Sign in with
Sign up | Sign in
Your question

ACE/STEVE

Tags:
Last response: in Windows 2000/NT
Share
Anonymous
July 18, 2005 10:01:58 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Here is the info....I can see problems with Netlogon???? Not sure and not
sure how to fix if so.
Thanks again......hope you can help

Ace / Steve here goes

Netdiag /fix

Computer name server1
DNS host name server1.bgcmeriden.org
Net card queries test Passed

Per interface results
Adapter Local area connection
NetCard queries test Passed
Host name Server1.bgcmeriden.org
IP address 192.168.1.4
Subnet mask 255.255.255.0
Default gateway 192.168.1.1
DNS server 192.168.1.4

Autoconfiguration results Passed
Global results
Domain membership Passed
NetBt transport test Passed
Autonet address test Passed
IP loopback Passed
NtBt home test Passed
Winsock Passed
DNS test Passed
Pass-all DNS entries for DC are registered on DNS
Server 192.168.1.4

Redirector and browser test Passed
DC discovery test Passed
DC list test Passed
Failed to enumerate DC’s by using Browser
Trust relationship Skipped
Kerberos test Passed
LDAP test Passed
Bindings test Passed
WAN config Skipped
Modem diag Passed
Command completed successfully

DCdiag /fix results

Starting test: Connectivity
Server1 passed test connectivity
Primary tests
Replications Server1 passed test replications
NCSecDesc Server1passed
Netlogons Server1…A net use or LSA policy
operation failed with
Error 67 The network
name cannot be found

Server1 failed Netlogons
Advertising Passed
KnowsofRoleHoldings Passed
Ridmanager Passed

Machine account could not open pipe with Server1 failed
with 67
Network name cannot be found
Could not get NetBios Domain
name failed connect test
for Host SPN
failed connect test
Missing SPN
Missing SPN
Server1 failed test
machine account
Could not open remote IPC to Server1 failed with 67 network name cannot be
found
Server1 failed test
services

Test: Objects
Server1 Passed test for objects replicated
Test: frssysvol
Server1 A net use or LSA policy operation
failed with error 67
Network name cannot be found
Server1 passed test
frssysvol (yes..it said passed)
Test: Kccevent
Failed to enumerate event log records error,
network name cannot be
Found
Server1 failed test
Kccevent
Test: syslog
Failed to enumerate event log records
Network name cannot be found
Server1 failed test
Systemlog

Enterprise tests on: bcmeriden.org
Test: intersite
Bgcmeriden.org Passed
Test: FsmcCheck
Bcmeriden.org Passed

DCdiag /v /fix
DC Diagnosis
Found 1 DC Testing 1 of them
Testing server Default first site name \ Server1

Test: Connectivity
Active Directory LDAP Services check
Active Directory RPC Services check
Server1 Passed test
connectivity

Primary tests
Replications check
Server1 passed test replications
Test: NCSecDesc
Server1 passed test NCSecDesc
Test: Netlogons
Server1..A net user LSA policy operation failed
with error 67
Network name cannot be found
Server1 failed test Netlogon
DC Server1 is advertising itself as a DC and has DNS

Is advertising as an LDAP Server
As having writeable
directory
As a key Dist Center
As a time Service
As a C
Server1 Passed advertising
Test: KnowofRoleHolders
Server1 Passed test KnowofRoleHolders
Test: RID manager
Server1 Passed test RDmanager
Test machine account:
Could not open pipe with Server1 failed with 67:
Network name cannot be found

Could not get NetBios name
Failed cannot test for Host SPN

SPN found: LDAP/Server1gcmeriden.org/bgcmeriden.org
SPN found: LDAP/Server1
Missing SPN(null)
SPN found: LDAP/41ad3a6f-1d84-4086-83bb-60dbc7dadfgd
Msdcs.bgcmeriden.org
SPN found /bgcmeriden.org
SPN found Host/server1.
bgcmeriden.org/bgcmeriden.org
SPN found Host/server1.
bgcmeriden.rg
SPN found Host/server1
Missing SPN (null)
SPN found GC/server1.bgcmeriden.
org/bgcmeriden.org
Server1 failed test machine account

Test: Services
Could not open IPC Server1 failed with 67 network
name cannot be found
Server1 failed test services

Test: Objects Replication
Server1 Passed test Objects Rep

Test: frssysvol
File replication service event log or LSA policy
operation failed
Network name cannot be found
File replication services sysvol is ready
Server1 Passed test frssysvol
Test: Kccvent
Failed to enumerate event log records
Network name cannot be found
Test: Fsmocheck
GC name \\server1.bgcmeriden.org
Locater flags 0xe0001fd
PDC name server1.bgcmeriden.org
Bgcmeriden.org Passed

CLIENT Ipconfig/all

Host name Tech5
Primary DNS _______
Node type hybrid
IP routing No
WINS proxy enable No
Connection specific DNS suffix bcmeriden.org
Description 3 com
Dhcp enabled Yes
Auto config Yes
IP Address 192.168.1.100
DNS server 192.168.1.4
(correct)

DC ipconfig/all

Host name Server1
Primary DNS bgcmeriden.org
Node hybrid
IP routing no
Wins no
DNS suffix bgcmeriden.org

Ethernet adapter

Connection specific DNS suffix
bgcmeriden.org
Description
3Com
Physical Address
blah blah
DHCP enabled
No (dhcp console says activated)
IP Address
192.168.1.4
Subnet Mask
255.255.255.0
Default gateway
192.168.1.1
DNS Server
192.168.1.4


--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-2000...

More about : ace steve

Anonymous
July 19, 2005 12:10:48 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

What do you see on this server when you do a "net share"? And are there any error events being logged?

