Cannot access server by FQDN

[Jeroen Jordens]

Hi,

I have 2 servers, both running Win2k.
Server 1 runs file sharing and hosts the Intranet. Server
2 runs Exchange and ISA. Server one cannot access server 2
using FQDN, only via IP. Server 1 can ping server 2 using
its name.
AD replication also does not work between the servers,
stating the RPC server is busy.
a net view from server 1 to server 2 works only if I use
server 2's IP address. If I use Server 2's name, I get
an "System error 5 has occurred - Access is denied" error.

Regards,

Jeroen

 

[Ace Fekay [MVP]]

Responses inline...

In

Hi,

I have 2 servers, both running Win2k.
Server 1 runs file sharing and hosts the Intranet. Server
2 runs Exchange and ISA. Server one cannot access server 2
using FQDN, only via IP.

What IP comes up when you try to ping it or does it come up as 'host not
found'?

Server 1 can ping server 2 using
its name.

You mean the NetBIOS name?

AD replication also does not work between the servers,
stating the RPC server is busy.
a net view from server 1 to server 2 works only if I use
server 2's IP address. If I use Server 2's name, I get
an "System error 5 has occurred - Access is denied" error.

Regards,

Jeroen

Can we see an *unedited* ipconfig /all from the Exchange/ISA machine and
from the file/print server please? That will better help us in diagnosing
this.

Initial feeling is you're using an outside DNS address in your internal
machine properties, including on the Exchange/ISA box. This will definitely
cause all of the symptoms you state (RPC, the ping issue, etc).

Post them and we can point out what we usually look for.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Jeroen Jordens]

Hi Ace,

Both servers do not have an external ip in the DNS setting
box.
The ipconfig /all from server 1 is as follows:
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : skc1
Primary DNS Suffix . . . . . . . : stkevins.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : stkevins.local

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-
based PCI Ethernet Adapter (10/100)
Physical Address. . . . . . . . . : 00-D0-B7-B8-21-
2E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.102
DNS Servers . . . . . . . . . . . : 192.168.0.102

--------------------------------------------------------
I can ping the second server by its given name "skc2",
which returns the complete name (skc2.stkevins.local) and
it's IP address.

The ipconfig on SKC2 is as follows:
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : skc2
Primary DNS Suffix . . . . . . . : stkevins.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : stkevins.local

Ethernet adapter Local Area Lan:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Allied Telesyn
AT-2700TX PCI 10/100 Ethernet Adapter
Physical Address. . . . . . . . . : 00-30-84-0E-64-
D8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.102
Primary WINS Server . . . . . . . : 192.168.0.102

Ethernet adapter Local Area sky media:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : SkyMedia-200D
(SM200DPA) Ethernet Controller
Physical Address. . . . . . . . . : 00-90-BC-01-4E-
BA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.195.173
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area adsl:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Allied Telesyn
AT-2700TX PCI 10/100 Ethernet Adapter #3
Physical Address. . . . . . . . . : 00-30-84-0E-64-
B8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1

PPP adapter IhugUltra:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)
Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-
00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 203.109.203.161
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 203.109.203.161
DNS Servers . . . . . . . . . . . : 203.109.252.42
203.109.252.43
NetBIOS over Tcpip. . . . . . . . : Disabled
------------------------------------------
The NIC with the 192.168.0.102 address is the active NIC
on the LAN. The ADSL card is plugged in to a ADSL router,
which is not used.

Hope this information helps.

Regards,

Jeroen Jordens

 

[Ace Fekay [MVP]]

In

Hi Ace,

Both servers do not have an external ip in the DNS setting
box.
The ipconfig /all from server 1 is as follows:
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : skc1
Primary DNS Suffix . . . . . . . : stkevins.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : stkevins.local

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-
based PCI Ethernet Adapter (10/100)
Physical Address. . . . . . . . . : 00-D0-B7-B8-21-
2E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.102
DNS Servers . . . . . . . . . . . : 192.168.0.102

--------------------------------------------------------
I can ping the second server by its given name "skc2",
which returns the complete name (skc2.stkevins.local) and
it's IP address.

