XP workstations will not apply GPO software install but 2000 WS do

[Guest]

Hello,

I have setup an OU with a GPO that will install Outlook 2003 by Computer.
This works great for win 2000 workstations but for any XP ws (Professional)
I get the error upon boot up that it could not contact the DC therefore the
GPO install will abort. Any ideas? I suspected a problem with DNS
but I have check it and seems fine. I am able to log into the WS with a AD
user and
I am able to ping, nslookup all systems on the network including the DC
without any problems.

 

[Herb Martin]

Hello,

I have setup an OU with a GPO that will install Outlook 2003 by Computer.
This works great for win 2000 workstations but for any XP ws (Professional)

I get the error upon boot up that it could not contact the DC therefore the
GPO install will abort. Any ideas? I suspected a problem with DNS
but I have check it and seems fine. I am able to log into the WS with a AD
user and

Such (failure to authenticate and thus load GPOs etc.) is almost
always a DNS issue but it can be a more direct authentication or
permission problem.

I am able to ping, nslookup all systems on the network including the DC
without any problems.

This does argue for eliminating DNS as the culprit,
but let's first say that INTERNAL clients must use
ONLY the internal DNS servers in their NIC->IP->
DNS server properties.

How about permissions? Are the install files (the MSI etc.)
located on a server with Share or NTFS permissions that
do not allow the XP machines (accounts) to download the
files?

If you used something like "Authenticated Users-READ" this
should not be the problem.

Does it really say it "cannot contact the DC" or does it use
the Server name (for the DC) in the context of trying to
download the FILES?

There is a difference (the DC doesn't actually have to hold
the files distributed through the GPO instructions, but the
key here is to isolate WHAT is failing.)

It sounds like permissions but that seems unlikely to be
messed up.
[/QUOTE]

 

[Guest]

Hi,
I don't think it is permissions because all my win2k ws work fine. I have
about 60 of these, I am only having a problem with my XP ws (about 10
machines).

The exact error I get is the following:

Windows cannot obtain the domain controller name for your computer network.
(The specified domain either does not exist or could not be contacted. ).
Group Policy processing aborted.


I have run netdiag with no problems. nslookup, ping any thing I could think
of.
I don't think it is specific to the workstation because all my XP machines
give me
this.

Such (failure to authenticate and thus load GPOs etc.) is almost
always a DNS issue but it can be a more direct authentication or
permission problem.


This does argue for eliminating DNS as the culprit,
but let's first say that INTERNAL clients must use
ONLY the internal DNS servers in their NIC->IP->
DNS server properties.

How about permissions? Are the install files (the MSI etc.)
located on a server with Share or NTFS permissions that
do not allow the XP machines (accounts) to download the
files?

If you used something like "Authenticated Users-READ" this
should not be the problem.

Does it really say it "cannot contact the DC" or does it use
the Server name (for the DC) in the context of trying to
download the FILES?

There is a difference (the DC doesn't actually have to hold
the files distributed through the GPO instructions, but the
key here is to isolate WHAT is failing.)

It sounds like permissions but that seems unlikely to be
messed up.

[/QUOTE]

 

[Herb Martin]

Windows cannot obtain the domain controller name for your computer
network.

(The specified domain either does not exist or could not be contacted. ).
Group Policy processing aborted.

Ok, that is a little different -- it never really began the
Group Policy processing in any significant way.

So likely you need to fix your DNS (focusing first on
the clients since only part of them show the problem)
but do not overlook the servers if that doesn't fix it:

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:

nltest /dsregdns /serverC-ServerNameGoesHere

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Lable domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]