NetDiag fails on DNS test

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Background: client of mine had a Windows 2000 server with multiple clients, not sure what the structure was (domain I think, but may have been in a workgroup). To this mix they added an SBS2003 server, not sure how the W2K server was playing at that time (getting clarification on that). In this new structure, the W2K server has been both a DC and member server, and of course SBS box a DC. No matter how we configure the W2K server, I get the following on the SBS box:

1. Group policy is messed up. I can't browse any of the SBS local shares logged in as admin on the SBS box, getting 'access denied' when browsing network places. I can see them there and with a net use, but trying to browse them asks for id/pw, which are not recognized. Getting events 103, and 1058 every 5 minutes, and other gp funkiness as well. Much research on the web lead me to several workarounds, none of which worked, and KB 842804 and 830905, hotfixes which, again, didn't work

2. The reason I put this here instead of an SBS group: netdiag is failing on the DNS test as follows:

DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '192.168.16.2'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.

Also getting NetBT event 4321, basically saying that the server can't be named since it's already named.

Replication doesn't fix it, netdiag /fix doesn't fix it either. Also several dcdiag tests yield 'access denied'. My thoughts are that perhaps the DNS issues are causing the group policy issues. If the W2K server had been running AD, with perhaps a single-level domain name (Astro), and now they've added an sbs box with an astro.local domain name, without properly downgrading the original domain, could that cause these types of problems? And if my speculation is correct, is there anything that could be done to fix it short of re-building the domain (with SBS, as that is what they want)? Appreciate any input.

Randy Knapp

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"Randy Knapp" <Randy Knapp@discussions.microsoft.com> wrote in message
news:97CA3D42-4645-454F-9643-CFAC75D94090@microsoft.com...

If you are using anything other than a Local GPO (LGPO) then
Group Policy implies a domain...

There are a lot of unknowns (and some confusion) in your post,
so here's the deal for DNS and Win2000+ domains:

1) DNS must be dynamic for the zone supporting AD
2) All clients NIC DNS properties must point ONLY to this
internal DNS server (set)
3) Servers: DCs, DNS servers, etc are DNS clients too!!!!
4) Restart NetLogon service on each affected DC if you change
the above.

DCDiag /fix only offers limited fixes.

Re-run DCDiag to confirm there are no more errors.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:97CA3D42-4645-454F-9643-CFAC75D94090@microsoft.com,
Randy Knapp <Randy Knapp@discussions.microsoft.com> posted their thoughts,
then I offered mine
> Background: client of mine had a Windows 2000 server with multiple
> clients, not sure what the structure was (domain I think, but may
> have been in a workgroup). To this mix they added an SBS2003 server,
> not sure how the W2K server was playing at that time (getting
> clarification on that). In this new structure, the W2K server has
> been both a DC and member server, and of course SBS box a DC. No
> matter how we configure the W2K server, I get the following on the
> SBS box:
>
> 1. Group policy is messed up. I can't browse any of the SBS local
> shares logged in as admin on the SBS box, getting 'access denied'
> when browsing network places. I can see them there and with a net
> use, but trying to browse them asks for id/pw, which are not
> recognized. Getting events 103, and 1058 every 5 minutes, and other
> gp funkiness as well. Much research on the web lead me to several
> workarounds, none of which worked, and KB 842804 and 830905, hotfixes
> which, again, didn't work
>
> 2. The reason I put this here instead of an SBS group: netdiag is
> failing on the DNS test as follows:
>
> DNS test . . . . . . . . . . . . . : Failed
> [WARNING] The DNS entries for this DC are not registered
> correctly on DNS server '192.168.16.2'. Please wait for 30
> minutes for DNS server replication. [FATAL] No DNS servers have the
> DNS records for this DC registered.
>
> Also getting NetBT event 4321, basically saying that the server
> can't be named since it's already named.
>
> Replication doesn't fix it, netdiag /fix doesn't fix it either. Also
> several dcdiag tests yield 'access denied'. My thoughts are that
> perhaps the DNS issues are causing the group policy issues. If the
> W2K server had been running AD, with perhaps a single-level domain
> name (Astro), and now they've added an sbs box with an astro.local
> domain name, without properly downgrading the original domain, could
> that cause these types of problems? And if my speculation is
> correct, is there anything that could be done to fix it short of
> re-building the domain (with SBS, as that is what they want)?
> Appreciate any input.
>
> Randy Knapp


