DNS problem still

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

I cannot get PC's to find the DC. There are no firewalls or anti-virus. I am
on a lab network. I think when AD is implemented, the DC should register
itself with DNS. It seems to not do so. Using ipconfig /flushdns and then
ipconfig /registerdns states that the commands worked but still no success.
In the forward zones I do have the _msdcs, _sites _tcp, and the _udp files. I
believe these are the SRV records and they seem to be in order. There is no ".
" record in my forwad zone.
I can ping the DC's IP
I can ping the DC's domain name
I can ping the DC's FQDN
Ipconfig/all from the PC shows the DNS IP and name.
nslookup shows the IP but says there is no DC matching the IP.
netdiag /debug displays the DNS information of the DC and it seems to be in
order, showing the DNS name and IP. The only thing that doesn't pass is the
gateway but there is none.
This is the third or so attempt. The first attempt was on a live network and
I tried to join 21 PC's to the domain. It was fine untill I got to the 19th
PC and I started to get the message "cannot find domain name". No matter what
I do now I still get this message. Even on the lab network and after several
demotions and promotions of AD.
Any advice would be appreciated. Many have tried to help before and I
appreciate the effort.
QUESTION: one thing I haven't asked.......are my zone records supposed to be
listed as Active Directory instead of Standard Primary? It is my
understanding that they should only be placed in Active Directory if there is
more than 1 DC in the network so that the DC's can replicate info. I only
have 1 DC.
Several tries ago I got a PC to join AFTER I took Norton completely out of
the PC. I then put the PC back into a workgroup to see if I could re-join the
domain. It would not. It's been the same message ever since. Is my place
haunted???
Bill...goin nuts....S.


--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-2000-dns/200507/1

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

I can not quite puzzle out how a netdiag can show pass without a DC host record being present in DNS, so I'm putting that mystery
aside for now.

The most likely problems are the two frequent fliers here: either a DNS zone isn't configured to accept dynamic updates, or
something on your network is pointing to an outside DNS server.

Check the properties of each zone and make sure that it is configured to accept dynamic DNS updates (either secure-only or all). And
check all network workstations and servers >>including<< this DC and make sure that the only DNS IP address listed is this DC's (I'm
presuming your DNS service is running on the DC.). Put another way, this means that on the DC itself, the DNS settings in TCP/IP
must list the same IP address as the DC itself has, and no other. The same is true for DHCP scope DNS assignments and any
statically-assigned PCs.

If that doesn't resolve it, change the dynamic updates property on the forward zone from secure-only to allow-all in case this is a
security problem. Then run a netdiag /fix and a dcdiag /fix on the DC. If the forward host record still doesn't appear something
unusual is wrong. Client-side firewalls, missing or incorrect primary DNS suffix, duplicate names, time sync/time zone problems,
multihomed DCs, failing services, etc etc - the list of candidates is really long at this point.

So if still unresolved I would suggest that you first check the system event logs on the client and server around the time you are
trying to join, as well as any "chronic" errors that are being logged - there are always things in there that will at least provide
a clue. If you you'll probably have to post back with the exact error text, netdiag/dcdiag/ipconfig listings and relevent events.

In your situation it won't matter whether you use standard primary or AD-integrated zones - most people here would recommend the
latter on general principle. There are various services on a DC that autoregister with DNS and so the A record should appear
regardless of whether you've configured the DC to autoregister in TCP/IP properties. However they all require that the zone allow
dynamic updates.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

"bill s via WinServerKB.com" <forum@WinServerKB.com> wrote in message news:5175713AA9294@WinServerKB.com...
>
> I cannot get PC's to find the DC. There are no firewalls or anti-virus. I am
> on a lab network. I think when AD is implemented, the DC should register
> itself with DNS. It seems to not do so. Using ipconfig /flushdns and then
> ipconfig /registerdns states that the commands worked but still no success.
> In the forward zones I do have the _msdcs, _sites _tcp, and the _udp files. I
> believe these are the SRV records and they seem to be in order. There is no ".
> " record in my forwad zone.
> I can ping the DC's IP
> I can ping the DC's domain name
> I can ping the DC's FQDN
> Ipconfig/all from the PC shows the DNS IP and name.
> nslookup shows the IP but says there is no DC matching the IP.
> netdiag /debug displays the DNS information of the DC and it seems to be in
> order, showing the DNS name and IP. The only thing that doesn't pass is the
> gateway but there is none.
> This is the third or so attempt. The first attempt was on a live network and
> I tried to join 21 PC's to the domain. It was fine untill I got to the 19th
> PC and I started to get the message "cannot find domain name". No matter what
> I do now I still get this message. Even on the lab network and after several
> demotions and promotions of AD.
> Any advice would be appreciated. Many have tried to help before and I
> appreciate the effort.
> QUESTION: one thing I haven't asked.......are my zone records supposed to be
> listed as Active Directory instead of Standard Primary? It is my
> understanding that they should only be placed in Active Directory if there is
> more than 1 DC in the network so that the DC's can replicate info. I only
> have 1 DC.
> Several tries ago I got a PC to join AFTER I took Norton completely out of
> the PC. I then put the PC back into a workgroup to see if I could re-join the
> domain. It would not. It's been the same message ever since. Is my place
> haunted???
> Bill...goin nuts....S.
>
>
> --
> Message posted via WinServerKB.com
> http://www.winserverkb.com/Uwe/Forums.aspx/windows-2000-dns/200507/1