The ipconfig on SKC2 is as follows:
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : skc2
Primary DNS Suffix . . . . . . . : stkevins.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : stkevins.local

Ethernet adapter Local Area Lan:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Allied Telesyn
AT-2700TX PCI 10/100 Ethernet Adapter
Physical Address. . . . . . . . . : 00-30-84-0E-64-
D8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.102
Primary WINS Server . . . . . . . : 192.168.0.102

Ethernet adapter Local Area sky media:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : SkyMedia-200D
(SM200DPA) Ethernet Controller
Physical Address. . . . . . . . . : 00-90-BC-01-4E-
BA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.195.173
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area adsl:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Allied Telesyn
AT-2700TX PCI 10/100 Ethernet Adapter #3
Physical Address. . . . . . . . . : 00-30-84-0E-64-
B8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1

PPP adapter IhugUltra:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)
Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-
00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 203.109.203.161
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 203.109.203.161
DNS Servers . . . . . . . . . . . : 203.109.252.42
203.109.252.43
NetBIOS over Tcpip. . . . . . . . : Disabled
------------------------------------------
The NIC with the 192.168.0.102 address is the active NIC
on the LAN. The ADSL card is plugged in to a ADSL router,
which is not used.

Hope this information helps.

Regards,

Jeroen Jordens

Thanks for posting that information.

Yes, there are external DNS servers listed in server2 (the ISA/Exchange
box). This is what I'm talking about:

PPP adapter IhugUltra:
DNS Servers . . . . . . . . . . . : 203.109.252.42
203.109.252.43

And this is not good either under this interface:

Ethernet adapter Local Area adsl:
DNS Servers . . . . . . . . . . . : 127.0.0.1

All interfaces on a machine that is functioning as part of AD should only
use the internal DNS ESPECIALLY a DC.

This happens all the time with mutliple NICs on such a server, especially if
it has an AD role or AD reliant (such as Exchange) and especially if DNS is
on a mutlihomed machine. It is a nightmare sometimes to configure one of
these servers to work properly. I've seen worse with ADSL as the connection
method, as I see that you have the WinPoet software installed here. If I'm
correct, would suggest to not use it or get Exchange (and AD if it's on it,
which I assume becaue of your replication problems) off this machine.

You can't ping server1 from server2 by name because server1 is either not in
DNS (due to not allowing registration or some other problems) or it's asking
your ISP's DNS server for that information. Same thing is causing lack of
replication.

You never responded whether server2 is in DNS?? Did it register?

Registration is based on:
1. Primary Suffix is the same name as the AD DNS domain name
2. The zone name in DNS allowing Dynamic Updates.
3. Pointing to only that DNS server for AD.


You need to only use the internal DNS. If you can, you can try to trim this
to ensure it works:

1. In DNS properties, Interface tab, tell it to only listedn to the internal
IP.

2. In all the outside interfaces, uncheck register this connection in DNS
(IP properties, Advanced button, DNS tab).

3. Change that 127.0.0.1 address to 192.168.0.102.

4. Change these two addresses:

DNS Servers . . . . . . . . . . . : 203.109.252.42
203.109.252.43

To only show just 192.168.0.102

5. Configure a forwarder to your ISP.

6. You may also need to make a couple registry changes to ensure the outside
interfaces do not register. ONly want the inside one to register.


289735 - Routing and Remote Access IP Addresses Register in DNS [and
dealinig with those VPN registrations]: (similar to those PPP adapters too.)
http://support.microsoft.com/?id=289735

246804 - Disable Windows 2000 Dynamic DNS Registrations:
http://support.microsoft.com/default.aspx?scid=kb;en-us;246804

Sorry, but this is not a simple matter. If you want to use ISA for your
network security, by all means remove Exchange and the DC off this machine.
In seciurity terms, this is not the best scenario and is highly vulnerable
because Exchange needs opened ports to be used and is effectively opened to
a possible attack. As for AD, using a DC for Internet access is not the best
scenario either, besides DNS registration. You need to also look at stopping
the GC entry from registering the outside NIC IP. Maybe that is what your
replication issue can be based on.

Sorry for the long post. You may be able to get this to work, but all in
all, I would just leave ISA be a separate machine with nothing else on it,
unless this is SBS2000 ?? You can basaically use a client machine (doesn't
have to exceptionally fast) for ISA 2000 non-Enterprise mode. This way put
the DC/Exchange box internally and all will function properly.




