, the other is using one of the PCI slot). It
> was functioning normally, including connection to the EMC storage,
> until last weekend.
>
> I will try that out and see how it goes.
>
> Speaking of replacing hardware, that brings another question. If a
> member server has hardware problem and needs to replace either a NIC
> or motherboard (or both). What should be done in order for the server
> to operate normally after the replacement of hardware? Is there
> anything that needs to be done before hardware replacement, such as
> IP address settings, domain membership etc? What about the computer
> account in AD? Does it need to be reset and the server has to rejoin
> the domain?
>
> Thanks,

If you are replacing hardware, as far as the interface goes, as long as the
interface has it's IP configured correctly for that subnet it's to
communicate on, you should be good to go.

One other thing I forgot to mention. You should make the production
network's interface the default by putting it on top of the binding order.
That's found in network windows, Advanced menu, advanced.

And yes, the DNS IP should be put on all interfaces to insure the system is
sending any DNS queries, especially "where is my domain?" query to the
correct DNS server.

Ace
Anonymous
September 8, 2005 2:24:35 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:eM9w799sFHA.3188@TK2MSFTNGP14.phx.gbl...
> In news:o 6du4t8sFHA.2072@TK2MSFTNGP14.phx.gbl,
> YMan <yyyy@yyyy.com> made this post, which I then commented about below:
>
>> This server is member server, and the EMC NIC has not configured to
>> have any DNS entry. Since the connection to the EMC storage is on an
>> isolated switch, so I kinda leave the gateway and Preferred DNS
>> blank. The server has its motherboard replaced a few weeks ago (one
>> of the NIC is on-board, the other is using one of the PCI slot). It
>> was functioning normally, including connection to the EMC storage,
>> until last weekend.
>>
>> I will try that out and see how it goes.
>>
>> Speaking of replacing hardware, that brings another question. If a
>> member server has hardware problem and needs to replace either a NIC
>> or motherboard (or both). What should be done in order for the server
>> to operate normally after the replacement of hardware? Is there
>> anything that needs to be done before hardware replacement, such as
>> IP address settings, domain membership etc? What about the computer
>> account in AD? Does it need to be reset and the server has to rejoin
>> the domain?
>>
>> Thanks,
>
> If you are replacing hardware, as far as the interface goes, as long as
> the interface has it's IP configured correctly for that subnet it's to
> communicate on, you should be good to go.
>
> One other thing I forgot to mention. You should make the production
> network's interface the default by putting it on top of the binding order.
> That's found in network windows, Advanced menu, advanced.
>
> And yes, the DNS IP should be put on all interfaces to insure the system
> is sending any DNS queries, especially "where is my domain?" query to the
> correct DNS server.
>
> Ace
>
>
Hi Ace,

For the case in our EMC NIC there is no DNS server connected in that
isolated switch. That switch only connects to the EMC storage plus a couple
of domain member servers (which none is a DNS). In that case how should the
DNS be configured? Is it possible just point it back to its own IP?
Anonymous
September 8, 2005 2:24:36 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:ub5GUyBtFHA.3040@TK2MSFTNGP14.phx.gbl,
YMan <yyyy@yyyy.com> made this post, which I then commented about below:
> Hi Ace,
>
> For the case in our EMC NIC there is no DNS server connected in that
> isolated switch. That switch only connects to the EMC storage plus a
> couple of domain member servers (which none is a DNS). In that case
> how should the DNS be configured? Is it possible just point it back
> to its own IP?

Well, it's good to have all interfaces directed to the internal DNS server.
If you are saying DNS is installed on this machine so as to pi=oint to
itself, yes, you can do that if this is the case, but I assumed since it's a
member server, it doesn't have DNS installed on it. By default, as long as
the internal NIC is at the top of the binding order, for the most part it
will use that interface first anyway.

Back to the original issue about ACLs and such on this machine and users
having difficulty accessing it. The way AD works, and not sure if you are
aware of the DNS implications, is that AD relies on DNS. All members will
"look" for the domain and all of it's services by querying DNS, specifically
the SRV folders under the zone name (the _msdcs, _sites, _tcp, and _udp
folders). If they are missing , which can be caused by numerous reasons, or
the AD member (DC, clients and member servers) are not configured with the
internal DNS server's IP address, numerous issues will result. That was the
reason I asked for specific config info in my previous post.

