DNS issue?

  • Thread starter Thread starter Sonny Singh
  • Start date Start date
S

Sonny Singh

Hi, I receive the following in Event Viewer:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 7/9/2003
Time: 2:31:05 PM
User: NT AUTHORITY\SYSTEM
Computer: SLIBSYS
Description:
Windows cannot determine the user or computer name. Return
value (1722).

I have a 2000 server running Active Directory and group
policy. I am not sure what this error means. I put the
IP of the server in the DNS of the clients which have the
group policies assigned to them, but I still see this
error. It is on my 2000 client machines. Any ideas?
Thanks.
 
In Sonny Singh <[email protected]>
posted their concerns,
Then Kevin D4Dad added his reply at the bottom.
Hi, I receive the following in Event Viewer:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 7/9/2003
Time: 2:31:05 PM
User: NT AUTHORITY\SYSTEM
Computer: SLIBSYS
Description:
Windows cannot determine the user or computer name. Return
value (1722).

I have a 2000 server running Active Directory and group
policy. I am not sure what this error means. I put the
IP of the server in the DNS of the clients which have the
group policies assigned to them, but I still see this
error. It is on my 2000 client machines. Any ideas?
Thanks.
Click to expand...

Most likely cause is a bindings issue, on the server:

1. Make sure DNS is listening only on the private address of the DNS server.

On both the clients and the server:
2. In TCP/IP properties on the WINS tab enable NetBIOS over TCP/IP. Do this
only on the private interface of the server if it has two NICs.

3. In the Network and Dial up connections Control Panel in the Advance menu
select Advanced Settings.
Make sure your private network interface is at the top of the connections
list and that File and Printer Sharing and Client for Microsoft Networks are
enabled and bound to TCP/IP and that TCP/IP are at the top of the binding
order if you have multiple protocols installed.
 
Could you tell me what you mean by private address or
private interface of the server. The server has 2 NICs.
Currently, the 2 DNS entries on the server are pointed to
actual DNS servers outside of this location. I put the IP
of the server into the DNS of some clients because I am
using group policy. Everything works, however, I still
see the message in event viewer. Everything has netbios
over tcp/ip enabled.

Sonny
 
In Sonny Singh <[email protected]>
posted their concerns,
Then Kevin D4Dad added his reply at the bottom.
Could you tell me what you mean by private address or
private interface of the server. The server has 2 NICs.
Click to expand...

Is one private and one public?
Currently, the 2 DNS entries on the server are pointed to
actual DNS servers outside of this location.
Click to expand...

Exactly what DNS server are you pointing to?
Your DC should only point to a DNS server that has your AD Domain zone on
it.

I put the IP
of the server into the DNS of some clients because I am
using group policy.
Click to expand...

All clients should only be using the AD DNS server only for DNS.

Everything works, however, I still
see the message in event viewer. Everything has NetBIOS
over tcp/ip enabled.
Click to expand...

The server should have NetBIOS disabled on the interface that connects to
the internet if you have one.

Ok now I'm confused :-) let's clarify are you using only your DC that has
DNS installed for DNS?

On your DC DNS should only be listening on the private IP because that is
generally the one that has file sharing enabled and all machines must point
to this address for DNS.

Verify that DNS is only listening on this address File sharing is bound and
that the interface with that address is at the top of the binding order.
 
In Sonny Singh <[email protected]>
posted their concerns,
Then Kevin D4Dad added his reply at the bottom.
Ok, here's what I have. I have a 2000 server with 2
NICs. The way we set up everything here is we assign an
IP address and we assign 2 DNS IPs (a preferred and
alternate) to each system. We've always assigned those 2
DNS IPs to all the systems we have here. My server is not
truly a DNS server. When I upgraded my server from NT to
2000, I wanted to implement group policies. That's when I
found out that I needed to have the IP of the AD server in
the DNS section of the client PCs. So, on the clients
that use this group policy, I put the IP of the AD server
in as the primary DNS, but I also listed the original 2
DNS IPs as secondary DNS IPs. At that point, I started
seeing that message in event viewer. It was when I
switched to 2000 server and started to use group policy.
It is a multihomed (2 NICs) server because we are on 2
subnets. It also serves as a WINS server. You suggested
I only use the IP of my AD server as the DNS entry in the
clients' machines. I tried it and now I do not see that
error in event viewer. So, that may have been the
problem. So, for the client DNS entry, can I only use the
IP of my AD server, even though it's not a true DNS
server? And on my server itself, can I leave the DNS
entries as they have been? They point to actual DNS
servers. What do you think? Thanks for your input.

Sonny
Click to expand...

Sonny,
If it is a Windows 2000 domain you must have a DNS server for AD to
function, when you ran DCPROMO it should have asked you if you wanted to
install DNS. Obviously it did or it would take forever to log on and errors
out the ying yang.

You need DNS and it must support dynamic registration. Most people use the
DC to install DNS on because you can integrate it with AD.

All machines should point to this DNS server only including the DC, no ifs
ands or buts, period.
For internet access configure your DNS server as per step 3 of this KB:
300202 - HOW TO Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202&FR=1
 
Hey Kevin, well I guess my last question is this. If I
specify my server's IP as the DNS IP in my client machines
as well as my server, how does my server know how to
translate these requests and where to go. Do I still
somewhere on my server specify the local 2 DNS servers we
here use? I'm not too clear after reading the article.
Thanks for your help.

Sonny
 
In Sonny Singh <[email protected]>
posted their concerns,
Then Kevin D4Dad added his reply at the bottom.
Hey Kevin, well I guess my last question is this. If I
specify my server's IP as the DNS IP in my client machines
as well as my server, how does my server know how to
translate these requests and where to go. Do I still
somewhere on my server specify the local 2 DNS servers we
here use? I'm not too clear after reading the article.
Thanks for your help.

Sonny
Click to expand...


Your question is unclear let me ask where are you pointing your DC to now
for DNS?

You should have at least one DNS server for your local domain, that is the
one you point all clients and the server to for DNS. Is DNS installed on
this DC?
Is this the only DC in your domain?
 
In Sonny Singh <[email protected]> posted his concerns then I replied down below:
So, for the client DNS entry, can I only use the
IP of my AD server, even though it's not a true DNS
server? And on my server itself, can I leave the DNS
entries as they have been? They point to actual DNS
servers. What do you think? Thanks for your input.

Sonny
Click to expand...

I've been monitoring this thread and just wanted to jump in for a sec
because I got confused on what a "true" DNS server is.

Not a true DNS server? With all due respect, pretty much a DNS server is
jsut that, a DNS server. There is no "true" or "untrue" or "fake" DNS
servers. A DNS server resolves a name to an IP or IP to a name when
configured properly.

If you point to your own DNS server, which is a real live DNS server, it
will resolve names. Hence why you now have it working, especially when it
comes to AD's functionality and it's SRV requirements. Here, read this on AD
and DNS:

DNS and AD FAQs:
http://support.microsoft.com/?id=291382

Ok, now you're probably talking about needing Internet access? Is that what
you mean by a "true" DNS server? A DNS server to resolve Internet names?
Your DNS can handle that as it is. Any DNS server can handle that. To make
it more efficient (which is my opinion, as well as Kevin's and many others
here), use a Forwarder. Kevin provided that link for you on how to do it.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In Sonny Singh <[email protected]>
posted their concerns,
Then Kevin D4Dad added his reply at the bottom.
Hey Kevin, I have 1 DC. It has DNS installed. It is
running AD. I have 2 NICs. I went into the TCP/IP
properties of each NIC and in the DNS space, I put in the
IP address associated with each NIC. This is the only
domain controller in my domain. I will put the IP of the
server into the DNS settings for all of my clients as
well. I no longer am getting that error in the event
log. I guess my question is this: How does my domain
controller know where to go to resolve host names. I put
the DC's own IP in the "preferred DNS server" settings.
Everything works, but I am just curious how it knows
where to go to resolve the host names now. Before I made
these changes today, I had another local DNS server's IP
address in there. I'm assuming it was the IP of another
DNS server on campus. I now have my own DC's IP as the
preferred DNS server. How is my server all of a sudden a
DNS server? I always thought that a DNS server had host
files which resolved IPs to their DNS names. If it
couldn't find it on 1 particular DNS server, it would go
to a root server. I guess that's what I am confused
about. After making these changes, how does my server
know where to go to translate addresses?
Click to expand...
Hi Sonny,
I'm glad you got things worked out even though you seem to not understand
how.
You do have a DNS server real, live, go get the answer if it doesn't know
it, bring it back and serve it up to you DNS server. Pretty amazing heh?
You're saying to yourself how's it doing that?
Well consider yourself lucky that it worked for you the first time around it
didn't for me and it doesn't for a lot of people because most of the time
the root "." Forward Lookup Zone is still in place, without the delegations
it needs to work correctly. If it has a root zone with no delegations it
won't work you either have to put the delegations in it or delete it, most
everybody deletes it because it is a simple fix. Deleting the root zone
allows it to either use Root Hints or a forwarder if you have defined one.
That was the link I sent you.

Yes, Sonny you have a DNS server it is not anyone else's it is yours. It has
at least one Forward Lookup Zone (FLZ) in it, which matches the DNS name of
your Windows 2000 domain. Depending on what name you gave your domain you
may or may not have trouble. Let me say what I mean because, this will
answer a question, that seems to be asked here daily.
The question is, "I can't reach my website on the internet which has the
same domain name as my Windows 2000 domain?" The fix is simple a FLZ has
hosts in it for each name in a particular domain. You're internal FLZ has
hosts in it, too. These are for the machines on you local network that it
knows about. The one's it does not know about, if you have one are www,
mail, ftp and so on those have to be entered manually by you, into your FLZ.
It is a pretty simple and straight forward process adding these host with
their respective IP addresses.
So, now it is answered for you, if you by chance named your Domain
something like sonny.com and now you can't reach the website www.sonny.com .

This is the jest of it. I would bet the rest of it you will pick up on your
own.
 
Thanks a lot for all the help; I greatly appreciate it.
Things are much clearer now. This all started with that
error I was getting in event viewer. I now know why I was
getting it. Thank you, again!

Sonny
 
Back
Top