- Aug 30, 2013
- 5
- 0
- 10,510
Background: I'm a volunteer, with experience of fixing quite a few client side problems (TH has been an excellent resource there!). Now, in rural Africa, I've been put in charge of a network that was created by a service company. No other reason than I'm the best they've got.
Network details: ~15 clients, 1 DC/server, 1 router.
The service company seem to have done a lot of advanced things (not all of them sensible according to things I'm learning at the moment), which makes troubleshooting difficult for a beginner.
Clients: Win XP/7 - yes we are upgrading all to Win 7 soon
Server: Win Server 2003
SCENARIO:
Clients can connect to each other, and the server can connect to them.
Clients cannot connect to the server.
Users can still log into the domain (luckily, lease must still be remembered).
NIC settings are: server for default DNS, static IP for all, gateway is router.
I have tried disabling Routing and Remote Access from both services.msc and computer management on the server.
I have tried all the netsh reset commands, restart DNS Server, restart IPsec, restart net logon, etc. to no avail.
I have discovered trying to change Windows firewall settings leads to error about ipnat.sys being in use already. Only security program running is ClamWin, which doesn't have a firewall.
I also found there are 4 dnsnodes in our zone under AD -> Domain -> System -> MicrosoftDNS -> reverse zone: @, 127, 201 and 99. I *think* 99 might the only one that should be there (our server), though I'm not sure about the @. If I right-click and delete the other numbers from AD (first quadrant of actual client IP's), they reappear very quickly. Not sure about deleting them from DNS.
File and Connection sharing is enabled as far as I can tell.
Win 7 clients can see the full network map, by opening My Computer and clicking Network.
RECENT DNS ERRORS IN SERVER EVENT LOG:
410 - list of restricted interfaces not contain valid IP for the server.
4007 - unable to open zone _msdcs.xxx.local from AD partition unable to open 4007 - unable to open zone _msdcs.xxx.local from AD partition domaindnszones
4015 - critical error from AD
6702 - DNS server has updated its own host records
4016 - timed out on attempting servvice operation on DC=xxxx (a current client PC name) DC=xxxx.local (domain name) ...
4004 - unable to complete directory enumeration service enumeration of zone xxxx.ocal (our domain forward zone)
4004 - same but for our reverse lookup zone
4004 - same for our _msdcs forward zone
4004 - same for zone ..
4521 - encountered error 32 attempting to load zone reverse lookup (1.168.192.in-addr.arpa)
Thank you for any help and assistance you can offer I've been Googling for 2 days with a server down... Luckily our DB program can be run from a client so everyone's slightly consoled... (excuse the pun).
Oh I almost forgot, no computers on the network have internet connectivity either. I tried setting external DNS address on one client and server, but it failed both times. I reset those to the server IP straight away thanks to Ace Fekay's helpful blog on the subject: http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx
Something about the server is wrong, I cannot figure out what. Your help is tremendously appreciated. Please do start with basic configuration as I'm not even convinced that is correct.
SOLUTION:
Part 1: Server network adapter properties -> TCP/IPv4 -> Advanced -> WINS -> NetBIOS over TCP/IP was disabled, set to default.
Part 2: stop Routing and Remote Access service on server.
Internet connection issue is a separate problem, going to make a new post.
Thanks for help Josh!
Network details: ~15 clients, 1 DC/server, 1 router.
The service company seem to have done a lot of advanced things (not all of them sensible according to things I'm learning at the moment), which makes troubleshooting difficult for a beginner.
Clients: Win XP/7 - yes we are upgrading all to Win 7 soon
Server: Win Server 2003
SCENARIO:
Clients can connect to each other, and the server can connect to them.
Clients cannot connect to the server.
Users can still log into the domain (luckily, lease must still be remembered).
NIC settings are: server for default DNS, static IP for all, gateway is router.
I have tried disabling Routing and Remote Access from both services.msc and computer management on the server.
I have tried all the netsh reset commands, restart DNS Server, restart IPsec, restart net logon, etc. to no avail.
I have discovered trying to change Windows firewall settings leads to error about ipnat.sys being in use already. Only security program running is ClamWin, which doesn't have a firewall.
I also found there are 4 dnsnodes in our zone under AD -> Domain -> System -> MicrosoftDNS -> reverse zone: @, 127, 201 and 99. I *think* 99 might the only one that should be there (our server), though I'm not sure about the @. If I right-click and delete the other numbers from AD (first quadrant of actual client IP's), they reappear very quickly. Not sure about deleting them from DNS.
File and Connection sharing is enabled as far as I can tell.
Win 7 clients can see the full network map, by opening My Computer and clicking Network.
RECENT DNS ERRORS IN SERVER EVENT LOG:
410 - list of restricted interfaces not contain valid IP for the server.
4007 - unable to open zone _msdcs.xxx.local from AD partition unable to open 4007 - unable to open zone _msdcs.xxx.local from AD partition domaindnszones
4015 - critical error from AD
6702 - DNS server has updated its own host records
4016 - timed out on attempting servvice operation on DC=xxxx (a current client PC name) DC=xxxx.local (domain name) ...
4004 - unable to complete directory enumeration service enumeration of zone xxxx.ocal (our domain forward zone)
4004 - same but for our reverse lookup zone
4004 - same for our _msdcs forward zone
4004 - same for zone ..
4521 - encountered error 32 attempting to load zone reverse lookup (1.168.192.in-addr.arpa)
Thank you for any help and assistance you can offer I've been Googling for 2 days with a server down... Luckily our DB program can be run from a client so everyone's slightly consoled... (excuse the pun).
Oh I almost forgot, no computers on the network have internet connectivity either. I tried setting external DNS address on one client and server, but it failed both times. I reset those to the server IP straight away thanks to Ace Fekay's helpful blog on the subject: http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx
Something about the server is wrong, I cannot figure out what. Your help is tremendously appreciated. Please do start with basic configuration as I'm not even convinced that is correct.
SOLUTION:
Part 1: Server network adapter properties -> TCP/IPv4 -> Advanced -> WINS -> NetBIOS over TCP/IP was disabled, set to default.
Part 2: stop Routing and Remote Access service on server.
Internet connection issue is a separate problem, going to make a new post.
Thanks for help Josh!
Unfortunately all clients are already configured like you said - static IP, DC = DNS IP 1, router = DNS IP 2. Router is from ISP, so pre-configured with their DNS servers. 
Facebook
Twitter
Instagram