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:5175713AA9294@WinServerKB.com,
bill s via WinServerKB.com <forum@WinServerKB.com> stated, which I then
commented on below:
> I cannot get PC's to find the DC. There are no firewalls or
> anti-virus. I am on a lab network. I think when AD is implemented,
> the DC should register itself with DNS. It seems to not do so. Using
> ipconfig /flushdns and then ipconfig /registerdns states that the
> commands worked but still no success. In the forward zones I do have
> the _msdcs, _sites _tcp, and the _udp files. I believe these are the
> SRV records and they seem to be in order. There is no ". " record in
> my forwad zone.
> I can ping the DC's IP
> I can ping the DC's domain name
> I can ping the DC's FQDN
> Ipconfig/all from the PC shows the DNS IP and name.
> nslookup shows the IP but says there is no DC matching the IP.
> netdiag /debug displays the DNS information of the DC and it seems to
> be in order, showing the DNS name and IP. The only thing that doesn't
> pass is the gateway but there is none.
> This is the third or so attempt. The first attempt was on a live
> network and I tried to join 21 PC's to the domain. It was fine
> untill I got to the 19th PC and I started to get the message "cannot
> find domain name". No matter what I do now I still get this message.
> Even on the lab network and after several demotions and promotions of
> AD.
> Any advice would be appreciated. Many have tried to help before and I
> appreciate the effort.
> QUESTION: one thing I haven't asked.......are my zone records
> supposed to be listed as Active Directory instead of Standard
> Primary? It is my understanding that they should only be placed in
> Active Directory if there is more than 1 DC in the network so that
> the DC's can replicate info. I only have 1 DC.
> Several tries ago I got a PC to join AFTER I took Norton completely
> out of the PC. I then put the PC back into a workgroup to see if I
> could re-join the domain. It would not. It's been the same message
> ever since. Is my place haunted???
> Bill...goin nuts....S.

Steve's post pretty much covers the basics. If you followed the basics, this
pretty much *just works*.

I remember Kevin was helping you in a previous thread of yours. You stated
an expired copy of Norton Internet Security on it was causing the problem.
Now are you saying that all the clients are having difficulty or is it just
this one machine?

If the Norton Internet Security is anything like Zone Alarm (which is a
known issue) that leaves their remaining DLLs and registry entries that mess
things up with network communication and domain controller functions, you
may need to contact Norton on how to manually remove any registry entries
and such that may cause a problem.

Can you post an ipconfig /all from your DC(s) and of one of the clients
please? If we can take a look at your config, that may help us help you
better. I remember Kevin asking you for one, but one was never provided. If
you are on a private network, there is no security concern since it is
private.

If you have a single label domain name, that can cause problems as well. But
we need to take a look at your config first, please.

You can also run a dcdiag /v /fix and a netdiag /v /fix on the server. That
will give us any errors that may be on the system. If you can post those
results, that will be very helpful as well.

Thanks.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Ace Fekay [MVP] wrote:
>In news:5175713AA9294@WinServerKB.com,
>bill s via WinServerKB.com <forum@WinServerKB.com> stated, which I then
>commented on below:
>> I cannot get PC's to find the DC. There are no firewalls or
>> anti-virus. I am on a lab network. I think when AD is implemented,
>[quoted text clipped - 30 lines]
>> ever since. Is my place haunted???
>> Bill...goin nuts....S.
>
>Steve's post pretty much covers the basics. If you followed the basics, this
>pretty much *just works*.
>
>I remember Kevin was helping you in a previous thread of yours. You stated
>an expired copy of Norton Internet Security on it was causing the problem.
>Now are you saying that all the clients are having difficulty or is it just
>this one machine?
>
>If the Norton Internet Security is anything like Zone Alarm (which is a
>known issue) that leaves their remaining DLLs and registry entries that mess
>things up with network communication and domain controller functions, you
>may need to contact Norton on how to manually remove any registry entries
>and such that may cause a problem.
>
>Can you post an ipconfig /all from your DC(s) and of one of the clients
>please? If we can take a look at your config, that may help us help you
>better. I remember Kevin asking you for one, but one was never provided. If
>you are on a private network, there is no security concern since it is
>private.
>
>If you have a single label domain name, that can cause problems as well. But
>we need to take a look at your config first, please.
>
>You can also run a dcdiag /v /fix and a netdiag /v /fix on the server. That
>will give us any errors that may be on the system. If you can post those
>results, that will be very helpful as well.
>
>Thanks.

