XP won't register!!! AARRGGHH!!

A

aptrsn

Talk about frustrating!



I'm running into a problem with a XP workstation that will not register
itself with the DNS server (which is also the root DC). The previous XP
station registered without problem and as far as I can tell the settings are
identical. We use static addressing for TCP/IP and the station can ping the
DC's FQDN with no problem. The server however can only ping the XP wkst
name, but when you try to ping the FQDN of the XP wkst, it returns "Ping
request could not find host STATION2.domain.local." In ADS, the XP wkst was
added also with no problem, but when I check the Host records under the FLZ
'domain.local' there is no Host record for the station??!!! I've tried
removing the station from the domain and re-adding it, but the Host record
fails to show up.



In comparing the two workstations, I noticed that some inconsistencies in
their IP configuration.



registered XP station ipconfig



Windows IP Configuration



Host Name . . . . . . . . . . . . : STATION1

Primary Dns Suffix . . . . . . . : domain.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.local



non-registered XP station ipconfig



Windows IP Configuration



Host Name . . . . . . . . . . . . : STATION2

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No





As far as DNS is concerned, the only difference between the two is that
STATION1 has it's primary DNS address of a test DC that maintains a
Secondary Zone of the root DC's Primary Zone. STATION2 has the root DC as it
's primary DNS (they are on the same subnet).



Running netdiag on the non-registered XP station



Netcard queries test . . . . . . . : Passed







Per interface results:



Adapter : Local Area Connection



Netcard queries test . . . : Passed



Host Name. . . . . . . . . : STATION2

IP Address . . . . . . . . : 172.16.0.35

Subnet Mask. . . . . . . . : 255.255.0.0

Default Gateway. . . . . . : 172.16.0.4

Dns Servers. . . . . . . . : 172.16.0.21 (root1)

172.16.0.20 (root2)





AutoConfiguration results. . . . . . : Passed



Default gateway test . . . : Passed



NetBT name test. . . . . . : Passed



WINS service test. . . . . : Skipped

There are no WINS servers configured for this interface.





Global results:





Domain membership test . . . . . . : Passed





NetBT transports test. . . . . . . : Passed

List of NetBt transports currently configured:

NetBT_Tcpip_{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}

1 NetBt transport currently configured.





Autonet address test . . . . . . . : Passed





IP loopback ping test. . . . . . . : Passed





Default gateway test . . . . . . . : Passed





NetBT name test. . . . . . . . . . : Passed





Winsock test . . . . . . . . . . . : Passed





DNS test . . . . . . . . . . . . . : Passed





Redir and Browser test . . . . . . : Passed

List of NetBt transports currently bound to the Redir

NetBT_Tcpip_{ XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX }

The redir is bound to 1 NetBt transport.



List of NetBt transports currently bound to the browser

NetBT_Tcpip_{ XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX }

The browser is bound to 1 NetBt transport.





DC discovery test. . . . . . . . . : Passed





DC list test . . . . . . . . . . . : Passed





Trust relationship test. . . . . . : Passed

Secure channel for domain 'DOMAIN' is to '\\root1.domain.local'.





Kerberos test. . . . . . . . . . . : Failed

[FATAL] Kerberos does not have a ticket for host/STATION2 .





LDAP test. . . . . . . . . . . . . : Failed

[WARNING] The default SPN registration for 'HOST/STATION2 ' is missing
on DC '

root2.domain.local'.

[WARNING] The default SPN registration for 'HOST/STATION2 ' is missing
on DC '

root1.domain.local'.

[WARNING] The default SPN registration for 'HOST/STATION2 ' is missing
on DC '

remote1.domain.local'.

[FATAL] The default SPNs are not properly registered on any DCs.





Bindings test. . . . . . . . . . . : Passed





WAN configuration test . . . . . . : Skipped

No active remote access connections.





Modem diagnostics test . . . . . . : Passed



IP Security test . . . . . . . . . : Passed

Service status is: Started

Service startup is: Automatic

IPSec service is available, but no policy is assigned or active

Note: run "ipseccmd /?" for more detailed information







Any idea's or suggestions?



PS. I did run netdiag /fix which came up with the same result above.
 
L

Lanwench [MVP - Exchange]

The DNS suffix for the connection is blank on the machine that isn't
working. I think that's the problem... Add it to the TCP/IP settings
(properties, advanced, DNS) and make sure 'register this connections
addresses in DNS is ticked.

Any reason you don't want to use DHCP? Makes life so much easier!

Talk about frustrating!



I'm running into a problem with a XP workstation that will not
register itself with the DNS server (which is also the root DC). The
previous XP station registered without problem and as far as I can
tell the settings are identical. We use static addressing for TCP/IP
and the station can ping the DC's FQDN with no problem. The server
however can only ping the XP wkst name, but when you try to ping the
FQDN of the XP wkst, it returns "Ping request could not find host
STATION2.domain.local." In ADS, the XP wkst was added also with no
problem, but when I check the Host records under the FLZ
'domain.local' there is no Host record for the station??!!! I've
tried removing the station from the domain and re-adding it, but the
Host record fails to show up.



In comparing the two workstations, I noticed that some
inconsistencies in their IP configuration.



registered XP station ipconfig



Windows IP Configuration



Host Name . . . . . . . . . . . . : STATION1

Primary Dns Suffix . . . . . . . : domain.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.local



non-registered XP station ipconfig



Windows IP Configuration



Host Name . . . . . . . . . . . . : STATION2

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No





As far as DNS is concerned, the only difference between the two is
that STATION1 has it's primary DNS address of a test DC that
maintains a Secondary Zone of the root DC's Primary Zone. STATION2
has the root DC as it 's primary DNS (they are on the same subnet).



Running netdiag on the non-registered XP station



Netcard queries test . . . . . . . : Passed







Per interface results:



Adapter : Local Area Connection



Netcard queries test . . . : Passed



Host Name. . . . . . . . . : STATION2

IP Address . . . . . . . . : 172.16.0.35

Subnet Mask. . . . . . . . : 255.255.0.0

Default Gateway. . . . . . : 172.16.0.4

Dns Servers. . . . . . . . : 172.16.0.21 (root1)

172.16.0.20 (root2)





AutoConfiguration results. . . . . . : Passed



Default gateway test . . . : Passed



NetBT name test. . . . . . : Passed



WINS service test. . . . . : Skipped

There are no WINS servers configured for this interface.





Global results:





Domain membership test . . . . . . : Passed





NetBT transports test. . . . . . . : Passed

List of NetBt transports currently configured:

NetBT_Tcpip_{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}

1 NetBt transport currently configured.





Autonet address test . . . . . . . : Passed





IP loopback ping test. . . . . . . : Passed





Default gateway test . . . . . . . : Passed





NetBT name test. . . . . . . . . . : Passed





Winsock test . . . . . . . . . . . : Passed





DNS test . . . . . . . . . . . . . : Passed





Redir and Browser test . . . . . . : Passed

List of NetBt transports currently bound to the Redir

NetBT_Tcpip_{ XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX }

The redir is bound to 1 NetBt transport.



List of NetBt transports currently bound to the browser

NetBT_Tcpip_{ XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX }

The browser is bound to 1 NetBt transport.





DC discovery test. . . . . . . . . : Passed





DC list test . . . . . . . . . . . : Passed





Trust relationship test. . . . . . : Passed

Secure channel for domain 'DOMAIN' is to '\\root1.domain.local'.





Kerberos test. . . . . . . . . . . : Failed

[FATAL] Kerberos does not have a ticket for host/STATION2 .





LDAP test. . . . . . . . . . . . . : Failed

[WARNING] The default SPN registration for 'HOST/STATION2 ' is
missing on DC '

root2.domain.local'.

[WARNING] The default SPN registration for 'HOST/STATION2 ' is
missing on DC '

root1.domain.local'.

[WARNING] The default SPN registration for 'HOST/STATION2 ' is
missing on DC '

remote1.domain.local'.

[FATAL] The default SPNs are not properly registered on any DCs.





Bindings test. . . . . . . . . . . : Passed





WAN configuration test . . . . . . : Skipped

No active remote access connections.





Modem diagnostics test . . . . . . : Passed



IP Security test . . . . . . . . . : Passed

Service status is: Started

Service startup is: Automatic

IPSec service is available, but no policy is assigned or active

Note: run "ipseccmd /?" for more detailed information







Any idea's or suggestions?



PS. I did run netdiag /fix which came up with the same result above.
Click to expand...
 
K

Kevin D. Goodknecht [MVP]

In
aptrsn said:
non-registered XP station ipconfig



Windows IP Configuration



Host Name . . . . . . . . . . . . : STATION2

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No
Click to expand...


The reason it is not registering is that it has no Primary DNS suffix.
You can change the suffix in the system control panel on the Network
Identification tab. Click on the change button. You must not have Change DNS
suffix when domain membership changes selected.
 
A

aptrsn

Thanks for replying!
"Lanwench [MVP - Exchange]" stated
The DNS suffix for the connection is blank on the machine that isn't
working. I think that's the problem... Add it to the TCP/IP settings
(properties, advanced, DNS) and make sure 'register this connections
addresses in DNS is ticked.
Click to expand...

I did what you suggested but that did not solve the problem. It still came
up with the following:

Windows IP Configuration

Host Name . . . . . . . . . . . . : STATION1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Just as a side note, the field "DNS suffix for this connection" was blank on
the XP station that did register. Go figure.
Any reason you don't want to use DHCP? Makes life so much easier!
Click to expand...

Fear of the unknown.

I've always used static addressing, and in the current enviroment it would
add even more connectivity issues that I'm unfamiliar with (having enough
problems with DNS <grin> )

"Lanwench [MVP - Exchange]"
The DNS suffix for the connection is blank on the machine that isn't
working. I think that's the problem... Add it to the TCP/IP settings
(properties, advanced, DNS) and make sure 'register this connections
addresses in DNS is ticked.

Any reason you don't want to use DHCP? Makes life so much easier!

Talk about frustrating!



I'm running into a problem with a XP workstation that will not
register itself with the DNS server (which is also the root DC). The
previous XP station registered without problem and as far as I can
tell the settings are identical. We use static addressing for TCP/IP
and the station can ping the DC's FQDN with no problem. The server
however can only ping the XP wkst name, but when you try to ping the
FQDN of the XP wkst, it returns "Ping request could not find host
STATION2.domain.local." In ADS, the XP wkst was added also with no
problem, but when I check the Host records under the FLZ
'domain.local' there is no Host record for the station??!!! I've
tried removing the station from the domain and re-adding it, but the
Host record fails to show up.



In comparing the two workstations, I noticed that some
inconsistencies in their IP configuration.



registered XP station ipconfig



Windows IP Configuration



Host Name . . . . . . . . . . . . : STATION1

Primary Dns Suffix . . . . . . . : domain.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.local



non-registered XP station ipconfig



Windows IP Configuration



Host Name . . . . . . . . . . . . : STATION2

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No





As far as DNS is concerned, the only difference between the two is
that STATION1 has it's primary DNS address of a test DC that
maintains a Secondary Zone of the root DC's Primary Zone. STATION2
has the root DC as it 's primary DNS (they are on the same subnet).



Running netdiag on the non-registered XP station



Netcard queries test . . . . . . . : Passed







Per interface results:



Adapter : Local Area Connection



Netcard queries test . . . : Passed



Host Name. . . . . . . . . : STATION2

IP Address . . . . . . . . : 172.16.0.35

Subnet Mask. . . . . . . . : 255.255.0.0

Default Gateway. . . . . . : 172.16.0.4

Dns Servers. . . . . . . . : 172.16.0.21 (root1)

172.16.0.20 (root2)





AutoConfiguration results. . . . . . : Passed



Default gateway test . . . : Passed



NetBT name test. . . . . . : Passed



WINS service test. . . . . : Skipped

There are no WINS servers configured for this interface.





Global results:





Domain membership test . . . . . . : Passed





NetBT transports test. . . . . . . : Passed

List of NetBt transports currently configured:

NetBT_Tcpip_{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}

1 NetBt transport currently configured.





Autonet address test . . . . . . . : Passed





IP loopback ping test. . . . . . . : Passed





Default gateway test . . . . . . . : Passed





NetBT name test. . . . . . . . . . : Passed





Winsock test . . . . . . . . . . . : Passed





DNS test . . . . . . . . . . . . . : Passed





Redir and Browser test . . . . . . : Passed

List of NetBt transports currently bound to the Redir

NetBT_Tcpip_{ XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX }

The redir is bound to 1 NetBt transport.



List of NetBt transports currently bound to the browser

NetBT_Tcpip_{ XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX }

The browser is bound to 1 NetBt transport.





DC discovery test. . . . . . . . . : Passed





DC list test . . . . . . . . . . . : Passed





Trust relationship test. . . . . . : Passed

Secure channel for domain 'DOMAIN' is to '\\root1.domain.local'.





Kerberos test. . . . . . . . . . . : Failed

[FATAL] Kerberos does not have a ticket for host/STATION2 .





LDAP test. . . . . . . . . . . . . : Failed

[WARNING] The default SPN registration for 'HOST/STATION2 ' is
missing on DC '

root2.domain.local'.

[WARNING] The default SPN registration for 'HOST/STATION2 ' is
missing on DC '

root1.domain.local'.

[WARNING] The default SPN registration for 'HOST/STATION2 ' is
missing on DC '

remote1.domain.local'.

[FATAL] The default SPNs are not properly registered on any DCs.





Bindings test. . . . . . . . . . . : Passed





WAN configuration test . . . . . . : Skipped

No active remote access connections.





Modem diagnostics test . . . . . . : Passed



IP Security test . . . . . . . . . : Passed

Service status is: Started

Service startup is: Automatic

IPSec service is available, but no policy is assigned or active

Note: run "ipseccmd /?" for more detailed information







Any idea's or suggestions?



PS. I did run netdiag /fix which came up with the same result above.
Click to expand...
Click to expand...
 
A

aptrsn

Thank you for replying!
"Kevin D. Goodknecht [MVP]" wrote
The reason it is not registering is that it has no Primary DNS suffix.
You can change the suffix in the system control panel on the Network
Identification tab. Click on the change button.
Click to expand...

I'm a little confused here, do you mean the "Computer Name" tab under system
properties? On that tab the following is listed:

Full computer name: STATION2

Domain: domain.local

If you mean on the "DNS" tab of Advanced TCP/IP settings, the following is
ticked:

"Append primary and connected specific DNS suffixes"
"Append parent suffixes..."

I've also added 'domain.local' in the "DNS suffix for this connection:"
field.

Also ticked are:

"Register this connection's addresses in DNS"
"Use this connection's DNS suffix in the DNS registration"

Again thanks for your input!
 
A

aptrsn

Just an update. I checked on the FLZ of the root DC DNS and found that the
XP station had been added. However, when I do an ipconfig /all
I still receive the following:

Windows IP Configuration

Host Name . . . . . . . . . . . . : STATION1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.local

I guess I should be thankful that at least the DNS regestered a Host record
for the station, but I'm guessing that the listed IP config is the cause of
errors that I received in my 'netdiag' results:

Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for host/STATION1.


LDAP test. . . . . . . . . . . . . : Failed
[WARNING] The default SPN registration for 'HOST/STATION1' is missing on
DC '
root1.domain.local'.
[WARNING] The default SPN registration for 'HOST/STATION1' is missing on
DC '
root2.domain.local'.
[WARNING] The default SPN registration for 'HOST/STATION1' is missing on
DC '
remote1.domain.local'.
[FATAL] The default SPNs are not properly registered on any DCs.



aptrsn said:
Thanks for replying!
"Lanwench [MVP - Exchange]" stated
The DNS suffix for the connection is blank on the machine that isn't
working. I think that's the problem... Add it to the TCP/IP settings
(properties, advanced, DNS) and make sure 'register this connections
addresses in DNS is ticked.
Click to expand...

I did what you suggested but that did not solve the problem. It still came
up with the following:

Windows IP Configuration

Host Name . . . . . . . . . . . . : STATION1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Just as a side note, the field "DNS suffix for this connection" was blank on
the XP station that did register. Go figure.
Any reason you don't want to use DHCP? Makes life so much easier!
Click to expand...

Fear of the unknown.

I've always used static addressing, and in the current enviroment it would
add even more connectivity issues that I'm unfamiliar with (having enough
problems with DNS <grin> )

"Lanwench [MVP - Exchange]"
The DNS suffix for the connection is blank on the machine that isn't
working. I think that's the problem... Add it to the TCP/IP settings
(properties, advanced, DNS) and make sure 'register this connections
addresses in DNS is ticked.

Any reason you don't want to use DHCP? Makes life so much easier!

Talk about frustrating!



I'm running into a problem with a XP workstation that will not
register itself with the DNS server (which is also the root DC). The
previous XP station registered without problem and as far as I can
tell the settings are identical. We use static addressing for TCP/IP
and the station can ping the DC's FQDN with no problem. The server
however can only ping the XP wkst name, but when you try to ping the
FQDN of the XP wkst, it returns "Ping request could not find host
STATION2.domain.local." In ADS, the XP wkst was added also with no
problem, but when I check the Host records under the FLZ
'domain.local' there is no Host record for the station??!!! I've
tried removing the station from the domain and re-adding it, but the
Host record fails to show up.



In comparing the two workstations, I noticed that some
inconsistencies in their IP configuration.



registered XP station ipconfig



Windows IP Configuration



Host Name . . . . . . . . . . . . : STATION1

Primary Dns Suffix . . . . . . . : domain.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.local



non-registered XP station ipconfig



Windows IP Configuration



Host Name . . . . . . . . . . . . : STATION2

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No





As far as DNS is concerned, the only difference between the two is
that STATION1 has it's primary DNS address of a test DC that
maintains a Secondary Zone of the root DC's Primary Zone. STATION2
has the root DC as it 's primary DNS (they are on the same subnet).



Running netdiag on the non-registered XP station



Netcard queries test . . . . . . . : Passed







Per interface results:



Adapter : Local Area Connection



Netcard queries test . . . : Passed



Host Name. . . . . . . . . : STATION2

IP Address . . . . . . . . : 172.16.0.35

Subnet Mask. . . . . . . . : 255.255.0.0

Default Gateway. . . . . . : 172.16.0.4

Dns Servers. . . . . . . . : 172.16.0.21 (root1)

172.16.0.20 (root2)





AutoConfiguration results. . . . . . : Passed



Default gateway test . . . : Passed



NetBT name test. . . . . . : Passed



WINS service test. . . . . : Skipped

There are no WINS servers configured for this interface.





Global results:





Domain membership test . . . . . . : Passed





NetBT transports test. . . . . . . : Passed

List of NetBt transports currently configured:

NetBT_Tcpip_{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}

1 NetBt transport currently configured.





Autonet address test . . . . . . . : Passed





IP loopback ping test. . . . . . . : Passed





Default gateway test . . . . . . . : Passed





NetBT name test. . . . . . . . . . : Passed





Winsock test . . . . . . . . . . . : Passed





DNS test . . . . . . . . . . . . . : Passed





Redir and Browser test . . . . . . : Passed

List of NetBt transports currently bound to the Redir

NetBT_Tcpip_{ XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX }

The redir is bound to 1 NetBt transport.



List of NetBt transports currently bound to the browser

NetBT_Tcpip_{ XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX }

The browser is bound to 1 NetBt transport.





DC discovery test. . . . . . . . . : Passed





DC list test . . . . . . . . . . . : Passed





Trust relationship test. . . . . . : Passed

Secure channel for domain 'DOMAIN' is to '\\root1.domain.local'.





Kerberos test. . . . . . . . . . . : Failed

[FATAL] Kerberos does not have a ticket for host/STATION2 .





LDAP test. . . . . . . . . . . . . : Failed

[WARNING] The default SPN registration for 'HOST/STATION2 ' is
missing on DC '

root2.domain.local'.

[WARNING] The default SPN registration for 'HOST/STATION2 ' is
missing on DC '

root1.domain.local'.

[WARNING] The default SPN registration for 'HOST/STATION2 ' is
missing on DC '

remote1.domain.local'.

[FATAL] The default SPNs are not properly registered on any DCs.





Bindings test. . . . . . . . . . . : Passed





WAN configuration test . . . . . . : Skipped

No active remote access connections.





Modem diagnostics test . . . . . . : Passed



IP Security test . . . . . . . . . : Passed

Service status is: Started

Service startup is: Automatic

IPSec service is available, but no policy is assigned or active

Note: run "ipseccmd /?" for more detailed information







Any idea's or suggestions?



PS. I did run netdiag /fix which came up with the same result above.
Click to expand...
Click to expand...
Click to expand...
 
A

aptrsn

Again, thanks for the continued replies!

If you give a person just enough rope, more than likely they will hang
themselves. <grin>

Before I checked for your reply I did what any normal person would (but then
who said I was normal .. ack) and looked in the XP "Help and Support"
section for "Primary DNS Suffix" and there it was in black & white on how to
change or add the Primary DNS suffix. Sure enough when I did, the station
prompted for a restart and then came back up with all the correct settings
in place. Ran 'netdaig' and everything passed with the exception of
Kerberos:

Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for
host/STATION2.domain.local.

Any idea's as to why Kerberos would fail when everything else passes?
 
K

Kevin D. Goodknecht [MVP]

In
aptrsn said:
Again, thanks for the continued replies!

If you give a person just enough rope, more than likely they will hang
themselves. <grin>

Before I checked for your reply I did what any normal person would
(but then who said I was normal .. ack) and looked in the XP "Help
and Support" section for "Primary DNS Suffix" and there it was in
black & white on how to change or add the Primary DNS suffix. Sure
enough when I did, the station prompted for a restart and then came
back up with all the correct settings in place. Ran 'netdaig' and
everything passed with the exception of Kerberos:

Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for
host/STATION2.domain.local.
Click to expand...
GIve it time since the computer name changed it'll get another kerberos
ticket. I think if you run netdiag /fix it will get the ticket.
 
A

aptrsn

I tried netdiag /fix but that did not resolve the Kerberos test. I did
however notice that there was an event 40961 with the following description:

"The Security System could not establish a secured connection with the
server DNS/prisoner.iana.org. No authentication
protocol was available."

I don't know if this is related but from what I have seen in other post
regarding this error, my guess is that I am lacking a reverse-lookup entry
for my stations. Is this is also the cause of my Kerberos error?

Kevin D. Goodknecht said:
In
aptrsn said:
Again, thanks for the continued replies!

If you give a person just enough rope, more than likely they will hang
themselves. <grin>

Before I checked for your reply I did what any normal person would
(but then who said I was normal .. ack) and looked in the XP "Help
and Support" section for "Primary DNS Suffix" and there it was in
black & white on how to change or add the Primary DNS suffix. Sure
enough when I did, the station prompted for a restart and then came
back up with all the correct settings in place. Ran 'netdaig' and
everything passed with the exception of Kerberos:

Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for
host/STATION2.domain.local.
Click to expand...
GIve it time since the computer name changed it'll get another kerberos
ticket. I think if you run netdiag /fix it will get the ticket.
Click to expand...
 
K

Kevin D. Goodknecht [MVP]

In
aptrsn said:
I tried netdiag /fix but that did not resolve the Kerberos test. I did
however notice that there was an event 40961 with the following
description:

"The Security System could not establish a secured connection with the
server DNS/prisoner.iana.org. No authentication
protocol was available."
Click to expand...

prisoner.iana.org is the blackhole server that means that the reverse lookup
zone is missing or misconfigured on at least one of your DNS servers you
have listed.
I don't know if this is related but from what I have seen in other
post regarding this error, my guess is that I am lacking a
reverse-lookup entry for my stations. Is this is also the cause of my
Kerberos error?
Click to expand...

Can you post the entire event from the event viewer
 
A

Ace Fekay [MVP]

In
aptrsn said:
I tried netdiag /fix but that did not resolve the Kerberos test. I did
however notice that there was an event 40961 with the following
description:

"The Security System could not establish a secured connection with the
server DNS/prisoner.iana.org. No authentication
protocol was available."

I don't know if this is related but from what I have seen in other
post regarding this error, my guess is that I am lacking a
reverse-lookup entry for my stations. Is this is also the cause of my
Kerberos error?
Click to expand...


Is this machine joined to the domain? If it was, the suffix will have
automatically populated unless the box was unchecked to not change domain
membership when joined to a domain. (default is that it will change
membership). If not joined, it will definitely cause Kerberos errors.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NetDiag & DCDiag errors 19
[WARNING] Failed to query SPN registration on DC 3
DNS and LDAP problem 0
DNS and LDAP Errors in Netdiag 5
DNS Registration is Incorrect 1
domain server lost connectivity 0
DNS netdiag - No DNS Servers have this DC registered 5
Netdiag DNS error 26

Top