Is there a checklist for AD DNS settings for workstation domain login problems

[Al Dykes]

I've got a SBS2k server with a few workstations and twice I've had a
workstaion suddenly refuse to log into the domain. (event IDs 5719
and 11187 and others). There seems to be little advise about how to
troubleshoot these errors.

I've reinstalling the workstation (w2k) and giving it a new machine
name when joining the domain, but that's not working very smart.

Is there a list of all the settings necessary for a workstation to log
into a domain. and, even better, what can be "fixed" in some fashion
so the WS can either login or join the domain.

Thanks

 

[Lanwench [MVP - Exchange]]

This can occur due to DNS misconfiguration. All servers and workstations
should specify the internal AD-integrated DNS server's IP address in their
network settings - do *not* put any public DNS server IPs in there.

The AD-integrated DNS server should be set up with forwarders to your ISP's
DNS servers for external resolution.

See http://support.microsoft.com/default.aspx?scid=kb;en-us;300202 for more
info.

 

[Al Dykes]

Lanwench [MVP - Exchange] <[email protected].

This can occur due to DNS misconfiguration. All servers and workstations
should specify the internal AD-integrated DNS server's IP address in their
network settings - do *not* put any public DNS server IPs in there.

The AD-integrated DNS server should be set up with forwarders to your ISP's
DNS servers for external resolution.

See http://support.microsoft.com/default.aspx?scid=kb;en-us;300202 for more
info.

The above URL is the overall server setup, and I believe I'm set up
correctly. I'm looking for information about what the settings for
each workstation in a DDNS should look like, and what I can do when
things go wrong. Thanks

 

[Lanwench [MVP - Exchange]]

OK - sorry for boilerplate, but the first paragraph of my reply, does
apply... What are the workstations specifying for their DNS server(s)? What
errors do you get?

Lanwench [MVP - Exchange] <[email protected].

This can occur due to DNS misconfiguration. All servers and
workstations should specify the internal AD-integrated DNS server's
IP address in their network settings - do *not* put any public DNS
server IPs in there.

The AD-integrated DNS server should be set up with forwarders to
your ISP's DNS servers for external resolution.

See http://support.microsoft.com/default.aspx?scid=kb;en-us;300202
for more info.

The above URL is the overall server setup, and I believe I'm set up
correctly. I'm looking for information about what the settings for
each workstation in a DDNS should look like, and what I can do when
things go wrong. Thanks

 

[Al Dykes]

unsolicitedmail.atyahoo.com> wrote:
OK - sorry for boilerplate, but the first paragraph of my reply, does
apply... What are the workstations specifying for their DNS server(s)? What
errors do you get?

I have an event 5719 ("No login servers available")

What do you do after you've verifyied that the client DNS points to
the DDNS on the w2k server ?

What does the DNS entry on the DNS server for a correctly set up
workstation look like ?


I have a client that can log into the domain the with all but
one domain user ID. When that user ID attempts to it times out and
uses the cached profile. There is an event ID 11187 in the client
log.

"The system failed to update and remove pointer (PTR) resource
records (RRs)for network adapter%nwith settings:%n%n Adapter
Name : %1%n Host Name : %2%n Adapter-specific Domain Suffix : %
3%n DNS server list :%n %4%n Sent"

In this case the list of DNS servers contains IP numbers that have
NEVER existed on our network. Where is the information stored on the
workstation and I'd like to be able to find it and fix it.

Thanks

Lanwench [MVP - Exchange] <[email protected].

This can occur due to DNS misconfiguration. All servers and
workstations should specify the internal AD-integrated DNS server's
IP address in their network settings - do *not* put any public DNS
server IPs in there.

The AD-integrated DNS server should be set up with forwarders to
your ISP's DNS servers for external resolution.

See http://support.microsoft.com/default.aspx?scid=kb;en-us;300202
for more info.

The above URL is the overall server setup, and I believe I'm set up
correctly. I'm looking for information about what the settings for
each workstation in a DDNS should look like, and what I can do when
things go wrong. Thanks

Al Dykes wrote:
I've got a SBS2k server with a few workstations and twice I've had a
workstaion suddenly refuse to log into the domain. (event IDs 5719
and 11187 and others). There seems to be little advise about how to
troubleshoot these errors.

I've reinstalling the workstation (w2k) and giving it a new machine
name when joining the domain, but that's not working very smart.

Is there a list of all the settings necessary for a workstation to
log into a domain. and, even better, what can be "fixed" in some
fashion so the WS can either login or join the domain.

Thanks

 

[Ace Fekay [MVP]]

Answers are inline below...

In

I have an event 5719 ("No login servers available")

What do you do after you've verifyied that the client DNS points to
the DDNS on the w2k server ?

A simple ipconfig /all at the client. Can you post that for us?

What does the DNS entry on the DNS server for a correctly set up
workstation look like ?

They need to be pointing ONLY at the internal DNS that's hosting your AD
zone, just as Lanwench said. No others. The A record will showup in DNS for
W2k and newer clients. For older or non Windows clients, you can use DHCP to
force it.

I have a client that can log into the domain the with all but
one domain user ID. When that user ID attempts to it times out and
uses the cached profile. There is an event ID 11187 in the client
log.

Doesn't make sense unless the account is disabled? That event id doesn;t
show up upon a search. Maybe the wrong DNS settings too.

"The system failed to update and remove pointer (PTR) resource
records (RRs)for network adapter%nwith settings:%n%n Adapter
Name : %1%n Host Name : %2%n Adapter-specific Domain Suffix : %
3%n DNS server list :%n %4%n Sent"

Maybe the wrong DNS IPs on the client can cause this.

In this case the list of DNS servers contains IP numbers that have
NEVER existed on our network. Where is the information stored on the
workstation and I'd like to be able to find it and fix it.

The information, if retrieved by DHCP, will be stored in the DHCP Client
service, as far as I remember, as a global setting. The reg will just show
it's set to auto get an IP.So it leads me to think that your DHCP options
are incorrect and you haven't changed them yet. So if using DHCP, have you
checked your DHCP Scope or Server Options? OTherwise, a DNS IP will not
"magically" appear for any other reason.

*If* you are using your Router as a DHCP server, I would suggest to
immediately disable it and use W2k. It works hand in hand with the DNS
service.

Can you post an UNEDITED ipconfig /all from a client and from the server?
Thanks.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory