Dual home DNS w/ AD doesn't work after several hours

Archived from groups: microsoft.public.win2000.dns (More info?)

We are experience problem which in the beginning I thought related to
ISP DNS problem because after server reboot in the morning because
cannot connect to internet several hours later (probably 6 hours or
more) we cannot connect internet again eventually I see that ping to
public IP no problem but ping to domain name is problem so I call and
try troubleshoot with ISP and find conclusion that our server problem.
This problem resolve everytime we reboot the server, if we just reboot
the DSL modem and router without reboot the server still cannot ping
the domain (FQDN) even though able to ping any public IP.

FYI:
This dual NIC W2K server connect to Internet & LAN as follow

ISP--> DSL modem --> static PUBLIC IP Router -->
1. Static PUBLIC WAN NIC
2. Static Internal LAN NIC --> all users PC

This server are running with Spoonproxy sw, DNS w/AD, DC, DHCP, s/w
firewall (the default setting from MS, actually if i was setup this
server I won't use AD and dual NIC... more headache but no choice now,
cannot reinstall from scratch cause the ONLY live server to handle
15-20 users.

Actually users just using email, internet and run centralize
application thoruh mapping drive network, so no need AD or DNS I
guess, but I think to let to change it.

In the past this server running ok until around 3 weeks ago begin
problem even though no changes in the server. So now every morning
need to reboot and also on lunch time otherwise after 6 or more hours
cannot ping to FQDN even though ping to any IP works, so users cannot
get to internet.
That's really weird and make me headache.

I also try run netdiag to see if somebody could help to check it. I
list it at very bottom here.

Computer Name: NTSERVER1
DNS Host Name: ntserver1.craft.local
System info : Windows 2000 Server (Build 2195)

Netcard queries test . . . . . . . : Passed


Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 10.1.1.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : WAN

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 216.xxx.xxx.aaa
Subnet Mask. . . . . . . . : 255.255.255.248
Default Gateway. . . . . . : 216.xxx.xxx.bbb
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].

Adapter : IPX Internal Interface

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II


Adapter : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2


Adapter : NDISWANIPX

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 601120524153
Frame type . . . . . . : Ethernet II


Global results:

Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00>
'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names
defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.1.1.10' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.

The command completed successfully


If anybody could help, really appreciate it.
I am in the dead end now.

Thanks,
Joe
34 answers Last reply
More about dual home doesn work hours
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:74639a37.0407261119.ada381f@posting.google.com,
    Joe <joebio91@hotmail.com> posted a question
    Then Kevin replied below:

    What DNS do you have assigned for the DNS server's forwarder?
    Did you try nslookup against DNS to see if it resolves internally and
    externally?

    > We are experience problem which in the beginning I
    > thought related to ISP DNS problem because after server
    > reboot in the morning because cannot connect to internet
    > several hours later (probably 6 hours or more) we cannot
    > connect internet again eventually I see that ping to
    > public IP no problem but ping to domain name is problem
    > so I call and try troubleshoot with ISP and find
    > conclusion that our server problem. This problem resolve
    > everytime we reboot the server, if we just reboot the DSL
    > modem and router without reboot the server still cannot
    > ping the domain (FQDN) even though able to ping any
    > public IP.
    >
    > FYI:
    > This dual NIC W2K server connect to Internet & LAN as
    > follow
    >
    > ISP--> DSL modem --> static PUBLIC IP Router -->
    > 1. Static PUBLIC WAN NIC
    > 2. Static Internal LAN NIC --> all users PC
    >
    > This server are running with Spoonproxy sw, DNS w/AD, DC,
    > DHCP, s/w firewall (the default setting from MS, actually
    > if i was setup this server I won't use AD and dual NIC...
    > more headache but no choice now, cannot reinstall from
    > scratch cause the ONLY live server to handle 15-20 users.
    >
    > Actually users just using email, internet and run
    > centralize application thoruh mapping drive network, so
    > no need AD or DNS I guess, but I think to let to change
    > it.
    >
    > In the past this server running ok until around 3 weeks
    > ago begin problem even though no changes in the server.
    > So now every morning need to reboot and also on lunch
    > time otherwise after 6 or more hours cannot ping to FQDN
    > even though ping to any IP works, so users cannot get to
    > internet.
    > That's really weird and make me headache.
    >
    > I also try run netdiag to see if somebody could help to
    > check it. I list it at very bottom here.
    >
    > Computer Name: NTSERVER1
    > DNS Host Name: ntserver1.craft.local
    > System info : Windows 2000 Server (Build 2195)
    >
    > Netcard queries test . . . . . . . : Passed
    >
    >
    > Per interface results:
    >
    > Adapter : Local Area Connection
    >
    > Netcard queries test . . . : Passed
    >
    > Host Name. . . . . . . . . : ntserver1
    > IP Address . . . . . . . . : 10.1.1.10
    > Subnet Mask. . . . . . . . : 255.255.255.0
    > Default Gateway. . . . . . :
    > Dns Servers. . . . . . . . : 10.1.1.10
    >
    >
    > AutoConfiguration results. . . . . . : Passed
    >
    > Default gateway test . . . : Skipped
    > [WARNING] No gateways defined for this
    > adapter.
    >
    > NetBT name test. . . . . . : Passed
    > [WARNING] At least one of the <00> 'WorkStation
    > Service', <03> 'Messenger Service', <20> 'WINS' names is
    > missing.
    >
    > WINS service test. . . . . : Skipped
    > There are no WINS servers configured for this
    > interface.
    >
    > Adapter : WAN
    >
    > Netcard queries test . . . : Passed
    >
    > Host Name. . . . . . . . . : ntserver1
    > IP Address . . . . . . . . : 216.xxx.xxx.aaa
    > Subnet Mask. . . . . . . . : 255.255.255.248
    > Default Gateway. . . . . . : 216.xxx.xxx.bbb
    > NetBIOS over Tcpip . . . . : Disabled
    > Dns Servers. . . . . . . . : 10.1.1.10
    >
    >
    > AutoConfiguration results. . . . . . : Passed
    >
    > Default gateway test . . . : Passed
    >
    > NetBT name test. . . . . . : Skipped
    > NetBT is disabled on this interface. [Test
    > skipped]
    >
    > WINS service test. . . . . : Skipped
    > NetBT is disable on this interface. [Test
    > skipped].
    >
    > Adapter : IPX Internal Interface
    >
    > Netcard queries test . . . : Passed
    >
    > Ipx configration
    > Network Number . . . . : 3bf8a0c6
    > Node . . . . . . . . . : 000000000001
    > Frame type . . . . . . : Ethernet II
    >
    >
    >
    > Adapter : IpxLoopbackAdapter
    >
    > Netcard queries test . . . : Passed
    >
    > Ipx configration
    > Network Number . . . . : 3bf8a0c6
    > Node . . . . . . . . . : 000000000002
    > Frame type . . . . . . : 802.2
    >
    >
    >
    > Adapter : NDISWANIPX
    >
    > Netcard queries test . . . : Passed
    >
    > Ipx configration
    > Network Number . . . . : 00000000
    > Node . . . . . . . . . : 601120524153
    > Frame type . . . . . . : Ethernet II
    >
    >
    > Global results:
    >
    > Domain membership test . . . . . . : Passed
    >
    >
    > NetBT transports test. . . . . . . : Passed
    > List of NetBt transports currently configured:
    > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > 1 NetBt transport currently configured.
    >
    >
    > Autonet address test . . . . . . . : Passed
    >
    >
    > IP loopback ping test. . . . . . . : Passed
    >
    >
    > Default gateway test . . . . . . . : Passed
    >
    >
    > NetBT name test. . . . . . . . . . : Passed
    > [WARNING] You don't have a single interface with the
    > <00> 'WorkStation Service', <03> 'Messenger Service',
    > <20> 'WINS' names defined.
    >
    >
    > Winsock test . . . . . . . . . . . : Passed
    >
    >
    > DNS test . . . . . . . . . . . . . : Passed
    > PASS - All the DNS entries for DC are registered on
    > DNS server '10.1.1.10' and other DCs also have some of
    > the names registered.
    >
    >
    > Redir and Browser test . . . . . . : Passed
    > List of NetBt transports currently bound to the Redir
    > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > The redir is bound to 1 NetBt transport.
    >
    > List of NetBt transports currently bound to the
    > browser
    > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > The browser is bound to 1 NetBt transport.
    >
    >
    > DC discovery test. . . . . . . . . : Passed
    >
    >
    > DC list test . . . . . . . . . . . : Passed
    >
    >
    > Trust relationship test. . . . . . : Skipped
    >
    >
    > Kerberos test. . . . . . . . . . . : Passed
    >
    >
    > LDAP test. . . . . . . . . . . . . : Passed
    >
    >
    > Bindings test. . . . . . . . . . . : Passed
    >
    >
    > WAN configuration test . . . . . . : Skipped
    > No active remote access connections.
    >
    >
    > Modem diagnostics test . . . . . . : Passed
    >
    >
    > Netware configuration
    > You are not logged in to your preferred server .
    > Netware User Name. . . . . . . :
    > Netware Server Name. . . . . . :
    > Netware Tree Name. . . . . . . :
    > Netware Workstation Context. . :
    >
    > IP Security test . . . . . . . . . : Passed
    > IPSec policy service is active, but no policy is
    > assigned.
    >
    > The command completed successfully
    >
    >
    >
    >
    >
    > If anybody could help, really appreciate it.
    > I am in the dead end now.
    >
    > Thanks,
    > Joe


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your
    issue. To respond directly to me remove the nospam. from my
    email. ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    I do netdiag/fix successfully, reboot server but after several hours
    the server cannot ping to FQDN even though ping IP still ok (same
    problem).

    I saw in the event log that around those time the problem happened is
    Warning: 5781 source: Netlogon (dynamic registration ...., because no
    dns server available). Data in byte = 0000:b4 05 00 00

    If I do nslookup the result is
    DNS timeout
    can't find server name for address 10.1.1.10
    Default server: unknown
    Address: 10.1.1.10

    If I do nslookup externally, it's works fine (ping yahoo.com/ca with
    reply)
    But internally, nope..but actually i don't think we need DNS server
    locally.

    This DNS server installation is I think default setup when you setup
    DC AD in server W2K. So basically just need to be able to connect
    internet from client's machine, even though let say no DNS...no
    problem. But because already installed and AD integrated so I have
    just use it and make it works like before.


    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:<eA$QGj0cEHA.644@tk2msftngp13.phx.gbl>...
    > In news:74639a37.0407261119.ada381f@posting.google.com,
    > Joe <joebio91@hotmail.com> posted a question
    > Then Kevin replied below:
    >
    > What DNS do you have assigned for the DNS server's forwarder?
    > Did you try nslookup against DNS to see if it resolves internally and
    > externally?
    >
    > > We are experience problem which in the beginning I
    > > thought related to ISP DNS problem because after server
    > > reboot in the morning because cannot connect to internet
    > > several hours later (probably 6 hours or more) we cannot
    > > connect internet again eventually I see that ping to
    > > public IP no problem but ping to domain name is problem
    > > so I call and try troubleshoot with ISP and find
    > > conclusion that our server problem. This problem resolve
    > > everytime we reboot the server, if we just reboot the DSL
    > > modem and router without reboot the server still cannot
    > > ping the domain (FQDN) even though able to ping any
    > > public IP.
    > >
    > > FYI:
    > > This dual NIC W2K server connect to Internet & LAN as
    > > follow
    > >
    > > ISP--> DSL modem --> static PUBLIC IP Router -->
    > > 1. Static PUBLIC WAN NIC
    > > 2. Static Internal LAN NIC --> all users PC
    > >
    > > This server are running with Spoonproxy sw, DNS w/AD, DC,
    > > DHCP, s/w firewall (the default setting from MS, actually
    > > if i was setup this server I won't use AD and dual NIC...
    > > more headache but no choice now, cannot reinstall from
    > > scratch cause the ONLY live server to handle 15-20 users.
    > >
    > > Actually users just using email, internet and run
    > > centralize application thoruh mapping drive network, so
    > > no need AD or DNS I guess, but I think to let to change
    > > it.
    > >
    > > In the past this server running ok until around 3 weeks
    > > ago begin problem even though no changes in the server.
    > > So now every morning need to reboot and also on lunch
    > > time otherwise after 6 or more hours cannot ping to FQDN
    > > even though ping to any IP works, so users cannot get to
    > > internet.
    > > That's really weird and make me headache.
    > >
    > > I also try run netdiag to see if somebody could help to
    > > check it. I list it at very bottom here.
    > >
    > > Computer Name: NTSERVER1
    > > DNS Host Name: ntserver1.craft.local
    > > System info : Windows 2000 Server (Build 2195)
    > >
    > > Netcard queries test . . . . . . . : Passed
    > >
    > >
    > > Per interface results:
    > >
    > > Adapter : Local Area Connection
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Host Name. . . . . . . . . : ntserver1
    > > IP Address . . . . . . . . : 10.1.1.10
    > > Subnet Mask. . . . . . . . : 255.255.255.0
    > > Default Gateway. . . . . . :
    > > Dns Servers. . . . . . . . : 10.1.1.10
    > >
    > >
    > > AutoConfiguration results. . . . . . : Passed
    > >
    > > Default gateway test . . . : Skipped
    > > [WARNING] No gateways defined for this
    > > adapter.
    > >
    > > NetBT name test. . . . . . : Passed
    > > [WARNING] At least one of the <00> 'WorkStation
    > > Service', <03> 'Messenger Service', <20> 'WINS' names is
    > > missing.
    > >
    > > WINS service test. . . . . : Skipped
    > > There are no WINS servers configured for this
    > > interface.
    > >
    > > Adapter : WAN
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Host Name. . . . . . . . . : ntserver1
    > > IP Address . . . . . . . . : 216.xxx.xxx.aaa
    > > Subnet Mask. . . . . . . . : 255.255.255.248
    > > Default Gateway. . . . . . : 216.xxx.xxx.bbb
    > > NetBIOS over Tcpip . . . . : Disabled
    > > Dns Servers. . . . . . . . : 10.1.1.10
    > >
    > >
    > > AutoConfiguration results. . . . . . : Passed
    > >
    > > Default gateway test . . . : Passed
    > >
    > > NetBT name test. . . . . . : Skipped
    > > NetBT is disabled on this interface. [Test
    > > skipped]
    > >
    > > WINS service test. . . . . : Skipped
    > > NetBT is disable on this interface. [Test
    > > skipped].
    > >
    > > Adapter : IPX Internal Interface
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Ipx configration
    > > Network Number . . . . : 3bf8a0c6
    > > Node . . . . . . . . . : 000000000001
    > > Frame type . . . . . . : Ethernet II
    > >
    > >
    > >
    > > Adapter : IpxLoopbackAdapter
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Ipx configration
    > > Network Number . . . . : 3bf8a0c6
    > > Node . . . . . . . . . : 000000000002
    > > Frame type . . . . . . : 802.2
    > >
    > >
    > >
    > > Adapter : NDISWANIPX
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Ipx configration
    > > Network Number . . . . : 00000000
    > > Node . . . . . . . . . : 601120524153
    > > Frame type . . . . . . : Ethernet II
    > >
    > >
    > > Global results:
    > >
    > > Domain membership test . . . . . . : Passed
    > >
    > >
    > > NetBT transports test. . . . . . . : Passed
    > > List of NetBt transports currently configured:
    > > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > > 1 NetBt transport currently configured.
    > >
    > >
    > > Autonet address test . . . . . . . : Passed
    > >
    > >
    > > IP loopback ping test. . . . . . . : Passed
    > >
    > >
    > > Default gateway test . . . . . . . : Passed
    > >
    > >
    > > NetBT name test. . . . . . . . . . : Passed
    > > [WARNING] You don't have a single interface with the
    > > <00> 'WorkStation Service', <03> 'Messenger Service',
    > > <20> 'WINS' names defined.
    > >
    > >
    > > Winsock test . . . . . . . . . . . : Passed
    > >
    > >
    > > DNS test . . . . . . . . . . . . . : Passed
    > > PASS - All the DNS entries for DC are registered on
    > > DNS server '10.1.1.10' and other DCs also have some of
    > > the names registered.
    > >
    > >
    > > Redir and Browser test . . . . . . : Passed
    > > List of NetBt transports currently bound to the Redir
    > > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > > The redir is bound to 1 NetBt transport.
    > >
    > > List of NetBt transports currently bound to the
    > > browser
    > > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > > The browser is bound to 1 NetBt transport.
    > >
    > >
    > > DC discovery test. . . . . . . . . : Passed
    > >
    > >
    > > DC list test . . . . . . . . . . . : Passed
    > >
    > >
    > > Trust relationship test. . . . . . : Skipped
    > >
    > >
    > > Kerberos test. . . . . . . . . . . : Passed
    > >
    > >
    > > LDAP test. . . . . . . . . . . . . : Passed
    > >
    > >
    > > Bindings test. . . . . . . . . . . : Passed
    > >
    > >
    > > WAN configuration test . . . . . . : Skipped
    > > No active remote access connections.
    > >
    > >
    > > Modem diagnostics test . . . . . . : Passed
    > >
    > >
    > > Netware configuration
    > > You are not logged in to your preferred server .
    > > Netware User Name. . . . . . . :
    > > Netware Server Name. . . . . . :
    > > Netware Tree Name. . . . . . . :
    > > Netware Workstation Context. . :
    > >
    > > IP Security test . . . . . . . . . : Passed
    > > IPSec policy service is active, but no policy is
    > > assigned.
    > >
    > > The command completed successfully
    > >
    > >
    > >
    > >
    > >
    > > If anybody could help, really appreciate it.
    > > I am in the dead end now.
    > >
    > > Thanks,
    > > Joe
    >
    >
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ============================
    > --
    > When responding to posts, please "Reply to Group" via your
    > newsreader so that others may learn and benefit from your
    > issue. To respond directly to me remove the nospam. from my
    > email. ==========================================
    > http://www.lonestaramerica.com/
    > ==========================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ==========================================
    > Keep a back up of your OE settings and folders with
    > OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ==========================================
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    Forgot to add:

    Forwarder to pri & sec ISP DNS server.


