Event ID 5788 & 5789, source Netlogon

[Scott Elgram]

I have a workstation that is not taking any group policy
information. It's the only one on my entire network. In
the Event Viewer i get the fallowing two errors repeatedly
one after the other;

Event ID: 5788
Source: NETLOGON
Description:
Attempt to update HOST Service Principal Names (SPNs) of
the computer object in Active Directory failed. The
updated values were '<UNAVAILABLE>' and '<UNAVAILABLE>'.
The following error occurred:
The security context could not be established due to a
failure in the requested quality of service (e.g. mutual
authentication or delegation).

Event ID: 5789
Source: NETLOGON
Description:
Attempt to update DNS Host Name of the computer object
in Active Directory failed. The updated value was
<computer.domain>. The following error occurred:
The security context could not be established due to a
failure in the requested quality of service (e.g. mutual
authentication or delegation).

I have tried everything i can think of to get this
computer to see the GPO's. Please help!

-Scott
(e-mail address removed)

 

[Kevin D. Goodknecht [MVP]]

In Scott Elgram <[email protected]> posted a question
Then Kevin replied below:
: I have a workstation that is not taking any group policy
: information. It's the only one on my entire network. In
: the Event Viewer i get the fallowing two errors repeatedly
: one after the other;
:
: Event ID: 5788
: Source: NETLOGON
: Description:
: Attempt to update HOST Service Principal Names (SPNs) of
: the computer object in Active Directory failed. The
: updated values were '<UNAVAILABLE>' and '<UNAVAILABLE>'.
: The following error occurred:
: The security context could not be established due to a
: failure in the requested quality of service (e.g. mutual
: authentication or delegation).
:
: Event ID: 5789
: Source: NETLOGON
: Description:
: Attempt to update DNS Host Name of the computer object
: in Active Directory failed. The updated value was
: <computer.domain>. The following error occurred:
: The security context could not be established due to a
: failure in the requested quality of service (e.g. mutual
: authentication or delegation).
:
: I have tried everything i can think of to get this
: computer to see the GPO's. Please help!
:
: -Scott
: (e-mail address removed)

Can you post an unedited ipconfig /all for this machine?

Does its Primary DNS suffix match the AD DNS Domain name?

What is the OS and SP level of this machine?

It looks like this could be a single label domain name which causes
registration errors in Win2kSP4, WinXP, and Win2k3.
300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1

 

[Scott Elgram]

Yes, you are correct, this is a single label domain. I applied those
suggested settings to the computer in question but had no luck.

The computer is running Windows 2000 SP4
This is the ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : CS01
Primary DNS Suffix . . . . . . . : CREDENTALS
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : CREDENTALS

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82559 Fast Ethernet LOM
with Alert on LAN*
Physical Address. . . . . . . . . : 00-D0-B7-79-73-6B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.3
DNS Servers . . . . . . . . . . . : 192.168.0.2

 

[Kevin D. Goodknecht [MVP]]

In Scott Elgram <[email protected]> posted a question
Then Kevin replied below:
: Yes, you are correct, this is a single label domain. I applied those
: suggested settings to the computer in question but had no luck.
:

Is the DC also SP4?
If it is there are registry entries it must have. All machines listed in the
article need registry entries.

As for this machine not being able to get it GPOs, is this the only one?

When you ping your domain name does it return the private IP of the DC?

Here is some links that might help you.
http://www.eventid.net/display.asp?eventid=5788&source=
http://www.eventid.net/display.asp?eventid=5789&source=


: The computer is running Windows 2000 SP4
: This is the ipconfig /all
:
: Windows 2000 IP Configuration
:
: Host Name . . . . . . . . . . . . : CS01
: Primary DNS Suffix . . . . . . . : CREDENTALS
: Node Type . . . . . . . . . . . . : Broadcast
: IP Routing Enabled. . . . . . . . : No
: WINS Proxy Enabled. . . . . . . . : No
: DNS Suffix Search List. . . . . . : CREDENTALS
:
: Ethernet adapter Local Area Connection:
:
: Connection-specific DNS Suffix . :
: Description . . . . . . . . . . . : Intel(R) 82559 Fast
: Ethernet LOM with Alert on LAN*
: Physical Address. . . . . . . . . : 00-D0-B7-79-73-6B
: DHCP Enabled. . . . . . . . . . . : No
: IP Address. . . . . . . . . . . . : 192.168.0.30
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
: Default Gateway . . . . . . . . . : 192.168.0.3
: DNS Servers . . . . . . . . . . . : 192.168.0.2
:
:

 

[Scott Elgram]

Yes, The DC is Windows Server 2000 SP4.
And, yes, the computer in question is the only one having this issue.
And, no, when I ping our domain I get "Unknown host"

C:\>ping CREDENTALS
Unknown host CREDENTALS.

I have entered the two registry entries that were suggested in
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1 in the
DC now, although I have not had a chance to reboot that machine yet. Once I
do will this fix the "Unknown host CREDENTALS." problem as well or could
this all be very simply fixed by adding a ".com" to my domain?

-Scott Elgram

 

[Ace Fekay [MVP]]

In

Yes, The DC is Windows Server 2000 SP4.
And, yes, the computer in question is the only one having this issue.
And, no, when I ping our domain I get "Unknown host"

C:\>ping CREDENTALS
Unknown host CREDENTALS.

I have entered the two registry entries that were suggested in
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1
in the DC now, although I have not had a chance to reboot that
machine yet. Once I do will this fix the "Unknown host CREDENTALS."
problem as well or could this all be very simply fixed by adding a
".com" to my domain?

-Scott Elgram

To ping a domain name, it would need the TLD suffix, since it will look
under the zone name for the (same as parent) record. If pinging a single
name, it will treat it as a host and may even suffix it with your Search
Suffix List, which is in your case, baswed on your ipconfig, "CREDENTIALS",
so it may be trying to ping, credentials.credentials.

Ideally, it would be advised to rename the domain, eitehr installing a new
domain in a new forest and migrate the users/groups/and computer accounts to
the new domain with ADMT. The user profiles will be translated to the new
domain user account on their workstations and will be automatically joined
to the new domain for you. This way you won;t have to disjoin/rejoin the
machines in the domain and lose the user profiles. Once that's done, you can
trash the old DC and rebuild it as a new DC in the new existing domain you
created.

Single label domain names are problematic, at best. Certain clients, such as
XP may balk at it and cause additional errors since they have problems
querying single lable name records in DNS.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Scott Elgram]

Ace Fekay,
If I were to just rename the domain from CREDENTALS to CREDENTALS.net
and disjoin all the affected workstations from CREDENTALS and join it to
CREDENTALS.net would it reset the user profiles?
From what I have read in researching this problem it sure does seem that
single label domains cause lots of problems and sometimes even questionable
and/or slow connections. But, likewise, I have also read things that lead
me to think migrating AD off CREDENTALS and over to CREDENTALS.net could
possibly cause more problems domain wide than just the one machine I have
now. If I ever have to set up a new domain or rebuild the old one for some
reason other than one machine I'll defiantly use the appropriate formatting
(I wasn't the one who set this up anyway, that guy quit ).
For now should the 2 registry entries discussed previously in
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1 fix this
problem for the one machine?

-Scott Elgram

"Ace Fekay [MVP]"

 

[Kevin D. Goodknecht [MVP]]

In Scott Elgram <[email protected]> posted a question
Then Kevin replied below:
: Ace Fekay,
: If I were to just rename the domain from CREDENTALS to
: CREDENTALS.net and disjoin all the affected workstations from
: CREDENTALS and join it to CREDENTALS.net would it reset the user
: profiles?
: From what I have read in researching this problem it sure does seem
: that single label domains cause lots of problems and sometimes even
: questionable and/or slow connections. But, likewise, I have also
: read things that lead me to think migrating AD off CREDENTALS and
: over to CREDENTALS.net could possibly cause more problems domain wide
: than just the one machine I have now. If I ever have to set up a new
: domain or rebuild the old one for some reason other than one machine
: I'll defiantly use the appropriate formatting (I wasn't the one who
: set this up anyway, that guy quit ). For now should the 2
: registry entries discussed previously in
: http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1
: fix this problem for the one machine?
:

If you cannot ping the domain name and get the IP of the interface that has
file sharing bound you won't be able to apply group policies.
That is because the policies are found in the domain share
\\domain.com\sysvol\domain.COM\Policies

 

[Ace Fekay [MVP]]

In

Ace Fekay,
If I were to just rename the domain from CREDENTALS to
CREDENTALS.net and disjoin all the affected workstations from
CREDENTALS and join it to CREDENTALS.net would it reset the user
profiles?