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

"bill s via WinServerKB.com" <forum@WinServerKB.com> wrote in message news:5183CFE9CE7A7@WinServerKB.com...
>
> Here is the info....I can see problems with Netlogon???? Not sure and not
> sure how to fix if so.
> Thanks again......hope you can help
>
> Ace / Steve here goes
>
> Netdiag /fix
>
> Computer name server1
> DNS host name server1.bgcmeriden.org
> Net card queries test Passed
>
> Per interface results
> Adapter Local area connection
> NetCard queries test Passed
> Host name Server1.bgcmeriden.org
> IP address 192.168.1.4
> Subnet mask 255.255.255.0
> Default gateway 192.168.1.1
> DNS server 192.168.1.4
>
> Autoconfiguration results Passed
> Global results
> Domain membership Passed
> NetBt transport test Passed
> Autonet address test Passed
> IP loopback Passed
> NtBt home test Passed
> Winsock Passed
> DNS test Passed
> Pass-all DNS entries for DC are registered on DNS
> Server 192.168.1.4
>
> Redirector and browser test Passed
> DC discovery test Passed
> DC list test Passed
> Failed to enumerate DC's by using Browser
> Trust relationship Skipped
> Kerberos test Passed
> LDAP test Passed
> Bindings test Passed
> WAN config Skipped
> Modem diag Passed
> Command completed successfully
>
> DCdiag /fix results
>
> Starting test: Connectivity
> Server1 passed test connectivity
> Primary tests
> Replications Server1 passed test replications
> NCSecDesc Server1passed
> Netlogons Server1.A net use or LSA policy
> operation failed with
> Error 67 The network
> name cannot be found
>
> Server1 failed Netlogons
> Advertising Passed
> KnowsofRoleHoldings Passed
> Ridmanager Passed
>
> Machine account could not open pipe with Server1 failed
> with 67
> Network name cannot be found
> Could not get NetBios Domain
> name failed connect test
> for Host SPN
> failed connect test
> Missing SPN
> Missing SPN
> Server1 failed test
> machine account
> Could not open remote IPC to Server1 failed with 67 network name cannot be
> found
> Server1 failed test
> services
>
> Test: Objects
> Server1 Passed test for objects replicated
> Test: frssysvol
> Server1 A net use or LSA policy operation
> failed with error 67
> Network name cannot be found
> Server1 passed test
> frssysvol (yes..it said passed)
> Test: Kccevent
> Failed to enumerate event log records error,
> network name cannot be
> Found
> Server1 failed test
> Kccevent
> Test: syslog
> Failed to enumerate event log records
> Network name cannot be found
> Server1 failed test
> Systemlog
>
> Enterprise tests on: bcmeriden.org
> Test: intersite
> Bgcmeriden.org Passed
> Test: FsmcCheck
> Bcmeriden.org Passed
>
> DCdiag /v /fix
> DC Diagnosis
> Found 1 DC Testing 1 of them
> Testing server Default first site name \ Server1
>
> Test: Connectivity
> Active Directory LDAP Services check
> Active Directory RPC Services check
> Server1 Passed test
> connectivity
>
> Primary tests
> Replications check
> Server1 passed test replications
> Test: NCSecDesc
> Server1 passed test NCSecDesc
> Test: Netlogons
> Server1..A net user LSA policy operation failed
> with error 67
> Network name cannot be found
> Server1 failed test Netlogon
> DC Server1 is advertising itself as a DC and has DNS
>
> Is advertising as an LDAP Server
> As having writeable
> directory
> As a key Dist Center
> As a time Service
> As a C
> Server1 Passed advertising
> Test: KnowofRoleHolders
> Server1 Passed test KnowofRoleHolders
> Test: RID manager
> Server1 Passed test RDmanager
> Test machine account:
> Could not open pipe with Server1 failed with 67:
> Network name cannot be found
>
> Could not get NetBios name
> Failed cannot test for Host SPN
>
> SPN found: LDAP/Server1gcmeriden.org/bgcmeriden.org
> SPN found: LDAP/Server1
> Missing SPN(null)
> SPN found: LDAP/41ad3a6f-1d84-4086-83bb-60dbc7dadfgd
> Msdcs.bgcmeriden.org
> SPN found /bgcmeriden.org
> SPN found Host/server1.
> bgcmeriden.org/bgcmeriden.org
> SPN found Host/server1.
> bgcmeriden.rg
> SPN found Host/server1
> Missing SPN (null)
> SPN found GC/server1.bgcmeriden.
> org/bgcmeriden.org
> Server1 failed test machine account
>
> Test: Services
> Could not open IPC Server1 failed with 67 network
> name cannot be found
> Server1 failed test services
>
> Test: Objects Replication
> Server1 Passed test Objects Rep
>
> Test: frssysvol
> File replication service event log or LSA policy
> operation failed
> Network name cannot be found
> File replication services sysvol is ready
> Server1 Passed test frssysvol
> Test: Kccvent
> Failed to enumerate event log records
> Network name cannot be found
> Test: Fsmocheck
> GC name \\server1.bgcmeriden.org
> Locater flags 0xe0001fd
> PDC name server1.bgcmeriden.org
> Bgcmeriden.org Passed
>
> CLIENT Ipconfig/all
>
> Host name Tech5
> Primary DNS _______
> Node type hybrid
> IP routing No
> WINS proxy enable No
> Connection specific DNS suffix bcmeriden.org
> Description 3 com
> Dhcp enabled Yes
> Auto config Yes
> IP Address 192.168.1.100
> DNS server 192.168.1.4
> (correct)
>
> DC ipconfig/all
>
> Host name Server1
> Primary DNS bgcmeriden.org
> Node hybrid
> IP routing no
> Wins no
> DNS suffix bgcmeriden.org
>
> Ethernet adapter
>
> Connection specific DNS suffix
> bgcmeriden.org
> Description
> 3Com
> Physical Address
> blah blah
> DHCP enabled
> No (dhcp console says activated)
> IP Address
> 192.168.1.4
> Subnet Mask
> 255.255.255.0
> Default gateway
> 192.168.1.1
> DNS Server
> 192.168.1.4
>
>
> --
> Message posted via WinServerKB.com
> http://www.winserverkb.com/Uwe/Forums.aspx/windows-2000...
Anonymous
July 19, 2005 3:09:05 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:5183CFE9CE7A7@WinServerKB.com,
bill s via WinServerKB.com <forum@WinServerKB.com> stated, which I then
commented on below:
> Here is the info....I can see problems with Netlogon???? Not sure and
> not sure how to fix if so.
> Thanks again......hope you can help
>
> Ace / Steve here goes
>
> Netdiag /fix
>
> Computer name server1
> DNS host name server1.bgcmeriden.org
> Net card queries test Passed
>
> Per interface results
> Adapter Local area connection
> NetCard queries test Passed
> Host name Server1.bgcmeriden.org
> IP address 192.168.1.4
> Subnet mask 255.255.255.0
> Default gateway 192.168.1.1
> DNS server 192.168.1.4
>
> Autoconfiguration results Passed
> Global results
> Domain membership Passed
> NetBt transport test Passed
> Autonet address test Passed
> IP loopback Passed
> NtBt home test Passed
> Winsock Passed
> DNS test Passed
> Pass-all DNS entries for DC are registered on DNS
> Server 192.168.1.4
>
> Redirector and browser test Passed
> DC discovery test Passed
> DC list test Passed
> Failed to enumerate DC's by using Browser
> Trust relationship Skipped
> Kerberos test Passed
> LDAP test Passed
> Bindings test Passed
> WAN config Skipped
> Modem diag Passed
> Command completed successfully
>
> DCdiag /fix results
>
> Starting test: Connectivity
> Server1 passed test connectivity
> Primary tests
> Replications Server1 passed test replications
> NCSecDesc Server1passed
> Netlogons Server1.A net use or LSA
> policy operation failed with
> Error 67 The
> network name cannot be found
>
> Server1 failed
> Netlogons Advertising Passed
> KnowsofRoleHoldings Passed
> Ridmanager Passed
>
> Machine account could not open pipe with Server1
> failed with 67
> Network name cannot be
> found Could not get
> NetBios Domain
> name failed connect test
> for Host SPN
> failed connect test
> Missing SPN
> Missing SPN
> Server1 failed
> test machine account
> Could not open remote IPC to Server1 failed with 67 network name
> cannot be found
> Server1 failed
> test services
>
> Test: Objects
> Server1 Passed test for objects
> replicated Test: frssysvol
> Server1 A net use or LSA policy operation
> failed with error 67
> Network name cannot be found
> Server1 passed
> test frssysvol (yes..it said passed)
> Test: Kccevent
> Failed to enumerate event log records
> error, network name cannot be
> Found
> Server1 failed
> test Kccevent
> Test: syslog
> Failed to enumerate event log records
> Network name cannot be found
> Server1 failed
> test Systemlog
>
> Enterprise tests on: bcmeriden.org
> Test: intersite
> Bgcmeriden.org Passed
> Test: FsmcCheck
> Bcmeriden.org Passed
>
> DCdiag /v /fix
> DC Diagnosis
> Found 1 DC Testing 1 of them
> Testing server Default first site name \ Server1
>
> Test: Connectivity
> Active Directory LDAP Services
> check Active Directory RPC
> Services check
> Server1 Passed test
> connectivity
>
> Primary tests
> Replications check
> Server1 passed test replications
> Test: NCSecDesc
> Server1 passed test NCSecDesc
> Test: Netlogons
> Server1..A net user LSA policy operation
> failed with error 67
> Network name cannot be found
> Server1 failed test Netlogon
> DC Server1 is advertising itself as a DC and has DNS
>
> Is advertising as an LDAP Server
> As having
> writeable directory
> As a key Dist
> Center As a time
> Service As a C
> Server1 Passed advertising
> Test: KnowofRoleHolders
> Server1 Passed test KnowofRoleHolders
> Test: RID manager
> Server1 Passed test RDmanager
> Test machine account:
> Could not open pipe with Server1 failed
> with 67: Network name cannot be found
>
> Could not get NetBios name
> Failed cannot test for Host SPN
>
> SPN found: LDAP/Server1gcmeriden.org/bgcmeriden.org
> SPN found: LDAP/Server1
> Missing SPN(null)
> SPN found: LDAP/41ad3a6f-1d84-4086-83bb-60dbc7dadfgd
> Msdcs.bgcmeriden.org
> SPN found /bgcmeriden.org
> SPN found Host/server1.
> bgcmeriden.org/bgcmeriden.org
> SPN found Host/server1.
> bgcmeriden.rg
> SPN found Host/server1
> Missing SPN (null)
> SPN found
> GC/server1.bgcmeriden. org/bgcmeriden.org
> Server1 failed test machine account
>
> Test: Services
> Could not open IPC Server1 failed with 67
> network name cannot be found
> Server1 failed test services
>
> Test: Objects Replication
> Server1 Passed test Objects Rep
>
> Test: frssysvol
> File replication service event log or LSA policy
> operation failed
> Network name cannot be found
> File replication services sysvol is ready
> Server1 Passed test frssysvol
> Test: Kccvent
> Failed to enumerate event log records
> Network name cannot be found
> Test: Fsmocheck
> GC name \\server1.bgcmeriden.org
> Locater flags 0xe0001fd
> PDC name server1.bgcmeriden.org
> Bgcmeriden.org
> Passed
>
> CLIENT Ipconfig/all
>
> Host name Tech5
> Primary DNS _______
> Node type hybrid
> IP routing No
> WINS proxy enable No
> Connection specific DNS suffix bcmeriden.org
> Description 3 com
> Dhcp enabled Yes
> Auto config Yes
> IP Address
> 192.168.1.100
> DNS server 192.168.1.4
> (correct)
>
> DC ipconfig/all
>
> Host name Server1
> Primary DNS bgcmeriden.org
> Node hybrid
> IP routing no
> Wins no
> DNS suffix
> bgcmeriden.org
>
> Ethernet adapter
>
> Connection specific DNS suffix
> bgcmeriden.org
> Description
> 3Com
> Physical Address
> blah blah
> DHCP enabled
> No (dhcp console says activated)
> IP Address
> 192.168.1.4
> Subnet Mask
> 255.255.255.0
> Default gateway
> 192.168.1.1
> DNS Server
> 192.168.1.4

Thank you for posting that info. The ipconfigs look good.

Apparently back to the lack of the DC registering into DNS which is causing
all of this. Plus the " Error 67 The network name cannot be found"
message states that it cannot find the NetBIOS name via broadcast or WINS.

- Is DNS updates enabled on the bgcmeriden.org zone?
- Where there any registry changes altered to prevent registration?
- Is the checkbox to allow registration set in the DC's IP properties,
advanced, DNS tab?
- Are any services stopped for any reason (such as you may have thought to
be a security concern)?
- Is NetBIOS disabled? (IP Properties, advanced, WINS tab)
- Is F&P Services diabled? (IP Properties)
- Is the Microsoft Client Service disabled? (IP Properties)
- DNS properties, Interfaces tab, what is set for the machine to listen to?
- Any odd entries in the Nameservers tab?
- Hosts file been compromised?


Also what's scary is the client has no Primary DNS Suffix. Is this machine
actually joined to the domain? Was that intentionally left with underscores
or is that truly blank or is it that you are having trouble joining this
machine?

> CLIENT Ipconfig/all
>
> Host name Tech5
> Primary DNS _______

When registering, the machines use that Primary DNS Suffix name to register
into that zone in DNS. I assume the zone name in DNS is bgcmeriden.org ?
That name is populated when ou join a machine to the domain automatically
unless the checkbox was inadvertenly unchecked.

Try this on the DC/DNS server:
1. Change the zone to a Primary
2. Backup the system32\dns folder
3. Delete the zone.
4. Delete the netlogon.dns and the netlogon.dnb file in the system32\config
folder.
5. Recreate the zone
6. Make sure updates are set to allowed
7. Run in a CMD prompt:
ipconfig /registerdns
net stop netlogon
net start netlogon
netdiag /v /fix
dcdiag /v /fix
8. Then check the zone to see if the SRV records populated and if the server
registered itself in the zone.

Post the results and the answers to the questions above please.

