domain problem.

[Gazza]

I hope someone can help with a strange problem.

I have a windows 2003Std dc running ad and dns supporting about 20 users
running winXP pro and am having severe issues when it comesx to user logons.

When i tried to logon to the server from a client pc the logon seemed to
take forever and when it did eventually logon an error popped up saying that
they couldnt access there desktop(stored on the server as a roaming
profile(server\profiles) and folder redirection(server\Users).

This has been working perfectly for about 2 years now and has just suddenly
stopped working.

I have checked dns on the server and all is well, the clients have the
server set as there primary dns server.

I am able to logon to the domain at the server and also connect to the
internet at the server but cannot do either at the client Pc`s.

I have run dcdiag and netdiag and there are no errors.

I can ping the server by IP address and name from the client pc`s and can
also connect to the administrative share (c$) on the server from the clients.

Don`t know what else to try so am looking to the experts for help.

Thanks in advance
Gareth

 

[Robert L. \(MS-MVP\)]

You may want to check the group policy. First use gpresult to see which
group policy apply the computer.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

 

[Gazza]

Thanks for the reply robert ill have to check that out on monday.

The other thing i forgot to put in the first post was the error message i
get if i try to add a client to the domain.

The Server cannot carry out the request(Something along those lines am not
at work now to check it sorry)

And also the computer that im joining shows up in the computers container
but is disabled and it doesnt seem to be joined at the client side(no domain
list at logon screen.

Thanks again
Gareth

 

[Robert L. \(MS-MVP\)]

any errors if running nslookup?

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

 

[Lanwench [MVP - Exchange]]

I hope someone can help with a strange problem.

I have a windows 2003Std dc running ad and dns supporting about 20
users running winXP pro and am having severe issues when it comesx to
user logons.

When i tried to logon to the server from a client pc the logon seemed
to take forever and when it did eventually logon an error popped up
saying that they couldnt access there desktop(stored on the server as
a roaming profile(server\profiles) and folder
redirection(server\Users).

This has been working perfectly for about 2 years now and has just
suddenly stopped working.

I have checked dns on the server and all is well, the clients have the
server set as there primary dns server.

I am able to logon to the domain at the server and also connect to the
internet at the server but cannot do either at the client Pc`s.

I have run dcdiag and netdiag and there are no errors.

I can ping the server by IP address and name from the client pc`s and
can also connect to the administrative share (c$) on the server from
the clients.

Don`t know what else to try so am looking to the experts for help.

Thanks in advance
Gareth

Hi - if you post an unedited ipconfig /all from the DC and from a
workstation, it will help.

I note that you've mentioned "primary" DNS server - this indicates you've
got DNS configuration problems. Your internal DNS server should be the
*only* one the clients (pr server itself) specifies. No public IPs should be
present in an ipconfig /all from a server or workstation. You will have a
slew of unpredictable problems with AD if your DNS isn't set up properly.

 

[Gazza]

Thanks for the reply lanwench ill post the ipconfig tommorow(monday).

The dns server on all the workstations and the server is set to
192.168.0.149 which is the static ip address of the server.

This configuration has been working fine for about 2 years with no logon
problems and access to the internet from all workstations. There has been no
configuration changes since about two weeks ago when a vpn was set up from a
branch office to the main office but this is all working fine. It was only
friday that it went pear shaped and all the problems started.

If i give a workstation the routers ip address for the secondary dns server
then i can access the internet but still cannot logon to the domain or join a
pc to the domain.

Thanks
Gareth

 

[Lanwench [MVP - Exchange]]

Thanks for the reply lanwench ill post the ipconfig tommorow(monday).

The dns server on all the workstations and the server is set to
192.168.0.149 which is the static ip address of the server.

Good. And there are no additional DNS servers listed?

This configuration has been working fine for about 2 years with no
logon problems and access to the internet from all workstations.
There has been no configuration changes since about two weeks ago
when a vpn was set up from a branch office to the main office but
this is all working fine. It was only friday that it went pear shaped
and all the problems started.

If i give a workstation the routers ip address for the secondary dns
server then i can access the internet but still cannot logon to the
domain or join a pc to the domain.