Sounds like the ISP's DNS is configured on your machines. As Herb said, you
can't do that. You;ll need to confirm that the clients and DC(s) are only
using the internal DNS only.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

On the servers they definitely are only pointing to the internal DNS. I'll check the client machines on Monday, was told they weren't but you know how that goes.

Randy Knapp

"Ace Fekay [MVP]" wrote:

> In news:97CA3D42-4645-454F-9643-CFAC75D94090@microsoft.com,
> Randy Knapp <Randy Knapp@discussions.microsoft.com> posted their thoughts,
> then I offered mine
> > Background: client of mine had a Windows 2000 server with multiple
> > clients, not sure what the structure was (domain I think, but may
> > have been in a workgroup). To this mix they added an SBS2003 server,
> > not sure how the W2K server was playing at that time (getting
> > clarification on that). In this new structure, the W2K server has
> > been both a DC and member server, and of course SBS box a DC. No
> > matter how we configure the W2K server, I get the following on the
> > SBS box:
> >
> > 1. Group policy is messed up. I can't browse any of the SBS local
> > shares logged in as admin on the SBS box, getting 'access denied'
> > when browsing network places. I can see them there and with a net
> > use, but trying to browse them asks for id/pw, which are not
> > recognized. Getting events 103, and 1058 every 5 minutes, and other
> > gp funkiness as well. Much research on the web lead me to several
> > workarounds, none of which worked, and KB 842804 and 830905, hotfixes
> > which, again, didn't work
> >
> > 2. The reason I put this here instead of an SBS group: netdiag is
> > failing on the DNS test as follows:
> >
> > DNS test . . . . . . . . . . . . . : Failed
> > [WARNING] The DNS entries for this DC are not registered
> > correctly on DNS server '192.168.16.2'. Please wait for 30
> > minutes for DNS server replication. [FATAL] No DNS servers have the
> > DNS records for this DC registered.
> >
> > Also getting NetBT event 4321, basically saying that the server
> > can't be named since it's already named.
> >
> > Replication doesn't fix it, netdiag /fix doesn't fix it either. Also
> > several dcdiag tests yield 'access denied'. My thoughts are that
> > perhaps the DNS issues are causing the group policy issues. If the
> > W2K server had been running AD, with perhaps a single-level domain
> > name (Astro), and now they've added an sbs box with an astro.local
> > domain name, without properly downgrading the original domain, could
> > that cause these types of problems? And if my speculation is
> > correct, is there anything that could be done to fix it short of
> > re-building the domain (with SBS, as that is what they want)?
> > Appreciate any input.
> >
> > Randy Knapp
>
>
> Sounds like the ISP's DNS is configured on your machines. As Herb said, you
> can't do that. You;ll need to confirm that the clients and DC(s) are only
> using the internal DNS only.
>
> --
> Regards,
> Ace
>
> Please direct all replies to the newsgroup so all can benefit.
> This posting is provided "AS-IS" with no warranties and confers no
> rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> pig. --
> =================================
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:EC18E1BA-685E-468E-BA02-4AF0DA4D3EE3@microsoft.com,
Randy Knapp <RandyKnapp@discussions.microsoft.com> posted their thoughts,
then I offered mine
> On the servers they definitely are only pointing to the internal DNS.
> I'll check the client machines on Monday, was told they weren't but
> you know how that goes.
>
> Randy Knapp
>

Yea, know what you mean!

Also check what Event errors are occuring. Make sure in the zone that the 4
SRV folders and their records exist and there's an A entry for the DC and
also a blank entry as well, called the LdapIpAddress, which looks like:

(same as parent) A xxx.xxx.xxx.xxx

under the zone name with an IP address.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================