Domain Controller list test failed

[Pablo Fernandez]

Hello guys.

I have installed a Win2K server in my site. This is the configuration.

The server will hold files, share printers and control the access only
authorized accounts will log into the server.
Actually we have a ADSL connection, which must be shared as well via DHCP.
The equipments connected are:
Speedtouch ADSL modem, connected to a Linksys Wi-Fi router, from the router
is attached a cable to a Switch, the server connects via hub, the server
room is not finished yet. So I have plugged a cable from the wall to a hub
in order to continue the network segment.

The Internal server address / (the one configured via TCP/IP properties is
192.168.70.1) full class C, no subnetting
The Linksys router internal address is: 192.168.70.50, full class C, no
subnetting
The ADSL modem IP address : 200.109.233.200 / 22 (or 255.255.252.0)

I can ping the server and the linksys each other. I can surf the web from
the server and the desktops who are connected to the same hub segment.

The problem is when I try to include a desktop or laptop to the domain, I
have decided to run a NetDiag in order to check what is wrong, as you can
see the Domain Controller list test failed. How I can fix this? Thank you
very much in advance! Pablo

full class C, no subnetting


Computer Name: CCS-SRV-001
DNS Host Name: ccs-srv-001.s4biz.com
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 0 Stepping 7, GenuineIntel
List of installed hotfixes :
Q147222


Netcard queries test . . . . . . . : Passed
GetStats failed for 'Paralelo directo'. [ERROR_NOT_SUPPORTED]
GetStats failed for 'Minipuerto WAN (PPTP)'. [ERROR_GEN_FAILURE]
[WARNING] The net card 'Minipuerto WAN (IP)' may not be working because
it has not received any packets.
[WARNING] The net card 'Minipuerto WAN (Monitor de red)' may not be
working because it has not received any packets.
[WARNING] The net card 'Minipuerto WAN (AppleTalk)' may not be working
because it has not received any packets.
GetStats failed for 'Minipuerto WAN (L2TP)'. [ERROR_NOT_SUPPORTED]



Per interface results:

Adapter : Conexión de área local

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ccs-srv-001
IP Address . . . . . . . . : 192.168.70.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.70.50
Dns Servers. . . . . . . . : 200.44.32.12
200.44.32.13


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{B86201C9-44E7-4EDA-B4B2-33677DAC56C6}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL] Could not open file H:\WINNT\system32\config\netlogon.dns for
reading.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{B86201C9-44E7-4EDA-B4B2-33677DAC56C6}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{B86201C9-44E7-4EDA-B4B2-33677DAC56C6}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Failed
Failed to enumerate DCs by using the browser.
[NERR_BadTransactConfig]


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

 

[Ace Fekay [MVP]]

In

Hello guys.

I have installed a Win2K server in my site. This is the configuration.

The server will hold files, share printers and control the access only
authorized accounts will log into the server.
Actually we have a ADSL connection, which must be shared as well via
DHCP. The equipments connected are:
Speedtouch ADSL modem, connected to a Linksys Wi-Fi router, from the
router is attached a cable to a Switch, the server connects via hub,
the server room is not finished yet. So I have plugged a cable from
the wall to a hub in order to continue the network segment.

The Internal server address / (the one configured via TCP/IP
properties is 192.168.70.1) full class C, no subnetting
The Linksys router internal address is: 192.168.70.50, full class C,
no subnetting
The ADSL modem IP address : 200.109.233.200 / 22 (or 255.255.252.0)

I can ping the server and the linksys each other. I can surf the web
from the server and the desktops who are connected to the same hub
segment.

The problem is when I try to include a desktop or laptop to the
domain, I have decided to run a NetDiag in order to check what is
wrong, as you can see the Domain Controller list test failed. How I
can fix this? Thank you very much in advance! Pablo

full class C, no subnetting

Host Name. . . . . . . . . : ccs-srv-001
IP Address . . . . . . . . : 192.168.70.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.70.50
Dns Servers. . . . . . . . : 200.44.32.12
200.44.32.13

<snip>

This is a classic problem of not using the internal DNS server. In any AD
installation, the internal server MUST be the only one referenced in ALL
machines. This includes the domain controller, member servers, and clients.
Otherwise, numerous issues WILL result from the misconfiguration. Here is a
repost of a snippet I've posted in the past that may help you in regards to
understanding how AD relies on DNS:

_________________________
AD & DNS:
If you have your ISP's DNS addresses in your IP configuration (DCs and
clients), they need to be REMOVED. This is what is causing the whole
problem.

Just a little background: AD uses DNS. DNS stores AD's resource and service
locations in the form of SRV records, hence how everything that is part of
the domain will find resources in the domain. If the ISP's DNS is configured
in the any of the internal AD member machines' IP properties, (including all
client machines and DCs), the machines will be asking the ISP's DNS 'where
is the domain controller for my domain?", whenever it needs to perform a
function, (such as a logon request, replication request, querying and
applying GPOs, etc). Unfortunately, the ISP's DNS does not have that info.

If this is the current scenario, it is highly suggested and recommended to
only use the internal DNS servers on the network that is hosting the AD zone
name. This applies to all machines, (DCs and clients). Believe me, Internet
resolution will still work with the use of the Root hints (as long as the
root zone doesn't exist).

However, for more effcient Internet resolution, it's HIGHLY recommended to
configure a forwarder. If the forwarding option is grayed out, delete the
Root zone (looks like a period). If not sure how to preform these two tasks,
please follow one of the two articles listed below, depending on your
operating system. They show a step by step on how to perform these tasks:

323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003 :
http://support.microsoft.com/?id=323380

300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000 :
http://support.microsoft.com/?id=300202


Some additional reading that may help:

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036

DNS and AD (Windows 2000 & 2003) FAQ:
http://support.microsoft.com/?id=291382

Domain Controller's Domain Name System Suffix Does Not Match Domain Name:
http://support.microsoft.com/?id=257623

Clients cannot dynamically register DNS records in a single-label forward
lookup zone:
http://support.microsoft.com/?id=826743

__________________________


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Pablo Fernandez]

Thank very much Ace.

I performed many searches on the microsoft web site and could not find the
right info, thanks for sending it, i will post results.

Kindest regards.

Pablo


"Ace Fekay [MVP]"

 

[Pablo Fernandez]

Hello good afternoon to everyone,

I was wondering if it will be a best practice to delete the AD created that
is not correctly working because my Domain Controller list failed and follow
the instructions and create it again? just using the "dcpromo.exe" from the
Run prompt.

Where i can find more documentation? Thank you very much in advance,

Pablo

Thank very much Ace.

I performed many searches on the microsoft web site and could not find the
right info, thanks for sending it, i will post results.

Kindest regards.

Pablo


"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&[email protected]> escribió en el
mensaje news:[email protected]...

In

<snip>

This is a classic problem of not using the internal DNS server. In any AD
installation, the internal server MUST be the only one referenced in ALL
machines. This includes the domain controller, member servers, and clients.
Otherwise, numerous issues WILL result from the misconfiguration. Here

is

 

[Ace Fekay [MVP]]

In

Hello good afternoon to everyone,

I was wondering if it will be a best practice to delete the AD
created that is not correctly working because my Domain Controller
list failed and follow the instructions and create it again? just
using the "dcpromo.exe" from the Run prompt.

Where i can find more documentation? Thank you very much in advance,

Pablo

There's not much documentation on this. There is one about multihomed DCs
(which I posted below), but it does not have enough information in it to
address the issues you are receiving. Believe me, you'll have to take my
word on it. It's wiser to purchase an inexpensive router to handle NAT
functions. Other responses may chime in stating the same fact.

272294 - Active Directory Communication Fails on Multihomed Domain
Controllers:
http://support.microsoft.com/?id=272294

Ace

 

[Guest]

Hello Ace and everyone.
I have followed the documentation. The workstations still cannot log into
the domain. Here is the update of netgiag.


Computer Name: CCS-SRV-001
DNS Host Name: ccs-srv-001.s4b.com
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 0 Stepping 7, GenuineIntel
List of installed hotfixes :
Q147222


Netcard queries test . . . . . . . : Passed
GetStats failed for 'Paralelo directo'. [ERROR_NOT_SUPPORTED]
GetStats failed for 'Minipuerto WAN (PPTP)'. [ERROR_GEN_FAILURE]
[WARNING] The net card 'Minipuerto WAN (IP)' may not be working because
it has not received any packets.
[WARNING] The net card 'Minipuerto WAN (Monitor de red)' may not be
working because it has not received any packets.
[WARNING] The net card 'Minipuerto WAN (AppleTalk)' may not be working
because it has not received any packets.
GetStats failed for 'Minipuerto WAN (L2TP)'. [ERROR_NOT_SUPPORTED]



Per interface results:

Adapter : Conexión de área local

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ccs-srv-001.s4biz.com
IP Address . . . . . . . . : 192.168.70.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.70.1
Dns Servers. . . . . . . . : 127.0.0.1
192.168.70.10
200.44.32.12


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{B86201C9-44E7-4EDA-B4B2-33677DAC56C6}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'127.0.0.1'.
PASS - All the DNS entries for DC are registered on DNS server
'192.168.70.10'.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS server '200.44.32.12'. Please wait for 30 minutes for DNS server
replication.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{B86201C9-44E7-4EDA-B4B2-33677DAC56C6}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{B86201C9-44E7-4EDA-B4B2-33677DAC56C6}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Failed
Failed to enumerate DCs by using the browser. [NERR_BadTransactConfig]


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully


The thing that still worries me is the " DC list test . . . . . . . . . . .
: Failed
Failed to enumerate DCs by using the browser.
[NERR_BadTransactConfig]"

How I can fix that? please check the ip's and DNS are right, what is the
problem with the DC's?


Thank you very much in advance,.

Pablo

 

[Ace Fekay [MVP]]

In

Hello Ace and everyone.
I have followed the documentation. The workstations still cannot log
into the domain. Here is the update of netgiag.

Per interface results:

Adapter : Conexión de área local

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ccs-srv-001.s4biz.com
IP Address . . . . . . . . : 192.168.70.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.70.1
Dns Servers. . . . . . . . : 127.0.0.1
192.168.70.10
200.44.32.12

As I previously said, this is a classic DNS misconfigurtion.

Pablo, you MUST remove any external DNS addresses FROM ALL OF YOUR MACHINES.
This includes the 127.0.0.1 and the 200.44.32.12 addresses. If this is your
only DNS server internally, then ALL machines (including domain controller,
clients, member servers, etc) must **ONLY** use this this internal DNS
server, whicih according to the output above, it must only show
192.168.70.10 on ALL machines.

If you would like efficient Internet access, follow my previous post on how
to configure a forwarder.

Once these changes I suggested have been performed on ALL machines (remove
the external addresses too from your DHCP scope), restart the netlogon
service on the DC, and please post back with an updated netdiag /v /fix.

Please also post an unedited ipconfig /all from this DC and from a client
too. I would like to take a closer look at your systems' configuration.

Thanks,
Ace