Windows cannot bind to xx domain...

[J.Marsch]

We are experiencing a weird problem with a Windows XP Pro machine:

We have a Windows 2000 domain running in NT 4 compatibility mode.

The machine is a member of the domain. The machine gets its TCP/IP
configuration from our dhcp server, so it's configured the same as all the
other client machines on the network.

I'm seeing the following error in the event log:

Windows cannot bind to CTC.com domain. (Timeout). Group Policy processing
aborted.

If I try to perform an operation that would try to lookup domain information
(like assigning NTFS permissions to a file), the Add User dialog fails to
find any network name that we use, and if you do an advanced search, we get
an error indicating that the specified object does not exist.

Any clues?

 

[Marina Roos]

So everything on the ipconfig/all from that XP is pointing to your
server-IP?

Marina

 

[J.Marsch]

Yes. The machine in question has a valid IP, and the DNS information
matches the settings on my machine (which seems to be working fine). We are
a small network. Everything is in one subnet.

One other note:
Since my last post, I noticed this error on another XP machine, with another
user. It still works fine on my machine. One difference: I was logged on
with Domain Admin priviliges. The people who where having problems were
local admins, but not domain admins, they were just domain users. Could
there be a permissions related problem?

 

[Marina Roos]

Check the DNS-server configuration. Do you see the clients in the lookup
zone's?

Marina

 

[J.Marsch]

Marina:

Thank you for your suggestion. We noticed that the first DNS server on our
list does not contain any machines in the reverse lookup zone. The zone is
setup, but it's set up as a primary zone, and is empty. We have another DNS
server that is also a domain controller. The domain controller is set to
use active directory integration for the internal reverse lookup zone, and
it is populated.

Should we:
1. Promote the DC to be the first DNS server on the list?
2. Make the offending DNS server a secondary server, and setup zone
transfers from the DC?
3. All of the above?

 

[Marina Roos]

Hi Jeremy,

I really can't tell you what the best thing is for you to do. Why don't you
try it out?

Marina

 

[J.Marsch]

We've tried syncing the DNS servers (option 2) to no avail. We did confirm
one interesting symptom. If I log on with Domain Admin privileges, I have
no problems, everything works fine. If I log on with only Domain User
privileges, my error comes back. Does that help with a diagnosis?

 

[Marina Roos]

Can you post the ipconfig/all please?

Marina

We've tried syncing the DNS servers (option 2) to no avail. We did confirm
one interesting symptom. If I log on with Domain Admin privileges, I have
no problems, everything works fine. If I log on with only Domain User
privileges, my error comes back. Does that help with a diagnosis?

same

 

[J.Marsch]

Here you are:


Windows IP Configuration



Host Name . . . . . . . . . . . . : Jeremy

Primary Dns Suffix . . . . . . . : CTC.com

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : CTC.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : ctc.com

Description . . . . . . . . . . . : Intel(R) PRO/1000 MTW Network
Connection

Physical Address. . . . . . . . . : 00-08-74-4F-39-F4

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.144

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.2

DHCP Server . . . . . . . . . . . : 192.168.1.18

DNS Servers . . . . . . . . . . . : 216.81.128.201

192.168.1.2

192.168.1.18

129.250.35.250

192.168.1.36

192.168.1.21

Primary WINS Server . . . . . . . : 192.168.1.18

Secondary WINS Server . . . . . . : 192.168.1.17

Lease Obtained. . . . . . . . . . : Wednesday, November 19, 2003
6:20:43 PM

Lease Expires . . . . . . . . . . : Monday, November 24, 2003
6:20:43 PM

 

[Marina Roos]

Hi,

Sorry it took a bit longer to get back to you. You've got far too many
DNS-servers.
It should *only* point to your server-IP.
Is this the ipconfig from a client? Yes.
How many nics in the server?
DNS on the clients should only point to the server-IP. If your server only
has one nic, than the gateway should be the gateway from the servernic. If
your server has got 2 nics, the gateway on the client should point to your
server-IP.
Can you post the ipconfig(s) from the server(s)?

Marina

 

[J.Marsch]

Marina:

Here is the IPConfig for one of our DNS servers. I want to thank you for
spending so much time with me on this problem.



Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : CTC-PDC
Primary DNS Suffix . . . . . . . : CTC.com
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : CTC.com

Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet Adapter
(10/100)
Physical Address. . . . . . . . . : 00-B0-D0-79-51-63

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.18

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.18

DNS Servers . . . . . . . . . . . : 192.168.1.18
192.168.1.21
216.81.128.200
192.168.1.17
129.250.35.251
Primary WINS Server . . . . . . . : 192.168.1.18

Secondary WINS Server . . . . . . : 192.168.1.35

Regards

-- Jeremy

 

[Marina Roos]

Hi Jeremy,

You have far too many DNS-servers. They should only point to your server-IP.
All the external DNS-numbers should be put in the tab Forwarders of your
DNS-server configuration.

Marina