Client Machine cannot see Active Directory

G

Guest

I have one client that is unable to see Active Directory or access shares via
\\servername for our new NAS

but mapped drives work ok and authentication is ok.

I can see the client using both the FQDN and the Netbios name using NSLookup
from any PC on the network, but from that PC I get an error that the domain
doesnt exist.

I have removed the PC from the domain, cleared the DNS cache with
ipconfig/flushdns, deleted the computer record in AD users and computers, and
readded it and got the same result. I am not sure what I should try next.

I have not seen this issue with any other clients.

Any assistance would be greatly appreciated

thanks

Derek
 
A

Ace Fekay [MVP]

In
Derek Schauland said:
I have one client that is unable to see Active Directory or access
shares via \\servername for our new NAS

but mapped drives work ok and authentication is ok.

I can see the client using both the FQDN and the Netbios name using
NSLookup from any PC on the network, but from that PC I get an error
that the domain doesnt exist.

I have removed the PC from the domain, cleared the DNS cache with
ipconfig/flushdns, deleted the computer record in AD users and
computers, and readded it and got the same result. I am not sure
what I should try next.

I have not seen this issue with any other clients.

Any assistance would be greatly appreciated

thanks

Derek

Make absolutely sure all of your machines (DCs, clients and member servers)
only use the internal DNS and not an ISP's or any other outside DNS server
in their IP properties. Also make sure the SRV records exist under the zone.

If not sure of what I mean by the above paragraph, please post the following
information to help you out:

1. Unedited ipconfig /all of a DC and of one of your client machines.
2. The exact zone name spellng in DNS and whether updates are allowed on the
zone.
3. The AD DNS domain name as it shows up in ADUC.
4. If the SRV records exist under your zone.

--
Regards,
Ace

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
 
G

Guest

Thanks Ace.

I looked through the DNS Zones that are set up and this pc (invoicing01)
points to xxx.xxx.1.133 anywhere in DNS that it is referenced. I also
checked the properties for TCP/IP and set the local DNS server as the only
one to be used...

I ran netdiag on invoicing01 and got a [Warning] failed to query SPN
registration on DC 'dc fqdn' might this have something to do with the problem?

Also when trying to browse the network in net neighborhood, Active Directory
doesnt appear in Entire Network.. it just shows Windows Network. And trying
to access the DFS using \\domain produces an error about being unavailable,
but if I try \\domain\dfsrootname the window pops right up...

Sounds like it is almost working but not quite... any further ideas?

thanks

Derek
 
A

Ace Fekay [MVP]

In
Derek Schauland said:
Thanks Ace.

I looked through the DNS Zones that are set up and this pc
(invoicing01) points to xxx.xxx.1.133 anywhere in DNS that it is
referenced. I also checked the properties for TCP/IP and set the
local DNS server as the only one to be used...

I am assuming you are hiding the IP because it is a public IP? If it is
private, then hiding 192.168.1.133 is really not necessary.

I ran netdiag on invoicing01 and got a [Warning] failed to query SPN
registration on DC 'dc fqdn' might this have something to do with the
problem?

SPN is based on the FQDN called invoicing01.yourdomain.com. Do you have a
single label name domain name?
Also when trying to browse the network in net neighborhood, Active
Directory doesnt appear in Entire Network.. it just shows Windows
Network. And trying to access the DFS using \\domain produces an
error about being unavailable, but if I try \\domain\dfsrootname the
window pops right up...

It's starting to look like a single label domain name. I'm guessing at this
point with the limited info provided. That was why I asked for that info to
actually see everything one shot.

A single label name is "domain" rather than the required format of
"domain.com", "domain.net", "domain.local", or "domain.derek".

Ace
 
G

Guest

Hello Ace,

I do remember using a single name rather than the FQDN when adding this box
to the domain.

the IP info is below, sorry for not providing it sooner...

Windows IP Configuration



Host Name . . . . . . . . . . . . : invoicing01

Primary Dns Suffix . . . . . . . : internal.briess.com

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : internal.briess.com

BRIESS



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : BRIESS

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
Controller

Physical Address. . . . . . . . . : 00-12-3F-2E-4A-70

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.133

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Primary WINS Server . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Monday, September 12, 2005
7:50:52 AM

Lease Expires . . . . . . . . . . : Thursday, October 27, 2005
7:50:52 AM

I am guessing that removing the PC and adding it back to the domain using
internal.briess.com as the domain name would correct this?

Derek

Ace Fekay said:
In
Derek Schauland said:
Thanks Ace.

I looked through the DNS Zones that are set up and this pc
(invoicing01) points to xxx.xxx.1.133 anywhere in DNS that it is
referenced. I also checked the properties for TCP/IP and set the
local DNS server as the only one to be used...

I am assuming you are hiding the IP because it is a public IP? If it is
private, then hiding 192.168.1.133 is really not necessary.

I ran netdiag on invoicing01 and got a [Warning] failed to query SPN
registration on DC 'dc fqdn' might this have something to do with the
problem?