First, you can't just rename a domain, unless you're still in mixed mode
with an NT4 BDC still present. If still in mixed mode, you can add an NT4
BDC, trash the W2k DC, promote the NT4 BDC to a PDC, then manually set the
DNS Suffix in TCP/IP properties to the new domain name, credentials.net,
(which would be the name you choose for the AD DNS domain name, but keep the
NetBIOS domain name as CREDENTIALS for backward capatilibity), then upgrade
it to a W2k DC. This way the machines that are still joined will still be
joined to the same domain.

Otherwise if the domain is in Native mode, you'll need to follow the ADMT
method I previously mentioned.

And no about disjoining and rejoining to the new domain with the old
profiles. When you manually rejoin, a new profile is created. You may find
that you can manually force the new profiles to use the old profile one
machine at a time, but I don;t think that's what you want to do. ADMT will
do that for you.

Keep in mind you want to follow DNS naming methods. One thing I noticed is
you're using uppercase. It's not that it won't work, but to keep things
consistent with DNS RFCs (looks good too), name it credentials.net, not
CREDENTIALS.net.

From what I have read in researching this problem it sure does seem
that single label domains cause lots of problems and sometimes even
questionable and/or slow connections. But, likewise, I have also
read things that lead me to think migrating AD off CREDENTALS and
over to CREDENTALS.net could possibly cause more problems domain wide
than just the one machine I have now. If I ever have to set up a new
domain or rebuild the old one for some reason other than one machine
I'll defiantly use the appropriate formatting (I wasn't the one who
set this up anyway, that guy quit ). For now should the 2
registry entries discussed previously in
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1
fix this problem for the one machine?

-Scott Elgram

If the domain is in mixed mode, it will be alot easier for you. If not, the
ADMT will work, but I would read up on it first and test it. I can provide
links if needed. I've migrated quite a few domains and have to say it's the
easier method if the domain is presently in mixed mode. To find the present
mode, rt-click the domain name in ADUC, properties. Look at the bottom of
the general tab.

Also, Kevin has a big point about GPOs and how the GetGPOList function works
when a machine logs on and looks for the GPOs. That reg entry has to be made
system wide....


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Scott Elgram]

Right before I left here on Wednesday I had a chance to reboot the DC
and see if those registry edits worked. Unfortunately they did not the DC
is also in native mode so using ADMT appears to be my last and only option.
It still boggles my mind how out of 30+ computers and countless computers
joined and disjoined from the domain over the past year that I've worked
here this one machine is the only one with this problem.

Both you guys have been a great help over the past few days. Thanks a
bunch.

Any links on ADMT you guys could provide me with would be greatly
appreciated.

thanks again,
-Scott Elgram

 

[Ace Fekay [MVP]]

In

Right before I left here on Wednesday I had a chance to reboot
the DC and see if those registry edits worked. Unfortunately they
did not the DC is also in native mode so using ADMT appears to be my
last and only option. It still boggles my mind how out of 30+
computers and countless computers joined and disjoined from the
domain over the past year that I've worked here this one machine is
the only one with this problem.

Both you guys have been a great help over the past few days. Thanks a
bunch.

Any links on ADMT you guys could provide me with would be greatly
appreciated.

thanks again,
-Scott Elgram

Maybe it was SP4 that caused it all...because SP4 stopped single label
domain registrations due to excessive traffic to the ISC Root servers
because with pre-SP4 machines, it didn't know what to do with the single
label names, so it forwarded it out first becore processing it internally. A
study revealed the excessive traffic and MS did something about it. Single
label names more than likely occured from lack of research and/or classes in
respect to AD/DNS design. Not saying anything here, but with all due
respect, AD is a huge subject matter.

No problem for the help, what we're here for!

If you are in Native, yes, your only recourse at this time is ADMT. Here's
some links on it below. Keep in mind, even if they say NT4 to W2k, or NT4 to
W2k3, the steps are exactly the same....

326480 - How to Use Active Directory Migration Tool Version 2 to Migrate
from Windows 2000 to Windows Server 2003 [including passwords]:
http://support.microsoft.com/?id=326480

Download details Active Directory Migration Tool v.2.0:
http://microsoft.com/downloads/deta...b1-5849-4707-9817-8c9773c25c6c&DisplayLang=en

325851 HOW TO- Set Up ADMT for a Windows NT 4.0-to-Windows Server 2003
Migration :
http://support.microsoft.com/default.aspx?scid=kb;EN-US;325851

Domain Migration Cookbook - Index and Cover:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/cookintr.asp

260871 - HOW TO Set Up ADMT for Windows NT 4.0 to Windows 2000 Migration:
http://support.microsoft.com/?id=260871

325851 - HOW TO Set Up ADMT for a Windows NT 4.0-to-Windows .NET Server
Migration:
http://support.microsoft.com/?id=325851






--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kevin D. Goodknecht [MVP]]

In Scott Elgram <[email protected]> posted a question
Then Kevin replied below:
: Right before I left here on Wednesday I had a chance to reboot
: the DC and see if those registry edits worked. Unfortunately they
: did not the DC is also in native mode so using ADMT appears to be my
: last and only option. It still boggles my mind how out of 30+
: computers and countless computers joined and disjoined from the
: domain over the past year that I've worked here this one machine is
: the only one with this problem.

The problem with the single label DNS domain names did not start on Win2k
until SP4, which has only been released a few months.
If you made the correct registry entries it will work, many users have had
to make those entries due to the single label name.
Can you post the ipconfig /all for the DC?

 

[Scott Elgram]

Here is the ipconfig /all for my DC.
C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : MAINSERVER
Primary DNS Suffix . . . . . . . : CREDENTALS
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : CREDENTALS

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink 10/100 PCI For
Complete PC Management NIC (3C905C-TX)
Physical Address. . . . . . . . . : 00-01-03-31-DA-61
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.3
DNS Servers . . . . . . . . . . . : 192.168.0.2

 

[Kevin D. Goodknecht [MVP]]

In Scott Elgram <[email protected]> posted a question
Then Kevin replied below:
: Here is the ipconfig /all for my DC.
: C:\>ipconfig /all
:
: Windows 2000 IP Configuration
:
: Host Name . . . . . . . . . . . . : MAINSERVER
: Primary DNS Suffix . . . . . . . : CREDENTALS
: Node Type . . . . . . . . . . . . : Hybrid
: IP Routing Enabled. . . . . . . . : Yes
: WINS Proxy Enabled. . . . . . . . : No
: DNS Suffix Search List. . . . . . : CREDENTALS
:
: Ethernet adapter Local Area Connection:
:
: Connection-specific DNS Suffix . :
: Description . . . . . . . . . . . : 3Com EtherLink 10/100 PCI
: For Complete PC Management NIC (3C905C-TX)
: Physical Address. . . . . . . . . : 00-01-03-31-DA-61
: DHCP Enabled. . . . . . . . . . . : No
: IP Address. . . . . . . . . . . . : 192.168.0.2
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
: Default Gateway . . . . . . . . . : 192.168.0.3
: DNS Servers . . . . . . . . . . . : 192.168.0.2
:
:

Thanks for the ipconfig , It looks good it is pointing to its own address
for DNS.
Are there any events showing up in the event log like maybe 5781s? Any
others?

Check in DNS on the properties of the Forward Lookup zone named
"credentals", on the General tab that "Allow dynamic updates" are set to
"Yes" and restart the Netlogon service.

On the DC run this command on the DC netdiag /fix then run netdiag /test:dns
and post any errors. If netdiag is not a recognized command you need to
download an updated version from Microsoft at
http://www.microsoft.com/downloads/...62-27c0-4523-8af9-66a968a8c942&DisplayLang=en

Netdiag is a very important tool to have and can be used to diagnose
connectivity problems from any Win2k and XP client or server. I keep my copy
in my network drive/working directory so that it follows me around, I can
run it from any computer on my network.