At this point were guessing and conjecturing. The info I previously asked
for will be *extremely* helpful to come to a better diagnosis. If reluctant
because of security reasons, I can understand, but please do realize that
more than likely you have private IPs and no one will be able to connect to
them across the Internet.

Ace
Anonymous
September 9, 2005 7:07:07 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

> Well, it's good to have all interfaces directed to the internal DNS
> server.
> If you are saying DNS is installed on this machine so as to pi=oint to
> itself, yes, you can do that if this is the case, but I assumed since it's
> a member server, it doesn't have DNS installed on it. By default, as long
> as the internal NIC is at the top of the binding order, for the most part
> it will use that interface first anyway.
>
> Back to the original issue about ACLs and such on this machine and users
> having difficulty accessing it. The way AD works, and not sure if you are
> aware of the DNS implications, is that AD relies on DNS. All members will
> "look" for the domain and all of it's services by querying DNS,
> specifically the SRV folders under the zone name (the _msdcs, _sites,
> _tcp, and _udp folders). If they are missing , which can be caused by
> numerous reasons, or the AD member (DC, clients and member servers) are
> not configured with the internal DNS server's IP address, numerous issues
> will result. That was the reason I asked for specific config info in my
> previous post.
>
> At this point were guessing and conjecturing. The info I previously asked
> for will be *extremely* helpful to come to a better diagnosis. If
> reluctant because of security reasons, I can understand, but please do
> realize that more than likely you have private IPs and no one will be able
> to connect to them across the Internet.
>
> Ace
>
Hi Ace,

Thanks again for replying.
For the information you have asked for I will need some time to gather them.
Please allow me some time before I post those back in the group. I should be
able to post them before next Monday. Sorry about that.
Anonymous
September 9, 2005 7:07:08 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:o 6tc20QtFHA.3188@TK2MSFTNGP14.phx.gbl,
YMan <yyyy@yyyy.com> made this post, which I then commented about below:

> Hi Ace,
>
> Thanks again for replying.
> For the information you have asked for I will need some time to
> gather them. Please allow me some time before I post those back in
> the group. I should be able to post them before next Monday. Sorry
> about that.

Thanks YMan. Looking forward to the config info.

Ace
Anonymous
September 12, 2005 7:11:42 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

>
> Thanks YMan. Looking forward to the config info.
>
> Ace

Hi Ace,

Sorry for delay as I got hung up with something else.

First of all the domain name is being replaced with a dummy one (hope you'll
understand).

Here is the ipconfig /all from a client PC :

Windows IP Configuration

Host Name . . . . . . . . . . . . : MyXP
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : mydomain.com
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-08-74-F1-D1-B1
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.88.241
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.88.1
DHCP Server . . . . . . . . . . . : 192.168.88.10
DNS Servers . . . . . . . . . . . : 192.168.88.10
Lease Obtained. . . . . . . . . . : Monday, September 12, 2005
8:52:13 AM
Lease Expires . . . . . . . . . . : Tuesday, September 13, 2005
8:52:13 AM

Since we have TWO domain controllers, I will post ipconfig /all for both of
them :

DC1 :Windows IP Configuration

Host Name . . . . . . . . . . . . : dns01
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : eastpointhk.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connection
Physical Address. . . . . . . . . : 00-03-47-CF-16-E3
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.88.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.88.1
DNS Servers . . . . . . . . . . . : 192.168.88.10
210.0.128.120
203.198.23.208
218.102.32.208

For DC2 :
Anonymous
September 12, 2005 7:20:42 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

>
> Thanks YMan. Looking forward to the config info.
>
> Ace

Hi Ace,

Sorry for the delay as I got hung up with something. Please note that I
chaged the domain name for security reason (hope you'll understand) and
others stay as they are.

