2003 server adminpak

  • Thread starter Thread starter Ben Snape
  • Start date Start date
B

Ben Snape

I have a 2003 server that does not have certification
running.
I am on a windows xp workstation in the domain with sp1
installed and adminpak.exe on to administer active
directory.
Twice now I have been stopped from administrering AD I
get the error
"Naming infromation cannot be located because:
The specified domain either does not exist or could not
be contacted.
Contact your system administrator to verify that your
domain is properly configured and id currently online."

I also have an autoenrollment error at logon

which is: -

"Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 04/08/2003
Time: 11:47:54
User: N/A
Computer: mycomputer

Description:
Automatic certificate enrollment for local system failed
to contact the active directory (0x8007054b). The
specified domain either does not exist or could not be
contacted.
Enrollment will not be performed.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Automatic certificate enrollment for local system failed
to contact the active directory (0x8007054b). The
specified domain either does not exist or could not be
contacted.
Enrollment will not be performed.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp. "

I have turned off autoenrollment at login through the
ocal policy but I still cannot administer AD.
Can anyone tell me how to fix this?

regards Ben Snape
 
Ben Snape said:
I have a 2003 server that does not have certification
running.
I am on a windows xp workstation in the domain with sp1
installed and adminpak.exe on to administer active
directory.
Twice now I have been stopped from administrering AD I
get the error
"Naming infromation cannot be located because:
The specified domain either does not exist or could not
be contacted.
Contact your system administrator to verify that your
domain is properly configured and id currently online."

I also have an autoenrollment error at logon

which is: -

"Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 04/08/2003
Time: 11:47:54
User: N/A
Computer: mycomputer

Description:
Automatic certificate enrollment for local system failed
to contact the active directory (0x8007054b). The
specified domain either does not exist or could not be
contacted.
Enrollment will not be performed.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Automatic certificate enrollment for local system failed
to contact the active directory (0x8007054b). The
specified domain either does not exist or could not be
contacted.
Enrollment will not be performed.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp. "

I have turned off autoenrollment at login through the
ocal policy but I still cannot administer AD.
Can anyone tell me how to fix this?

regards Ben Snape
Click to expand...



This portion reveals the real problem:
"Naming infromation cannot be located because:
The specified domain either does not exist or could not
be contacted.
Click to expand...

The XP machine us unable to retrieve information about the
location of Domain Controllers from Active Directory.

Strong suspect is DNS.

XP differs from previous versions of windows in that it uses
DNS as it's primary name resolution method for finding domain
controllers:

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;314861

If DNS is misconfigured, XP will spend a lot of time waiting for it to
timeout before it tries using legacy NT4 sytle NetBIOS.
( Which may or may not work. )

1) Ensure that the XP clients are all configured to point to the local
DNS server which hosts the AD domain. That will probably be the
win2k server itself.
They should NOT be pointing an an ISP's DNS server.
An 'ipconfig /all' on the XP box should reveal ONLY the domain's
DNS server.

( you should use the DHCP server to push out the local DNS server
address. )

2) Ensure DNS server on win2k is configured to permit dynamic updates.

3) Ensure the win2k server points to itself as a DNS server.

4) For external ( internet ) name resolution, specify your ISP's DNS server
not on the clients, but in the 'forwarders' tab of the local win2k DNS
server.

On the DNS server, if you cannot access the 'Forwarders' and 'Root Hints'
tabs because they are greyed out, that is because there is a root zone (".")
present on the DNS server. You MUST delete this root zone to permit the
server to forward unresolved queries to yout ISP or the root servers.
Accept any nags etc, and let it delete any corresponding reverse lookuop
zones if it asks.


The following articles may assist you in setting up DNS correctly:

Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/default.aspx?scid=kb;en-us;237675
HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202
DNS and AD FAQs:
http://support.microsoft.com/?id=291382
 
Back
Top