    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:<eA$QGj0cEHA.644@tk2msftngp13.phx.gbl>...
    > In news:74639a37.0407261119.ada381f@posting.google.com,
    > Joe <joebio91@hotmail.com> posted a question
    > Then Kevin replied below:
    >
    > What DNS do you have assigned for the DNS server's forwarder?
    > Did you try nslookup against DNS to see if it resolves internally and
    > externally?
    >
    > > We are experience problem which in the beginning I
    > > thought related to ISP DNS problem because after server
    > > reboot in the morning because cannot connect to internet
    > > several hours later (probably 6 hours or more) we cannot
    > > connect internet again eventually I see that ping to
    > > public IP no problem but ping to domain name is problem
    > > so I call and try troubleshoot with ISP and find
    > > conclusion that our server problem. This problem resolve
    > > everytime we reboot the server, if we just reboot the DSL
    > > modem and router without reboot the server still cannot
    > > ping the domain (FQDN) even though able to ping any
    > > public IP.
    > >
    > > FYI:
    > > This dual NIC W2K server connect to Internet & LAN as
    > > follow
    > >
    > > ISP--> DSL modem --> static PUBLIC IP Router -->
    > > 1. Static PUBLIC WAN NIC
    > > 2. Static Internal LAN NIC --> all users PC
    > >
    > > This server are running with Spoonproxy sw, DNS w/AD, DC,
    > > DHCP, s/w firewall (the default setting from MS, actually
    > > if i was setup this server I won't use AD and dual NIC...
    > > more headache but no choice now, cannot reinstall from
    > > scratch cause the ONLY live server to handle 15-20 users.
    > >
    > > Actually users just using email, internet and run
    > > centralize application thoruh mapping drive network, so
    > > no need AD or DNS I guess, but I think to let to change
    > > it.
    > >
    > > In the past this server running ok until around 3 weeks
    > > ago begin problem even though no changes in the server.
    > > So now every morning need to reboot and also on lunch
    > > time otherwise after 6 or more hours cannot ping to FQDN
    > > even though ping to any IP works, so users cannot get to
    > > internet.
    > > That's really weird and make me headache.
    > >
    > > I also try run netdiag to see if somebody could help to
    > > check it. I list it at very bottom here.
    > >
    > > Computer Name: NTSERVER1
    > > DNS Host Name: ntserver1.craft.local
    > > System info : Windows 2000 Server (Build 2195)
    > >
    > > Netcard queries test . . . . . . . : Passed
    > >
    > >
    > > Per interface results:
    > >
    > > Adapter : Local Area Connection
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Host Name. . . . . . . . . : ntserver1
    > > IP Address . . . . . . . . : 10.1.1.10
    > > Subnet Mask. . . . . . . . : 255.255.255.0
    > > Default Gateway. . . . . . :
    > > Dns Servers. . . . . . . . : 10.1.1.10
    > >
    > >
    > > AutoConfiguration results. . . . . . : Passed
    > >
    > > Default gateway test . . . : Skipped
    > > [WARNING] No gateways defined for this
    > > adapter.
    > >
    > > NetBT name test. . . . . . : Passed
    > > [WARNING] At least one of the <00> 'WorkStation
    > > Service', <03> 'Messenger Service', <20> 'WINS' names is
    > > missing.
    > >
    > > WINS service test. . . . . : Skipped
    > > There are no WINS servers configured for this
    > > interface.
    > >
    > > Adapter : WAN
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Host Name. . . . . . . . . : ntserver1
    > > IP Address . . . . . . . . : 216.xxx.xxx.aaa
    > > Subnet Mask. . . . . . . . : 255.255.255.248
    > > Default Gateway. . . . . . : 216.xxx.xxx.bbb
    > > NetBIOS over Tcpip . . . . : Disabled
    > > Dns Servers. . . . . . . . : 10.1.1.10
    > >
    > >
    > > AutoConfiguration results. . . . . . : Passed
    > >
    > > Default gateway test . . . : Passed
    > >
    > > NetBT name test. . . . . . : Skipped
    > > NetBT is disabled on this interface. [Test
    > > skipped]
    > >
    > > WINS service test. . . . . : Skipped
    > > NetBT is disable on this interface. [Test
    > > skipped].
    > >
    > > Adapter : IPX Internal Interface
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Ipx configration
    > > Network Number . . . . : 3bf8a0c6
    > > Node . . . . . . . . . : 000000000001
    > > Frame type . . . . . . : Ethernet II
    > >
    > >
    > >
    > > Adapter : IpxLoopbackAdapter
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Ipx configration
    > > Network Number . . . . : 3bf8a0c6
    > > Node . . . . . . . . . : 000000000002
    > > Frame type . . . . . . : 802.2
    > >
    > >
    > >
    > > Adapter : NDISWANIPX
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Ipx configration
    > > Network Number . . . . : 00000000
    > > Node . . . . . . . . . : 601120524153
    > > Frame type . . . . . . : Ethernet II
    > >
    > >
    > > Global results:
    > >
    > > Domain membership test . . . . . . : Passed
    > >
    > >
    > > NetBT transports test. . . . . . . : Passed
    > > List of NetBt transports currently configured:
    > > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > > 1 NetBt transport currently configured.
    > >
    > >
    > > Autonet address test . . . . . . . : Passed
    > >
    > >
    > > IP loopback ping test. . . . . . . : Passed
    > >
    > >
    > > Default gateway test . . . . . . . : Passed
    > >
    > >
    > > NetBT name test. . . . . . . . . . : Passed
    > > [WARNING] You don't have a single interface with the
    > > <00> 'WorkStation Service', <03> 'Messenger Service',
    > > <20> 'WINS' names defined.
    > >
    > >
    > > Winsock test . . . . . . . . . . . : Passed
    > >
    > >
    > > DNS test . . . . . . . . . . . . . : Passed
    > > PASS - All the DNS entries for DC are registered on
    > > DNS server '10.1.1.10' and other DCs also have some of
    > > the names registered.
    > >
    > >
    > > Redir and Browser test . . . . . . : Passed
    > > List of NetBt transports currently bound to the Redir
    > > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > > The redir is bound to 1 NetBt transport.
    > >
    > > List of NetBt transports currently bound to the
    > > browser
    > > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > > The browser is bound to 1 NetBt transport.
    > >
    > >
    > > DC discovery test. . . . . . . . . : Passed
    > >
    > >
    > > DC list test . . . . . . . . . . . : Passed
    > >
    > >
    > > Trust relationship test. . . . . . : Skipped
    > >
    > >
    > > Kerberos test. . . . . . . . . . . : Passed
    > >
    > >
    > > LDAP test. . . . . . . . . . . . . : Passed
    > >
    > >
    > > Bindings test. . . . . . . . . . . : Passed
    > >
    > >
    > > WAN configuration test . . . . . . : Skipped
    > > No active remote access connections.
    > >
    > >
    > > Modem diagnostics test . . . . . . : Passed
    > >
    > >
    > > Netware configuration
    > > You are not logged in to your preferred server .
    > > Netware User Name. . . . . . . :
    > > Netware Server Name. . . . . . :
    > > Netware Tree Name. . . . . . . :
    > > Netware Workstation Context. . :
    > >
    > > IP Security test . . . . . . . . . : Passed
    > > IPSec policy service is active, but no policy is
    > > assigned.
    > >
    > > The command completed successfully
    > >
    > >
    > >
    > >
    > >
    > > If anybody could help, really appreciate it.
    > > I am in the dead end now.
    > >
    > > Thanks,
    > > Joe
    >
    >
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ============================
    > --
    > When responding to posts, please "Reply to Group" via your
    > newsreader so that others may learn and benefit from your
    > issue. To respond directly to me remove the nospam. from my
    > email. ==========================================
    > http://www.lonestaramerica.com/
    > ==========================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ==========================================
    > Keep a back up of your OE settings and folders with
    > OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ==========================================
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    UPDATED INFO:

    I do test using netdiag /test:dns /v and below is the result (with
    certain COMMENT INLINE), probably helpfull for expert to see it and
    help to analyze what's the problem.


    Gathering IPX configuration information.
    Querying status of the Netcard drivers... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing DNS
    The DNS registration for ntserver1.craft.local is correct on
    all DNS servers
    PASS - All the DNS entries for DC are registered on DNS server
    '10.1.1.10' and other DCs also have some of the names registered.

    Tests complete.


    Computer Name: NTSERVER1
    DNS Host Name: ntserver1.craft.local
    DNS Domain Name: craft.local
    System info : Windows 2000 Server (Build 2195)

    Netcard queries test . . . . . . . : Passed

    Information of Netcard drivers:

    ---------------------------------------------------------------------------
    Description: D-Link DFE-530TX PCI Fast Ethernet Adapter (Rev A)
    Device: \DEVICE\{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}

    Media State: Connected

    Device State: Connected
    Connect Time: 04:03:09
    Media Speed: 100 Mbps

    Packets Sent: 5931721
    Bytes Sent (Optional): 0

    Packets Received: 5062199
    Directed Pkts Recd (Optional): 5058316
    Bytes Received (Optional): 0
    Directed Bytes Recd (Optional): 0

    Packets SendError: 1
    ---------------------------------------------------------------------------
    Description: D-Link DFE-530TX PCI Fast Ethernet Adapter (Rev A) #2
    Device: \DEVICE\{D8B20A17-3FCD-440D-BC39-9C1898327C2D}

    Media State: Connected

    Device State: Connected
    Connect Time: 04:03:09
    Media Speed: 100 Mbps

    Packets Sent: 174611
    Bytes Sent (Optional): 0

    Packets Received: 257834
    Directed Pkts Recd (Optional): 256741
    Bytes Received (Optional): 0
    Directed Bytes Recd (Optional): 0

    ---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.


    Per interface results:

    Adapter : Local Area Connection
    Adapter ID . . . . . . . . :
    {8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}

    Netcard queries test . . . : Passed

    Adapter : WAN
    Adapter ID . . . . . . . . :
    {D8B20A17-3FCD-440D-BC39-9C1898327C2D}

    Netcard queries test . . . : Passed

    Adapter : IPX Internal Interface
    Adapter ID . . . . . . . . : Internal

    Netcard queries test . . . : Passed

    Adapter : IpxLoopbackAdapter
    Adapter ID . . . . . . . . : IpxLoopbackAdapter

    Netcard queries test . . . : Passed

    Adapter : NDISWANIPX
    Adapter ID . . . . . . . . : NDISWANIPX

    Netcard queries test . . . : Passed


    Global results:


    Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Primary Domain Controller
    Emulator
    Netbios Domain name. . . . . . : craft
    Dns domain name. . . . . . . . : craft.local
    Dns forest name. . . . . . . . : craft.local
    Domain Guid. . . . . . . . . . :
    {79947618-742C-496D-AB83-FE8DC33C0739}
    Domain Sid . . . . . . . . . . :
    S-1-5-21-1844237615-1965331169-725345543
    Logon User . . . . . . . . . . : mci
    Logon Domain . . . . . . . . . : craft


    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    1 NetBt transport currently configured.


    DNS test . . . . . . . . . . . . . : Passed
    Interface {8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    DNS Domain: craft.local
    DNS Servers: 10.1.1.10
    IP Address: 10.1.1.10
    Expected registration with PDN (primary DNS domain name):
    Hostname: ntserver1.craft.local.
    Authoritative zone: craft.local.
    Primary DNS server: ntserver1.craft.local 10.1.1.10
    Authoritative NS:10.1.1.10
    Interface {D8B20A17-3FCD-440D-BC39-9C1898327C2D}
    DNS Domain:
    DNS Servers: 10.1.1.10
    IP Address: 216.xxx.xxx.aaa
    The DNS registration is disabled for this interface
    Verify DNS registration:
    Name: ntserver1.craft.local
    Expected IP: 10.1.1.10
    Server 10.1.1.10: NO_ERROR
    The DNS registration for ntserver1.craft.local is correct on all
    DNS servers
    Check the DNS registration for DCs entries on DNS server '10.1.1.10'
    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is correct on DNS server '10.1.1.10'.

    The Record is different on DNS server '10.1.1.10'.
    DNS server has more than one entries for this name, usually this means
    there are multiple DCs for this domain.
    Your DC entry is one of them on DNS server '10.1.1.10', no need to
    re-register.

    +------------------------------------------------------+
    The record on your DC is:
    DNS NAME = craft.local.
    DNS DATA =
    A 10.1.1.10

    The record on DNS server 10.1.1.10 is:
    DNS NAME = craft.local
    DNS DATA =
    A 10.1.1.10
    A 10.126.xxx.aaa ******************************** (WHY
    THIS IS 10.XXX... IT ISN'T SUPPOSE TO 216.XXX.XXX.aaa ? )
    **********************
    +------------------------------------------------------+

    The Record is different on DNS server '10.1.1.10'.
    DNS server has more than one entries for this name, usually this means
    there are multiple DCs for this domain.
    Your DC entry is one of them on DNS server '10.1.1.10', no need to
    re-register.

    +------------------------------------------------------+
    The record on your DC is:
    DNS NAME = gc._msdcs.craft.local.
    DNS DATA =
    A 10.1.1.10

    The record on DNS server 10.1.1.10 is:
    DNS NAME = gc._msdcs.craft.local
    DNS DATA =
    A 10.1.1.10
    A 10.126.xxx.aaa ******************************** (WHY
    THIS IS 10.XXX... IT ISN'T SUPPOSE TO 216.XXX.XXX.aaa ? )
    **********************
    +------------------------------------------------------+

    The Record is different on DNS server '10.1.1.10'.
    DNS server has more than one entries for this name, usually this means
    there are multiple DCs for this domain.
    Your DC entry is one of them on DNS server '10.1.1.10', no need to
    re-register.

    +------------------------------------------------------+
    The record on your DC is:
    DNS NAME = craft.local.
    DNS DATA =
    A 216.xxx.xxx.aaa

    The record on DNS server 10.1.1.10 is:
    DNS NAME = craft.local
    DNS DATA =
    A 10.1.1.10
    A 10.126.xxx.aaa
    +------------------------------------------------------+

    The Record is different on DNS server '10.1.1.10'.
    DNS server has more than one entries for this name, usually this means
    there are multiple DCs for this domain.
    Your DC entry is one of them on DNS server '10.1.1.10', no need to
    re-register.

    +------------------------------------------------------+
    The record on your DC is:
    DNS NAME = gc._msdcs.craft.local.
    DNS DATA =
    A 216.xxx.xxx.aaa

    The record on DNS server 10.1.1.10 is:
    DNS NAME = gc._msdcs.craft.local
    DNS DATA =
    A 10.1.1.10
    A 10.126.xxx.aaa
    +------------------------------------------------------+

    PASS - All the DNS entries for DC are registered on DNS server
    '10.1.1.10' and other DCs also have some of the names registered.