First of all here is the ipconfig /all from a client computer

Windows IP Configuration

Host Name . . . . . . . . . . . . : MyXP
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : mydomain.com
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-08-74-F1-D1-B1
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.88.241
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.88.1
DHCP Server . . . . . . . . . . . : 192.168.88.10
DNS Servers . . . . . . . . . . . : 192.168.88.10
Lease Obtained. . . . . . . . . . : Monday, September 12, 2005
8:52:13 AM
Lease Expires . . . . . . . . . . : Tuesday, September 13, 2005
8:52:13 AM

Since we have two DCs so I am including both their ipconfig /all info :

DC1 :

Windows IP Configuration

Host Name . . . . . . . . . . . . : dns01
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connection
Physical Address. . . . . . . . . : 00-03-47-CF-16-E3
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.88.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.88.1
DNS Servers . . . . . . . . . . . : 192.168.88.10
210.0.128.120
203.198.23.208
218.102.32.208

For DC 2:

Windows IP Configuration

Host Name . . . . . . . . . . . . : HKGDNS02
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 5751 Gigabit
Controller
Physical Address. . . . . . . . . : 00-13-20-01-9F-4B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.88.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.88.1
DNS Servers . . . . . . . . . . . : 192.168.88.10

The AD DNS domain name shown in Active Directory Users and Computers is
"mydomain.com", which is same as in the above ipconfig /all info.

I can see both domain controllers in the SRV folders exist in the DNS in DC,
except for under the location _msdc -> _pdc -> _tcp where only DC1 (DNS01)
exists.

For event logs the only thing I see as related to the problem around the
time when we were having problem is an event ID 8003, source MRxSmb.

I certainly appreciate for your help all along. Thanks again, Ace.

YMan
Anonymous
September 13, 2005 10:41:26 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:eg$xbq2tFHA.2624@TK2MSFTNGP12.phx.gbl,
YMan <yyyy@yyyy.com> made this post, which I then commented about below:
>> Thanks YMan. Looking forward to the config info.
>>
>> Ace
>
> Hi Ace,
>
> Sorry for the delay as I got hung up with something. Please note that
> I chaged the domain name for security reason (hope you'll understand)
> and others stay as they are.
>
> First of all here is the ipconfig /all from a client computer
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : MyXP
> Primary Dns Suffix . . . . . . . : mydomain.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : mydomain.com
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . : mydomain.com
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT
> Network Connection
> Physical Address. . . . . . . . . : 00-08-74-F1-D1-B1
> Dhcp Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> IP Address. . . . . . . . . . . . : 192.168.88.241
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.88.1
> DHCP Server . . . . . . . . . . . : 192.168.88.10
> DNS Servers . . . . . . . . . . . : 192.168.88.10
> Lease Obtained. . . . . . . . . . : Monday, September 12, 2005
> 8:52:13 AM
> Lease Expires . . . . . . . . . . : Tuesday, September 13, 2005
> 8:52:13 AM
>
> Since we have two DCs so I am including both their ipconfig /all info
> :
> DC1 :
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : dns01
> Primary Dns Suffix . . . . . . . : mydomain.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : mydomain.com
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
> Connection
> Physical Address. . . . . . . . . : 00-03-47-CF-16-E3
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.88.10
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.88.1
> DNS Servers . . . . . . . . . . . : 192.168.88.10
> 210.0.128.120
> 203.198.23.208
> 218.102.32.208
>
> For DC 2:
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : HKGDNS02
> Primary Dns Suffix . . . . . . . : mydomain.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : mydomain.com
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Broadcom NetXtreme 5751 Gigabit
> Controller
> Physical Address. . . . . . . . . : 00-13-20-01-9F-4B
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.88.7
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.88.1
> DNS Servers . . . . . . . . . . . : 192.168.88.10
>
> The AD DNS domain name shown in Active Directory Users and Computers
> is "mydomain.com", which is same as in the above ipconfig /all info.
>
> I can see both domain controllers in the SRV folders exist in the DNS
> in DC, except for under the location _msdc -> _pdc -> _tcp where only
> DC1 (DNS01) exists.
>
> For event logs the only thing I see as related to the problem around
> the time when we were having problem is an event ID 8003, source
> MRxSmb.
> I certainly appreciate for your help all along. Thanks again, Ace.
>
> YMan

The big mistake I see, which can cause MAJOR ISSUES, is DC1's DNS config:

DNS Servers . . . . . . . . . . . : 192.168.88.10
210.0.128.120
203.198.23.208
218.102.32.208


You MUST Remove:
210.0.128.120
203.198.23.208
218.102.32.208

It should ONLY show 192.168.88.10. Configure a forwarder on each server to
these ISP DNS servers. Here's how:

300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000 :
http://support.microsoft.com/?id=300202

Then you should be good to go...

