Clients have trouble logging into Win2k DC

  • Thread starter Thread starter Jason Beveridge
  • Start date Start date
J

Jason Beveridge

We have a Network with
1 x nt4 (service pack 6a) server
1 x win2k server
1 x 2003 server
All clients either win2k or XP Pro
NT 4 Server was PDC
I removed all clients from domain and renamed domain on PDC
(I still wanted access to PDC until phased out)
I created new domain on win2k server (same netbeui name as
old one)
I installed DNS at same time.
Setup new accounts for users etc.
Attached clients to new Domain
Now when you log onto clients as domain login is very slow
(10 minutes) and even if you login with domain admin logon
you cannot see domain users when setting priviliges.
I attempted to set 2003 server as DC but it reported
"The computer could not locate a domain controller for
active directory"
I checked the order of DNS - OK
I ran DCDiag and it reported:

"Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\CCSERVER01
Starting test: Connectivity
CCSERVER01's server GUID DNS name could not be
resolved to an
IP address. Check the DNS server, DHCP, server
name, etc
Although the Guid DNS name
(e3c9ab30-2b3a-4dfe-9ccb-
093f001453e6._msdcs.controlcorp.local)
couldn't be resolved, the server name
(ccserver01.controlcorp.local)
resolved to the IP address (192.168.0.254) and
was pingable. Check
that the IP address is registered correctly with
the DNS server.
......................... CCSERVER01 failed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\CCSERVER01
Skipping all tests, because server CCSERVER01 is
not responding to directory service requests

Running enterprise tests on : controlcorp.local
Starting test: Intersite
......................... controlcorp.local
passed test Intersite
Starting test: FsmoCheck
......................... controlcorp.local
passed test FsmoCheck"

I then stopped NETLogon service and restarted and
rechecked. Same problem.
I ran netdiag /fix - all reported ok:

"Computer Name: CCSERVER01
DNS Host Name: ccserver01.controlcorp.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 10 Stepping 0,
AuthenticAMD
List of installed hotfixes :
Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ccserver01
IP Address . . . . . . . . : 192.168.0.254
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.99
Dns Servers. . . . . . . . : 192.168.0.254
192.231.203.132
192.231.203.3


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this
interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{E504A6A2-8EF0-41F1-9675-4942005F8806}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on
DNS server '192.168.0.254'.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{E504A6A2-8EF0-41F1-9675-4942005F8806}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{E504A6A2-8EF0-41F1-9675-4942005F8806}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is
assigned.


The command completed successfully"

Any suggestions??

Cheers
Jason Beveridge
 
DNS on the server should point to the server-IP. In the tab Forwarders of
the DNS-server you put the ISP-DNS-numbers.
How many nics in the server?
The ipconfig/all from the clients should show that everything is pointing to
your server-IP.
Got options 003, 006 and 015 set in DHCP-server?

Marina
 
If you created an AD Integrated zone for controlcorp.local, dynamic updates
are automatically enabled. If you created a Stanadrd Primary zone, you must
manually enable dynamic updates through the DNS console; restart the DNS
service; Then:

At a command prompt run ipconfig /flushdns. Restart the Netlogon service
and run dcdiag again.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
 
Back
Top