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Guest]

Hi Ace,

I probably should have explained sorry that the IhugUltra
adapter is a skymedia card - it is connected with a
satellite dish which provides all the Internet. It isnt a
LAN card but is seen by the system as one. It has a single
coax connection at the back which plugs directly into the
satellite dish.
The DNS address is assigned by the ISP. If you manually
set an IP address on these cards the internet does not
work. Dumb design, but incredible speeds.

I will re configure the DNS on the adsl NIC. We actually
tried to remove it a year after this setup was deployed
because ADSL will not happen. When we attempted this it
all turned to mud and we had to re-enable the whole lot.

Yes, both servers can ping each other fine, either by name
or IP.

I found a couple of clients that could also still see the
skc2 server by its name. others only using IP.

Funny because Internet and Exchange both run perfectly.

Winpoet software? Havent heard of it sorry, and I'm not
aware that the client has installed this.

The reason we crammed as much on the servers as we did is
because this client is a school, with a small IT budget.
But yes, I totally agree that Exchange and ISA should not
be on the same box. File and print is more important to
them, so this is favoured rather than doing anything about
the Exchange/ISA issue.

Thanks,

Jeroen

-----Original Message-----
In Jeroen Jordens <[email protected]> posted their thoughts, then I offered
mine

Hi Ace,

Both servers do not have an external ip in the DNS setting
box.
The ipconfig /all from server 1 is as follows:
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : skc1
Primary DNS Suffix . . . . . . . : stkevins.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : stkevins.local

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-
based PCI Ethernet Adapter (10/100)
Physical Address. . . . . . . . . : 00-D0-B7-B8-21-
2E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.102
DNS Servers . . . . . . . . . . . : 192.168.0.102

--------------------------------------------------------
I can ping the second server by its given name "skc2",
which returns the complete name (skc2.stkevins.local) and
it's IP address.

The ipconfig on SKC2 is as follows:
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : skc2
Primary DNS Suffix . . . . . . . : stkevins.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : stkevins.local

Ethernet adapter Local Area Lan:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Allied Telesyn
AT-2700TX PCI 10/100 Ethernet Adapter
Physical Address. . . . . . . . . : 00-30-84-0E-64-
D8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.102
Primary WINS Server . . . . . . . : 192.168.0.102

Ethernet adapter Local Area sky media:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : SkyMedia-200D
(SM200DPA) Ethernet Controller
Physical Address. . . . . . . . . : 00-90-BC-01-4E-
BA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.195.173
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area adsl:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Allied Telesyn
AT-2700TX PCI 10/100 Ethernet Adapter #3
Physical Address. . . . . . . . . : 00-30-84-0E-64-
B8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1

PPP adapter IhugUltra:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP)
Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-
00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 203.109.203.161
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 203.109.203.161
DNS Servers . . . . . . . . . . . : 203.109.252.42
203.109.252.43
NetBIOS over Tcpip. . . . . . . . : Disabled
------------------------------------------
The NIC with the 192.168.0.102 address is the active NIC
on the LAN. The ADSL card is plugged in to a ADSL router,
which is not used.

Hope this information helps.

Regards,

Jeroen Jordens

Thanks for posting that information.

Yes, there are external DNS servers listed in server2 (the ISA/Exchange
box). This is what I'm talking about:

PPP adapter IhugUltra:
DNS Servers . . . . . . . . . . . : 203.109.252.42

203.109.252.43

And this is not good either under this interface:

Ethernet adapter Local Area adsl:
DNS Servers . . . . . . . . . . . : 127.0.0.1

All interfaces on a machine that is functioning as part of AD should only
use the internal DNS ESPECIALLY a DC.

This happens all the time with mutliple NICs on such a server, especially if
it has an AD role or AD reliant (such as Exchange) and especially if DNS is
on a mutlihomed machine. It is a nightmare sometimes to configure one of
these servers to work properly. I've seen worse with ADSL as the connection
method, as I see that you have the WinPoet software installed here. If I'm
correct, would suggest to not use it or get Exchange (and AD if it's on it,
which I assume becaue of your replication problems) off this machine.