:-)
Ace
Anonymous
September 15, 2005 6:37:14 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:ux7TAAFuFHA.1472@TK2MSFTNGP15.phx.gbl...
> In news:eg$xbq2tFHA.2624@TK2MSFTNGP12.phx.gbl,
> YMan <yyyy@yyyy.com> made this post, which I then commented about below:
>>> Thanks YMan. Looking forward to the config info.
>>>
>>> Ace
>>
>> Hi Ace,
>>
>> Sorry for the delay as I got hung up with something. Please note that
>> I chaged the domain name for security reason (hope you'll understand)
>> and others stay as they are.
>>
>> First of all here is the ipconfig /all from a client computer
>>
>> Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : MyXP
>> Primary Dns Suffix . . . . . . . : mydomain.com
>> Node Type . . . . . . . . . . . . : Unknown
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : mydomain.com
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . : mydomain.com
>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT
>> Network Connection
>> Physical Address. . . . . . . . . : 00-08-74-F1-D1-B1
>> Dhcp Enabled. . . . . . . . . . . : Yes
>> Autoconfiguration Enabled . . . . : Yes
>> IP Address. . . . . . . . . . . . : 192.168.88.241
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.88.1
>> DHCP Server . . . . . . . . . . . : 192.168.88.10
>> DNS Servers . . . . . . . . . . . : 192.168.88.10
>> Lease Obtained. . . . . . . . . . : Monday, September 12, 2005
>> 8:52:13 AM
>> Lease Expires . . . . . . . . . . : Tuesday, September 13, 2005
>> 8:52:13 AM
>>
>> Since we have two DCs so I am including both their ipconfig /all info
>> :
>> DC1 :
>>
>> Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : dns01
>> Primary Dns Suffix . . . . . . . : mydomain.com
>> Node Type . . . . . . . . . . . . : Unknown
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : mydomain.com
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
>> Connection
>> Physical Address. . . . . . . . . : 00-03-47-CF-16-E3
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.88.10
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.88.1
>> DNS Servers . . . . . . . . . . . : 192.168.88.10
>> 210.0.128.120
>> 203.198.23.208
>> 218.102.32.208
>>
>> For DC 2:
>>
>> Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : HKGDNS02
>> Primary Dns Suffix . . . . . . . : mydomain.com
>> Node Type . . . . . . . . . . . . : Unknown
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : mydomain.com
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Broadcom NetXtreme 5751 Gigabit
>> Controller
>> Physical Address. . . . . . . . . : 00-13-20-01-9F-4B
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.88.7
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.88.1
>> DNS Servers . . . . . . . . . . . : 192.168.88.10
>>
>> The AD DNS domain name shown in Active Directory Users and Computers
>> is "mydomain.com", which is same as in the above ipconfig /all info.
>>
>> I can see both domain controllers in the SRV folders exist in the DNS
>> in DC, except for under the location _msdc -> _pdc -> _tcp where only
>> DC1 (DNS01) exists.
>>
>> For event logs the only thing I see as related to the problem around
>> the time when we were having problem is an event ID 8003, source
>> MRxSmb.
>> I certainly appreciate for your help all along. Thanks again, Ace.
>>
>> YMan
>
> The big mistake I see, which can cause MAJOR ISSUES, is DC1's DNS config:
>
> DNS Servers . . . . . . . . . . . : 192.168.88.10
> 210.0.128.120
> 203.198.23.208
> 218.102.32.208
>
>
> You MUST Remove:
> 210.0.128.120
> 203.198.23.208
> 218.102.32.208
>
> It should ONLY show 192.168.88.10. Configure a forwarder on each server to
> these ISP DNS servers. Here's how:
>
> 300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000 :
> http://support.microsoft.com/?id=300202
>
> Then you should be good to go...
>
> :-)
> Ace
>
>

Got it, Ace. I will give it a go and will let you know later.

Greatly appreciated your help. Many thanks. :-)
Anonymous
September 15, 2005 6:37:15 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:eARkNAcuFHA.1196@TK2MSFTNGP10.phx.gbl,
YMan <yyyy@yyyy.com> made this post, which I then commented about below:
> Got it, Ace. I will give it a go and will let you know later.
>
> Greatly appreciated your help. Many thanks. :-)

I hope it helps. Let us know.

Ace
!