Do try the ipconfig /all. Something is amiss. Could be the DNS suffix.

You could also try running dcdiag & dnsdiag ..

 

[Gazza]

Heres the ipconfig from the server

Windows IP Configuration

Host Name . . . . . . . . . . . . : server01
Primary Dns Suffix . . . . . . . : stc-plumbing.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : stc-plumbing.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit
Server Ad
apter
Physical Address. . . . . . . . . : 00-1B-78-31-5D-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.149
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.149

And hers the one from a workstation

Windows IP Configuration

Host Name . . . . . . . . . . . . : Workstation06
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connecti
on
Physical Address. . . . . . . . . : 00-13-20-9E-FE-D2
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.37
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.149
192.168.0.1
Lease Obtained. . . . . . . . . . : 16 February 2009 07:31:41
Lease Expires . . . . . . . . . . : 19 February 2009 07:31:41

The second IP address listed as a dns server was a test to see if i can
access the internet which worked.

 

[Gazza]

Robert I had a look as nslookup but am not sure how to use it.

Is there anything i should look out for

 

[Gazza]

Got it working(sort of)

For some reason the windows firewall was blocking everything. I disabled it
and it is all working fine (except the firewall is turned off and not sure
why or what caused it to stop working).

Im of to re-enable it on item at a time and ill post back with the results.

Thanks for the help
Gareth

 

[Lanwench [MVP - Exchange]]

Heres the ipconfig from the server

Windows IP Configuration

Host Name . . . . . . . . . . . . : server01
Primary Dns Suffix . . . . . . . : stc-plumbing.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : stc-plumbing.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit
Server Ad
apter
Physical Address. . . . . . . . . : 00-1B-78-31-5D-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.149
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.149

And hers the one from a workstation

Windows IP Configuration

Host Name . . . . . . . . . . . . : Workstation06
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connecti
on
Physical Address. . . . . . . . . : 00-13-20-9E-FE-D2
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.37
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1

You shouldn't have your router doing DHCP - it works better if you use your
server for that.

DNS Servers . . . . . . . . . . . : 192.168.0.149
192.168.0.1

Also, remove the 2nd DNS server here.

Lease Obtained. . . . . . . . . . : 16 February 2009 07:31:41
Lease Expires . . . . . . . . . . : 19 February 2009 07:31:41

The second IP address listed as a dns server was a test to see if i
can access the internet which worked.

The forwarders on the DNS server itself should be taking care of that,
though.

 

[Lanwench [MVP - Exchange]]

Got it working(sort of)

For some reason the windows firewall was blocking everything. I
disabled it and it is all working fine (except the firewall is turned
off and not sure why or what caused it to stop working).

Im of to re-enable it on item at a time and ill post back with the
results.

I don't use the Windows firewall on servers, myself.

Thanks for the help
Gareth

Most welcome - also check out the DHCP recommendation.

 

[Gazza]

Thanks for all the help Lanwench

Which firewall would you recommend?
The windows firewall has served me well until this weekend and still dont
know why it has stopped letting the workstations connect to the server.

The dhcp on the router is a bit of a problem as i dont have access to the
router and i cant really change anything because it also serves our database
server.(not sure if i can run dhcp on the server without it affecting
anything else)

Removed the secondary ip address from the workstaion.

Thanks
Gareth

 

[Lanwench [MVP - Exchange]]

Thanks for all the help Lanwench

Which firewall would you recommend?

For a small office perimeter device, I like SonicWALL.

The windows firewall has served me well until this weekend and still
dont know why it has stopped letting the workstations connect to the
server.

Dunno, but I don't tend to put a software firewall app between the DC and
workstation, myself.

The dhcp on the router is a bit of a problem as i dont have access to
the router and i cant really change anything because it also serves
our database server.(not sure if i can run dhcp on the server without
it affecting anything else)

Yes - and your database server shouldn't be receiving anything via DHCP
anyway, as it's a server. You should find out who can get access to the
router & kill DHCP there.

 

[Robert L. \(MS-MVP\)]

in the command line, type nslookup and press enter.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com