Ace
Related resources
Can't find your answer ? Ask !
Anonymous
July 19, 2005 2:44:44 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Steve Duff [MVP] wrote:
>What do you see on this server when you do a "net share"? And are there any error events being logged?
>
>Steve Duff, MCSE, MVP
>Ergodic Systems, Inc.
>
>> Here is the info....I can see problems with Netlogon???? Not sure and not
>> sure how to fix if so.
>[quoted text clipped - 222 lines]
>> DNS Server
>> 192.168.1.4

Let me ask this.......A I correct when I say that a DC should NEVER be
exposed to any node on the network that points to an external DNS? This I
presume is ANY node??
I have (on the live network) staff members that have their own PC's with XP
home which I believe cannot join a domain. So........all the staff members
are in a workgroup. However, they have administrative rights and can change
anything they want........and believe me they do. Could this have corrupted
the DC, and before I go live again do I need to ensure ALL PC's point to the
DC DNS? No exceptions?
I have a funny feeling that was the case when I put the DC on live and
someone in the workgroup may have corrupted the DNS data by changing their
DNS to an external DNS.
If this is so I will have to take total control before I go live again..

Thanks for your efforts guys....I really appreciate it. I'll be back.

BIll


--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-2000...
Anonymous
July 19, 2005 2:44:45 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:518C911D247B9@WinServerKB.com,
bill s via WinServerKB.com <forum@WinServerKB.com> stated, which I then
commented on below:
> Steve Duff [MVP] wrote:
>> What do you see on this server when you do a "net share"? And are
>> there any error events being logged?
>>
>> Steve Duff, MCSE, MVP
>> Ergodic Systems, Inc.
>>
>>> Here is the info....I can see problems with Netlogon???? Not sure
>>> and not sure how to fix if so.
>> [quoted text clipped - 222 lines]
>>> DNS Server
>>> 192.168.1.4
>
> Let me ask this.......A I correct when I say that a DC should NEVER be
> exposed to any node on the network that points to an external DNS?
> This I presume is ANY node??
> I have (on the live network) staff members that have their own PC's
> with XP home which I believe cannot join a domain. So........all the
> staff members are in a workgroup.

The machines being in a workgroup explain why they do not have a Primary DNS
Suffix.

> However, they have administrative
> rights and can change anything they want........and believe me they
> do. Could this have corrupted the DC, and before I go live again

If the admin username and password is identical to what's on the server,
then yes, they may have changed something, otherwise, no.

> do I
> need to ensure ALL PC's point to the DC DNS? No exceptions?

I'm surprised you haven't done so already???? Wasn't that discussed in your
prior threads and were advised not to? That can be the WHOLE problem with
joining the domain.
Absolutely NO DNS servers referenced in any machines' IP properties in your
domain. that does NOT have any reference to your AD domain. This pretty much
means NO external DNS servers.


> I have a funny feeling that was the case when I put the DC on live and
> someone in the workgroup may have corrupted the DNS data by changing
> their DNS to an external DNS.

That would not corrupt anything. It wou;ld just cause the client machine not
to be able to access or authenticate in the domain.


> If this is so I will have to take total control before I go live
> again.

Absolutely.

>
> Thanks for your efforts guys....I really appreciate it. I'll be back.
>
> BIll

You are welcome.

What was the results of Steve's question about a net share?
Also, do you have any responses to my questions in my other post?