SPN is based on the FQDN called invoicing01.yourdomain.com. Do you have a
single label name domain name?
Also when trying to browse the network in net neighborhood, Active
Directory doesnt appear in Entire Network.. it just shows Windows
Network. And trying to access the DFS using \\domain produces an
error about being unavailable, but if I try \\domain\dfsrootname the
window pops right up...

It's starting to look like a single label domain name. I'm guessing at this
point with the limited info provided. That was why I asked for that info to
actually see everything one shot.

A single label name is "domain" rather than the required format of
"domain.com", "domain.net", "domain.local", or "domain.derek".

Ace
 
G

Guest

I set the DHCP server to use internal.briess.com as the dns suffix for
clients so invoicing01 should be using the correct DNS suffix...

however the latest netdiag still produces the same errors (see below) might
there be some replication issues at play? Even though I only have 1 internal
DNS/DHCP server?

Netdiag results for invoicing01


.........................................

Computer Name: INVOICING01
DNS Host Name: invoicing01.internal.briess.com
System info : Windows 2000 Professional (Build 2600)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes :
KB834707
KB873333
KB873339
KB883939
KB885250
KB885835
KB885836
KB886185
KB887472
KB887742
KB888113
KB888302
KB888310
KB890046
KB890175
KB890859
KB890923
KB891781
KB893066
KB893086
KB893756
KB893803v2
KB894391
KB896358
KB896422
KB896423
KB896428
KB896727
KB898461
KB899587
KB899588
KB899591
KB901214
KB903235
Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : invoicing01.internal.briess.com
IP Address . . . . . . . . : 192.168.1.133
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.254
Primary WINS Server. . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{83A3CA29-E14D-4EA9-86A4-6EAA6DFBDAF3}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{83A3CA29-E14D-4EA9-86A4-6EAA6DFBDAF3}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{83A3CA29-E14D-4EA9-86A4-6EAA6DFBDAF3}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'BRIESS' is to
'\\w-server2k.internal.briess.com'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC
'web2k.internal.briess.com'.
[WARNING] Failed to query SPN registration on DC
'solomon2k.internal.briess.com'.
[WARNING] Failed to query SPN registration on DC
'w-server2k.internal.briess.com'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
Service status is: Started
Service startup is: Automatic
IPSec service is available, but no policy is assigned or active
Note: run "ipseccmd /?" for more detailed information


The command completed successfully


Derek Schauland said:
Hello Ace,

I do remember using a single name rather than the FQDN when adding this box
to the domain.

the IP info is below, sorry for not providing it sooner...

Windows IP Configuration



Host Name . . . . . . . . . . . . : invoicing01

Primary Dns Suffix . . . . . . . : internal.briess.com

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : internal.briess.com

BRIESS



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : BRIESS

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
Controller

Physical Address. . . . . . . . . : 00-12-3F-2E-4A-70

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.133

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Primary WINS Server . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Monday, September 12, 2005
7:50:52 AM

Lease Expires . . . . . . . . . . : Thursday, October 27, 2005
7:50:52 AM

I am guessing that removing the PC and adding it back to the domain using
internal.briess.com as the domain name would correct this?

Derek

Ace Fekay said:
In
Derek Schauland said:
Thanks Ace.

I looked through the DNS Zones that are set up and this pc
(invoicing01) points to xxx.xxx.1.133 anywhere in DNS that it is
referenced. I also checked the properties for TCP/IP and set the
local DNS server as the only one to be used...

I am assuming you are hiding the IP because it is a public IP? If it is
private, then hiding 192.168.1.133 is really not necessary.

I ran netdiag on invoicing01 and got a [Warning] failed to query SPN
registration on DC 'dc fqdn' might this have something to do with the
problem?

SPN is based on the FQDN called invoicing01.yourdomain.com. Do you have a
single label name domain name?
Also when trying to browse the network in net neighborhood, Active
Directory doesnt appear in Entire Network.. it just shows Windows
Network. And trying to access the DFS using \\domain produces an
error about being unavailable, but if I try \\domain\dfsrootname the
window pops right up...

It's starting to look like a single label domain name. I'm guessing at this
point with the limited info provided. That was why I asked for that info to
actually see everything one shot.

A single label name is "domain" rather than the required format of
"domain.com", "domain.net", "domain.local", or "domain.derek".

Ace
 
A

Ace Fekay [MVP]

In
Derek Schauland said:
Hello Ace,

I do remember using a single name rather than the FQDN when adding
this box to the domain.

the IP info is below, sorry for not providing it sooner...

Windows IP Configuration
Host Name . . . . . . . . . . . . : invoicing01
Primary Dns Suffix . . . . . . . : internal.briess.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : internal.briess.com
BRIESS

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : BRIESS
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx
Gigabit Controller

Physical Address. . . . . . . . . : 00-12-3F-2E-4A-70
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.133
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Primary WINS Server . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Monday, September 12, 2005
7:50:52 AM

Lease Expires . . . . . . . . . . : Thursday, October 27, 2005
7:50:52 AM

I am guessing that removing the PC and adding it back to the domain
using internal.briess.com as the domain name would correct this?

Derek

What is AD's DNS domain name? Is it "Breiss" or "breiss.com"?

The Search Suffix on this machine (assuming it's the client), is set to:
DNS Suffix Search List. . . . . . : internal.briess.com
BRIESS

So when you attempt to connect to \\servername, the resolver service will
first look for (in the order shown above), "servername.briess.com", and if
not found under that zone, will then look for "servername.breiss". Then if
neither is found, it wll attempt to ask WINS. So do you see how the Search
Suffix dictates resolution? If either the record doesn't exist under either
zone, or the zone doesn't exist, and it doesn't exist in WINS, then it
returns "not found".

When resolving for \\domain, it will treat it as a NetBIOS name. So when it
tries to resolve \\domain\dfsrootname,it thinks \\domain is a host name and
not a domain. \\domain.com is the proper format.

I'm confused because the Primary DNS Suffix is:
Primary Dns Suffix . . . . . . . : internal.briess.com

Yet the Search Suffix list is:
DNS Suffix Search List. . . . . . : internal.briess.com
BRIESS

Normally with using a subdomain as the Primary DNS Suffis, the Search Suffix
will be set to:
DNS Suffix Search List. . . . . . : internal.briess.com
breiss.com

So, in light of this, can you tell me what zones exist in DNS? Can you also
post an ipconfig /all of your DC please? Honestly, I hope your AD DNS domain
name is not just "BREISS".

Oh, one more thing, I forgot to respond to a point you made in your previous
post:
Also when trying to browse the network in net
neighborhood, Active Directory doesnt appear
in Entire Network.. it just shows Windows
Network.

The above is normal on XP since that functionality was removed for security
reasons. Entire Network should only show Windows Network, unless you also
have NW client installed, which then it would show you Netware Network too.

Thanks
Ace
 
A

Ace Fekay [MVP]

In
Derek Schauland said:
I set the DHCP server to use internal.briess.com as the dns suffix for
clients so invoicing01 should be using the correct DNS suffix...

If you are manually setting internal.briess.com, now I can understand why it
shows up in the ipconfig /all. But if the zone doesn't exist, it doesn't
matter. NOrmally a client joined to the domain will take on the domain name
as the Primary DNS Suffix.

however the latest netdiag still produces the same errors (see below)
might there be some replication issues at play? Even though I only
have 1 internal DNS/DHCP server?

Doesn't matter how many DNS or DHCP servers you have. It's apparently
looking like a mis-named AD DNS domain name.

Netdiag results for invoicing01
[WARNING] Failed to query SPN registration on DC
'w-server2k.internal.briess.com'.
The above is due to not having a reverse zone created. If you do have a
reverse zone, there is no PTR entry for 'w-server2k.internal.briess.com'.
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.
The above may indicate WINS doesn't have an entry for the name of the
machine, 'invoicing01'.

Ace
 
G

Guest

Ace...

I see where having the domain name in AD just entered as briess would be a
problem...

When I specified internal.briess.com in dhcp to force clients to use that
dns suffix, I replaced briess so that should be ok now.

I have included ipconfig /all from 2 DCs on our network.... looks alright
from what I can tell... neither of them see just briess as a dns suffix.

IPconfig 1:

Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : solomon2k
Primary DNS Suffix . . . . . . . : internal.briess.com
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : internal.briess.com

Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Server Adapter
(PILA8470B)
Physical Address. . . . . . . . . : 00-30-48-22-AD-84

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.1

IPconfig 2:

Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : w-server2k
Primary DNS Suffix . . . . . . . : internal.briess.com
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : internal.briess.com
briess.com

Ethernet adapter Intel Pro 1000 MT Gigabit Ethernet Adapter - Onboard:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0C-F1-D1-73-BF

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.200

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.1.1
Primary WINS Server . . . . . . . : 192.168.1.1


Ethernet adapter Intel Fast Ethernet LAN Controller - PCI Slot 4:



Media State . . . . . . . . . . . : Cable Disconnected

Description . . . . . . . . . . . : Intel(R) PRO/100 S Server Adapter
Physical Address. . . . . . . . . : 00-02-B3-EF-95-23

Also, all the clients are listed in the DNS zone internal.briess.com, some
web apps like www.briess.com and mail and things live in the zone
briess.com...

internal.briess.com zone list:

Name Type Data
wmcchart Host 192.168.0.51
web2k Host 192.168.1.3
w-server2k Host 192.168.0.200
W-MSILLMAN2K Host 192.168.0.197
w-gburmeisterxp Host 192.168.0.39
w-gburmeister Host 192.168.0.58
W-FPETRAN2K Host 192.168.0.14
W-CSTROBEL2K Host 192.168.0.150
W-CBEYER2K Host 192.168.1.64
w-beyerc2k Host 192.168.0.180
vstenklyftxp Host 192.168.1.52
VSTENKLYFT2K Host 192.168.1.124
vista1 Host 192.168.254.128
vendor2k Host 192.168.1.144
traffic2k Host 192.168.1.76
tmeyer2k Host 192.168.1.66
thickey2k Host 192.168.1.70
test2k Host 192.168.1.68
test Host 192.168.1.85
SQL2K Host 192.168.1.11
solomon60test Host 192.168.1.66
solomon2k Host 192.168.1.1
SMUELLENBACH2K Host 192.168.1.93
shipping01 Host 192.168.1.115
ryoung2k Host 192.168.1.128
rndmanager Host 192.168.1.74
RECEPTION2K Host 192.168.1.65
reception01 Host 192.168.1.66
qualityoffice Host 192.168.1.62
purchasing01 Host 192.168.1.94
project Host 192.168.1.108
president Host 192.168.1.99
PPICKART2K Host 192.168.1.67
portalserver Host 192.168.1.51
MPIEPENBURG2K Host 192.168.1.248
MMCINTIRE2K Host 192.168.1.148
mlauty2k Host 192.168.1.150
mgruber2k Host 192.168.1.114
MFORSTNER2K Host 192.168.1.116
Marketing02 Host 192.168.1.82
marketing01 Host 192.168.1.107
Maintenance02 Host 192.168.1.88
maintenance01 Host 192.168.1.81
LMANZ2K Host 192.168.1.101
LFRANZ2K Host 192.168.1.74
lboetchoer2k Host 192.168.1.153
laptop Host 192.168.2.102
labeler2k1 Host 192.168.1.117
labeler2k Host 192.168.1.122
lab3 Host 192.168.1.68
lab2 Host 192.168.1.121
lab1 Host 192.168.1.79
KVOGEL2K Host 192.168.1.105
kvhieewp Host 192.168.1.108
kschroeder2k2 Host 192.168.1.146
kschroeder2k04 Host 192.168.1.138
KSCHROEDER2K Host 192.168.1.131
kkunzxp Host 192.168.1.77
KKLASEN2K Host 192.168.1.113
kdedering2k Host 192.168.1.95
KBOLL2K Host 192.168.1.104
jmeuer2k Host 192.168.1.157
jkrueger2k Host 192.168.1.158
jgokingxp Host 192.168.1.84
it Host 192.168.1.5
invoicing01 Host 192.168.1.133
greuels2K03 Host 192.168.1.56
foodsales Host 192.168.1.89
finance Host 192.168.1.125
FILES2K Host 192.168.1.8
extractsuper02 Host 192.168.1.123
extractsuper01 Host 192.168.1.116
extractmanager Host 192.168.1.104
exchange2k Host 192.168.1.7
dschaulandxp Host 192.168.1.69
dkuske2k Host 192.168.1.118
DistCenter Host 192.168.1.102
dboettcher2k2 Host 192.168.1.119
DBOETTCHER2K Host 192.168.1.132
custservice3 Host 192.168.1.97
CustService2 Host 192.168.1.96
custservice1 Host 192.168.1.92
credit01 Host 192.168.1.64
CMCWarehouse Host 192.168.1.75
CMCLAB2K Host 192.168.0.22
cmc_maintenance Host 192.168.1.114
CKREBSBACH2K-03 Host 192.168.1.71
CKREBSBACH2K Host 192.168.1.53
CKLEINHANS2K Host 192.168.1.123
citrix2k Host 192.168.1.63
CFIELD2K Host 192.168.1.111
CELERON2K Host 192.168.1.61
CARTMAN Host 192.168.1.90
BWASDOVITCH2K Host 192.168.1.58
BTASCH2K Host 192.168.1.46
brushlaptop Host 192.168.1.94
BRUSH2K Host 192.168.1.62
briess-7916803x Host 192.168.1.244
BPARR2K3 Host 192.168.1.57
bhansen2k Host 192.168.1.85
BDOETTCHER2K Host 192.168.1.132
ashiplett2k Host 192.168.1.98
area151 Host 192.168.1.130
area151 Host 192.168.1.51
archive95 Host 192.168.1.107
ACASPER2K Host 192.168.1.109
_udp
_tcp
_sites
_msdcs
(same as parent folder) Start of Authority [2134],
solomon2k.internal.briess.com., admin.
(same as parent folder) Name Server solomon2k.internal.briess.com.
(same as parent folder) Host 192.168.1.10
(same as parent folder) Host 192.168.1.7
(same as parent folder) Host 192.168.1.3
(same as parent folder) Host 192.168.1.1
(same as parent folder) Host 192.168.0.200
(same as parent folder) Host 192.168.0.2
(same as parent folder) Host 169.254.148.31



I think it is beginning to make sense a little more now. I walked into this
environment and it was limping along well enough to leave it alone until
recently...


Thanks again for all your help...

Derek
 
A

Ace Fekay [MVP]

In Derek Schauland <[email protected]> made this post,
which I then commented about below:

Derek, I see some interesting issues. Please read my comments inline
below...

Ace...

I see where having the domain name in AD just entered as briess would
be a problem...

When I specified internal.briess.com in dhcp to force clients to use
that dns suffix, I replaced briess so that should be ok now.
Good.


I have included ipconfig /all from 2 DCs on our network.... looks
alright from what I can tell... neither of them see just briess as a
dns suffix.
Good.

