N
Neko-
I have a minor problem with WIndows 2000, that I find hard to solve
mostly since there seems to be no clear cut way to identify and solve
the problem.
I'm running an ADS on a small network that is mainly operated by
router provided DNS and DHCP services. This all works perfectly and
without problems. Users can login normally and all domain shares are
active and accessable for users.
Recently I updated one of the clients from Windows 98 to Windows 2000.
Everything working fine. Adding the client to the domain went off
without a hitch and installing everything went fine as the
administrator of the domain. Looking in the Local Administrators group
I can also see the '<domainname>\Domain Admins' group is added as a
member (which happens automatically upon adding a workstation to the
domain).
Now for the problem.... As the user should have full control over his
local harddisk (and yes, I've considered the safety issues with this,
and yes I want to grant him full control over his own system) I've
gone to the Local groups in the Computer Management. I've gone into
adding the user (or even a group the user is a member of) as a member
of the local admininstrators group... I can normally select the
domain, select all or any user and/or group on that domain, and add
them to the box 'to add'. As I click the OK button however, a fault is
displayed.
The specified domain either does not exist or could not be contacted
Upon canceling this, and retrying the addition of the user, I can
suddenly only select accounts from the local machine, and none from
the domain. This choice has effectivly been grayed out. The only way
to re-enable it would be a restart of the workstation.
Microsoft support site refers to possible issues with the SRV record
on the DNS server. As stated Microsoft states this is a possibility.
The exact error conditions of this case I have not found on
support.microsoft.com (atleast not yet). Seeing the DNS server I use
is integrated into the router I've asked for a way to add a line that
will refer any ADS requests to the computer hosting the ADS. This
however seems not to be possible using that DNS server. The only thing
they could come up with was using the HOSTS file to add the IP adress
and the name of the machine. .
As I said before, this bit works normally. I can ping the machine on
name and on IP without reconfiguring anything. So it's not the
reachability of the machine that is the issue, but it seems to be the
adressing of the ADS.
Now I can do three things... Install WINS (seeing that is less of a
hassle to configure then DNS is), install DNS (which is a hassle to
config, but most likely 'might' solve the issue, but is gonna play
hell with the existing DNS server, or do nothing and leave the user a
member of the Domain Admins group (Need I say I don't like THAT
option?)
Installing DNS and WINS means I'm gonna take processor time away from
other processes on the computer, not to mention memory, which is an
indication that I'm not that fond of that idea. As said, it's also not
sure this will solve the problem.
So... what I'm looking for is a quick way (and it's a small network so
it can be creative) to tell Windows 2K Professional to talk to the
domain on the computer with IP adress whatever. That would mean that
all regular traffic should be handled by the current config (DNS and
such) and all domain-related traffic should be redirected to the ADS
machine.
As for the config:
Local network, 2 clients on Windows 2000 Professional, and the server
is running Windows 2000 Server with ADS. All are patched to SP3, with
all available fixes (pre-SP4) added to the system. Updating to SP4 is
gonna be a last ditch effort, since I still want to see if it behaves
properly on a test system, before running it in the live situation.
The router runs DHCP en DNS services for the network, aswell as
provide firewall capabilities, and providing the ADSL connect to the
internet.
Any and all comment, help, support and insights are appreciated!
Thanks in advance for any response, J. van Doornik
mostly since there seems to be no clear cut way to identify and solve
the problem.
I'm running an ADS on a small network that is mainly operated by
router provided DNS and DHCP services. This all works perfectly and
without problems. Users can login normally and all domain shares are
active and accessable for users.
Recently I updated one of the clients from Windows 98 to Windows 2000.
Everything working fine. Adding the client to the domain went off
without a hitch and installing everything went fine as the
administrator of the domain. Looking in the Local Administrators group
I can also see the '<domainname>\Domain Admins' group is added as a
member (which happens automatically upon adding a workstation to the
domain).
Now for the problem.... As the user should have full control over his
local harddisk (and yes, I've considered the safety issues with this,
and yes I want to grant him full control over his own system) I've
gone to the Local groups in the Computer Management. I've gone into
adding the user (or even a group the user is a member of) as a member
of the local admininstrators group... I can normally select the
domain, select all or any user and/or group on that domain, and add
them to the box 'to add'. As I click the OK button however, a fault is
displayed.
The specified domain either does not exist or could not be contacted
Upon canceling this, and retrying the addition of the user, I can
suddenly only select accounts from the local machine, and none from
the domain. This choice has effectivly been grayed out. The only way
to re-enable it would be a restart of the workstation.
Microsoft support site refers to possible issues with the SRV record
on the DNS server. As stated Microsoft states this is a possibility.
The exact error conditions of this case I have not found on
support.microsoft.com (atleast not yet). Seeing the DNS server I use
is integrated into the router I've asked for a way to add a line that
will refer any ADS requests to the computer hosting the ADS. This
however seems not to be possible using that DNS server. The only thing
they could come up with was using the HOSTS file to add the IP adress
and the name of the machine. .
As I said before, this bit works normally. I can ping the machine on
name and on IP without reconfiguring anything. So it's not the
reachability of the machine that is the issue, but it seems to be the
adressing of the ADS.
Now I can do three things... Install WINS (seeing that is less of a
hassle to configure then DNS is), install DNS (which is a hassle to
config, but most likely 'might' solve the issue, but is gonna play
hell with the existing DNS server, or do nothing and leave the user a
member of the Domain Admins group (Need I say I don't like THAT
option?)
Installing DNS and WINS means I'm gonna take processor time away from
other processes on the computer, not to mention memory, which is an
indication that I'm not that fond of that idea. As said, it's also not
sure this will solve the problem.
So... what I'm looking for is a quick way (and it's a small network so
it can be creative) to tell Windows 2K Professional to talk to the
domain on the computer with IP adress whatever. That would mean that
all regular traffic should be handled by the current config (DNS and
such) and all domain-related traffic should be redirected to the ADS
machine.
As for the config:
Local network, 2 clients on Windows 2000 Professional, and the server
is running Windows 2000 Server with ADS. All are patched to SP3, with
all available fixes (pre-SP4) added to the system. Updating to SP4 is
gonna be a last ditch effort, since I still want to see if it behaves
properly on a test system, before running it in the live situation.
The router runs DHCP en DNS services for the network, aswell as
provide firewall capabilities, and providing the ADSL connect to the
internet.
Any and all comment, help, support and insights are appreciated!
Thanks in advance for any response, J. van Doornik