Ace
Anonymous
July 19, 2005 6:17:03 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Ace Fekay [MVP] wrote:
>In news:518C911D247B9@WinServerKB.com,
>bill s via WinServerKB.com <forum@WinServerKB.com> stated, which I then
>commented on below:
>>> What do you see on this server when you do a "net share"? And are
>>> there any error events being logged?
>[quoted text clipped - 14 lines]
>> with XP home which I believe cannot join a domain. So........all the
>> staff members are in a workgroup.
>
>The machines being in a workgroup explain why they do not have a Primary DNS
>Suffix.
>
>> However, they have administrative
>> rights and can change anything they want........and believe me they
>> do. Could this have corrupted the DC, and before I go live again
>
>If the admin username and password is identical to what's on the server,
>then yes, they may have changed something, otherwise, no.
>
>> do I
>> need to ensure ALL PC's point to the DC DNS? No exceptions?
>
>I'm surprised you haven't done so already???? Wasn't that discussed in your
>prior threads and were advised not to? That can be the WHOLE problem with
>joining the domain.
>Absolutely NO DNS servers referenced in any machines' IP properties in your
>domain. that does NOT have any reference to your AD domain. This pretty much
>means NO external DNS servers.
>
>> I have a funny feeling that was the case when I put the DC on live and
>> someone in the workgroup may have corrupted the DNS data by changing
>> their DNS to an external DNS.
>
>That would not corrupt anything. It wou;ld just cause the client machine not
>to be able to access or authenticate in the domain.
>
>> If this is so I will have to take total control before I go live
>> again.
>
>Absolutely.
>
>> Thanks for your efforts guys....I really appreciate it. I'll be back.
>>
>> BIll
>
>You are welcome.
>
>What was the results of Steve's question about a net share?
>Also, do you have any responses to my questions in my other post?
>
>Ace
Ace......
To be honest this is getting into it a wee bit more than the situation calls
for. That and the fact it's pretty muddled at this point. Seeing I am under
little pressure from the powers that be I reloaded Winserver2K, set up my DNS
and DHCP (this is on the lab network) and am now joining the domain with a PC.
I even put the PC back into a workgroup and them back in to the domain
without a problem. I ran diagnostics to see the difference in the readouts
compared to before. It is now quite clear and concise and very easy to follow.
Someone mentioned Norton hanging in the registry after removal and sure thing
there is some Norton still in the registry. I will keep an eye in that stuff
but right now it doesn't appear to be causing a problem. Norton does say to
place your PC's in trusted zones because it blocks Microsoft networking.
However the confusion lies in the fact that it seems not to block 100% of the
time. My other concern is the PC's with an outside DNS but if you say that
the only result of that is the user won't be able to log on then I really
don't care if they get on or not. You know who they will come to whan they
cannot! As long as I can be ABSOLUTELY sure that is the only ramification
and that it cannot "corrupt" AD, that's fine with me. It sure was a
coincidence though the last time I put the DC on the live network.
Anyway...let's figure this to be the baseline and I will document every move
so if it happens again we know we don't have any previous problems lying
around............Thanks much.. I will be back if I have problems going live.



--
Message posted via http://www.winserverkb.com
Anonymous
July 20, 2005 3:18:34 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:518E6BC6B4229@WinServerKB.com,
bill s via WinServerKB.com <forum@WinServerKB.com> stated, which I then
commented on below:
> Ace......
> To be honest this is getting into it a wee bit more than the
> situation calls for. That and the fact it's pretty muddled at this
> point. Seeing I am under little pressure from the powers that be I
> reloaded Winserver2K, set up my DNS and DHCP (this is on the lab
> network) and am now joining the domain with a PC. I even put the PC
> back into a workgroup and them back in to the domain without a
> problem. I ran diagnostics to see the difference in the readouts
> compared to before. It is now quite clear and concise and very easy
> to follow. Someone mentioned Norton hanging in the registry after
> removal and sure thing there is some Norton still in the registry. I
> will keep an eye in that stuff but right now it doesn't appear to be
> causing a problem. Norton does say to place your PC's in trusted
> zones because it blocks Microsoft networking. However the confusion
> lies in the fact that it seems not to block 100% of the time. My
> other concern is the PC's with an outside DNS but if you say that the
> only result of that is the user won't be able to log on then I really
> don't care if they get on or not. You know who they will come to whan
> they cannot! As long as I can be ABSOLUTELY sure that is the only
> ramification and that it cannot "corrupt" AD, that's fine with me. It
> sure was a coincidence though the last time I put the DC on the live
> network. Anyway...let's figure this to be the baseline and I will
> document every move so if it happens again we know we don't have any
> previous problems lying around............Thanks much.. I will be
> back if I have problems going live.

That was me mentioning Norton, Zone Alarm, etc, in the registry with DLLs.

Bill, you really should ONLY use your own DNS server, especially the DC. If
the clients aren't using it, it;s more than just not being able to logon.
There are numerous functions a client machine in Active Directory that can
only be done using the internal DNS. Maybe I should have explained more
instead of giving you the "just can't logon" line. Depending on many
factors, there's authentication, accessing printers, accessing shares,
domain security, group policy, email, etc. See when a client tries to
communicate to AD, it queries DNS for service locations AD is offering. If
you use your ISP's, they don't have the answer and many functions fail. Do
yourself a favor, to help you in the future with AD, and follow best
practices, as any well versed AD administrator/IT director, try to follow
the golden rule with AD and DNS, and that is to ONLY use your own internal
DNS or you may wind up posting back with more errors in the future. Not that
we don't want to help, but an ounce of understand and following these best
practices is worth a ton of functionality. (That sounds corny!) Configure a
forwarder for efficient Internet name resolution. This article shows you how
to configure a forwarder, among a few other things:

323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/d/?=323380

Here's more info about AD and DNS. Please read up on them.

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/?id=825036

Frequently asked questions about Windows 2000 DNS and Windows Server 2003
DNS
http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

Good luck with everything.

Ace
Anonymous
July 20, 2005 3:34:23 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Ace Fekay [MVP] wrote:
>In news:518E6BC6B4229@WinServerKB.com,
>bill s via WinServerKB.com <forum@WinServerKB.com> stated, which I then
>commented on below:
>> Ace......
>> To be honest this is getting into it a wee bit more than the
>[quoted text clipped - 21 lines]
>> previous problems lying around............Thanks much.. I will be
>> back if I have problems going live.
>
>That was me mentioning Norton, Zone Alarm, etc, in the registry with DLLs.
>
>Bill, you really should ONLY use your own DNS server, especially the DC. If
>the clients aren't using it, it;s more than just not being able to logon.

Ace
I understand about the forwarder and will put my external DNS in it when the
time comes. I learned the hard way but this was a very valuable lesson
concerning the DNS setting on the Clients. Of course I had to set them to
external when using workgroups without a server.
This is a great site with many great helping hands. I am glad I found it.
Thanks again all and as I said, my baseline is now set up so anymore problems
can maybe be more clearly understood. Amazing how one little change can bring
the network to a halt. Pretty cool stuff.
Cheers
Bill
>There are numerous functions a client machine in Active Directory that can
>only be done using the internal DNS. Maybe I should have explained more
>instead of giving you the "just can't logon" line. Depending on many
>factors, there's authentication, accessing printers, accessing shares,
>domain security, group policy, email, etc. See when a client tries to
>communicate to AD, it queries DNS for service locations AD is offering. If
>you use your ISP's, they don't have the answer and many functions fail. Do
>yourself a favor, to help you in the future with AD, and follow best
>practices, as any well versed AD administrator/IT director, try to follow
>the golden rule with AD and DNS, and that is to ONLY use your own internal
>DNS or you may wind up posting back with more errors in the future. Not that
>we don't want to help, but an ounce of understand and following these best
>practices is worth a ton of functionality. (That sounds corny!) Configure a
>forwarder for efficient Internet name resolution. This article shows you how
>to configure a forwarder, among a few other things:
>
>323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
>http://support.microsoft.com/d/?=323380
>
>Here's more info about AD and DNS. Please read up on them.
>
>825036 - Best practices for DNS client settings in Windows 2000 Server and
>in Windows Server 2003
>http://support.microsoft.com/?id=825036
>
>Frequently asked questions about Windows 2000 DNS and Windows Server 2003
>DNS
>http://support.microsoft.com/default.aspx?scid=kb;en-us;291382
>
>Good luck with everything.
>
>Ace


--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-2000...
Anonymous
July 21, 2005 11:07:45 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:519992FD8D52F@WinServerKB.com,
bill s via WinServerKB.com <forum@WinServerKB.com> stated, which I then
commented on below:
> Ace
> I understand about the forwarder and will put my external DNS in it
> when the time comes. I learned the hard way but this was a very
> valuable lesson concerning the DNS setting on the Clients. Of course
> I had to set them to external when using workgroups without a server.
> This is a great site with many great helping hands. I am glad I found
> it. Thanks again all and as I said, my baseline is now set up so
> anymore problems can maybe be more clearly understood. Amazing how
> one little change can bring the network to a halt. Pretty cool stuff.
> Cheers
> Bill


I am glad you found this newsgroup as well to help you out.

Cheers!

Ace
!