 

[Scott Elgram]

I looked in the Forward Lookup zone under General tab and "Allow dynamic
updates" was already set to "Yes". I also ran Netdiag /fix which gave me
the fallowing:

C:\>netdiag /fix
......................................
Computer Name: MAINSERVER
DNS Host Name: MAINSERVER.CREDENTALS
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 8 Stepping 6, GenuineIntel
List of installed hotfixes :
KB329115
KB819696
KB822831
KB823182
KB823559
KB823980
KB824105
KB824141
KB824146
KB825119
KB826232
KB828035
KB828749
Q147222
Q816093

Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : MAINSERVER
IP Address . . . . . . . . : 192.168.0.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.3
Dns Servers. . . . . . . . : 192.168.0.2
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{D187C26B-9BDC-42E7-AC7E-8DE4CAF3B308}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'192.168.0.2'.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{D187C26B-9BDC-42E7-AC7E-8DE4CAF3B308}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{D187C26B-9BDC-42E7-AC7E-8DE4CAF3B308}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
C:\>

 

[Kevin D. Goodknecht [MVP]]

In Scott Elgram <[email protected]> posted a question
Then Kevin replied below:
: I looked in the Forward Lookup zone under General tab and "Allow
: dynamic updates" was already set to "Yes". I also ran Netdiag /fix
: which gave me the fallowing:

: DNS test . . . . . . . . . . . . . : Passed
: PASS - All the DNS entries for DC are registered on DNS server
: '192.168.0.2'.

This is what I was looking for the DNS test passed so, its host name is
registered in DNS.
If you look in your "credentals" forward lookup zone you should have this
record:
(same as parent folder) A 192.168.0.2
Is it there?
It should, but if it is not you can create one by leaving the host name
blank give it IP 192.168.0.2 When it barks at you click OK to create the
record anyway.

Then if you ping credentals is should reply with address 192.168.0.2 if it
does not, What is the NetBIOS name of ths domain?

Oh, the problems of a single label domain name.

The best thing to do is set up a new domain with a dot in the name and
migrate the users, talk about a pain in the butt.

 

[Scott Elgram]

There are 4 "(same as parent folder)' entries;
(same as parent folder) Host 192.168.0.0
(same as parent folder) Host 192.168.0.2
(same as parent folder) Name Server credentals.
(same as parent folder) Name Server Mainserver.credentals.
(same as parent folder) Start of Authority [227],
mainserver.credentals.,[email protected].

The "(same as parent folder) Name Server credentals." I just
added to see if it would help. I don't know if it made a differance though.
I still get unknown host when i ping credentals. However, if i ping
mainserver (the name of the computer on which the DC is running) or
Mainserver.credentals i get a reply 192.168.0.2

 

[Kevin D. Goodknecht [MVP]]

In Scott Elgram <[email protected]> posted a question
Then Kevin replied below:
: There are 4 "(same as parent folder)' entries;
: (same as parent folder) Host 192.168.0.0 <---This
is not a valid IP address is there another DC? Did someone add this record?
You should delete this record.
: (same as parent folder) Host 192.168.0.2
: (same as parent folder) Name Server credentals. <---Delete
: (same as parent folder) Name Server Mainserver.credentals.
: (same as parent folder) Start of Authority [227],
: mainserver.credentals.,[email protected].
:
: The "(same as parent folder) Name Server credentals."
: I just added to see if it would help. I don't know if it made a
: differance though. I still get unknown host when i ping
: credentals. However, if i ping mainserver (the name of the computer
: on which the DC is running) or Mainserver.credentals i get a reply
: 192.168.0.2
:
I think the problem is the 192.168.0.0 record delete the record.
The only thing that might help and I cannot verify it is if you add a Host
named credentals with the IP 192.168.0.2, thinking about it it would resolve
to credentals.credentals with IP 192.168.0.2. That way when the suffix
"credentals" is appended to the host name credentals it will resolve to the
correct IP. I dunno, might help shouldn't hurt.

Delete the NS record you created it is not a valid FQDN for a host NS
record.
try using nslookup to resolve the name credentals. (with a trailing dot)
and credentals with out the dot.

 

[Ace Fekay [MVP]]

In

In

There are 4 "(same as parent folder)' entries;
(same as parent folder) Host 192.168.0.0
<---This

is not a valid IP address is there another DC? Did someone add this
record? You should delete this record.

(same as parent folder) Host 192.168.0.2
(same as parent folder) Name Server credentals.
<---Delete (same as parent folder) Name Server
Mainserver.credentals. (same as parent folder) Start of Authority
[227], mainserver.credentals.,[email protected].

The "(same as parent folder) Name Server credentals."
I just added to see if it would help. I don't know if it made a
differance though. I still get unknown host when i ping
credentals. However, if i ping mainserver (the name of the computer
on which the DC is running) or Mainserver.credentals i get a reply
192.168.0.2

I think the problem is the 192.168.0.0 record delete the record.
The only thing that might help and I cannot verify it is if you add a
Host named credentals with the IP 192.168.0.2, thinking about it it
would resolve to credentals.credentals with IP 192.168.0.2. That way
when the suffix "credentals" is appended to the host name credentals
it will resolve to the correct IP. I dunno, might help shouldn't hurt.

Delete the NS record you created it is not a valid FQDN for a host NS
record.
try using nslookup to resolve the name credentals. (with a trailing
dot) and credentals with out the dot.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================

Hi Kevin,

When pinging "credentials", it's treating it as a hostname. That's just one
of the main problems with single label names. (Discussed earlier...).

I hope Scott plans on changing this as soon as he can...


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Scott Elgram]

Before deleting
(same as parent folder) Host 192.168.0.0
(same as parent folder) Name Server credentals.
NsLookup gave me this;

C:\>nslookup credentals
*** Can't find server name for address 192.168.0.2: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.0.2

*** UnKnown can't find credentals: Non-existent domain

C:\>nslookup credentals.
*** Can't find server name for address 192.168.0.2: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.0.2

Name: credentals
Addresses: 192.168.0.2, 192.168.0.0

then I deleted
(same as parent folder) Host 192.168.0.0
(same as parent folder) Name Server credentals.
and added a host Credentals with IP 192.168.0.2 and I got this;

C:\>nslookup credentals
*** Can't find server name for address 192.168.0.2: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.0.2

Name: credentals.CREDENTALS
Address: 192.168.0.2


C:\>nslookup credentals.
*** Can't find server name for address 192.168.0.2: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.0.2

Name: credentals

I haven't checked out the one workstation that was having the GPO issues but
do you think this will fix that problem or is a migration really my only
recourse at this point?
--
-Scott Elgram

In Scott Elgram <[email protected]> posted a question
Then Kevin replied below:
: There are 4 "(same as parent folder)' entries;
: (same as parent folder) Host 192.168.0.0 <---This
is not a valid IP address is there another DC? Did someone add this record?
You should delete this record.
: (same as parent folder) Host 192.168.0.2
: (same as parent folder) Name Server credentals. <---Delete
: (same as parent folder) Name Server Mainserver.credentals.
: (same as parent folder) Start of Authority [227],
: mainserver.credentals.,[email protected].
:
: The "(same as parent folder) Name Server credentals."
: I just added to see if it would help. I don't know if it made a
: differance though. I still get unknown host when i ping
: credentals. However, if i ping mainserver (the name of the computer
: on which the DC is running) or Mainserver.credentals i get a reply
: 192.168.0.2
:
I think the problem is the 192.168.0.0 record delete the record.
The only thing that might help and I cannot verify it is if you add a Host
named credentals with the IP 192.168.0.2, thinking about it it would resolve
to credentals.credentals with IP 192.168.0.2. That way when the suffix
"credentals" is appended to the host name credentals it will resolve to the
correct IP. I dunno, might help shouldn't hurt.

Delete the NS record you created it is not a valid FQDN for a host NS
record.
try using nslookup to resolve the name credentals. (with a trailing dot)
and credentals with out the dot.