=================================
IPconfig 1:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : solomon2k
Primary DNS Suffix . . . . . . . : internal.briess.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : internal.briess.com

This should also show briess.com as the second search suffix. Did you remove
that? That is actually default and will suggest to keep it, especially if
you have a briess.com zone with records in it.
Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Server Adapter
(PILA8470B)
Physical Address. . . . . . . . . : 00-30-48-22-AD-84
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.1


Derek, there is no WINS address configured for this machine in it's ipconfig
/all above. If I suspect as such that you have multiple subnets, unless the
IP configuration below is incorrect, then WINS will be required for cross
subnet NetBIOS name resolution.

=================================


IPconfig 2:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : w-server2k
Primary DNS Suffix . . . . . . . : internal.briess.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : internal.briess.com
briess.com

Ethernet adapter Intel Pro 1000 MT Gigabit Ethernet Adapter - Onboard:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection Physical Address. . . . . . . . . : 00-0C-F1-D1-73-BF
DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Primary WINS Server . . . . . . . : 192.168.1.1


Derek, do you have multiple subnets in your organization or is that a typo
in the ipconfig /all?

Ethernet adapter Intel Fast Ethernet LAN Controller - PCI Slot 4:

Media State . . . . . . . . . . . : Cable Disconnected


Derek, disable the above NIC in the BIOS please, or disable it in Windows.


Description . . . . . . . . . . . : Intel(R) PRO/100 S Server Adapter
Physical Address. . . . . . . . . : 00-02-B3-EF-95-23
=================================


Also, all the clients are listed in the DNS zone internal.briess.com,
some web apps like www.briess.com and mail and things live in the zone
briess.com...

internal.briess.com zone list:

Name Type Data
wmcchart Host 192.168.0.51
web2k Host 192.168.1.3
w-server2k Host 192.168.0.200
W-MSILLMAN2K Host 192.168.0.197
w-gburmeisterxp Host 192.168.0.39
w-gburmeister Host 192.168.0.58
W-FPETRAN2K Host 192.168.0.14
W-CSTROBEL2K Host 192.168.0.150
W-CBEYER2K Host 192.168.1.64
w-beyerc2k Host 192.168.0.180
vstenklyftxp Host 192.168.1.52
VSTENKLYFT2K Host 192.168.1.124
vista1 Host 192.168.254.128
vendor2k Host 192.168.1.144
traffic2k Host 192.168.1.76
tmeyer2k Host 192.168.1.66
thickey2k Host 192.168.1.70
test2k Host 192.168.1.68
test Host 192.168.1.85
SQL2K Host 192.168.1.11
solomon60test Host 192.168.1.66
solomon2k Host 192.168.1.1
SMUELLENBACH2K Host 192.168.1.93
shipping01 Host 192.168.1.115
ryoung2k Host 192.168.1.128
rndmanager Host 192.168.1.74
RECEPTION2K Host 192.168.1.65
reception01 Host 192.168.1.66
qualityoffice Host 192.168.1.62
purchasing01 Host 192.168.1.94
project Host 192.168.1.108
president Host 192.168.1.99
PPICKART2K Host 192.168.1.67
portalserver Host 192.168.1.51
MPIEPENBURG2K Host 192.168.1.248
MMCINTIRE2K Host 192.168.1.148
mlauty2k Host 192.168.1.150
mgruber2k Host 192.168.1.114
MFORSTNER2K Host 192.168.1.116
Marketing02 Host 192.168.1.82
marketing01 Host 192.168.1.107
Maintenance02 Host 192.168.1.88
maintenance01 Host 192.168.1.81
LMANZ2K Host 192.168.1.101
LFRANZ2K Host 192.168.1.74
lboetchoer2k Host 192.168.1.153
laptop Host 192.168.2.102
labeler2k1 Host 192.168.1.117
labeler2k Host 192.168.1.122
lab3 Host 192.168.1.68
lab2 Host 192.168.1.121
lab1 Host 192.168.1.79
KVOGEL2K Host 192.168.1.105
kvhieewp Host 192.168.1.108
kschroeder2k2 Host 192.168.1.146
kschroeder2k04 Host 192.168.1.138
KSCHROEDER2K Host 192.168.1.131
kkunzxp Host 192.168.1.77
KKLASEN2K Host 192.168.1.113
kdedering2k Host 192.168.1.95
KBOLL2K Host 192.168.1.104
jmeuer2k Host 192.168.1.157
jkrueger2k Host 192.168.1.158
jgokingxp Host 192.168.1.84
it Host 192.168.1.5
invoicing01 Host 192.168.1.133
greuels2K03 Host 192.168.1.56
foodsales Host 192.168.1.89
finance Host 192.168.1.125
FILES2K Host 192.168.1.8
extractsuper02 Host 192.168.1.123
extractsuper01 Host 192.168.1.116
extractmanager Host 192.168.1.104
exchange2k Host 192.168.1.7
dschaulandxp Host 192.168.1.69
dkuske2k Host 192.168.1.118
DistCenter Host 192.168.1.102
dboettcher2k2 Host 192.168.1.119
DBOETTCHER2K Host 192.168.1.132
custservice3 Host 192.168.1.97
CustService2 Host 192.168.1.96
custservice1 Host 192.168.1.92
credit01 Host 192.168.1.64
CMCWarehouse Host 192.168.1.75
CMCLAB2K Host 192.168.0.22
cmc_maintenance Host 192.168.1.114
CKREBSBACH2K-03 Host 192.168.1.71
CKREBSBACH2K Host 192.168.1.53
CKLEINHANS2K Host 192.168.1.123
citrix2k Host 192.168.1.63
CFIELD2K Host 192.168.1.111
CELERON2K Host 192.168.1.61
CARTMAN Host 192.168.1.90
BWASDOVITCH2K Host 192.168.1.58
BTASCH2K Host 192.168.1.46
brushlaptop Host 192.168.1.94
BRUSH2K Host 192.168.1.62
briess-7916803x Host 192.168.1.244
BPARR2K3 Host 192.168.1.57
bhansen2k Host 192.168.1.85
BDOETTCHER2K Host 192.168.1.132
ashiplett2k Host 192.168.1.98
area151 Host 192.168.1.130
area151 Host 192.168.1.51
archive95 Host 192.168.1.107
ACASPER2K Host 192.168.1.109
_udp
_tcp
_sites
_msdcs
(same as parent folder) Start of Authority [2134],
solomon2k.internal.briess.com., admin.
(same as parent folder) Name Server solomon2k.internal.briess.com.
(same as parent folder) Host 192.168.1.10
(same as parent folder) Host 192.168.1.7
(same as parent folder) Host 192.168.1.3
(same as parent folder) Host 192.168.1.1
(same as parent folder) Host 192.168.0.200
(same as parent folder) Host 192.168.0.2
(same as parent folder) Host 169.254.148.31

Go into DNS and remove the 169.254.148.31 entry. That is coming from the NIC
that is not connected. You will need to either disable the NIC in the BIOS
or in Windows, or physically remove it.

I think it is beginning to make sense a little more now. I walked
into this environment and it was limping along well enough to leave
it alone until recently...


Thanks again for all your help...

Derek


See if that helps.

Also, are you routing between the 192.168.0.0 network and the 192.168.1.0
network on a NAT device? If so, that can be blocking domain communication
(specifically LDAP, RPC and Kerberos), due to H.323 support. What type of
device is your router that is connecting the two subnets? Is it a Windows
machine or a 3rd party device? If either one, does it have 3 interfaces on
it?

Ace
 
G

Guest

We have multiple subnets 192.168.1.0, 192.168.0.0, and 192.168.3.0

3.0 uses a netgear wireless router to allow wireless access for some devices

1.0 is the subnet for the majority of our users and servers

0.0 is the subnet for our remote location. This subnet is connected by a
hardware vpn between a Cisco Pix 515 and a Cisco Pix 501. The pix 515 has 3
interfaces the 501 has 2

I will make sure to disable the non-used NICs and remove the 169.254.148.31
entry.

I have some web applications being sent out to the internet using NAT on the
Pix 515 other than that just the VPN from the remote site is coming in
between subnets.


Derek

Ace Fekay said:
In Derek Schauland <[email protected]> made this post,
which I then commented about below:

Derek, I see some interesting issues. Please read my comments inline
below...

Ace...

I see where having the domain name in AD just entered as briess would
be a problem...

When I specified internal.briess.com in dhcp to force clients to use
that dns suffix, I replaced briess so that should be ok now.
Good.


I have included ipconfig /all from 2 DCs on our network.... looks
alright from what I can tell... neither of them see just briess as a
dns suffix.
Good.

=================================
IPconfig 1:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : solomon2k
Primary DNS Suffix . . . . . . . : internal.briess.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : internal.briess.com

This should also show briess.com as the second search suffix. Did you remove
that? That is actually default and will suggest to keep it, especially if
you have a briess.com zone with records in it.
Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Server Adapter
(PILA8470B)
Physical Address. . . . . . . . . : 00-30-48-22-AD-84
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.1


Derek, there is no WINS address configured for this machine in it's ipconfig
/all above. If I suspect as such that you have multiple subnets, unless the
IP configuration below is incorrect, then WINS will be required for cross
subnet NetBIOS name resolution.

=================================


IPconfig 2:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : w-server2k
Primary DNS Suffix . . . . . . . : internal.briess.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : internal.briess.com
briess.com

Ethernet adapter Intel Pro 1000 MT Gigabit Ethernet Adapter - Onboard:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection Physical Address. . . . . . . . . : 00-0C-F1-D1-73-BF
DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Primary WINS Server . . . . . . . : 192.168.1.1


Derek, do you have multiple subnets in your organization or is that a typo
in the ipconfig /all?

Ethernet adapter Intel Fast Ethernet LAN Controller - PCI Slot 4:

Media State . . . . . . . . . . . : Cable Disconnected


Derek, disable the above NIC in the BIOS please, or disable it in Windows.


Description . . . . . . . . . . . : Intel(R) PRO/100 S Server Adapter
Physical Address. . . . . . . . . : 00-02-B3-EF-95-23
=================================


Also, all the clients are listed in the DNS zone internal.briess.com,
some web apps like www.briess.com and mail and things live in the zone
briess.com...

internal.briess.com zone list:

Name Type Data
wmcchart Host 192.168.0.51
web2k Host 192.168.1.3
w-server2k Host 192.168.0.200
W-MSILLMAN2K Host 192.168.0.197
w-gburmeisterxp Host 192.168.0.39
w-gburmeister Host 192.168.0.58
W-FPETRAN2K Host 192.168.0.14
W-CSTROBEL2K Host 192.168.0.150
W-CBEYER2K Host 192.168.1.64
w-beyerc2k Host 192.168.0.180
vstenklyftxp Host 192.168.1.52
VSTENKLYFT2K Host 192.168.1.124
vista1 Host 192.168.254.128
vendor2k Host 192.168.1.144
traffic2k Host 192.168.1.76
tmeyer2k Host 192.168.1.66
thickey2k Host 192.168.1.70
test2k Host 192.168.1.68
test Host 192.168.1.85
SQL2K Host 192.168.1.11
solomon60test Host 192.168.1.66
solomon2k Host 192.168.1.1
SMUELLENBACH2K Host 192.168.1.93
shipping01 Host 192.168.1.115
ryoung2k Host 192.168.1.128
rndmanager Host 192.168.1.74
RECEPTION2K Host 192.168.1.65
reception01 Host 192.168.1.66
qualityoffice Host 192.168.1.62
purchasing01 Host 192.168.1.94
project Host 192.168.1.108
president Host 192.168.1.99
PPICKART2K Host 192.168.1.67
portalserver Host 192.168.1.51
MPIEPENBURG2K Host 192.168.1.248
MMCINTIRE2K Host 192.168.1.148
mlauty2k Host 192.168.1.150
mgruber2k Host 192.168.1.114
MFORSTNER2K Host 192.168.1.116
Marketing02 Host 192.168.1.82
marketing01 Host 192.168.1.107
Maintenance02 Host 192.168.1.88
maintenance01 Host 192.168.1.81
LMANZ2K Host 192.168.1.101
LFRANZ2K Host 192.168.1.74
lboetchoer2k Host 192.168.1.153
laptop Host 192.168.2.102
labeler2k1 Host 192.168.1.117
labeler2k Host 192.168.1.122
lab3 Host 192.168.1.68
lab2 Host 192.168.1.121
lab1 Host 192.168.1.79
KVOGEL2K Host 192.168.1.105
kvhieewp Host 192.168.1.108
kschroeder2k2 Host 192.168.1.146
kschroeder2k04 Host 192.168.1.138
KSCHROEDER2K Host 192.168.1.131
kkunzxp Host 192.168.1.77
KKLASEN2K Host 192.168.1.113
kdedering2k Host 192.168.1.95
KBOLL2K Host 192.168.1.104
jmeuer2k Host 192.168.1.157
jkrueger2k Host 192.168.1.158
jgokingxp Host 192.168.1.84
it Host 192.168.1.5
invoicing01 Host 192.168.1.133
greuels2K03 Host 192.168.1.56
foodsales Host 192.168.1.89
finance Host 192.168.1.125
FILES2K Host 192.168.1.8
extractsuper02 Host 192.168.1.123
extractsuper01 Host 192.168.1.116
extractmanager Host 192.168.1.104
exchange2k Host 192.168.1.7
dschaulandxp Host 192.168.1.69
dkuske2k Host 192.168.1.118
DistCenter Host 192.168.1.102
dboettcher2k2 Host 192.168.1.119
DBOETTCHER2K Host 192.168.1.132
custservice3 Host 192.168.1.97
CustService2 Host 192.168.1.96
custservice1 Host 192.168.1.92
credit01 Host 192.168.1.64
CMCWarehouse Host 192.168.1.75
CMCLAB2K Host 192.168.0.22
cmc_maintenance Host 192.168.1.114
CKREBSBACH2K-03 Host 192.168.1.71
CKREBSBACH2K Host 192.168.1.53
CKLEINHANS2K Host 192.168.1.123
citrix2k Host 192.168.1.63
CFIELD2K Host 192.168.1.111
CELERON2K Host 192.168.1.61
CARTMAN Host 192.168.1.90
BWASDOVITCH2K Host 192.168.1.58
BTASCH2K Host 192.168.1.46
brushlaptop Host 192.168.1.94
BRUSH2K Host 192.168.1.62
briess-7916803x Host 192.168.1.244
BPARR2K3 Host 192.168.1.57
bhansen2k Host 192.168.1.85
BDOETTCHER2K Host 192.168.1.132
ashiplett2k Host 192.168.1.98
area151 Host 192.168.1.130
area151 Host 192.168.1.51
archive95 Host 192.168.1.107
ACASPER2K Host 192.168.1.109
_udp
_tcp
_sites
_msdcs
(same as parent folder) Start of Authority [2134],
solomon2k.internal.briess.com., admin.
(same as parent folder) Name Server solomon2k.internal.briess.com.
(same as parent folder) Host 192.168.1.10
(same as parent folder) Host 192.168.1.7
(same as parent folder) Host 192.168.1.3
(same as parent folder) Host 192.168.1.1
(same as parent folder) Host 192.168.0.200
(same as parent folder) Host 192.168.0.2
(same as parent folder) Host 169.254.148.31

Go into DNS and remove the 169.254.148.31 entry. That is coming from the NIC
that is not connected. You will need to either disable the NIC in the BIOS
or in Windows, or physically remove it.

I think it is beginning to make sense a little more now. I walked
into this environment and it was limping along well enough to leave
it alone until recently...


Thanks again for all your help...

Derek


See if that helps.

Also, are you routing between the 192.168.0.0 network and the 192.168.1.0
network on a NAT device? If so, that can be blocking domain communication
(specifically LDAP, RPC and Kerberos), due to H.323 support. What type of
device is your router that is connecting the two subnets? Is it a Windows
machine or a 3rd party device? If either one, does it have 3 interfaces on
it?

Ace
 
A

Ace Fekay [MVP]

In
Derek Schauland said:
We have multiple subnets 192.168.1.0, 192.168.0.0, and 192.168.3.0

3.0 uses a netgear wireless router to allow wireless access for some
devices

1.0 is the subnet for the majority of our users and servers

0.0 is the subnet for our remote location. This subnet is connected
by a hardware vpn between a Cisco Pix 515 and a Cisco Pix 501. The
pix 515 has 3 interfaces the 501 has 2

I will make sure to disable the non-used NICs and remove the
169.254.148.31 entry.

I have some web applications being sent out to the internet using NAT
on the Pix 515 other than that just the VPN from the remote site is
coming in between subnets.


Derek

Cool, I'm getting a better idea now of your infrastructure. You sure did
inherit a headache.

Ok, is the client having problems accessing AD on the wireless 3.x subnet?
Does the PIX box connect the 1.0 and the 0.0 subnet?

Is PIX allowing ALL traffic between subnets?

Going back to your original post, you said:
I have one client that is unable to see Active
Directory or access shares via
\\servername for our new NAS

What is the NAS box? The PIX box? Is the client connected thru a VPN from
home or something when it can't access AD services? If so, what IP address
does the client machine have at home? Does it match the IP address range at
the office? (0.0 or 1.0)?



Ace
 
G

Guest

I wish there were such an easy explanation.

The box that cannot see the AD services is on 1.0 subnet in the office with
a wired 100Mb connection. Currently there are no PCs on the wireless subnet.


The pix VPN allows all traffic between 1.0 and 0.0

The problem started when we added the NAS box (a dell powervault 745N) to
the network at 192.168.1.90

The pix 515 at the office has an inside address of 192.168.1.254 and
connects to the pix 501 which uses DHCP from our provider on the outside
address. (this setup works flawlessly)

So there arent any crazy circumstances for the problem machine to
overcome... it is hooked up behind the Pix 515 on the 1.0 subnet.

Last I spoke with the user she was able to get to the DFS shares and print,
so the problem for the user has subsided, but these DNS errors seem to be
lingering...

Derek
 
A

Ace Fekay [MVP]

In
Derek Schauland said:
I wish there were such an easy explanation.

The box that cannot see the AD services is on 1.0 subnet in the
office with a wired 100Mb connection. Currently there are no PCs on
the wireless subnet.


The pix VPN allows all traffic between 1.0 and 0.0

The problem started when we added the NAS box (a dell powervault
745N) to the network at 192.168.1.90

The pix 515 at the office has an inside address of 192.168.1.254 and
connects to the pix 501 which uses DHCP from our provider on the
outside address. (this setup works flawlessly)

So there arent any crazy circumstances for the problem machine to
overcome... it is hooked up behind the Pix 515 on the 1.0 subnet.

Last I spoke with the user she was able to get to the DFS shares and
print, so the problem for the user has subsided, but these DNS errors
seem to be lingering...

Derek

At least I'm glad to hear some of the connectivity issues have subsided. I'm
still curious what caused them.

Here's an interesting issue I've come across with one of my clients. Their
IP range is 192.168.1.0, such as yours. When they are home, and they VPN in,
they cannot connect to internal resources. I've found they have a DSL/Cable
router at home set to 192.168.1.0. This will cause routing errors on the
client, which it won't know what gateway to use, therefore it will use it's
own set gate and not the VPN connections. In this case, I usually walk them
thru to change their IP range at home to make it work.

As for the PIX routing between two private subnets, I've seen issues, and
not saying it is only PIX or not PIX, but with Windows routing between two
private subnets and the thing is also offering NAT services, that LDAP and
other protocols will not get routed properly due to H.323 support. H.323
support lowers the PDU (process data units of a packet) to 64k where LDAP
under Windows (not sure if it applies to all other vendors) requires a
minimum of 300k. Disabling H.323 cures it.

Ok, back to the DNS errors. Maybe their based on the IP range I mentioned?

Ace
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top