    The command completed successfully


    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:<eA$QGj0cEHA.644@tk2msftngp13.phx.gbl>...
    > In news:74639a37.0407261119.ada381f@posting.google.com,
    > Joe <joebio91@hotmail.com> posted a question
    > Then Kevin replied below:
    >
    > What DNS do you have assigned for the DNS server's forwarder?
    > Did you try nslookup against DNS to see if it resolves internally and
    > externally?
    >
    > > We are experience problem which in the beginning I
    > > thought related to ISP DNS problem because after server
    > > reboot in the morning because cannot connect to internet
    > > several hours later (probably 6 hours or more) we cannot
    > > connect internet again eventually I see that ping to
    > > public IP no problem but ping to domain name is problem
    > > so I call and try troubleshoot with ISP and find
    > > conclusion that our server problem. This problem resolve
    > > everytime we reboot the server, if we just reboot the DSL
    > > modem and router without reboot the server still cannot
    > > ping the domain (FQDN) even though able to ping any
    > > public IP.
    > >
    > > FYI:
    > > This dual NIC W2K server connect to Internet & LAN as
    > > follow
    > >
    > > ISP--> DSL modem --> static PUBLIC IP Router -->
    > > 1. Static PUBLIC WAN NIC
    > > 2. Static Internal LAN NIC --> all users PC
    > >
    > > This server are running with Spoonproxy sw, DNS w/AD, DC,
    > > DHCP, s/w firewall (the default setting from MS, actually
    > > if i was setup this server I won't use AD and dual NIC...
    > > more headache but no choice now, cannot reinstall from
    > > scratch cause the ONLY live server to handle 15-20 users.
    > >
    > > Actually users just using email, internet and run
    > > centralize application thoruh mapping drive network, so
    > > no need AD or DNS I guess, but I think to let to change
    > > it.
    > >
    > > In the past this server running ok until around 3 weeks
    > > ago begin problem even though no changes in the server.
    > > So now every morning need to reboot and also on lunch
    > > time otherwise after 6 or more hours cannot ping to FQDN
    > > even though ping to any IP works, so users cannot get to
    > > internet.
    > > That's really weird and make me headache.
    > >
    > > I also try run netdiag to see if somebody could help to
    > > check it. I list it at very bottom here.
    > >
    > > Computer Name: NTSERVER1
    > > DNS Host Name: ntserver1.craft.local
    > > System info : Windows 2000 Server (Build 2195)
    > >
    > > Netcard queries test . . . . . . . : Passed
    > >
    > >
    > > Per interface results:
    > >
    > > Adapter : Local Area Connection
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Host Name. . . . . . . . . : ntserver1
    > > IP Address . . . . . . . . : 10.1.1.10
    > > Subnet Mask. . . . . . . . : 255.255.255.0
    > > Default Gateway. . . . . . :
    > > Dns Servers. . . . . . . . : 10.1.1.10
    > >
    > >
    > > AutoConfiguration results. . . . . . : Passed
    > >
    > > Default gateway test . . . : Skipped
    > > [WARNING] No gateways defined for this
    > > adapter.
    > >
    > > NetBT name test. . . . . . : Passed
    > > [WARNING] At least one of the <00> 'WorkStation
    > > Service', <03> 'Messenger Service', <20> 'WINS' names is
    > > missing.
    > >
    > > WINS service test. . . . . : Skipped
    > > There are no WINS servers configured for this
    > > interface.
    > >
    > > Adapter : WAN
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Host Name. . . . . . . . . : ntserver1
    > > IP Address . . . . . . . . : 216.xxx.xxx.aaa
    > > Subnet Mask. . . . . . . . : 255.255.255.248
    > > Default Gateway. . . . . . : 216.xxx.xxx.bbb
    > > NetBIOS over Tcpip . . . . : Disabled
    > > Dns Servers. . . . . . . . : 10.1.1.10
    > >
    > >
    > > AutoConfiguration results. . . . . . : Passed
    > >
    > > Default gateway test . . . : Passed
    > >
    > > NetBT name test. . . . . . : Skipped
    > > NetBT is disabled on this interface. [Test
    > > skipped]
    > >
    > > WINS service test. . . . . : Skipped
    > > NetBT is disable on this interface. [Test
    > > skipped].
    > >
    > > Adapter : IPX Internal Interface
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Ipx configration
    > > Network Number . . . . : 3bf8a0c6
    > > Node . . . . . . . . . : 000000000001
    > > Frame type . . . . . . : Ethernet II
    > >
    > >
    > >
    > > Adapter : IpxLoopbackAdapter
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Ipx configration
    > > Network Number . . . . : 3bf8a0c6
    > > Node . . . . . . . . . : 000000000002
    > > Frame type . . . . . . : 802.2
    > >
    > >
    > >
    > > Adapter : NDISWANIPX
    > >
    > > Netcard queries test . . . : Passed
    > >
    > > Ipx configration
    > > Network Number . . . . : 00000000
    > > Node . . . . . . . . . : 601120524153
    > > Frame type . . . . . . : Ethernet II
    > >
    > >
    > > Global results:
    > >
    > > Domain membership test . . . . . . : Passed
    > >
    > >
    > > NetBT transports test. . . . . . . : Passed
    > > List of NetBt transports currently configured:
    > > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > > 1 NetBt transport currently configured.
    > >
    > >
    > > Autonet address test . . . . . . . : Passed
    > >
    > >
    > > IP loopback ping test. . . . . . . : Passed
    > >
    > >
    > > Default gateway test . . . . . . . : Passed
    > >
    > >
    > > NetBT name test. . . . . . . . . . : Passed
    > > [WARNING] You don't have a single interface with the
    > > <00> 'WorkStation Service', <03> 'Messenger Service',
    > > <20> 'WINS' names defined.
    > >
    > >
    > > Winsock test . . . . . . . . . . . : Passed
    > >
    > >
    > > DNS test . . . . . . . . . . . . . : Passed
    > > PASS - All the DNS entries for DC are registered on
    > > DNS server '10.1.1.10' and other DCs also have some of
    > > the names registered.
    > >
    > >
    > > Redir and Browser test . . . . . . : Passed
    > > List of NetBt transports currently bound to the Redir
    > > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > > The redir is bound to 1 NetBt transport.
    > >
    > > List of NetBt transports currently bound to the
    > > browser
    > > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > > The browser is bound to 1 NetBt transport.
    > >
    > >
    > > DC discovery test. . . . . . . . . : Passed
    > >
    > >
    > > DC list test . . . . . . . . . . . : Passed
    > >
    > >
    > > Trust relationship test. . . . . . : Skipped
    > >
    > >
    > > Kerberos test. . . . . . . . . . . : Passed
    > >
    > >
    > > LDAP test. . . . . . . . . . . . . : Passed
    > >
    > >
    > > Bindings test. . . . . . . . . . . : Passed
    > >
    > >
    > > WAN configuration test . . . . . . : Skipped
    > > No active remote access connections.
    > >
    > >
    > > Modem diagnostics test . . . . . . : Passed
    > >
    > >
    > > Netware configuration
    > > You are not logged in to your preferred server .
    > > Netware User Name. . . . . . . :
    > > Netware Server Name. . . . . . :
    > > Netware Tree Name. . . . . . . :
    > > Netware Workstation Context. . :
    > >
    > > IP Security test . . . . . . . . . : Passed
    > > IPSec policy service is active, but no policy is
    > > assigned.
    > >
    > > The command completed successfully
    > >
    > >
    > >
    > >
    > >
    > > If anybody could help, really appreciate it.
    > > I am in the dead end now.
    > >
    > > Thanks,
    > > Joe
    >
    >
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ============================
    > --
    > When responding to posts, please "Reply to Group" via your
    > newsreader so that others may learn and benefit from your
    > issue. To respond directly to me remove the nospam. from my
    > email. ==========================================
    > http://www.lonestaramerica.com/
    > ==========================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ==========================================
    > Keep a back up of your OE settings and folders with
    > OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ==========================================
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:74639a37.0407270521.5e08ba34@posting.google.com,
    Joe <joebio91@hotmail.com> posted a question
    Then Kevin replied inline:
    > I do netdiag/fix successfully, reboot server but after
    > several hours
    > the server cannot ping to FQDN even though ping IP still
    > ok (same
    > problem).
    >
    > I saw in the event log that around those time the problem
    > happened is
    > Warning: 5781 source: Netlogon (dynamic registration
    > ...., because no
    > dns server available). Data in byte = 0000:b4 05 00 00

    5781 events can be a serious problem, to properly diagnose a 5781 I need to
    see these three items:
    1. ipconfig /all
    2. AD domain name from ADUsers&Computers
    3. List of forward lookup zone names in DNS.

    >
    > If I do nslookup the result is
    > DNS timeout
    > can't find server name for address 10.1.1.10
    > Default server: unknown
    > Address: 10.1.1.10

    You can ignore the nslookup message, all it is telling you is it can't find
    the PTR record that has the server's name (hence the can't find server name
    for address 10.1.1.10) You can also create the PTR in the reverse lookup
    zone.

    >
    > If I do nslookup externally, it's works fine (ping
    > yahoo.com/ca with
    > reply)
    > But internally, nope..but actually i don't think we need
    > DNS server
    > locally.

    Yes, you do need DNS, you should get that out of your mind now. Your DC's
    record is in DNS, and that is where all the clients expect to find it. If
    they can't find the DCs records you'll spend a lot of time waiting on you
    system.

    >
    > This DNS server installation is I think default setup
    > when you setup
    > DC AD in server W2K. So basically just need to be able to
    > connect
    > internet from client's machine, even though let say no
    > DNS...no
    > problem. But because already installed and AD integrated
    > so I have
    > just use it and make it works like before.

    AD usually works great, if DNS is properly configured. The most important
    thing to keep in mind is all clients must use the local DNS server that has
    the AD domain zone, only. No ISP's DNS in any position on any Domain member.
    Fo rinternet access configure DNS with a forwarder to your ISP.

    Also since the DC is multi-homed it will need some extra configuation to
    keep the DC from registering records on the external interfaces. This must
    be done in the registry, after you make the registry entries you have to
    manually create the record for the (same as parent folder) in the domain
    zone that has the IP of the NIC with file sharing enabled.

    1. Configure DNS to listen only on the internal IP that has file sharing
    enabled.
    2. Add this registry entry with regedt32.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

    Registry value: DnsAvoidRegisterRecords
    Data type: REG_MULTI_SZ

    LdapIpAddress

    3. OPen the forward lookup zone for the AD domain, right click select New
    host, leave the name field blank and give it the IP of the internal
    interface with File sharing enabled. Do NOT enable "Delete this record if it
    becomes stale". Click OK to create the record anyway when it pops up (same
    as parent folder) is not a valid host name.

    4. Right click on Network places, choose properties, in the "Advanced" menu
    select "Advanced settings" make sure the internal interface is at the top of
    the connections pane, and the File sharing is in the Bindings pane on the
    interface.


    300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
    http://support.microsoft.com/?id=300202

    825036 - Best practices for DNS client settings in Windows 2000 Server and
    in Windows Server 2003
    http://support.microsoft.com/default.aspx?scid=kb;en-us;825036


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your
    issue. To respond directly to me remove the nospam. from my
    email. ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  6. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:74639a37.0407270700.4208591e@posting.google.com,
    Joe <joebio91@hotmail.com> posted a question
    Then Kevin replied below:
    > Forgot to add:
    >
    > Forwarder to pri & sec ISP DNS server.

    This may also be a problem if you are using your ISP's DNS that they use for
    Authoritative DNS lookups.
    Many ISP's especially the large ones, disable recursion on their
    Authoritative DNS servers and they cannot be used as DNS forwarders. Check
    your DNS event log for 7063 events, if you are getting these you need to
    change your DNS forwarders. You can also use nslookup to see if the ISP's
    DNS is recursive.

    Use this command:
    nslookup -d2 <domain> <ispdnsaddress>

    Look in the answer section for "recursion avail"


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your
    issue. To respond directly to me remove the nospam. from my
    email. ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  7. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:74639a37.0407270749.51fb9822@posting.google.com,
    Joe <joebio91@hotmail.com> posted a question
    Then Kevin replied below:
    > UPDATED INFO:
    >
    > I do test using netdiag /test:dns /v and below is the
    > result (with
    > certain COMMENT INLINE), probably helpfull for expert to
    > see it and
    > help to analyze what's the problem.

    In addition, I notice in the nediag that this is also a Global catalog.
    You need to change the registry entry on my previous post to this:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

    Registry value: DnsAvoidRegisterRecords
    Data type: REG_MULTI_SZ

    LdapIpAddress
    GcIpAddress

    Then also manually add a (same as parent folder) record in the
    gc._msdcs.craft.local. sub folder.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your
    issue. To respond directly to me remove the nospam. from my
    email. ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  8. Archived from groups: microsoft.public.win2000.dns (More info?)

    All users are using XP Pro with auto IP because in the server also
    running DHCP server. So if auto IP then the DNS is using ??? which
    assigned by server, right?

    For the following, is the value is LdapIpAddress (literally/the word
    itself?) or IP of server. Btw the data type is REG_SZ only.

    Registry value: DnsAvoidRegisterRecords
    > Data type: REG_MULTI_SZ
    >
    > LdapIpAddress


    This server installed SpoonProxy so we don't use sharing

    1. Windows 2000 IP Configuration

    Host Name . . . . . . . . . . . . : ntserver1
    Primary DNS Suffix . . . . . . . : craft.local
    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : craft.local

    Ethernet adapter Local Area Connection:


    Connection-specific DNS Suffix . : craft.local
    Description . . . . . . . . . . . : D-Link DFE-530TX PCI Fast
    Ethernet Adapter (Rev A)
    Physical Address. . . . . . . . . : 00-50-BA-FB-A4-FB

    DHCP Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 10.1.1.10

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . :

    DNS Servers . . . . . . . . . . . : 10.1.1.10

    Ethernet adapter WAN:


    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : D-Link DFE-530TX PCI Fast
    Ethernet Adapter (Rev A) #2
    Physical Address. . . . . . . . . : 00-50-BA-FB-8E-9D

    DHCP Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 216.xxx.xxx.aaa

    Subnet Mask . . . . . . . . . . . : 255.255.255.248

    Default Gateway . . . . . . . . . : 216.xxx.xxx.bbb

    DNS Servers . . . . . . . . . . . : 10.1.1.10
    NetBIOS over Tcpip. . . . . . . . : Disabled



    2. craft.local

    3. craft.local (subfolder _msdcs, _sites, _tcp, _udp)
    ntserver1 host 10.1.1.10

    Same as parent folder:
    SOA ntserver1.craft.local
    Host 216.xxx.xxx.aaa
    Host 10.1.1.10

    4. Porbably you need it. DCdiag result (THERE IS AN ERROR I mark it
    below, is that related??):
    DC Diagnosis

    Performing initial setup:
    * Verifing that the local machine ntserver1, is a DC.
    * Connecting to directory service on server ntserver1.
    * Collecting site info.
    * Identifying all servers.
    * Found 1 DC(s). Testing 1 of them.
    Done gathering initial info.

    Doing initial non skippeable tests

    Testing server: Default-First-Site-Name\NTSERVER1
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... NTSERVER1 passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\NTSERVER1
    Starting test: Replications
    * Replications Check
    ......................... NTSERVER1 passed test Replications
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Starting test: NCSecDesc
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=craft,DC=local
    * Security Permissions Check for
    CN=Configuration,DC=craft,DC=local
    * Security Permissions Check for
    DC=craft,DC=local
    ......................... NTSERVER1 passed test NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    ......................... NTSERVER1 passed test NetLogons
    Starting test: Advertising
    The DC NTSERVER1 is advertising itself as a DC and having a
    DS.
    The DC NTSERVER1 is advertising as an LDAP server
    The DC NTSERVER1 is advertising as having a writeable
    directory
    The DC NTSERVER1 is advertising as a Key Distribution Center
    The DC NTSERVER1 is advertising as a time server
    The DS NTSERVER1 is advertising as a GC.
    ......................... NTSERVER1 passed test Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS
    Settings,CN=NTSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=craft,DC=local
    Role Domain Owner = CN=NTDS
    Settings,CN=NTSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=craft,DC=local
    Role PDC Owner = CN=NTDS
    Settings,CN=NTSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=craft,DC=local
    Role Rid Owner = CN=NTDS
    Settings,CN=NTSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=craft,DC=local
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=NTSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=craft,DC=local
    ......................... NTSERVER1 passed test
    KnowsOfRoleHolders
    Starting test: RidManager
    * Available RID Pool for the Domain is 1606 to 1073741823
    * ntserver1.craft.local is the RID Master
    * DsBind with RID Master was successful
    * rIDAllocationPool is 1106 to 1605
    * rIDNextRID: 1151
    * rIDPreviousAllocationPool is 1106 to 1605
    ......................... NTSERVER1 passed test RidManager
    Starting test: MachineAccount
    * SPN found :LDAP/ntserver1.craft.local/craft.local
    * SPN found :LDAP/ntserver1.craft.local
    * SPN found :LDAP/NTSERVER1
    * SPN found :LDAP/ntserver1.craft.local/craft
    * SPN found
    :LDAP/373fab7a-a60a-4e42-b30c-bd28276c8fc5._msdcs.craft.local
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/373fab7a-a60a-4e42-b30c-bd28276c8fc5/craft.local
    * SPN found :HOST/ntserver1.craft.local/craft.local
    * SPN found :HOST/ntserver1.craft.local
    * SPN found :HOST/NTSERVER1
    * SPN found :HOST/ntserver1.craft.local/craft
    * SPN found :GC/ntserver1.craft.local/craft.local
    ......................... NTSERVER1 passed test
    MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    IsmServ Service is stopped on [NTSERVER1]
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: RPCLOCATOR
    * Checking Service: w32time
    * Checking Service: TrkWks
    * Checking Service: TrkSvr
    * Checking Service: NETLOGON
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    SMTPSVC Service is stopped on [NTSERVER1]
    ......................... NTSERVER1 failed test Services
    Test omitted by user request: OutboundSecureChannels
    Starting test: ObjectsReplicated
    NTSERVER1 is in domain DC=craft,DC=local
    Checking for CN=NTSERVER1,OU=Domain
    Controllers,DC=craft,DC=local in domain DC=craft,DC=local on 1 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=NTSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=craft,DC=local
    in domain CN=Configuration,DC=craft,DC=local on 1 servers
    Object is up-to-date on all servers.
    ......................... NTSERVER1 passed test
    ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service Event log test
    The SYSVOL has been shared, and the AD is no longer
    prevented from starting by the File Replication Service.
    ......................... NTSERVER1 passed test frssysvol
    Starting test: kccevent
    * The KCC Event log test
    Found no KCC errors in Directory Service Event log in the
    last 15 minutes.
    ......................... NTSERVER1 passed test kccevent
    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0xC0002711
    Time Generated: 07/27/2004 16:48:58
    Event String: Unable to start a DCOM Server:

    {0C0A3666-30C9-11D0-8F20-00805F2CD064} as /. The

    error: ***************************************************ERROR
    ##########

    "%2"

    Happened while starting this command:

    C:\WINNT\System32\mdm.exe -Embedding
    ......................... NTSERVER1 failed test systemlog

    Running enterprise tests on : craft.local
    Starting test: Intersite
    Skipping site Default-First-Site-Name, this site is outside
    the scope

    provided by the command line arguments provided.
    ......................... craft.local passed test Intersite
    Starting test: FsmoCheck
    GC Name: \\ntserver1.craft.local
    Locator Flags: 0xe00001fd
    PDC Name: \\ntserver1.craft.local
    Locator Flags: 0xe00001fd
    Time Server Name: \\ntserver1.craft.local
    Locator Flags: 0xe00001fd
    Preferred Time Server Name: \\ntserver1.craft.local
    Locator Flags: 0xe00001fd
    KDC Name: \\ntserver1.craft.local
    Locator Flags: 0xe00001fd
    ......................... craft.local passed test FsmoCheck


    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:<eIrqCR#cEHA.384@TK2MSFTNGP10.phx.gbl>...
    > In news:74639a37.0407270521.5e08ba34@posting.google.com,
    > Joe <joebio91@hotmail.com> posted a question
    > Then Kevin replied inline:
    > > I do netdiag/fix successfully, reboot server but after
    > > several hours
    > > the server cannot ping to FQDN even though ping IP still
    > > ok (same
    > > problem).
    > >
    > > I saw in the event log that around those time the problem
    > > happened is
    > > Warning: 5781 source: Netlogon (dynamic registration
    > > ...., because no
    > > dns server available). Data in byte = 0000:b4 05 00 00
    >
    > 5781 events can be a serious problem, to properly diagnose a 5781 I need to
    > see these three items:
    > 1. ipconfig /all
    > 2. AD domain name from ADUsers&Computers
    > 3. List of forward lookup zone names in DNS.
    >
    > >
    > > If I do nslookup the result is
    > > DNS timeout
    > > can't find server name for address 10.1.1.10
    > > Default server: unknown
    > > Address: 10.1.1.10
    >
    > You can ignore the nslookup message, all it is telling you is it can't find
    > the PTR record that has the server's name (hence the can't find server name
    > for address 10.1.1.10) You can also create the PTR in the reverse lookup
    > zone.
    >
    > >
    > > If I do nslookup externally, it's works fine (ping
    > > yahoo.com/ca with
    > > reply)
    > > But internally, nope..but actually i don't think we need
    > > DNS server
    > > locally.
    >
    > Yes, you do need DNS, you should get that out of your mind now. Your DC's
    > record is in DNS, and that is where all the clients expect to find it. If
    > they can't find the DCs records you'll spend a lot of time waiting on you
    > system.
    >
    > >
    > > This DNS server installation is I think default setup
    > > when you setup
    > > DC AD in server W2K. So basically just need to be able to
    > > connect
    > > internet from client's machine, even though let say no
    > > DNS...no
    > > problem. But because already installed and AD integrated
    > > so I have
    > > just use it and make it works like before.
    >
    > AD usually works great, if DNS is properly configured. The most important
    > thing to keep in mind is all clients must use the local DNS server that has
    > the AD domain zone, only. No ISP's DNS in any position on any Domain member.
    > Fo rinternet access configure DNS with a forwarder to your ISP.
    >
    > Also since the DC is multi-homed it will need some extra configuation to
    > keep the DC from registering records on the external interfaces. This must
    > be done in the registry, after you make the registry entries you have to
    > manually create the record for the (same as parent folder) in the domain
    > zone that has the IP of the NIC with file sharing enabled.
    >
    > 1. Configure DNS to listen only on the internal IP that has file sharing
    > enabled.
    > 2. Add this registry entry with regedt32.
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    >
    > Registry value: DnsAvoidRegisterRecords
    > Data type: REG_MULTI_SZ
    >
    > LdapIpAddress
    >
    > 3. OPen the forward lookup zone for the AD domain, right click select New
    > host, leave the name field blank and give it the IP of the internal
    > interface with File sharing enabled. Do NOT enable "Delete this record if it
    > becomes stale". Click OK to create the record anyway when it pops up (same
    > as parent folder) is not a valid host name.
    >
    > 4. Right click on Network places, choose properties, in the "Advanced" menu
    > select "Advanced settings" make sure the internal interface is at the top of
    > the connections pane, and the File sharing is in the Bindings pane on the
    > interface.
    >
    >
    > 300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
    > http://support.microsoft.com/?id=300202
    >
    > 825036 - Best practices for DNS client settings in Windows 2000 Server and
    > in Windows Server 2003
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;825036
    >
    >
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ============================
    > --
    > When responding to posts, please "Reply to Group" via your
    > newsreader so that others may learn and benefit from your
    > issue. To respond directly to me remove the nospam. from my
    > email. ==========================================
    > http://www.lonestaramerica.com/
    > ==========================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ==========================================
    > Keep a back up of your OE settings and folders with
    > OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ==========================================
  9. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:74639a37.0407271344.2f8fe9a3@posting.google.com,
    Joe <joebio91@hotmail.com> posted a question
    Then Kevin replied below:
    > All users are using XP Pro with auto IP because in the
    > server also
    > running DHCP server. So if auto IP then the DNS is using
    > ??? which
    > assigned by server, right?
    >
    > For the following, is the value is LdapIpAddress
    > (literally/the word
    > itself?) or IP of server. Btw the data type is REG_SZ
    > only.

    No the data type is REG_MULTI_SZ you must use regedt32, for that data type.
    The actual data is
    LdapIpAddress
    GcIpAddress

    I noticed this was a global Catalog from a later post so you add both in the
    data field.

    Create the (same as parent folder) records only for the private addresses in
    the domain zone and in the gc._msdcs sub folder.

    >
    > Registry value: DnsAvoidRegisterRecords
    >> Data type: REG_MULTI_SZ
    >>
    >> LdapIpAddress
    >
    >
    > This server installed SpoonProxy so we don't use sharing
    >
    > 1. Windows 2000 IP Configuration
    >
    > Host Name . . . . . . . . . . . . : ntserver1
    > Primary DNS Suffix . . . . . . . : craft.local
    > Node Type . . . . . . . . . . . . : Hybrid
    >
    > IP Routing Enabled. . . . . . . . : No
    >
    > WINS Proxy Enabled. . . . . . . . : No
    >
    > DNS Suffix Search List. . . . . . : craft.local
    >
    > Ethernet adapter Local Area Connection:
    >
    >
    >
    > Connection-specific DNS Suffix . : craft.local
    > Description . . . . . . . . . . . : D-Link DFE-530TX PCI
    > Fast
    > Ethernet Adapter (Rev A)
    > Physical Address. . . . . . . . . : 00-50-BA-FB-A4-FB
    >
    > DHCP Enabled. . . . . . . . . . . : No
    >
    > IP Address. . . . . . . . . . . . : 10.1.1.10
    >
    > Subnet Mask . . . . . . . . . . . : 255.255.255.0
    >
    > Default Gateway . . . . . . . . . :
    >
    > DNS Servers . . . . . . . . . . . : 10.1.1.10
    >
    > Ethernet adapter WAN:
    >
    >
    >
    > Connection-specific DNS Suffix . :
    > Description . . . . . . . . . . . : D-Link DFE-530TX PCI
    > Fast
    > Ethernet Adapter (Rev A) #2
    > Physical Address. . . . . . . . . : 00-50-BA-FB-8E-9D
    >
    > DHCP Enabled. . . . . . . . . . . : No
    >
    > IP Address. . . . . . . . . . . . : 216.xxx.xxx.aaa
    >
    > Subnet Mask . . . . . . . . . . . : 255.255.255.248
    >
    > Default Gateway . . . . . . . . . : 216.xxx.xxx.bbb
    >
    > DNS Servers . . . . . . . . . . . : 10.1.1.10
    > NetBIOS over Tcpip. . . . . . . . : Disabled
    >
    >
    >
    > 2. craft.local
    >
    > 3. craft.local (subfolder _msdcs, _sites, _tcp, _udp)
    > ntserver1 host 10.1.1.10
    >
    > Same as parent folder:
    > SOA ntserver1.craft.local
    > Host 216.xxx.xxx.aaa<---------you don't want this record
    > Host 10.1.1.10


    >
    > 4. Porbably you need it. DCdiag result (THERE IS AN ERROR
    > I mark it
    > below, is that related??):
    > DC Diagnosis
    >
    > Starting test: Services
    > * Checking Service: Dnscache
    > * Checking Service: NtFrs
    > * Checking Service: IsmServ
    > IsmServ Service is stopped on [NTSERVER1]
    > * Checking Service: kdc
    > * Checking Service: SamSs
    > * Checking Service: LanmanServer
    > * Checking Service: LanmanWorkstation
    > * Checking Service: RpcSs
    > * Checking Service: RPCLOCATOR
    > * Checking Service: w32time
    > * Checking Service: TrkWks
    > * Checking Service: TrkSvr
    > * Checking Service: NETLOGON
    > * Checking Service: Dnscache
    > * Checking Service: NtFrs
    > SMTPSVC Service is stopped on [NTSERVER1]
    > ......................... NTSERVER1 failed test
    > Services
    > kccevent
    > Starting test: systemlog
    > * The System Event log test
    > An Error Event occured. EventID: 0xC0002711
    > Time Generated: 07/27/2004 16:48:58
    > Event String: Unable to start a DCOM Server:
    >
    > {0C0A3666-30C9-11D0-8F20-00805F2CD064} as /. The
    >
    > error:
    > ***************************************************ERROR
    > ##########
    >
    > "%2"
    >
    > Happened while starting this command:
    >
    > C:\WINNT\System32\mdm.exe -Embedding
    > ......................... NTSERVER1 failed test
    > systemlog

    I don't know about the DCOM error, I'll research it, may have something to
    do with the Intersite Messaging Service not running, but don't take that as
    a fact. I just don't know at this time, it's out of my realm of expertise.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your
    issue. To respond directly to me remove the nospam. from my
    email. ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  10. Archived from groups: microsoft.public.win2000.dns (More info?)

    So the "Value Name" is DnsAvoidRegisterRecords
    and "Value data" is LdapIpAddress, GcIpAddress ???

    I am not sure how to put 2 entry in value data.
    So please clarify, thanks.

    gc._msdcs.craft.local. is this mean

    Under hobbycraft.local zone file --> _msdcs --> gc --> (no _msdcs
    within this subfolder), need to create and the subfolder??

    So I need to create also the subfolder??
    and then a record, what's the IP address should I used? 10.1.1.10?

    Sorry if many questions, because I never do this one so just to make
    sure I don't screw up live server.

    Thanks for your help so far. Really appreciate it.

    IHL&G,
    Joe

    "Give your time & energy only to the themes at the heart of your
    life."


    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:<O$I3mU$cEHA.2908@TK2MSFTNGP10.phx.gbl>...
    > In news:74639a37.0407270749.51fb9822@posting.google.com,
    > Joe <joebio91@hotmail.com> posted a question
    > Then Kevin replied below:
    > > UPDATED INFO:
    > >
    > > I do test using netdiag /test:dns /v and below is the
    > > result (with
    > > certain COMMENT INLINE), probably helpfull for expert to
    > > see it and
    > > help to analyze what's the problem.
    >
    > In addition, I notice in the nediag that this is also a Global catalog.
    > You need to change the registry entry on my previous post to this:
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    >
    > Registry value: DnsAvoidRegisterRecords
    > Data type: REG_MULTI_SZ
    >
    > LdapIpAddress
    > GcIpAddress
    >
    > Then also manually add a (same as parent folder) record in the
    > gc._msdcs.craft.local. sub folder.
    >
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ============================
    > --
    > When responding to posts, please "Reply to Group" via your
    > newsreader so that others may learn and benefit from your
    > issue. To respond directly to me remove the nospam. from my
    > email. ==========================================
    > http://www.lonestaramerica.com/
    > ==========================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ==========================================
    > Keep a back up of your OE settings and folders with
    > OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ==========================================
  11. Archived from groups: microsoft.public.win2000.dns (More info?)

    No event 7063 and if I try use public domain to do nslookup -d2 ....
    it works fine, but if use craft.local doesn't work and I think should
    won't work right...cause local domain not public registered domain.

    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:<e5#14L$cEHA.1356@TK2MSFTNGP09.phx.gbl>...
    > In news:74639a37.0407270700.4208591e@posting.google.com,
    > Joe <joebio91@hotmail.com> posted a question
    > Then Kevin replied below:
    > > Forgot to add:
    > >
    > > Forwarder to pri & sec ISP DNS server.
    >
    > This may also be a problem if you are using your ISP's DNS that they use for
    > Authoritative DNS lookups.
    > Many ISP's especially the large ones, disable recursion on their
    > Authoritative DNS servers and they cannot be used as DNS forwarders. Check
    > your DNS event log for 7063 events, if you are getting these you need to
    > change your DNS forwarders. You can also use nslookup to see if the ISP's
    > DNS is recursive.
    >
    > Use this command:
    > nslookup -d2 <domain> <ispdnsaddress>
    >
    > Look in the answer section for "recursion avail"
    >
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ============================
    > --
    > When responding to posts, please "Reply to Group" via your
    > newsreader so that others may learn and benefit from your
    > issue. To respond directly to me remove the nospam. from my
    > email. ==========================================
    > http://www.lonestaramerica.com/
    > ==========================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ==========================================
    > Keep a back up of your OE settings and folders with
    > OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ==========================================
  12. Archived from groups: microsoft.public.win2000.dns (More info?)

    I see also in the System Log:

    Source: DCOM
    Event ID: 10001
    Desc: Unable to start DCOM server as /.The error " Thy system cannot
    find the file specified." Happened while starting this command:
    c:\winnt\system32\mdm.exe -Embedding

    Is this related with DNS problem?

    Also Event 5781 (NetLogon) always occured everytime rebooted and login
    after
    Error Source: server
    Event ID: 2511
    Desc: The server service was unable to recreate the share .....
    because the directory c:\....\... no longer exists.

    Is this also related?


    joebio91@hotmail.com (Joe) wrote in message news:<74639a37.0407261119.ada381f@posting.google.com>...
    > We are experience problem which in the beginning I thought related to
    > ISP DNS problem because after server reboot in the morning because
    > cannot connect to internet several hours later (probably 6 hours or
    > more) we cannot connect internet again eventually I see that ping to
    > public IP no problem but ping to domain name is problem so I call and
    > try troubleshoot with ISP and find conclusion that our server problem.
    > This problem resolve everytime we reboot the server, if we just reboot
    > the DSL modem and router without reboot the server still cannot ping
    > the domain (FQDN) even though able to ping any public IP.
    >
    > FYI:
    > This dual NIC W2K server connect to Internet & LAN as follow
    >
    > ISP--> DSL modem --> static PUBLIC IP Router -->
    > 1. Static PUBLIC WAN NIC
    > 2. Static Internal LAN NIC --> all users PC
    >
    > This server are running with Spoonproxy sw, DNS w/AD, DC, DHCP, s/w
    > firewall (the default setting from MS, actually if i was setup this
    > server I won't use AD and dual NIC... more headache but no choice now,
    > cannot reinstall from scratch cause the ONLY live server to handle
    > 15-20 users.
    >
    > Actually users just using email, internet and run centralize
    > application thoruh mapping drive network, so no need AD or DNS I
    > guess, but I think to let to change it.
    >
    > In the past this server running ok until around 3 weeks ago begin
    > problem even though no changes in the server. So now every morning
    > need to reboot and also on lunch time otherwise after 6 or more hours
    > cannot ping to FQDN even though ping to any IP works, so users cannot
    > get to internet.
    > That's really weird and make me headache.
    >
    > I also try run netdiag to see if somebody could help to check it. I
    > list it at very bottom here.
    >
    > Computer Name: NTSERVER1
    > DNS Host Name: ntserver1.craft.local
    > System info : Windows 2000 Server (Build 2195)
    >
    > Netcard queries test . . . . . . . : Passed
    >
    >
    > Per interface results:
    >
    > Adapter : Local Area Connection
    >
    > Netcard queries test . . . : Passed
    >
    > Host Name. . . . . . . . . : ntserver1
    > IP Address . . . . . . . . : 10.1.1.10
    > Subnet Mask. . . . . . . . : 255.255.255.0
    > Default Gateway. . . . . . :
    > Dns Servers. . . . . . . . : 10.1.1.10
    >
    >
    > AutoConfiguration results. . . . . . : Passed
    >
    > Default gateway test . . . : Skipped
    > [WARNING] No gateways defined for this adapter.
    >
    > NetBT name test. . . . . . : Passed
    > [WARNING] At least one of the <00> 'WorkStation Service', <03>
    > 'Messenger Service', <20> 'WINS' names is missing.
    >
    > WINS service test. . . . . : Skipped
    > There are no WINS servers configured for this interface.
    >
    > Adapter : WAN
    >
    > Netcard queries test . . . : Passed
    >
    > Host Name. . . . . . . . . : ntserver1
    > IP Address . . . . . . . . : 216.xxx.xxx.aaa
    > Subnet Mask. . . . . . . . : 255.255.255.248
    > Default Gateway. . . . . . : 216.xxx.xxx.bbb
    > NetBIOS over Tcpip . . . . : Disabled
    > Dns Servers. . . . . . . . : 10.1.1.10
    >
    >
    > AutoConfiguration results. . . . . . : Passed
    >
    > Default gateway test . . . : Passed
    >
    > NetBT name test. . . . . . : Skipped
    > NetBT is disabled on this interface. [Test skipped]
    >
    > WINS service test. . . . . : Skipped
    > NetBT is disable on this interface. [Test skipped].
    >
    > Adapter : IPX Internal Interface
    >
    > Netcard queries test . . . : Passed
    >
    > Ipx configration
    > Network Number . . . . : 3bf8a0c6
    > Node . . . . . . . . . : 000000000001
    > Frame type . . . . . . : Ethernet II
    >
    >
    >
    > Adapter : IpxLoopbackAdapter
    >
    > Netcard queries test . . . : Passed
    >
    > Ipx configration
    > Network Number . . . . : 3bf8a0c6
    > Node . . . . . . . . . : 000000000002
    > Frame type . . . . . . : 802.2
    >
    >
    >
    > Adapter : NDISWANIPX
    >
    > Netcard queries test . . . : Passed
    >
    > Ipx configration
    > Network Number . . . . : 00000000
    > Node . . . . . . . . . : 601120524153
    > Frame type . . . . . . : Ethernet II
    >
    >
    > Global results:
    >
    > Domain membership test . . . . . . : Passed
    >
    >
    > NetBT transports test. . . . . . . : Passed
    > List of NetBt transports currently configured:
    > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > 1 NetBt transport currently configured.
    >
    >
    > Autonet address test . . . . . . . : Passed
    >
    >
    > IP loopback ping test. . . . . . . : Passed
    >
    >
    > Default gateway test . . . . . . . : Passed
    >
    >
    > NetBT name test. . . . . . . . . . : Passed
    > [WARNING] You don't have a single interface with the <00>
    > 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names
    > defined.
    >
    >
    > Winsock test . . . . . . . . . . . : Passed
    >
    >
    > DNS test . . . . . . . . . . . . . : Passed
    > PASS - All the DNS entries for DC are registered on DNS server
    > '10.1.1.10' and other DCs also have some of the names registered.
    >
    >
    > Redir and Browser test . . . . . . : Passed
    > List of NetBt transports currently bound to the Redir
    > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > The redir is bound to 1 NetBt transport.
    >
    > List of NetBt transports currently bound to the browser
    > NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    > The browser is bound to 1 NetBt transport.
    >
    >
    > DC discovery test. . . . . . . . . : Passed
    >
    >
    > DC list test . . . . . . . . . . . : Passed
    >
    >
    > Trust relationship test. . . . . . : Skipped
    >
    >
    > Kerberos test. . . . . . . . . . . : Passed
    >
    >
    > LDAP test. . . . . . . . . . . . . : Passed
    >
    >
    > Bindings test. . . . . . . . . . . : Passed
    >
    >
    > WAN configuration test . . . . . . : Skipped
    > No active remote access connections.
    >
    >
    > Modem diagnostics test . . . . . . : Passed
    >
    >
    > Netware configuration
    > You are not logged in to your preferred server .
    > Netware User Name. . . . . . . :
    > Netware Server Name. . . . . . :
    > Netware Tree Name. . . . . . . :
    > Netware Workstation Context. . :
    >
    > IP Security test . . . . . . . . . : Passed
    > IPSec policy service is active, but no policy is assigned.
    >
    > The command completed successfully
    >
    >
    >
    >
    >
    > If anybody could help, really appreciate it.
    > I am in the dead end now.
    >
    > Thanks,
    > Joe
  13. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:74639a37.0407271610.12ab7cd9@posting.google.com,
    Joe <joebio91@hotmail.com> posted a question
    Then Kevin replied below:
    > So the "Value Name" is DnsAvoidRegisterRecords
    > and "Value data" is LdapIpAddress, GcIpAddress ???
    >
    > I am not sure how to put 2 entry in value data.
    > So please clarify, thanks.

    If you use regedt32 when you get to the data portion you put one in in top
    of the other.

    LdapIpAddress
    GcIpAddress


    > gc._msdcs.craft.local. is this mean
    >
    > Under hobbycraft.local zone file --> _msdcs --> gc -->
    > (no _msdcs
    > within this subfolder), need to create and the subfolder??

    The gc subfolder is in the _msdcs folder, it actually resolves
    gc._msdcs.hobbycraft.local.

    Win2k3 puts the _msdcs.hobbycraft.local in its own zone.


    > So I need to create also the subfolder??
    > and then a record, what's the IP address should I used?
    > 10.1.1.10?

    You don't need to create a sub folder it belongs in the gc subfolder, and
    yes use 10.1.1.10 if theat is the private IP of the DC.


    > Sorry if many questions, because I never do this one so
    > just to make
    > sure I don't screw up live server.

    No problem, I completely understand.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your
    issue. To respond directly to me remove the nospam. from my
    email. ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  14. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:74639a37.0407271610.12ab7cd9@posting.google.com,
    Joe <joebio91@hotmail.com> asked for help and I offered my suggestions
    below:
    > So the "Value Name" is DnsAvoidRegisterRecords
    > and "Value data" is LdapIpAddress, GcIpAddress ???
    >
    > I am not sure how to put 2 entry in value data.
    > So please clarify, thanks.
    >
    > gc._msdcs.craft.local. is this mean
    >
    > Under hobbycraft.local zone file --> _msdcs --> gc --> (no _msdcs
    > within this subfolder), need to create and the subfolder??
    >
    > So I need to create also the subfolder??
    > and then a record, what's the IP address should I used? 10.1.1.10?
    >
    > Sorry if many questions, because I never do this one so just to make
    > sure I don't screw up live server.
    >
    > Thanks for your help so far. Really appreciate it.
    >
    > IHL&G,
    > Joe

    What Kevin is saying is to create this Multi string value. Do not choose
    "String". The Multi Sting value (REG_MULTI_SZ) allows you to put in multiple
    values. It will show up as a little box that you would first put in
    LdapIpAddress, then hit enter to go to the next line, then type in
    GcIpAddress.

    Then you go into DNS and under the:
    gc._msdcs.craft.local. sub folder, manually add your GC's IP address.

    Same with the LdapIpAddress. To manually create that, you need to first
    delete any existing LdapIpAddress. They are the ones that show up as (same
    as parent) with just an IP address. Then manually create the new
    LdapIpAddress you want to create by rt-clicking your zone, new Host record,
    leave the hostname part blank and just give it the IP address of your inside
    IP of your multihomed DC.

    With all due respect sir, honestly, this additional administrative overhead,
    altering default registry values and DC/AD functionality, is more the reason
    not to mutli home a DC. It's actually *highly* recommended to purchase a
    $39.00 Linksys DSL/Cable router to give you secure Internet access and offer
    NAT and let the DC be a DC on the internal network and be done with these
    headaches. Those routers are very easy to setup. I can have one setup and
    running in less than 5 minutes. This also relieves your DC of running the
    WinPoet (PPPoE) software, and NAT services under RRAS, which is alot of
    additional overhead, which I'm assuming you have installed since you have an
    ADSL line.

    No disrepect implied here, just trying to point out facts about multihomed
    DCs/DNS servers and trying to make your job easier.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
    --
    =================================
  15. Archived from groups: microsoft.public.win2000.dns (More info?)

    Another thing after I did changes sometime ago to solve the problem.
    Now if I do nslookup, it's gonna give me "can't find server name
    address for 10.1.1.10 "
    So something wrong somewhere?

    Btw what GC =? Global Catalogue??

    > Then you go into DNS and under the:
    > gc._msdcs.craft.local. sub folder, manually add your GC's IP address.

    So the GC IP is internal IP address, right?!

    > Same with the LdapIpAddress. To manually create that, you need to first
    > delete any existing LdapIpAddress. They are the ones that show up as (same
    > as parent) with just an IP address. Then manually create the new
    > LdapIpAddress you want to create by rt-clicking your zone, new Host record,
    > leave the hostname part blank and just give it the IP address of your inside
    > IP of your multihomed DC.

    So LdapIpAddress that exists are 10.1.1.10 and 216.xxx.xxx.aaa
    So I delete both and recreate just 10.1.1.10 only?

    There is also ntserver1 as A record to 10.1.1.10 exist, do I need to
    delete and recreate or leave or delete it too.
    But the SOA and Name Server even though have (same as parent), but I
    shouldn't delete it right?!

    Ace, actually as I mention in the beginning of this thread and I
    listed here for easier to see

    FYI:
    This dual NIC W2K server connect to Internet & LAN as follow

    ISP--> DSL modem --> static PUBLIC IP Router -->
    1. Static PUBLIC WAN NIC
    2. Static Internal LAN NIC --> all users PC

    This server are running with Spoonproxy sw, DNS w/AD, DC, DHCP, s/w
    firewall (the default setting from MS, actually if i was setup this
    server I won't use AD and dual NIC... more headache but no choice now,
    cannot reinstall from scratch cause the ONLY live server to handle
    15-20 users.

    Actually users just using email, internet and run centralize
    application thoruh mapping drive network, so no need AD or DNS I
    guess.
    ********************************


    So there is a router but because this server and LAN setup by previous
    netadmin so I couldn't change much, especially this is live server and
    the only one server for 15-20 users.

    I wish could reinstalled this server from scratch, it's make my life
    easier.

    So for now I just want to make this server work fine like before
    although you could suggest me the detail about make this sever network
    better without changing much, so if possible later on I could change
    it with permission of my boss.

    So instead of using NAT from the router, the previous netadmin setup
    router and server with static IP and server has dual NIC (no installed
    PPPoE s/w on server) and run Spoonproxy s/w so client with internal IP
    could connect to internet.

    I don't understand why he set it up that way, probably because to
    allow access admin remotely. But if use NAT the server could just
    mapping the internal IP with public IP in router and open port for
    remote adm then, isn't it?
    Or install VPN server in this server and pass the VPN access in the
    router, i think.


    During this troubleshooting period, I just could test if the set up ok
    or still problem JUST twice a day -- at night and early in the morning
    before reboot again, because in the morning I set to reboot server
    automatically before user come in and also in the lunch time so during
    working hour users doesn't exp problem when try to connect to internet
    (the problem usually begin in interval 5-7 hours). I really hope this
    problem resolve soon.
    I really appreciate for both of your assistance. Without you guys, I
    don't know what i could do.


    "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in message news:<OAryVWFdEHA.3392@tk2msftngp13.phx.gbl>...
    > In news:74639a37.0407271610.12ab7cd9@posting.google.com,
    > Joe <joebio91@hotmail.com> asked for help and I offered my suggestions
    > below:
    > > So the "Value Name" is DnsAvoidRegisterRecords
    > > and "Value data" is LdapIpAddress, GcIpAddress ???
    > >
    > > I am not sure how to put 2 entry in value data.
    > > So please clarify, thanks.
    > >
    > > gc._msdcs.craft.local. is this mean
    > >
    > > Under hobbycraft.local zone file --> _msdcs --> gc --> (no _msdcs
    > > within this subfolder), need to create and the subfolder??
    > >
    > > So I need to create also the subfolder??
    > > and then a record, what's the IP address should I used? 10.1.1.10?
    > >
    > > Sorry if many questions, because I never do this one so just to make
    > > sure I don't screw up live server.
    > >
    > > Thanks for your help so far. Really appreciate it.
    > >
    > > IHL&G,
    > > Joe
    >
    > What Kevin is saying is to create this Multi string value. Do not choose
    > "String". The Multi Sting value (REG_MULTI_SZ) allows you to put in multiple
    > values. It will show up as a little box that you would first put in
    > LdapIpAddress, then hit enter to go to the next line, then type in
    > GcIpAddress.
    >
    > Then you go into DNS and under the:
    > gc._msdcs.craft.local. sub folder, manually add your GC's IP address.
    >
    > Same with the LdapIpAddress. To manually create that, you need to first
    > delete any existing LdapIpAddress. They are the ones that show up as (same
    > as parent) with just an IP address. Then manually create the new
    > LdapIpAddress you want to create by rt-clicking your zone, new Host record,
    > leave the hostname part blank and just give it the IP address of your inside
    > IP of your multihomed DC.
    >
    > With all due respect sir, honestly, this additional administrative overhead,
    > altering default registry values and DC/AD functionality, is more the reason
    > not to mutli home a DC. It's actually *highly* recommended to purchase a
    > $39.00 Linksys DSL/Cable router to give you secure Internet access and offer
    > NAT and let the DC be a DC on the internal network and be done with these
    > headaches. Those routers are very easy to setup. I can have one setup and
    > running in less than 5 minutes. This also relieves your DC of running the
    > WinPoet (PPPoE) software, and NAT services under RRAS, which is alot of
    > additional overhead, which I'm assuming you have installed since you have an
    > ADSL line.
    >
    > No disrepect implied here, just trying to point out facts about multihomed
    > DCs/DNS servers and trying to make your job easier.
    >
    > --
    > Regards,
    > Ace
    >
    > Please direct all replies ONLY to the Microsoft public newsgroups
    > so all can benefit.
    >
    > This posting is provided "AS-IS" with no warranties or guarantees
    > and confers no rights.
    >
    > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    > Microsoft Windows MVP - Windows Server - Directory Services
    >
    > Security Is Like An Onion, It Has Layers
    > HAM AND EGGS: A day's work for a chicken;
    > A lifetime commitment for a pig.
  16. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:74639a37.0407280835.3f7f14cb@posting.google.com,
    Joe <joebio91@hotmail.com> posted a question
    Then Kevin replied below:
    > Another thing after I did changes sometime ago to solve
    > the problem.
    > Now if I do nslookup, it's gonna give me "can't find
    > server name
    > address for 10.1.1.10 "
    > So something wrong somewhere?

    No, nothing is "wrong", this is just a message from nslookup, which is
    performing a reverse lookup on the IP of the DNS server it is using.
    You can:
    a. Ignore the message because because a reverse lookup is not required for
    proper AD operation.
    b. Create a reverse lookup zone named 1.1.10.in-addr.arpa. and place a PTR
    with IP number 10 and your server's name ntserver1.craft.local.

    >
    > Btw what GC =? Global Catalogue??
    >
    >> Then you go into DNS and under the:
    >> gc._msdcs.craft.local. sub folder, manually add your
    >> GC's IP address.

    Yes in your case this server is a Global Catalog and its private IP is
    10.1.1.10.

    >
    > So the GC IP is internal IP address, right?!

    Right!

    >
    >> Same with the LdapIpAddress. To manually create that,
    >> you need to first delete any existing LdapIpAddress.
    >> They are the ones that show up as (same as parent) with
    >> just an IP address. Then manually create the new
    >> LdapIpAddress you want to create by rt-clicking your
    >> zone, new Host record, leave the hostname part blank and
    >> just give it the IP address of your inside IP of your
    >> multihomed DC.
    >
    > So LdapIpAddress that exists are 10.1.1.10 and
    > 216.xxx.xxx.aaa
    > So I delete both and recreate just 10.1.1.10 only?

    When you put in the reg entriy and restart the netlogon service, these
    records will go away, you need to recreate them with the server's internal
    IP.

    >
    > There is also ntserver1 as A record to 10.1.1.10 exist,
    > do I need to
    > delete and recreate or leave or delete it too.

    Leave that record alone, DNS creates that record for the IP it is listening
    on.
    There is a different reg entry that changes this behavior, we're not going t
    here!


    > But the SOA and Name Server even though have (same as
    > parent), but I
    > shouldn't delete it right?!
    >
    > Ace, actually as I mention in the beginning of this
    > thread and I
    > listed here for easier to see
    >
    > FYI:
    > This dual NIC W2K server connect to Internet & LAN as
    > follow
    >
    > ISP--> DSL modem --> static PUBLIC IP Router -->
    > 1. Static PUBLIC WAN NIC
    > 2. Static Internal LAN NIC --> all users PC
    >
    > This server are running with Spoonproxy sw, DNS w/AD, DC,
    > DHCP, s/w
    > firewall (the default setting from MS, actually if i was
    > setup this
    > server I won't use AD and dual NIC... more headache but
    > no choice now,
    > cannot reinstall from scratch cause the ONLY live server
    > to handle
    > 15-20 users.

    I haven't seen any reson for even thinking about a re-install yet.

    >
    > Actually users just using email, internet and run
    > centralize
    > application thoruh mapping drive network, so no need AD
    > or DNS I
    > guess.
    > ********************************
    >
    >
    > So there is a router but because this server and LAN
    > setup by previous
    > netadmin so I couldn't change much, especially this is
    > live server and
    > the only one server for 15-20 users.
    >
    > I wish could reinstalled this server from scratch, it's
    > make my life
    > easier.
    >
    > So for now I just want to make this server work fine like
    > before
    > although you could suggest me the detail about make this
    > sever network
    > better without changing much, so if possible later on I
    > could change
    > it with permission of my boss.
    >
    > So instead of using NAT from the router, the previous
    > netadmin setup
    > router and server with static IP and server has dual NIC
    > (no installed
    > PPPoE s/w on server) and run Spoonproxy s/w so client
    > with internal IP
    > could connect to internet.

    They could connect to the internet with out Spoonproxy, but that is another
    story the proxy may be there for other reasons, does it have AV scanning in
    it?
    Does the Proxy have a DNS proxy in it? If it does possibly that is the
    problem.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your
    issue. To respond directly to me remove the nospam. from my
    email. ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  17. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:uJ$5gFQdEHA.3476@tk2msftngp13.phx.gbl,
    Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> asked for help and I
    offered my suggestions below:
    > In news:74639a37.0407280835.3f7f14cb@posting.google.com,
    > Joe <joebio91@hotmail.com> posted a question
    > Then Kevin replied below:
    >> Another thing after I did changes sometime ago to solve
    >> the problem.
    >> Now if I do nslookup, it's gonna give me "can't find
    >> server name
    >> address for 10.1.1.10 "
    >> So something wrong somewhere?
    >
    > No, nothing is "wrong", this is just a message from nslookup, which is
    > performing a reverse lookup on the IP of the DNS server it is using.
    > You can:
    > a. Ignore the message because because a reverse lookup is not
    > required for proper AD operation.
    > b. Create a reverse lookup zone named 1.1.10.in-addr.arpa. and place
    > a PTR with IP number 10 and your server's name ntserver1.craft.local.
    >
    >>
    >> Btw what GC =? Global Catalogue??
    >>
    >>> Then you go into DNS and under the:
    >>> gc._msdcs.craft.local. sub folder, manually add your
    >>> GC's IP address.
    >
    > Yes in your case this server is a Global Catalog and its private IP is
    > 10.1.1.10.
    >
    >>
    >> So the GC IP is internal IP address, right?!
    >
    > Right!
    >
    >>
    >>> Same with the LdapIpAddress. To manually create that,
    >>> you need to first delete any existing LdapIpAddress.
    >>> They are the ones that show up as (same as parent) with
    >>> just an IP address. Then manually create the new
    >>> LdapIpAddress you want to create by rt-clicking your
    >>> zone, new Host record, leave the hostname part blank and
    >>> just give it the IP address of your inside IP of your
    >>> multihomed DC.
    >>
    >> So LdapIpAddress that exists are 10.1.1.10 and
    >> 216.xxx.xxx.aaa
    >> So I delete both and recreate just 10.1.1.10 only?
    >
    > When you put in the reg entriy and restart the netlogon service, these
    > records will go away, you need to recreate them with the server's
    > internal IP.
    >
    >>
    >> There is also ntserver1 as A record to 10.1.1.10 exist,
    >> do I need to
    >> delete and recreate or leave or delete it too.
    >
    > Leave that record alone, DNS creates that record for the IP it is
    > listening on.
    > There is a different reg entry that changes this behavior, we're not
    > going t here!
    >
    >
    >> But the SOA and Name Server even though have (same as
    >> parent), but I
    >> shouldn't delete it right?!
    >>
    >> Ace, actually as I mention in the beginning of this
    >> thread and I
    >> listed here for easier to see
    >>
    >> FYI:
    >> This dual NIC W2K server connect to Internet & LAN as
    >> follow
    >>
    >> ISP--> DSL modem --> static PUBLIC IP Router -->
    >> 1. Static PUBLIC WAN NIC
    >> 2. Static Internal LAN NIC --> all users PC
    >>
    >> This server are running with Spoonproxy sw, DNS w/AD, DC,
    >> DHCP, s/w
    >> firewall (the default setting from MS, actually if i was
    >> setup this
    >> server I won't use AD and dual NIC... more headache but
    >> no choice now,
    >> cannot reinstall from scratch cause the ONLY live server
    >> to handle
    >> 15-20 users.
    >
    > I haven't seen any reson for even thinking about a re-install yet.
    >
    >>
    >> Actually users just using email, internet and run
    >> centralize
    >> application thoruh mapping drive network, so no need AD
    >> or DNS I
    >> guess.
    >> ********************************
    >>
    >>
    >> So there is a router but because this server and LAN
    >> setup by previous
    >> netadmin so I couldn't change much, especially this is
    >> live server and
    >> the only one server for 15-20 users.
    >>
    >> I wish could reinstalled this server from scratch, it's
    >> make my life
    >> easier.
    >>
    >> So for now I just want to make this server work fine like
    >> before
    >> although you could suggest me the detail about make this
    >> sever network
    >> better without changing much, so if possible later on I
    >> could change
    >> it with permission of my boss.
    >>
    >> So instead of using NAT from the router, the previous
    >> netadmin setup
    >> router and server with static IP and server has dual NIC
    >> (no installed
    >> PPPoE s/w on server) and run Spoonproxy s/w so client
    >> with internal IP
    >> could connect to internet.
    >
    > They could connect to the internet with out Spoonproxy, but that is
    > another story the proxy may be there for other reasons, does it have
    > AV scanning in it?
    > Does the Proxy have a DNS proxy in it? If it does possibly that is the
    > problem.
    >

    I'm starting to think that as well.

    Also agree that no need to reinstall, just reconfigure who the router is.
    When Joe is mentioning 'router', I am assuming its this dual homed machine
    in question, unless I misread it and there is actually a router connected to
    the DSL modem?

    I was suggesting to get a Linksys router. If VPN is needed, they have a
    router that has VPN features, but costs a little more money. Very well worth
    it. Once its working, I would suggest to point the gateway address at the
    new router, then remove the extra NIC from the dual homed machine, take out
    that reg entry, and let it do its thing, be a DC. No reason to reinstall.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
    --
    =================================
  18. Archived from groups: microsoft.public.win2000.dns (More info?)

    Yes, there is Netgear simple router connect to DSL modem and from this
    router connect to dual homed W2K SP3 Server.
    Thank you for the info and suggestion Ace.

    "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in message news:<OcXo0uQdEHA.3212@TK2MSFTNGP12.phx.gbl>...
    > In news:uJ$5gFQdEHA.3476@tk2msftngp13.phx.gbl,
    > Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> asked for help and I
    > offered my suggestions below:
    > > In news:74639a37.0407280835.3f7f14cb@posting.google.com,
    > > Joe <joebio91@hotmail.com> posted a question
    > > Then Kevin replied below:
    > >> Another thing after I did changes sometime ago to solve
    > >> the problem.
    > >> Now if I do nslookup, it's gonna give me "can't find
    > >> server name
    > >> address for 10.1.1.10 "
    > >> So something wrong somewhere?
    > >
    > > No, nothing is "wrong", this is just a message from nslookup, which is
    > > performing a reverse lookup on the IP of the DNS server it is using.
    > > You can:
    > > a. Ignore the message because because a reverse lookup is not
    > > required for proper AD operation.
    > > b. Create a reverse lookup zone named 1.1.10.in-addr.arpa. and place
    > > a PTR with IP number 10 and your server's name ntserver1.craft.local.
    > >
    > >>
    > >> Btw what GC =? Global Catalogue??
    > >>
    > >>> Then you go into DNS and under the:
    > >>> gc._msdcs.craft.local. sub folder, manually add your
    > >>> GC's IP address.
    > >
    > > Yes in your case this server is a Global Catalog and its private IP is
    > > 10.1.1.10.
    > >
    > >>
    > >> So the GC IP is internal IP address, right?!
    > >
    > > Right!
    > >
    > >>
    > >>> Same with the LdapIpAddress. To manually create that,
    > >>> you need to first delete any existing LdapIpAddress.
    > >>> They are the ones that show up as (same as parent) with
    > >>> just an IP address. Then manually create the new
    > >>> LdapIpAddress you want to create by rt-clicking your
    > >>> zone, new Host record, leave the hostname part blank and
    > >>> just give it the IP address of your inside IP of your
    > >>> multihomed DC.
    > >>
    > >> So LdapIpAddress that exists are 10.1.1.10 and
    > >> 216.xxx.xxx.aaa
    > >> So I delete both and recreate just 10.1.1.10 only?
    > >
    > > When you put in the reg entriy and restart the netlogon service, these
    > > records will go away, you need to recreate them with the server's
    > > internal IP.
    > >
    > >>
    > >> There is also ntserver1 as A record to 10.1.1.10 exist,
    > >> do I need to
    > >> delete and recreate or leave or delete it too.
    > >
    > > Leave that record alone, DNS creates that record for the IP it is
    > > listening on.
    > > There is a different reg entry that changes this behavior, we're not
    > > going t here!
    > >
    > >
    > >> But the SOA and Name Server even though have (same as
    > >> parent), but I
    > >> shouldn't delete it right?!
    > >>
    > >> Ace, actually as I mention in the beginning of this
    > >> thread and I
    > >> listed here for easier to see
    > >>
    > >> FYI:
    > >> This dual NIC W2K server connect to Internet & LAN as
    > >> follow
    > >>
    > >> ISP--> DSL modem --> static PUBLIC IP Router -->
    > >> 1. Static PUBLIC WAN NIC
    > >> 2. Static Internal LAN NIC --> all users PC
    > >>
    > >> This server are running with Spoonproxy sw, DNS w/AD, DC,
    > >> DHCP, s/w
    > >> firewall (the default setting from MS, actually if i was
    > >> setup this
    > >> server I won't use AD and dual NIC... more headache but
    > >> no choice now,
    > >> cannot reinstall from scratch cause the ONLY live server
    > >> to handle
    > >> 15-20 users.
    > >
    > > I haven't seen any reson for even thinking about a re-install yet.
    > >
    > >>
    > >> Actually users just using email, internet and run
    > >> centralize
    > >> application thoruh mapping drive network, so no need AD
    > >> or DNS I
    > >> guess.
    > >> ********************************
    > >>
    > >>
    > >> So there is a router but because this server and LAN
    > >> setup by previous
    > >> netadmin so I couldn't change much, especially this is
    > >> live server and
    > >> the only one server for 15-20 users.
    > >>
    > >> I wish could reinstalled this server from scratch, it's
    > >> make my life
    > >> easier.
    > >>
    > >> So for now I just want to make this server work fine like
    > >> before
    > >> although you could suggest me the detail about make this
    > >> sever network
    > >> better without changing much, so if possible later on I
    > >> could change
    > >> it with permission of my boss.
    > >>
    > >> So instead of using NAT from the router, the previous
    > >> netadmin setup
    > >> router and server with static IP and server has dual NIC
    > >> (no installed
    > >> PPPoE s/w on server) and run Spoonproxy s/w so client
    > >> with internal IP
    > >> could connect to internet.
    > >
    > > They could connect to the internet with out Spoonproxy, but that is
    > > another story the proxy may be there for other reasons, does it have
    > > AV scanning in it?
    > > Does the Proxy have a DNS proxy in it? If it does possibly that is the
    > > problem.
    > >
    >
    > I'm starting to think that as well.
    >
    > Also agree that no need to reinstall, just reconfigure who the router is.
    > When Joe is mentioning 'router', I am assuming its this dual homed machine
    > in question, unless I misread it and there is actually a router connected to
    > the DSL modem?
    >
    > I was suggesting to get a Linksys router. If VPN is needed, they have a
    > router that has VPN features, but costs a little more money. Very well worth
    > it. Once its working, I would suggest to point the gateway address at the
    > new router, then remove the extra NIC from the dual homed machine, take out
    > that reg entry, and let it do its thing, be a DC. No reason to reinstall.
    >
    > --
    > Regards,
    > Ace
    >
    > Please direct all replies ONLY to the Microsoft public newsgroups
    > so all can benefit.
    >
    > This posting is provided "AS-IS" with no warranties or guarantees
    > and confers no rights.
    >
    > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    > Microsoft Windows MVP - Windows Server - Directory Services
    >
    > Security Is Like An Onion, It Has Layers
    > HAM AND EGGS: A day's work for a chicken;
    > A lifetime commitment for a pig.
  19. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:<uJ$5gFQdEHA.3476@tk2msftngp13.phx.gbl>...
    > In news:74639a37.0407280835.3f7f14cb@posting.google.com,
    > Joe <joebio91@hotmail.com> posted a question
    > Then Kevin replied below:
    > > Another thing after I did changes sometime ago to solve
    > > the problem.
    > > Now if I do nslookup, it's gonna give me "can't find
    > > server name
    > > address for 10.1.1.10 "
    > > So something wrong somewhere?
    >
    > No, nothing is "wrong", this is just a message from nslookup, which is
    > performing a reverse lookup on the IP of the DNS server it is using.
    > You can:
    > a. Ignore the message because because a reverse lookup is not required for
    > proper AD operation.
    > b. Create a reverse lookup zone named 1.1.10.in-addr.arpa. and place a PTR
    > with IP number 10 and your server's name ntserver1.craft.local.
    >
    > >
    > > Btw what GC =? Global Catalogue??
    > >
    > >> Then you go into DNS and under the:
    > >> gc._msdcs.craft.local. sub folder, manually add your
    > >> GC's IP address.
    >
    > Yes in your case this server is a Global Catalog and its private IP is
    > 10.1.1.10.
    >
    > >
    > > So the GC IP is internal IP address, right?!
    >
    > Right!
    >
    > >
    > >> Same with the LdapIpAddress. To manually create that,
    > >> you need to first delete any existing LdapIpAddress.
    > >> They are the ones that show up as (same as parent) with
    > >> just an IP address. Then manually create the new
    > >> LdapIpAddress you want to create by rt-clicking your
    > >> zone, new Host record, leave the hostname part blank and
    > >> just give it the IP address of your inside IP of your
    > >> multihomed DC.
    > >
    > > So LdapIpAddress that exists are 10.1.1.10 and
    > > 216.xxx.xxx.aaa
    > > So I delete both and recreate just 10.1.1.10 only?
    >
    > When you put in the reg entriy and restart the netlogon service, these
    > records will go away, you need to recreate them with the server's internal
    > IP.
    >
    > >
    > > There is also ntserver1 as A record to 10.1.1.10 exist,
    > > do I need to
    > > delete and recreate or leave or delete it too.
    >
    > Leave that record alone, DNS creates that record for the IP it is listening
    > on.
    > There is a different reg entry that changes this behavior, we're not going t
    > here!
    >
    >
    > > But the SOA and Name Server even though have (same as
    > > parent), but I
    > > shouldn't delete it right?!
    > >
    > > Ace, actually as I mention in the beginning of this
    > > thread and I
    > > listed here for easier to see
    > >
    > > FYI:
    > > This dual NIC W2K server connect to Internet & LAN as
    > > follow
    > >
    > > ISP--> DSL modem --> static PUBLIC IP Router -->
    > > 1. Static PUBLIC WAN NIC
    > > 2. Static Internal LAN NIC --> all users PC
    > >
    > > This server are running with Spoonproxy sw, DNS w/AD, DC,
    > > DHCP, s/w
    > > firewall (the default setting from MS, actually if i was
    > > setup this
    > > server I won't use AD and dual NIC... more headache but
    > > no choice now,
    > > cannot reinstall from scratch cause the ONLY live server
    > > to handle
    > > 15-20 users.
    >
    > I haven't seen any reson for even thinking about a re-install yet.
    >
    > >
    > > Actually users just using email, internet and run
    > > centralize
    > > application thoruh mapping drive network, so no need AD
    > > or DNS I
    > > guess.
    > > ********************************
    > >
    > >
    > > So there is a router but because this server and LAN
    > > setup by previous
    > > netadmin so I couldn't change much, especially this is
    > > live server and
    > > the only one server for 15-20 users.
    > >
    > > I wish could reinstalled this server from scratch, it's
    > > make my life
    > > easier.
    > >
    > > So for now I just want to make this server work fine like
    > > before
    > > although you could suggest me the detail about make this
    > > sever network
    > > better without changing much, so if possible later on I
    > > could change
    > > it with permission of my boss.
    > >
    > > So instead of using NAT from the router, the previous
    > > netadmin setup
    > > router and server with static IP and server has dual NIC
    > > (no installed
    > > PPPoE s/w on server) and run Spoonproxy s/w so client
    > > with internal IP
    > > could connect to internet.
    >
    > They could connect to the internet with out Spoonproxy, but that is another
    > story the proxy may be there for other reasons, does it have AV scanning in
    > it?
    > Does the Proxy have a DNS proxy in it? If it does possibly that is the
    > problem.
    >

    The proxy is just for internet, email, ftp, etc no AV within or DNS.
    Just simple small utility/software.
    I don't know if there is another purpose for that proxy as far as I know that's it.
    Hopefully after this last changes I made and the server working ok.
    Till now still the dns/ping fqdn after 6 hours or so will fail :(
    I will let you know the result.
    Please works my 'baby'.......
  20. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:74639a37.0407290654.985cefe@posting.google.com,
    Joe <joebio91@hotmail.com> posted a question
    Then Kevin replied below:
    > The proxy is just for internet, email, ftp, etc no AV
    > within or DNS.
    > Just simple small utility/software.
    > I don't know if there is another purpose for that proxy
    > as far as I know that's it.
    > Hopefully after this last changes I made and the server
    > working ok.
    > Till now still the dns/ping fqdn after 6 hours or so will
    > fail :(
    > I will let you know the result.
    > Please works my 'baby'.......


    Then as far as I can tell this proxy serves no real purpose, your router can
    do this, too. If they can use the router for the gateway. The proxy will
    only serve as a point of failure.
    I use a proxy, but my proxy is there for its Anti-virus capabilities, it
    scans email and websites for viruses and malicious code.
    If all your clients can ping the router I suggest you keep the proxy out of
    the picture.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your
    issue. To respond directly to me remove the nospam. from my
    email. ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  21. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Joe" <joebio91@hotmail.com> wrote in message
    news:74639a37.0407290636.45de67e7@posting.google.com...
    > Yes, there is Netgear simple router connect to DSL modem and from this
    > router connect to dual homed W2K SP3 Server.
    > Thank you for the info and suggestion Ace.
    >

    No problem. So you already have a router. May I ask why the W2k machine is
    mutlihomed? Is it because you are running that Spoonproxy ?

    Ace
  22. Archived from groups: microsoft.public.win2000.dns (More info?)

    FYI:
    In the zone file (craft.local) has "Allow Dynamic Update" = Only secure update.
    Is this the cause? should choose NO or other option?

    joebio91@hotmail.com (Joe) wrote in message news:<74639a37.0407290654.985cefe@posting.google.com>...
    > "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:<uJ$5gFQdEHA.3476@tk2msftngp13.phx.gbl>...
    > > In news:74639a37.0407280835.3f7f14cb@posting.google.com,
    > > Joe <joebio91@hotmail.com> posted a question
    > > Then Kevin replied below:
    > > > Another thing after I did changes sometime ago to solve
    > > > the problem.
    > > > Now if I do nslookup, it's gonna give me "can't find
    > > > server name
    > > > address for 10.1.1.10 "
    > > > So something wrong somewhere?
    > >
    > > No, nothing is "wrong", this is just a message from nslookup, which is
    > > performing a reverse lookup on the IP of the DNS server it is using.
    > > You can:
    > > a. Ignore the message because because a reverse lookup is not required for
    > > proper AD operation.
    > > b. Create a reverse lookup zone named 1.1.10.in-addr.arpa. and place a PTR
    > > with IP number 10 and your server's name ntserver1.craft.local.
    > >
    > > >
    > > > Btw what GC =? Global Catalogue??
    > > >
    > > >> Then you go into DNS and under the:
    > > >> gc._msdcs.craft.local. sub folder, manually add your
    > > >> GC's IP address.
    > >
    > > Yes in your case this server is a Global Catalog and its private IP is
    > > 10.1.1.10.
    > >
    > > >
    > > > So the GC IP is internal IP address, right?!
    > >
    > > Right!
    > >
    > > >
    > > >> Same with the LdapIpAddress. To manually create that,
    > > >> you need to first delete any existing LdapIpAddress.
    > > >> They are the ones that show up as (same as parent) with
    > > >> just an IP address. Then manually create the new
    > > >> LdapIpAddress you want to create by rt-clicking your
    > > >> zone, new Host record, leave the hostname part blank and
    > > >> just give it the IP address of your inside IP of your
    > > >> multihomed DC.
    > > >
    > > > So LdapIpAddress that exists are 10.1.1.10 and
    > > > 216.xxx.xxx.aaa
    > > > So I delete both and recreate just 10.1.1.10 only?
    > >
    > > When you put in the reg entriy and restart the netlogon service, these
    > > records will go away, you need to recreate them with the server's internal
    > > IP.
    > >
    > > >
    > > > There is also ntserver1 as A record to 10.1.1.10 exist,
    > > > do I need to
    > > > delete and recreate or leave or delete it too.
    > >
    > > Leave that record alone, DNS creates that record for the IP it is listening
    > > on.
    > > There is a different reg entry that changes this behavior, we're not going t
    > > here!
    > >
    > >
    > > > But the SOA and Name Server even though have (same as
    > > > parent), but I
    > > > shouldn't delete it right?!
    > > >
    > > > Ace, actually as I mention in the beginning of this
    > > > thread and I
    > > > listed here for easier to see
    > > >
    > > > FYI:
    > > > This dual NIC W2K server connect to Internet & LAN as
    > > > follow
    > > >
    > > > ISP--> DSL modem --> static PUBLIC IP Router -->
    > > > 1. Static PUBLIC WAN NIC
    > > > 2. Static Internal LAN NIC --> all users PC
    > > >
    > > > This server are running with Spoonproxy sw, DNS w/AD, DC,
    > > > DHCP, s/w
    > > > firewall (the default setting from MS, actually if i was
    > > > setup this
    > > > server I won't use AD and dual NIC... more headache but
    > > > no choice now,
    > > > cannot reinstall from scratch cause the ONLY live server
    > > > to handle
    > > > 15-20 users.
    > >
    > > I haven't seen any reson for even thinking about a re-install yet.
    > >
    > > >
    > > > Actually users just using email, internet and run
    > > > centralize
    > > > application thoruh mapping drive network, so no need AD
    > > > or DNS I
    > > > guess.
    > > > ********************************
    > > >
    > > >
    > > > So there is a router but because this server and LAN
    > > > setup by previous
    > > > netadmin so I couldn't change much, especially this is
    > > > live server and
    > > > the only one server for 15-20 users.
    > > >
    > > > I wish could reinstalled this server from scratch, it's
    > > > make my life
    > > > easier.
    > > >
    > > > So for now I just want to make this server work fine like
    > > > before
    > > > although you could suggest me the detail about make this
    > > > sever network
    > > > better without changing much, so if possible later on I
    > > > could change
    > > > it with permission of my boss.
    > > >
    > > > So instead of using NAT from the router, the previous
    > > > netadmin setup
    > > > router and server with static IP and server has dual NIC
    > > > (no installed
    > > > PPPoE s/w on server) and run Spoonproxy s/w so client
    > > > with internal IP
    > > > could connect to internet.
    > >
    > > They could connect to the internet with out Spoonproxy, but that is another
    > > story the proxy may be there for other reasons, does it have AV scanning in
    > > it?
    > > Does the Proxy have a DNS proxy in it? If it does possibly that is the
    > > problem.
    > >
    >
    > The proxy is just for internet, email, ftp, etc no AV within or DNS.
    > Just simple small utility/software.
    > I don't know if there is another purpose for that proxy as far as I know that's it.
    > Hopefully after this last changes I made and the server working ok.
    > Till now still the dns/ping fqdn after 6 hours or so will fail :(
    > I will let you know the result.
    > Please works my 'baby'.......
  23. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:74639a37.0407291259.52bb858c@posting.google.com,
    Joe <joebio91@hotmail.com> posted a question
    Then Kevin replied below:
    > FYI:
    > In the zone file (craft.local) has "Allow Dynamic Update"
    > = Only secure update.
    > Is this the cause? should choose NO or other option?

    Secure updates is fine so long as updates getting done. You don't want to
    choose No because you DC needs to register its records in the zone, setting
    the zone to No will cause errors on the DC and any other client that is
    registering in DNS.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your
    issue. To respond directly to me remove the nospam. from my
    email. ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  24. Archived from groups: microsoft.public.win2000.dns (More info?)

    Oh Nightmare, I don't know what happened but now from all clients
    cannot see the server, none network printer available, cannot ping to
    internet at all even though server rebooted.
    But ping to external nic with 216.xxx.xxx.aaa no problem but to the
    gateway/Netgear router or public internet IP time out :((

    Oh my God, I am in trouble now....I don't know how to solve it, I try
    to change back to original setting but still doesn't work.
    I try use enable sharing for internal NIC and then the remote
    connection cut off and I am not able to connect to that server (use
    static IP). So I couldn't try to solve it remotely and this morning
    (now when I write is 3 am in the morning) at 8 am they are gonna use
    it the program that running in the server through network (Ooopss it's
    gonna big a mess if I couldn't solve it...their business depend on
    this prog that run in the server.... I am dead man).
    I write this NOT to blame you guys, you have already patient to guide
    me, thank you very much but somehow I don't know why the system screw
    up. I need to throw out my frustation only somewhere......
    I hope at least running like before, reboot every 6 hours than now
    nobody can use it.......Oh God please help me, I pray.

    I try to find the dual home/ multihomed setup for TCP/IP but not much
    and not helping me.

    And the bad thing about this Google forum is taking 3-9 hours to be
    posted available....so harder to interaction asap.

    If you have any suggestion, pls let me know asap, thanks.

    Regards,
    Joe


    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:<ebBh6MYdEHA.3928@TK2MSFTNGP09.phx.gbl>...
    > In news:74639a37.0407290654.985cefe@posting.google.com,
    > Joe <joebio91@hotmail.com> posted a question
    > Then Kevin replied below:
    > > The proxy is just for internet, email, ftp, etc no AV
    > > within or DNS.
    > > Just simple small utility/software.
    > > I don't know if there is another purpose for that proxy
    > > as far as I know that's it.
    > > Hopefully after this last changes I made and the server
    > > working ok.
    > > Till now still the dns/ping fqdn after 6 hours or so will
    > > fail :(
    > > I will let you know the result.
    > > Please works my 'baby'.......
    >
    >
    > Then as far as I can tell this proxy serves no real purpose, your router can
    > do this, too. If they can use the router for the gateway. The proxy will
    > only serve as a point of failure.
    > I use a proxy, but my proxy is there for its Anti-virus capabilities, it
    > scans email and websites for viruses and malicious code.
    > If all your clients can ping the router I suggest you keep the proxy out of
    > the picture.
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ============================
    > --
    > When responding to posts, please "Reply to Group" via your
    > newsreader so that others may learn and benefit from your
    > issue. To respond directly to me remove the nospam. from my
    > email. ==========================================
    > http://www.lonestaramerica.com/
    > ==========================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ==========================================
    > Keep a back up of your OE settings and folders with
    > OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ==========================================
  25. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:74639a37.0407292306.6dc4558c@posting.google.com,
    Joe <joebio91@hotmail.com> asked for help and I offered my suggestions
    below:
    > Oh Nightmare, I don't know what happened but now from all clients
    > cannot see the server, none network printer available, cannot ping to
    > internet at all even though server rebooted.
    > But ping to external nic with 216.xxx.xxx.aaa no problem but to the
    > gateway/Netgear router or public internet IP time out :((
    >
    > Oh my God, I am in trouble now....I don't know how to solve it, I try
    > to change back to original setting but still doesn't work.
    > I try use enable sharing for internal NIC and then the remote
    > connection cut off and I am not able to connect to that server (use
    > static IP). So I couldn't try to solve it remotely and this morning
    > (now when I write is 3 am in the morning) at 8 am they are gonna use
    > it the program that running in the server through network (Ooopss it's
    > gonna big a mess if I couldn't solve it...their business depend on
    > this prog that run in the server.... I am dead man).
    > I write this NOT to blame you guys, you have already patient to guide
    > me, thank you very much but somehow I don't know why the system screw
    > up. I need to throw out my frustation only somewhere......
    > I hope at least running like before, reboot every 6 hours than now
    > nobody can use it.......Oh God please help me, I pray.
    >
    > I try to find the dual home/ multihomed setup for TCP/IP but not much
    > and not helping me.
    >
    > And the bad thing about this Google forum is taking 3-9 hours to be
    > posted available....so harder to interaction asap.
    >
    > If you have any suggestion, pls let me know asap, thanks.
    >
    > Regards,
    > Joe
    >


    Well, you shouldn't go thru Google, for one. Use Outlook Express and setup a
    newsgroup account, the servername is news.microsoft.com, the group to
    subscribe to is microsoft.public.win2000.dns. Just look for this post:

    Sorry to hear you are in this predicament. Not sure what happened, thought
    you had it all fixed.

    Newsgroups: microsoft.public.win2000.dns
    Subject: Dual home DNS w/ AD doesn't work after several hours
    Date: 26 Jul 2004 12:19:21 -0700
    From: joebio91@hotmail.com (Joe)

    Joe, maybe if your network were simplified, such as removing the spoonproxy
    (you're not using it anyway), remove the extra NIC, and just use the router
    for Internet access instead of this dual homed server, it may just work.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
    --
    =================================
  26. Archived from groups: microsoft.public.win2000.dns (More info?)

    But thanks God this morning after the server reboot and users can
    connect without problem as usual, just I am sure about the DNS that
    not working after several hours, hopefully it's resolved.
    Thanks very much for both of you.

    joebio91@hotmail.com (Joe) wrote in message news:<74639a37.0407292306.6dc4558c@posting.google.com>...
    > Oh Nightmare, I don't know what happened but now from all clients
    > cannot see the server, none network printer available, cannot ping to
    > internet at all even though server rebooted.
    > But ping to external nic with 216.xxx.xxx.aaa no problem but to the
    > gateway/Netgear router or public internet IP time out :((
    >
    > Oh my God, I am in trouble now....I don't know how to solve it, I try
    > to change back to original setting but still doesn't work.
    > I try use enable sharing for internal NIC and then the remote
    > connection cut off and I am not able to connect to that server (use
    > static IP). So I couldn't try to solve it remotely and this morning
    > (now when I write is 3 am in the morning) at 8 am they are gonna use
    > it the program that running in the server through network (Ooopss it's
    > gonna big a mess if I couldn't solve it...their business depend on
    > this prog that run in the server.... I am dead man).
    > I write this NOT to blame you guys, you have already patient to guide
    > me, thank you very much but somehow I don't know why the system screw
    > up. I need to throw out my frustation only somewhere......
    > I hope at least running like before, reboot every 6 hours than now
    > nobody can use it.......Oh God please help me, I pray.
    >
    > I try to find the dual home/ multihomed setup for TCP/IP but not much
    > and not helping me.
    >
    > And the bad thing about this Google forum is taking 3-9 hours to be
    > posted available....so harder to interaction asap.
    >
    > If you have any suggestion, pls let me know asap, thanks.
    >
    > Regards,
    > Joe
    >
    >
    > "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:<ebBh6MYdEHA.3928@TK2MSFTNGP09.phx.gbl>...
    > > In news:74639a37.0407290654.985cefe@posting.google.com,
    > > Joe <joebio91@hotmail.com> posted a question
    > > Then Kevin replied below:
    > > > The proxy is just for internet, email, ftp, etc no AV
    > > > within or DNS.
    > > > Just simple small utility/software.
    > > > I don't know if there is another purpose for that proxy
    > > > as far as I know that's it.
    > > > Hopefully after this last changes I made and the server
    > > > working ok.
    > > > Till now still the dns/ping fqdn after 6 hours or so will
    > > > fail :(
    > > > I will let you know the result.
    > > > Please works my 'baby'.......
    > >
    > >
    > > Then as far as I can tell this proxy serves no real purpose, your router can
    > > do this, too. If they can use the router for the gateway. The proxy will
    > > only serve as a point of failure.
    > > I use a proxy, but my proxy is there for its Anti-virus capabilities, it
    > > scans email and websites for viruses and malicious code.
    > > If all your clients can ping the router I suggest you keep the proxy out of
    > > the picture.
    > >
    > > --
    > > Best regards,
    > > Kevin D4 Dad Goodknecht Sr. [MVP]
    > > Hope This Helps
    > > ============================
    > > --
    > > When responding to posts, please "Reply to Group" via your
    > > newsreader so that others may learn and benefit from your
    > > issue. To respond directly to me remove the nospam. from my
    > > email. ==========================================
    > > http://www.lonestaramerica.com/
    > > ==========================================
    > > Use Outlook Express?... Get OE_Quotefix:
    > > It will strip signature out and more
    > > http://home.in.tum.de/~jain/software/oe-quotefix/
    > > ==========================================
    > > Keep a back up of your OE settings and folders with
    > > OEBackup:
    > > http://www.oehelp.com/OEBackup/Default.aspx
    > > ==========================================
  27. Archived from groups: microsoft.public.win2000.dns (More info?)

    Thanks God, at least the users could use the centralize app today and
    network printing without problem.
    Just some computer cannot be connected remotely from server althoug could
    ping it.
    and the internet still doesn't work after several hours, also there are
    several error in the system log
    Source: userenv
    eventid: 1000
    the search for AD object fail with (87)

    Windows cannot query for the list of GPO

    Is this related becaus eof DNS?

    At least users can work, that's better ...FIuuhh

    I am so dumb...ho wcome I use Google posting, actually in the long time ago
    I ve ever use Outlook Express for newsgroup ;((
    Otherwise it's gonna be faster for communication.
    Thanks Ace.


    --
    Regards,
    Yohannes Tedjasukmana
    MultiSoft Solutions Inc.

    Tel:905-629-3640 Ext.122
    Fax: 905-629-2910
    yohannes@multisoftonline.com


    "Ace Fekay [MVP]"
    <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
    message news:OS8fUXidEHA.3944@tk2msftngp13.phx.gbl...
    > In news:74639a37.0407292306.6dc4558c@posting.google.com,
    > Joe <joebio91@hotmail.com> asked for help and I offered my suggestions
    > below:
    > > Oh Nightmare, I don't know what happened but now from all clients
    > > cannot see the server, none network printer available, cannot ping to
    > > internet at all even though server rebooted.
    > > But ping to external nic with 216.xxx.xxx.aaa no problem but to the
    > > gateway/Netgear router or public internet IP time out :((
    > >
    > > Oh my God, I am in trouble now....I don't know how to solve it, I try
    > > to change back to original setting but still doesn't work.
    > > I try use enable sharing for internal NIC and then the remote
    > > connection cut off and I am not able to connect to that server (use
    > > static IP). So I couldn't try to solve it remotely and this morning
    > > (now when I write is 3 am in the morning) at 8 am they are gonna use
    > > it the program that running in the server through network (Ooopss it's
    > > gonna big a mess if I couldn't solve it...their business depend on
    > > this prog that run in the server.... I am dead man).
    > > I write this NOT to blame you guys, you have already patient to guide
    > > me, thank you very much but somehow I don't know why the system screw
    > > up. I need to throw out my frustation only somewhere......
    > > I hope at least running like before, reboot every 6 hours than now
    > > nobody can use it.......Oh God please help me, I pray.
    > >
    > > I try to find the dual home/ multihomed setup for TCP/IP but not much
    > > and not helping me.
    > >
    > > And the bad thing about this Google forum is taking 3-9 hours to be
    > > posted available....so harder to interaction asap.
    > >
    > > If you have any suggestion, pls let me know asap, thanks.
    > >
    > > Regards,
    > > Joe
    > >
    >
    >
    > Well, you shouldn't go thru Google, for one. Use Outlook Express and setup
    a
    > newsgroup account, the servername is news.microsoft.com, the group to
    > subscribe to is microsoft.public.win2000.dns. Just look for this post:
    >
    > Sorry to hear you are in this predicament. Not sure what happened, thought
    > you had it all fixed.
    >
    > Newsgroups: microsoft.public.win2000.dns
    > Subject: Dual home DNS w/ AD doesn't work after several hours
    > Date: 26 Jul 2004 12:19:21 -0700
    > From: joebio91@hotmail.com (Joe)
    >
    > Joe, maybe if your network were simplified, such as removing the
    spoonproxy
    > (you're not using it anyway), remove the extra NIC, and just use the
    router
    > for Internet access instead of this dual homed server, it may just work.
    >
    > --
    > Regards,
    > Ace
    >
    > Please direct all replies ONLY to the Microsoft public newsgroups
    > so all can benefit.
    >
    > This posting is provided "AS-IS" with no warranties or guarantees
    > and confers no rights.
    >
    > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    > Microsoft Windows MVP - Windows Server - Directory Services
    >
    > Security Is Like An Onion, It Has Layers
    > HAM AND EGGS: A day's work for a chicken;
    > A lifetime commitment for a pig.
    > --
    > =================================
    >
    >
  28. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:OAtwqkndEHA.3632@TK2MSFTNGP11.phx.gbl,
    Joe <joebio91@hotmail.com> posted a question
    Then Kevin replied below:
    > Thanks God, at least the users could use the centralize
    > app today and network printing without problem.
    > Just some computer cannot be connected remotely from
    > server althoug could ping it.
    > and the internet still doesn't work after several hours,
    > also there are several error in the system log
    > Source: userenv
    > eventid: 1000
    > the search for AD object fail with (87)
    >
    > Windows cannot query for the list of GPO
    >
    > Is this related becaus eof DNS?

    If you are getting userenv 1000 events, it is usually because it is looking
    at the wrong interface for the SYSVOL share, possibly because the private IP
    is not getting published for the domain name(step 2 & 3 below), or the
    private interface is not at the top of the binding order (step 4 below).

    1. In the DNS management console, on the properties of the DNS server,
    interfaces tab, set DNS to only listen on the private IP you want in DNS for

    the server.

    2. Add this registry entry with regedt32 to stop the (same as parent folder)
    records.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

    Registry value: DnsAvoidRegisterRecords
    Data type: REG_MULTI_SZ

    LdapIpAddress

    (If the DC is also a Global Catalog see note below)

    3. Create a new host in DNS, leave the name field blank, give it the IP of
    the internal interface. Win2k barks at you saying (same as parent folder) is
    not a valid host name, click OK to create the record anyway.

    4. Right click on Network places, choose properties, in the Advanced menu
    select Advanced settings. Make sure the internal interface is at the top of
    the connections pane and File sharing is enabled on the internal interface.


    Note-

    If the DC is also a Global Catalog use this registry entry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

    Registry value: DnsAvoidRegisterRecords
    Data type: REG_MULTI_SZ

    LdapIpAddress
    GcIpAddress

    And in addition to the (same as parent folder) record in the domain zone for

    the domain name, expand _msdcs, open gc create new host with name field

    blank and give it the IP of the internal interface. This resolves as

    gc._msdcs.forestroot.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your
    issue. To respond directly to me remove the nospam. from my
    email. ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  29. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:OAtwqkndEHA.3632@TK2MSFTNGP11.phx.gbl,
    Joe <joebio91@hotmail.com> asked for help and I offered my suggestions
    below:
    > Thanks God, at least the users could use the centralize app today and
    > network printing without problem.
    > Just some computer cannot be connected remotely from server althoug
    > could ping it.
    > and the internet still doesn't work after several hours, also there
    > are several error in the system log
    > Source: userenv
    > eventid: 1000
    > the search for AD object fail with (87)
    >
    > Windows cannot query for the list of GPO
    >
    > Is this related becaus eof DNS?
    >
    > At least users can work, that's better ...FIuuhh
    >
    > I am so dumb...ho wcome I use Google posting, actually in the long
    > time ago I ve ever use Outlook Express for newsgroup ;((
    > Otherwise it's gonna be faster for communication.
    > Thanks Ace.
    >
    >
    >
    You;re welcome Joe. OEx is easier than using any web interface to interact
    with any newsgroup.

    See what Kevin said about the reg entries.

    Ace
  30. Archived from groups: microsoft.public.win2000.dns (More info?)

    Still the same problem exist, after several hours the ping using fqdn dns
    fail even from server itseft to public domain.

    Before it's happened always there is a event id #5871 and also everytime
    reboot.

    I notice that after dns fail and I run the netdiag /test:dns /v compare WITH
    after reboot (because after reboot the ping to fqdn domain works ok), have
    different.

    I list below for comparison and analisys.

    AFTER FAIL:

    Netcard queries test . . . . . . . : Passed


    Per interface results:

    Adapter : Local Area Connection

    Netcard queries test . . . : Passed

    Adapter : WAN

    Netcard queries test . . . : Passed

    Adapter : IPX Internal Interface

    Netcard queries test . . . : Passed

    Adapter : IpxLoopbackAdapter

    Netcard queries test . . . : Passed

    Adapter : NDISWANIPX

    Netcard queries test . . . : Passed


    Global results:


    Domain membership test . . . . . . : Passed


    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    1 NetBt transport currently configured.


    DNS test . . . . . . . . . . . . . : Failed
    [WARNING] Cannot find a primary authoritative DNS server for the
    name
    'ntserver1.craft.local.'. [ERROR_TIMEOUT]
    The name 'ntserver1.craft.local.' may not be registered in DNS.
    [WARNING] Cannot find a primary authoritative DNS server for the
    name
    'ntserver1.craft.local.'. [ERROR_TIMEOUT]
    The name 'ntserver1.craft.local.' may not be registered in DNS.
    [WARNING] The DNS entries for this DC cannot be verified right now on
    DNS server 10.1.1.10, ERROR_TIMEOUT.
    [FATAL] No DNS servers have the DNS records for this DC registered.

    The command completed successfully


    AFTER REBOOT:


    Netcard queries test . . . . . . . : Passed


    Per interface results:

    Adapter : Local Area Connection

    Netcard queries test . . . : Passed

    Adapter : WAN

    Netcard queries test . . . : Passed

    Adapter : IPX Internal Interface

    Netcard queries test . . . : Passed

    Adapter : IpxLoopbackAdapter

    Netcard queries test . . . : Passed

    Adapter : NDISWANIPX

    Netcard queries test . . . : Passed


    Global results:


    Domain membership test . . . . . . : Passed


    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
    1 NetBt transport currently configured.


    DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server
    '10.1.1.10'.


    The command completed successfully


    I have followed all the instruction but somehow still doesn't resolve the
    problem, even though there are progresses.
    Hopefully there is another way to solve this weird thing.

    --
    Regards,
    Joe


    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
    news:uQaee7ndEHA.644@tk2msftngp13.phx.gbl...
    > In news:OAtwqkndEHA.3632@TK2MSFTNGP11.phx.gbl,
    > Joe <joebio91@hotmail.com> posted a question
    > Then Kevin replied below:
    > > Thanks God, at least the users could use the centralize
    > > app today and network printing without problem.
    > > Just some computer cannot be connected remotely from
    > > server althoug could ping it.
    > > and the internet still doesn't work after several hours,
    > > also there are several error in the system log
    > > Source: userenv
    > > eventid: 1000
    > > the search for AD object fail with (87)
    > >
    > > Windows cannot query for the list of GPO
    > >
    > > Is this related becaus eof DNS?
    >
    > If you are getting userenv 1000 events, it is usually because it is
    looking
    > at the wrong interface for the SYSVOL share, possibly because the private
    IP
    > is not getting published for the domain name(step 2 & 3 below), or the
    > private interface is not at the top of the binding order (step 4 below).
    >
    > 1. In the DNS management console, on the properties of the DNS server,
    > interfaces tab, set DNS to only listen on the private IP you want in DNS
    for
    >
    > the server.
    >
    > 2. Add this registry entry with regedt32 to stop the (same as parent
    folder)
    > records.
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    >
    > Registry value: DnsAvoidRegisterRecords
    > Data type: REG_MULTI_SZ
    >
    > LdapIpAddress
    >
    > (If the DC is also a Global Catalog see note below)
    >
    > 3. Create a new host in DNS, leave the name field blank, give it the IP of
    > the internal interface. Win2k barks at you saying (same as parent folder)
    is
    > not a valid host name, click OK to create the record anyway.
    >
    > 4. Right click on Network places, choose properties, in the Advanced menu
    > select Advanced settings. Make sure the internal interface is at the top
    of
    > the connections pane and File sharing is enabled on the internal
    interface.
    >
    >
    > Note-
    >
    > If the DC is also a Global Catalog use this registry entry:
    >
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    >
    > Registry value: DnsAvoidRegisterRecords
    > Data type: REG_MULTI_SZ
    >
    > LdapIpAddress
    > GcIpAddress
    >
    > And in addition to the (same as parent folder) record in the domain zone
    for
    >
    > the domain name, expand _msdcs, open gc create new host with name field
    >
    > blank and give it the IP of the internal interface. This resolves as
    >
    > gc._msdcs.forestroot.
    >
    >
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ============================
    > --
    > When responding to posts, please "Reply to Group" via your
    > newsreader so that others may learn and benefit from your
    > issue. To respond directly to me remove the nospam. from my
    > email. ==========================================
    > http://www.lonestaramerica.com/
    > ==========================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ==========================================
    > Keep a back up of your OE settings and folders with
    > OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ==========================================
    >
    >
  31. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:OtqPH0aeEHA.236@tk2msftngp13.phx.gbl,
    Joe <joebio91@hotmail.com> posted a question
    Then Kevin replied below:
    > Still the same problem exist, after several hours the
    > ping using fqdn dns fail even from server itseft to
    > public domain.
    >
    > Before it's happened always there is a event id #5871 and
    > also everytime reboot.
    >
    > I notice that after dns fail and I run the netdiag
    > /test:dns /v compare WITH after reboot (because after
    > reboot the ping to fqdn domain works ok), have different.

    This thread has gotten so long I don't remember if you said DNS was
    configured with a forwarder and what the forwarder was.

    It definitely looks like the DNS service is failing, when you look in the
    Services console, does the service say it is stopped or running?


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your
    issue. To respond directly to me remove the nospam. from my
    email. ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  32. Archived from groups: microsoft.public.win2000.dns (More info?)

    I know, it's pretty long....but what can I do.

    The internal NIC using forwarder to ISP DNS (142.77.1.1 & 5)
    When the ping to FQDN domain failed, the DNS server service still runs also
    netlogon.
    After I restart DNS server service, the event id 6702 comes up (still canot
    ping to fqdn domain) and afterward I restart Netlogon service and event id
    5781 comes up (still canot ping to fqdn domain).
    Also from log I see that after the time ping FQDN domain failed (around 1.49
    pm) around 2.25 pm begin quite many event id 1000 (userenv) shows up.

    I notice that after every time server reboot, there is a 5781 event id but
    ping FQDN still ok but after exactly 6 hours 20 minutes, that's the 1st time
    event id 5781 show up again in event log, ping FQDN fail and afterward every
    exact 2 hours interval there are 5781.

    What other thing you could suggest for resolving this weird problem??

    If you need very detail info about this server configuration, etc...I will
    send it to you but to the email address not publish in this thread. If you
    need it, please let me know your email address to send to.
    --
    Regards,
    Joe


    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
    news:uIvNuSbeEHA.2440@tk2msftngp13.phx.gbl...
    > In news:OtqPH0aeEHA.236@tk2msftngp13.phx.gbl,
    > Joe <joebio91@hotmail.com> posted a question
    > Then Kevin replied below:
    > > Still the same problem exist, after several hours the
    > > ping using fqdn dns fail even from server itseft to
    > > public domain.
    > >
    > > Before it's happened always there is a event id #5871 and
    > > also everytime reboot.
    > >
    > > I notice that after dns fail and I run the netdiag
    > > /test:dns /v compare WITH after reboot (because after
    > > reboot the ping to fqdn domain works ok), have different.
    >
    > This thread has gotten so long I don't remember if you said DNS was
    > configured with a forwarder and what the forwarder was.
    >
    > It definitely looks like the DNS service is failing, when you look in the
    > Services console, does the service say it is stopped or running?
    >
    >
    >
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ============================
    > --
    > When responding to posts, please "Reply to Group" via your
    > newsreader so that others may learn and benefit from your
    > issue. To respond directly to me remove the nospam. from my
    > email. ==========================================
    > http://www.lonestaramerica.com/
    > ==========================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ==========================================
    > Keep a back up of your OE settings and folders with
    > OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ==========================================
    >
    >
  33. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:edoW26leEHA.1652@TK2MSFTNGP10.phx.gbl,
    Joe <joebio91@hotmail.com> wrote their comments
    Then Kevin replied inline below:
    > I know, it's pretty long....but what can I do.
    >
    > The internal NIC using forwarder to ISP DNS (142.77.1.1 &
    > 5)

    Internal NIC using a forwarder to ISP?
    All your NICs must be using the internal DNS, no exceptions, no ISP's DNS in
    any position.

    > When the ping to FQDN domain failed, the DNS server
    > service still runs also netlogon.
    > After I restart DNS server service, the event id 6702
    > comes up (still canot ping to fqdn domain) and afterward
    > I restart Netlogon service and event id 5781 comes up
    > (still canot ping to fqdn domain).
    > Also from log I see that after the time ping FQDN domain
    > failed (around 1.49 pm) around 2.25 pm begin quite many
    > event id 1000 (userenv) shows up.
    >
    > I notice that after every time server reboot, there is a
    > 5781 event id but ping FQDN still ok but after exactly 6
    > hours 20 minutes, that's the 1st time event id 5781 show
    > up again in event log, ping FQDN fail and afterward every
    > exact 2 hours interval there are 5781.
    >
    > What other thing you could suggest for resolving this
    > weird problem??
    >

    This is getting to the point it might be easier and faster if I could remote
    into this server. Follow the instructions in my signature line to email me,
    you never want to post your email unmunged in a public forum.

    Email me this:
    1.Unedited ipconfig /all (text format)
    2.Domain name from AD Users & Computers
    3.Exported List of Forward lookup zones in DNS
    4.Exported List of records in your AD forward lookup zone.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your
    issue. To respond directly to me remove the nospam. from my
    email.
    ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  34. Archived from groups: microsoft.public.win2000.dns (More info?)

    I send to you an email with your requested. Thanks.

    --
    Regards,
    Joe


    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
    news:OwfQSPmeEHA.3612@TK2MSFTNGP12.phx.gbl...
    > In news:edoW26leEHA.1652@TK2MSFTNGP10.phx.gbl,
    > Joe <joebio91@hotmail.com> wrote their comments
    > Then Kevin replied inline below:
    > > I know, it's pretty long....but what can I do.
    > >
    > > The internal NIC using forwarder to ISP DNS (142.77.1.1 &
    > > 5)
    >
    > Internal NIC using a forwarder to ISP?
    > All your NICs must be using the internal DNS, no exceptions, no ISP's DNS
    in
    > any position.
    >
    > > When the ping to FQDN domain failed, the DNS server
    > > service still runs also netlogon.
    > > After I restart DNS server service, the event id 6702
    > > comes up (still canot ping to fqdn domain) and afterward
    > > I restart Netlogon service and event id 5781 comes up
    > > (still canot ping to fqdn domain).
    > > Also from log I see that after the time ping FQDN domain
    > > failed (around 1.49 pm) around 2.25 pm begin quite many
    > > event id 1000 (userenv) shows up.
    > >
    > > I notice that after every time server reboot, there is a
    > > 5781 event id but ping FQDN still ok but after exactly 6
    > > hours 20 minutes, that's the 1st time event id 5781 show
    > > up again in event log, ping FQDN fail and afterward every
    > > exact 2 hours interval there are 5781.
    > >
    > > What other thing you could suggest for resolving this
    > > weird problem??
    > >
    >
    > This is getting to the point it might be easier and faster if I could
    remote
    > into this server. Follow the instructions in my signature line to email
    me,
    > you never want to post your email unmunged in a public forum.
    >
    > Email me this:
    > 1.Unedited ipconfig /all (text format)
    > 2.Domain name from AD Users & Computers
    > 3.Exported List of Forward lookup zones in DNS
    > 4.Exported List of records in your AD forward lookup zone.
    >
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ============================
    > --
    > When responding to posts, please "Reply to Group" via your
    > newsreader so that others may learn and benefit from your
    > issue. To respond directly to me remove the nospam. from my
    > email.
    > ==========================================
    > http://www.lonestaramerica.com/
    > ==========================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ==========================================
    > Keep a back up of your OE settings and folders with
    > OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ==========================================
    >
    >
Ask a new question

Read More

Internet Service Providers DNS Servers Windows