Thanks much guys.....I will try all this and get back to you.
Thanks again
>


--
Message posted via http://www.winserverkb.com

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:517E3D39DB035@WinServerKB.com,
bill s via WinServerKB.com <forum@WinServerKB.com> stated, which I then
commented on below:
>
> Thanks much guys.....I will try all this and get back to you.
> Thanks again

Hope to hear back from you soon with either a successful accomplishment or
your configuration data as asked, to further assist you.

Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Look for DHCP client Service.
It Should be: STARTED and AUTOMATIC

DHCP Client Service is responsible for DDNS AutoRegistration.

Let Me Know.



--
Vespassassina
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message1737411.html

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Ace Fekay [MVP]
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote:

> If the Norton Internet Security is anything like Zone Alarm (which is
> a known issue) that leaves their remaining DLLs and registry entries
> that mess things up with network communication and domain controller
> functions, you may need to contact Norton on how to manually remove
> any registry entries and such that may cause a problem.

Ace, just to add, if Norton Internet Security is anything like Norton
AntiVirus you can't fully uninstall it, have you ever tried to upgrade
Norton AV to a later version?

I have tried, every time I have to I end up having to search the Registry
for everything related to Symantec and delete them. It is always a real
PITA. I've moved to recommending Computer Associates antivirus. So for, I
haven't had a problem with upgrading the CA AV.




--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23eCub%230nFHA.3316@TK2MSFTNGP14.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> made this post, which I
then commented about below:
> Ace Fekay [MVP]
> <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote:
>
>> If the Norton Internet Security is anything like Zone Alarm (which is
>> a known issue) that leaves their remaining DLLs and registry entries
>> that mess things up with network communication and domain controller
>> functions, you may need to contact Norton on how to manually remove
>> any registry entries and such that may cause a problem.
>
> Ace, just to add, if Norton Internet Security is anything like Norton
> AntiVirus you can't fully uninstall it, have you ever tried to upgrade
> Norton AV to a later version?
>
> I have tried, every time I have to I end up having to search the
> Registry for everything related to Symantec and delete them. It is
> always a real PITA. I've moved to recommending Computer Associates
> antivirus. So for, I haven't had a problem with upgrading the CA AV.

Good point, for I've gone thru having to delete every Symantec reference as
well, and it is a true PITA. CA is a good one, as well as ETrust.

Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi

This is just FYI really,

Just to let you guys know - there is a tool from symantect to fully remove
their junk from your machine - ie the Norton Internet Securities and Norton
Antivirus - this tool is applicable to ALL 2004-2005 versions. It is called
symNRT.exe and can be downloaded from symantec's site

For version prior to 2004 there is a tool for NAV called rNAV2003.exe and a
similiarly and imaginitively named rNISupg.exe for NIS 2003 and prior

If you want a laugh check out the "manual removal routine" for NIS 2004 - its
like pages and pages of info!.It really says alot about the software if a
company has to release specific removal tools to just uninstall them fully

The only reason I know this is I have supported desktop amchines with these
apps preinstalled and there is almost no point in trying to setup any kind of
network with these apps installed - unless you want a headache



Ace Fekay [MVP] wrote:
>> Ace Fekay [MVP]
>> <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote:
>[quoted text clipped - 13 lines]
>> always a real PITA. I've moved to recommending Computer Associates
>> antivirus. So for, I haven't had a problem with upgrading the CA AV.
>
>Good point, for I've gone thru having to delete every Symantec reference as
>well, and it is a true PITA. CA is a good one, as well as ETrust.
>
>Ace

--
Simon Whyley
MCP XP,2Kpro
Comptia A+ (lol)


Message posted via http://www.winserverkb.com

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:52CC8F2D345C9@WinServerKB.com,
PScyime via WinServerKB.com <forum@WinServerKB.com> made this post, which I
then commented about below:
> Hi
>
> This is just FYI really,
>
> Just to let you guys know - there is a tool from symantect to fully
> remove their junk from your machine - ie the Norton Internet
> Securities and Norton Antivirus - this tool is applicable to ALL
> 2004-2005 versions. It is called symNRT.exe and can be downloaded
> from symantec's site
>
> For version prior to 2004 there is a tool for NAV called rNAV2003.exe
> and a similiarly and imaginitively named rNISupg.exe for NIS 2003 and
> prior
>
> If you want a laugh check out the "manual removal routine" for NIS
> 2004 - its like pages and pages of info!.It really says alot about
> the software if a company has to release specific removal tools to
> just uninstall them fully
>
> The only reason I know this is I have supported desktop amchines with
> these apps preinstalled and there is almost no point in trying to
> setup any kind of network with these apps installed - unless you
> want a headache

Yes, I know what you mean, it is a headache. Even upgrading from Corp 8.0 to
9.0. Some of the machines wouldn't take the upgrade and we had to manually
remove ever reference. I've used the step by step before, and to tell you
the truth, just finding every reference for "Symantec" and "Norton" and then
delete them, was easier than following the article.

Ace