You can't ping server1 from server2 by name because server1 is either not in
DNS (due to not allowing registration or some other problems) or it's asking
your ISP's DNS server for that information. Same thing is causing lack of
replication.

You never responded whether server2 is in DNS?? Did it register?

Registration is based on:
1. Primary Suffix is the same name as the AD DNS domain name
2. The zone name in DNS allowing Dynamic Updates.
3. Pointing to only that DNS server for AD.


You need to only use the internal DNS. If you can, you can try to trim this
to ensure it works:

1. In DNS properties, Interface tab, tell it to only listedn to the internal
IP.

2. In all the outside interfaces, uncheck register this connection in DNS
(IP properties, Advanced button, DNS tab).

3. Change that 127.0.0.1 address to 192.168.0.102.

4. Change these two addresses:

DNS Servers . . . . . . . . . . . : 203.109.252.42

203.109.252.43
To only show just 192.168.0.102

5. Configure a forwarder to your ISP.

6. You may also need to make a couple registry changes to ensure the outside
interfaces do not register. ONly want the inside one to register.


289735 - Routing and Remote Access IP Addresses Register in DNS [and
dealinig with those VPN registrations]: (similar to those PPP adapters too.)
http://support.microsoft.com/?id=289735

246804 - Disable Windows 2000 Dynamic DNS Registrations:
http://support.microsoft.com/default.aspx?scid=kb;en- us;246804

Sorry, but this is not a simple matter. If you want to use ISA for your
network security, by all means remove Exchange and the DC off this machine.
In seciurity terms, this is not the best scenario and is highly vulnerable
because Exchange needs opened ports to be used and is effectively opened to
a possible attack. As for AD, using a DC for Internet access is not the best
scenario either, besides DNS registration. You need to also look at stopping
the GC entry from registering the outside NIC IP. Maybe that is what your
replication issue can be based on.

Sorry for the long post. You may be able to get this to work, but all in
all, I would just leave ISA be a separate machine with nothing else on it,
unless this is SBS2000 ?? You can basaically use a client machine (doesn't
have to exceptionally fast) for ISA 2000 non-Enterprise mode. This way put
the DC/Exchange box internally and all will function properly.




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================


.

 

[Alan Wood [MSFT]]

Hi All,
Make sure on the ISA server that you DO NOT have register the connection
in DNS checked. And Make sure the External IPaddress is not associated with
an HOST record for that system. If AD replication tries to take place on
the External Adapter on an ISA server this is going to fail.

Thank you,

Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Ace Fekay [MVP]]

In

Hi Ace,

I probably should have explained sorry that the IhugUltra
adapter is a skymedia card - it is connected with a
satellite dish which provides all the Internet. It isnt a
LAN card but is seen by the system as one. It has a single
coax connection at the back which plugs directly into the
satellite dish.
The DNS address is assigned by the ISP. If you manually
set an IP address on these cards the internet does not
work. Dumb design, but incredible speeds.

I will re configure the DNS on the adsl NIC. We actually
tried to remove it a year after this setup was deployed
because ADSL will not happen. When we attempted this it
all turned to mud and we had to re-enable the whole lot.

Yes, both servers can ping each other fine, either by name
or IP.

I found a couple of clients that could also still see the
skc2 server by its name. others only using IP.

Funny because Internet and Exchange both run perfectly.

Winpoet software? Havent heard of it sorry, and I'm not
aware that the client has installed this.

The reason we crammed as much on the servers as we did is
because this client is a school, with a small IT budget.
But yes, I totally agree that Exchange and ISA should not
be on the same box. File and print is more important to
them, so this is favoured rather than doing anything about
the Exchange/ISA issue.

Thanks,

Jeroen

Hi Jeroen,

Winpoet is the software that the ADSL providers give you as part of the
installation package. It;s for PPPoE. Looking at your config, it seems that
it was installed on it. You can verify that by looking at your services list
and see if anything in there remotely resembles PPPoE or WinPoet.

Too bad you can;t just get an older machine that is just hanging around to
use for your ISA server. That would eliminate alot of issues. Try the DNS
address thing I mentioned. Check Alan's response too.

Good luck.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory