Dual home DNS w/ AD doesn't work after several hours

  • Thread starter Thread starter Joe
  • Start date Start date
J

Joe

We are experience problem which in the beginning I thought related to
ISP DNS problem because after server reboot in the morning because
cannot connect to internet several hours later (probably 6 hours or
more) we cannot connect internet again eventually I see that ping to
public IP no problem but ping to domain name is problem so I call and
try troubleshoot with ISP and find conclusion that our server problem.
This problem resolve everytime we reboot the server, if we just reboot
the DSL modem and router without reboot the server still cannot ping
the domain (FQDN) even though able to ping any public IP.

FYI:
This dual NIC W2K server connect to Internet & LAN as follow

ISP--> DSL modem --> static PUBLIC IP Router -->
1. Static PUBLIC WAN NIC
2. Static Internal LAN NIC --> all users PC

This server are running with Spoonproxy sw, DNS w/AD, DC, DHCP, s/w
firewall (the default setting from MS, actually if i was setup this
server I won't use AD and dual NIC... more headache but no choice now,
cannot reinstall from scratch cause the ONLY live server to handle
15-20 users.

Actually users just using email, internet and run centralize
application thoruh mapping drive network, so no need AD or DNS I
guess, but I think to let to change it.

In the past this server running ok until around 3 weeks ago begin
problem even though no changes in the server. So now every morning
need to reboot and also on lunch time otherwise after 6 or more hours
cannot ping to FQDN even though ping to any IP works, so users cannot
get to internet.
That's really weird and make me headache.

I also try run netdiag to see if somebody could help to check it. I
list it at very bottom here.

Computer Name: NTSERVER1
DNS Host Name: ntserver1.craft.local
System info : Windows 2000 Server (Build 2195)

Netcard queries test . . . . . . . : Passed


Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 10.1.1.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : WAN

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 216.xxx.xxx.aaa
Subnet Mask. . . . . . . . : 255.255.255.248
Default Gateway. . . . . . : 216.xxx.xxx.bbb
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].

Adapter : IPX Internal Interface

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II



Adapter : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2



Adapter : NDISWANIPX

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 601120524153
Frame type . . . . . . : Ethernet II


Global results:

Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00>
'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names
defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.1.1.10' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.

The command completed successfully





If anybody could help, really appreciate it.
I am in the dead end now.

Thanks,
Joe
 
In Joe <[email protected]> posted a question
Then Kevin replied below:

What DNS do you have assigned for the DNS server's forwarder?
Did you try nslookup against DNS to see if it resolves internally and
externally?
We are experience problem which in the beginning I
thought related to ISP DNS problem because after server
reboot in the morning because cannot connect to internet
several hours later (probably 6 hours or more) we cannot
connect internet again eventually I see that ping to
public IP no problem but ping to domain name is problem
so I call and try troubleshoot with ISP and find
conclusion that our server problem. This problem resolve
everytime we reboot the server, if we just reboot the DSL
modem and router without reboot the server still cannot
ping the domain (FQDN) even though able to ping any
public IP.

FYI:
This dual NIC W2K server connect to Internet & LAN as
follow

ISP--> DSL modem --> static PUBLIC IP Router -->
1. Static PUBLIC WAN NIC
2. Static Internal LAN NIC --> all users PC

This server are running with Spoonproxy sw, DNS w/AD, DC,
DHCP, s/w firewall (the default setting from MS, actually
if i was setup this server I won't use AD and dual NIC...
more headache but no choice now, cannot reinstall from
scratch cause the ONLY live server to handle 15-20 users.

Actually users just using email, internet and run
centralize application thoruh mapping drive network, so
no need AD or DNS I guess, but I think to let to change
it.

In the past this server running ok until around 3 weeks
ago begin problem even though no changes in the server.
So now every morning need to reboot and also on lunch
time otherwise after 6 or more hours cannot ping to FQDN
even though ping to any IP works, so users cannot get to
internet.
That's really weird and make me headache.

I also try run netdiag to see if somebody could help to
check it. I list it at very bottom here.

Computer Name: NTSERVER1
DNS Host Name: ntserver1.craft.local
System info : Windows 2000 Server (Build 2195)

Netcard queries test . . . . . . . : Passed


Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 10.1.1.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this
adapter.

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation
Service', <03> 'Messenger Service', <20> 'WINS' names is
missing.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this
interface.

Adapter : WAN

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 216.xxx.xxx.aaa
Subnet Mask. . . . . . . . : 255.255.255.248
Default Gateway. . . . . . : 216.xxx.xxx.bbb
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test
skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test
skipped].

Adapter : IPX Internal Interface

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II



Adapter : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2



Adapter : NDISWANIPX

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 601120524153
Frame type . . . . . . : Ethernet II


Global results:

Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the
<00> 'WorkStation Service', <03> 'Messenger Service',
<20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on
DNS server '10.1.1.10' and other DCs also have some of
the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the
browser
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is
assigned.

The command completed successfully





If anybody could help, really appreciate it.
I am in the dead end now.

Thanks,
Joe
Click to expand...
 
I do netdiag/fix successfully, reboot server but after several hours
the server cannot ping to FQDN even though ping IP still ok (same
problem).

I saw in the event log that around those time the problem happened is
Warning: 5781 source: Netlogon (dynamic registration ...., because no
dns server available). Data in byte = 0000:b4 05 00 00

If I do nslookup the result is
DNS timeout
can't find server name for address 10.1.1.10
Default server: unknown
Address: 10.1.1.10

If I do nslookup externally, it's works fine (ping yahoo.com/ca with
reply)
But internally, nope..but actually i don't think we need DNS server
locally.

This DNS server installation is I think default setup when you setup
DC AD in server W2K. So basically just need to be able to connect
internet from client's machine, even though let say no DNS...no
problem. But because already installed and AD integrated so I have
just use it and make it works like before.



Kevin D. Goodknecht Sr. said:
In Joe <[email protected]> posted a question
Then Kevin replied below:

What DNS do you have assigned for the DNS server's forwarder?
Did you try nslookup against DNS to see if it resolves internally and
externally?
We are experience problem which in the beginning I
thought related to ISP DNS problem because after server
reboot in the morning because cannot connect to internet
several hours later (probably 6 hours or more) we cannot
connect internet again eventually I see that ping to
public IP no problem but ping to domain name is problem
so I call and try troubleshoot with ISP and find
conclusion that our server problem. This problem resolve
everytime we reboot the server, if we just reboot the DSL
modem and router without reboot the server still cannot
ping the domain (FQDN) even though able to ping any
public IP.

FYI:
This dual NIC W2K server connect to Internet & LAN as
follow

ISP--> DSL modem --> static PUBLIC IP Router -->
1. Static PUBLIC WAN NIC
2. Static Internal LAN NIC --> all users PC

This server are running with Spoonproxy sw, DNS w/AD, DC,
DHCP, s/w firewall (the default setting from MS, actually
if i was setup this server I won't use AD and dual NIC...
more headache but no choice now, cannot reinstall from
scratch cause the ONLY live server to handle 15-20 users.

Actually users just using email, internet and run
centralize application thoruh mapping drive network, so
no need AD or DNS I guess, but I think to let to change
it.

In the past this server running ok until around 3 weeks
ago begin problem even though no changes in the server.
So now every morning need to reboot and also on lunch
time otherwise after 6 or more hours cannot ping to FQDN
even though ping to any IP works, so users cannot get to
internet.
That's really weird and make me headache.

I also try run netdiag to see if somebody could help to
check it. I list it at very bottom here.

Computer Name: NTSERVER1
DNS Host Name: ntserver1.craft.local
System info : Windows 2000 Server (Build 2195)

Netcard queries test . . . . . . . : Passed


Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 10.1.1.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this
adapter.

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation
Service', <03> 'Messenger Service', <20> 'WINS' names is
missing.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this
interface.

Adapter : WAN

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 216.xxx.xxx.aaa
Subnet Mask. . . . . . . . : 255.255.255.248
Default Gateway. . . . . . : 216.xxx.xxx.bbb
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test
skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test
skipped].

Adapter : IPX Internal Interface

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II



Adapter : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2



Adapter : NDISWANIPX

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 601120524153
Frame type . . . . . . : Ethernet II


Global results:

Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the
<00> 'WorkStation Service', <03> 'Messenger Service',
<20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on
DNS server '10.1.1.10' and other DCs also have some of
the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the
browser
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is
assigned.

The command completed successfully





If anybody could help, really appreciate it.
I am in the dead end now.

Thanks,
Joe
Click to expand...
Click to expand...
 
In
Joe said:
I do netdiag/fix successfully, reboot server but after
several hours
the server cannot ping to FQDN even though ping IP still
ok (same
problem).

I saw in the event log that around those time the problem
happened is
Warning: 5781 source: Netlogon (dynamic registration
...., because no
dns server available). Data in byte = 0000:b4 05 00 00
Click to expand...

5781 events can be a serious problem, to properly diagnose a 5781 I need to
see these three items:
1. ipconfig /all
2. AD domain name from ADUsers&Computers
3. List of forward lookup zone names in DNS.
If I do nslookup the result is
DNS timeout
can't find server name for address 10.1.1.10
Default server: unknown
Address: 10.1.1.10
Click to expand...

You can ignore the nslookup message, all it is telling you is it can't find
the PTR record that has the server's name (hence the can't find server name
for address 10.1.1.10) You can also create the PTR in the reverse lookup
zone.
If I do nslookup externally, it's works fine (ping
yahoo.com/ca with
reply)
But internally, nope..but actually i don't think we need
DNS server
locally.
Click to expand...

Yes, you do need DNS, you should get that out of your mind now. Your DC's
record is in DNS, and that is where all the clients expect to find it. If
they can't find the DCs records you'll spend a lot of time waiting on you
system.
This DNS server installation is I think default setup
when you setup
DC AD in server W2K. So basically just need to be able to
connect
internet from client's machine, even though let say no
DNS...no
problem. But because already installed and AD integrated
so I have
just use it and make it works like before.
Click to expand...

AD usually works great, if DNS is properly configured. The most important
thing to keep in mind is all clients must use the local DNS server that has
the AD domain zone, only. No ISP's DNS in any position on any Domain member.
Fo rinternet access configure DNS with a forwarder to your ISP.

Also since the DC is multi-homed it will need some extra configuation to
keep the DC from registering records on the external interfaces. This must
be done in the registry, after you make the registry entries you have to
manually create the record for the (same as parent folder) in the domain
zone that has the IP of the NIC with file sharing enabled.

1. Configure DNS to listen only on the internal IP that has file sharing
enabled.
2. Add this registry entry with regedt32.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

LdapIpAddress

3. OPen the forward lookup zone for the AD domain, right click select New
host, leave the name field blank and give it the IP of the internal
interface with File sharing enabled. Do NOT enable "Delete this record if it
becomes stale". Click OK to create the record anyway when it pops up (same
as parent folder) is not a valid host name.

4. Right click on Network places, choose properties, in the "Advanced" menu
select "Advanced settings" make sure the internal interface is at the top of
the connections pane, and the File sharing is in the Bindings pane on the
interface.


300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036
 
Forgot to add:

Forwarder to pri & sec ISP DNS server.


Kevin D. Goodknecht Sr. said:
In Joe <[email protected]> posted a question
Then Kevin replied below:

What DNS do you have assigned for the DNS server's forwarder?
Did you try nslookup against DNS to see if it resolves internally and
externally?
We are experience problem which in the beginning I
thought related to ISP DNS problem because after server
reboot in the morning because cannot connect to internet
several hours later (probably 6 hours or more) we cannot
connect internet again eventually I see that ping to
public IP no problem but ping to domain name is problem
so I call and try troubleshoot with ISP and find
conclusion that our server problem. This problem resolve
everytime we reboot the server, if we just reboot the DSL
modem and router without reboot the server still cannot
ping the domain (FQDN) even though able to ping any
public IP.

FYI:
This dual NIC W2K server connect to Internet & LAN as
follow

ISP--> DSL modem --> static PUBLIC IP Router -->
1. Static PUBLIC WAN NIC
2. Static Internal LAN NIC --> all users PC

This server are running with Spoonproxy sw, DNS w/AD, DC,
DHCP, s/w firewall (the default setting from MS, actually
if i was setup this server I won't use AD and dual NIC...
more headache but no choice now, cannot reinstall from
scratch cause the ONLY live server to handle 15-20 users.

Actually users just using email, internet and run
centralize application thoruh mapping drive network, so
no need AD or DNS I guess, but I think to let to change
it.

In the past this server running ok until around 3 weeks
ago begin problem even though no changes in the server.
So now every morning need to reboot and also on lunch
time otherwise after 6 or more hours cannot ping to FQDN
even though ping to any IP works, so users cannot get to
internet.
That's really weird and make me headache.

I also try run netdiag to see if somebody could help to
check it. I list it at very bottom here.

Computer Name: NTSERVER1
DNS Host Name: ntserver1.craft.local
System info : Windows 2000 Server (Build 2195)

Netcard queries test . . . . . . . : Passed


Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 10.1.1.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this
adapter.

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation
Service', <03> 'Messenger Service', <20> 'WINS' names is
missing.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this
interface.

Adapter : WAN

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 216.xxx.xxx.aaa
Subnet Mask. . . . . . . . : 255.255.255.248
Default Gateway. . . . . . : 216.xxx.xxx.bbb
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test
skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test
skipped].

Adapter : IPX Internal Interface

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II



Adapter : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2



Adapter : NDISWANIPX

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 601120524153
Frame type . . . . . . : Ethernet II


Global results:

Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the
<00> 'WorkStation Service', <03> 'Messenger Service',
<20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on
DNS server '10.1.1.10' and other DCs also have some of
the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the
browser
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is
assigned.

The command completed successfully





If anybody could help, really appreciate it.
I am in the dead end now.

Thanks,
Joe
Click to expand...
Click to expand...
 
UPDATED INFO:

I do test using netdiag /test:dns /v and below is the result (with
certain COMMENT INLINE), probably helpfull for expert to see it and
help to analyze what's the problem.



Gathering IPX configuration information.
Querying status of the Netcard drivers... Passed
Testing Domain membership... Passed
Gathering NetBT configuration information.
Testing DNS
The DNS registration for ntserver1.craft.local is correct on
all DNS servers
PASS - All the DNS entries for DC are registered on DNS server
'10.1.1.10' and other DCs also have some of the names registered.

Tests complete.


Computer Name: NTSERVER1
DNS Host Name: ntserver1.craft.local
DNS Domain Name: craft.local
System info : Windows 2000 Server (Build 2195)

Netcard queries test . . . . . . . : Passed

Information of Netcard drivers:

---------------------------------------------------------------------------
Description: D-Link DFE-530TX PCI Fast Ethernet Adapter (Rev A)
Device: \DEVICE\{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}

Media State: Connected

Device State: Connected
Connect Time: 04:03:09
Media Speed: 100 Mbps

Packets Sent: 5931721
Bytes Sent (Optional): 0

Packets Received: 5062199
Directed Pkts Recd (Optional): 5058316
Bytes Received (Optional): 0
Directed Bytes Recd (Optional): 0

Packets SendError: 1
---------------------------------------------------------------------------
Description: D-Link DFE-530TX PCI Fast Ethernet Adapter (Rev A) #2
Device: \DEVICE\{D8B20A17-3FCD-440D-BC39-9C1898327C2D}

Media State: Connected

Device State: Connected
Connect Time: 04:03:09
Media Speed: 100 Mbps

Packets Sent: 174611
Bytes Sent (Optional): 0

Packets Received: 257834
Directed Pkts Recd (Optional): 256741
Bytes Received (Optional): 0
Directed Bytes Recd (Optional): 0

---------------------------------------------------------------------------
[PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

Adapter : Local Area Connection
Adapter ID . . . . . . . . :
{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}

Netcard queries test . . . : Passed

Adapter : WAN
Adapter ID . . . . . . . . :
{D8B20A17-3FCD-440D-BC39-9C1898327C2D}

Netcard queries test . . . : Passed

Adapter : IPX Internal Interface
Adapter ID . . . . . . . . : Internal

Netcard queries test . . . : Passed

Adapter : IpxLoopbackAdapter
Adapter ID . . . . . . . . : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Adapter : NDISWANIPX
Adapter ID . . . . . . . . : NDISWANIPX

Netcard queries test . . . : Passed


Global results:


Domain membership test . . . . . . : Passed
Machine is a . . . . . . . . . : Primary Domain Controller
Emulator
Netbios Domain name. . . . . . : craft
Dns domain name. . . . . . . . : craft.local
Dns forest name. . . . . . . . : craft.local
Domain Guid. . . . . . . . . . :
{79947618-742C-496D-AB83-FE8DC33C0739}
Domain Sid . . . . . . . . . . :
S-1-5-21-1844237615-1965331169-725345543
Logon User . . . . . . . . . . : mci
Logon Domain . . . . . . . . . : craft


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
1 NetBt transport currently configured.


DNS test . . . . . . . . . . . . . : Passed
Interface {8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
DNS Domain: craft.local
DNS Servers: 10.1.1.10
IP Address: 10.1.1.10
Expected registration with PDN (primary DNS domain name):
Hostname: ntserver1.craft.local.
Authoritative zone: craft.local.
Primary DNS server: ntserver1.craft.local 10.1.1.10
Authoritative NS:10.1.1.10
Interface {D8B20A17-3FCD-440D-BC39-9C1898327C2D}
DNS Domain:
DNS Servers: 10.1.1.10
IP Address: 216.xxx.xxx.aaa
The DNS registration is disabled for this interface
Verify DNS registration:
Name: ntserver1.craft.local
Expected IP: 10.1.1.10
Server 10.1.1.10: NO_ERROR
The DNS registration for ntserver1.craft.local is correct on all
DNS servers
Check the DNS registration for DCs entries on DNS server '10.1.1.10'
The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is correct on DNS server '10.1.1.10'.

The Record is different on DNS server '10.1.1.10'.
DNS server has more than one entries for this name, usually this means
there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.1.1.10', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = craft.local.
DNS DATA =
A 10.1.1.10

The record on DNS server 10.1.1.10 is:
DNS NAME = craft.local
DNS DATA =
A 10.1.1.10
A 10.126.xxx.aaa ******************************** (WHY
THIS IS 10.XXX... IT ISN'T SUPPOSE TO 216.XXX.XXX.aaa ? )
**********************
+------------------------------------------------------+

The Record is different on DNS server '10.1.1.10'.
DNS server has more than one entries for this name, usually this means
there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.1.1.10', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = gc._msdcs.craft.local.
DNS DATA =
A 10.1.1.10

The record on DNS server 10.1.1.10 is:
DNS NAME = gc._msdcs.craft.local
DNS DATA =
A 10.1.1.10
A 10.126.xxx.aaa ******************************** (WHY
THIS IS 10.XXX... IT ISN'T SUPPOSE TO 216.XXX.XXX.aaa ? )
**********************
+------------------------------------------------------+

The Record is different on DNS server '10.1.1.10'.
DNS server has more than one entries for this name, usually this means
there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.1.1.10', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = craft.local.
DNS DATA =
A 216.xxx.xxx.aaa

The record on DNS server 10.1.1.10 is:
DNS NAME = craft.local
DNS DATA =
A 10.1.1.10
A 10.126.xxx.aaa
+------------------------------------------------------+

The Record is different on DNS server '10.1.1.10'.
DNS server has more than one entries for this name, usually this means
there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.1.1.10', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = gc._msdcs.craft.local.
DNS DATA =
A 216.xxx.xxx.aaa

The record on DNS server 10.1.1.10 is:
DNS NAME = gc._msdcs.craft.local
DNS DATA =
A 10.1.1.10
A 10.126.xxx.aaa
+------------------------------------------------------+

PASS - All the DNS entries for DC are registered on DNS server
'10.1.1.10' and other DCs also have some of the names registered.


The command completed successfully




Kevin D. Goodknecht Sr. said:
In Joe <[email protected]> posted a question
Then Kevin replied below:

What DNS do you have assigned for the DNS server's forwarder?
Did you try nslookup against DNS to see if it resolves internally and
externally?
We are experience problem which in the beginning I
thought related to ISP DNS problem because after server
reboot in the morning because cannot connect to internet
several hours later (probably 6 hours or more) we cannot
connect internet again eventually I see that ping to
public IP no problem but ping to domain name is problem
so I call and try troubleshoot with ISP and find
conclusion that our server problem. This problem resolve
everytime we reboot the server, if we just reboot the DSL
modem and router without reboot the server still cannot
ping the domain (FQDN) even though able to ping any
public IP.

FYI:
This dual NIC W2K server connect to Internet & LAN as
follow

ISP--> DSL modem --> static PUBLIC IP Router -->
1. Static PUBLIC WAN NIC
2. Static Internal LAN NIC --> all users PC

This server are running with Spoonproxy sw, DNS w/AD, DC,
DHCP, s/w firewall (the default setting from MS, actually
if i was setup this server I won't use AD and dual NIC...
more headache but no choice now, cannot reinstall from
scratch cause the ONLY live server to handle 15-20 users.

Actually users just using email, internet and run
centralize application thoruh mapping drive network, so
no need AD or DNS I guess, but I think to let to change
it.

In the past this server running ok until around 3 weeks
ago begin problem even though no changes in the server.
So now every morning need to reboot and also on lunch
time otherwise after 6 or more hours cannot ping to FQDN
even though ping to any IP works, so users cannot get to
internet.
That's really weird and make me headache.

I also try run netdiag to see if somebody could help to
check it. I list it at very bottom here.

Computer Name: NTSERVER1
DNS Host Name: ntserver1.craft.local
System info : Windows 2000 Server (Build 2195)

Netcard queries test . . . . . . . : Passed


Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 10.1.1.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this
adapter.

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation
Service', <03> 'Messenger Service', <20> 'WINS' names is
missing.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this
interface.

Adapter : WAN

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 216.xxx.xxx.aaa
Subnet Mask. . . . . . . . : 255.255.255.248
Default Gateway. . . . . . : 216.xxx.xxx.bbb
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test
skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test
skipped].

Adapter : IPX Internal Interface

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II



Adapter : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2



Adapter : NDISWANIPX

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 601120524153
Frame type . . . . . . : Ethernet II


Global results:

Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the
<00> 'WorkStation Service', <03> 'Messenger Service',
<20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on
DNS server '10.1.1.10' and other DCs also have some of
the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the
browser
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is
assigned.

The command completed successfully





If anybody could help, really appreciate it.
I am in the dead end now.

Thanks,
Joe
Click to expand...
Click to expand...
 
In
Joe said:
Forgot to add:

Forwarder to pri & sec ISP DNS server.
Click to expand...

This may also be a problem if you are using your ISP's DNS that they use for
Authoritative DNS lookups.
Many ISP's especially the large ones, disable recursion on their
Authoritative DNS servers and they cannot be used as DNS forwarders. Check
your DNS event log for 7063 events, if you are getting these you need to
change your DNS forwarders. You can also use nslookup to see if the ISP's
DNS is recursive.

Use this command:
nslookup -d2 <domain> <ispdnsaddress>

Look in the answer section for "recursion avail"
 
In
Joe said:
UPDATED INFO:

I do test using netdiag /test:dns /v and below is the
result (with
certain COMMENT INLINE), probably helpfull for expert to
see it and
help to analyze what's the problem.
Click to expand...

In addition, I notice in the nediag that this is also a Global catalog.
You need to change the registry entry on my previous post to this:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

LdapIpAddress
GcIpAddress

Then also manually add a (same as parent folder) record in the
gc._msdcs.craft.local. sub folder.
 
All users are using XP Pro with auto IP because in the server also
running DHCP server. So if auto IP then the DNS is using ??? which
assigned by server, right?

For the following, is the value is LdapIpAddress (literally/the word
itself?) or IP of server. Btw the data type is REG_SZ only.

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

LdapIpAddress
Click to expand...


This server installed SpoonProxy so we don't use sharing

1. Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : ntserver1
Primary DNS Suffix . . . . . . . : craft.local
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : craft.local

Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : craft.local
Description . . . . . . . . . . . : D-Link DFE-530TX PCI Fast
Ethernet Adapter (Rev A)
Physical Address. . . . . . . . . : 00-50-BA-FB-A4-FB

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.1.1.10

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 10.1.1.10

Ethernet adapter WAN:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : D-Link DFE-530TX PCI Fast
Ethernet Adapter (Rev A) #2
Physical Address. . . . . . . . . : 00-50-BA-FB-8E-9D

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 216.xxx.xxx.aaa

Subnet Mask . . . . . . . . . . . : 255.255.255.248

Default Gateway . . . . . . . . . : 216.xxx.xxx.bbb

DNS Servers . . . . . . . . . . . : 10.1.1.10
NetBIOS over Tcpip. . . . . . . . : Disabled



2. craft.local

3. craft.local (subfolder _msdcs, _sites, _tcp, _udp)
ntserver1 host 10.1.1.10

Same as parent folder:
SOA ntserver1.craft.local
Host 216.xxx.xxx.aaa
Host 10.1.1.10

4. Porbably you need it. DCdiag result (THERE IS AN ERROR I mark it
below, is that related??):
DC Diagnosis

Performing initial setup:
* Verifing that the local machine ntserver1, is a DC.
* Connecting to directory service on server ntserver1.
* Collecting site info.
* Identifying all servers.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\NTSERVER1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... NTSERVER1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\NTSERVER1
Starting test: Replications
* Replications Check
......................... NTSERVER1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=craft,DC=local
* Security Permissions Check for
CN=Configuration,DC=craft,DC=local
* Security Permissions Check for
DC=craft,DC=local
......................... NTSERVER1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... NTSERVER1 passed test NetLogons
Starting test: Advertising
The DC NTSERVER1 is advertising itself as a DC and having a
DS.
The DC NTSERVER1 is advertising as an LDAP server
The DC NTSERVER1 is advertising as having a writeable
directory
The DC NTSERVER1 is advertising as a Key Distribution Center
The DC NTSERVER1 is advertising as a time server
The DS NTSERVER1 is advertising as a GC.
......................... NTSERVER1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=NTSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=craft,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=NTSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=craft,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=NTSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=craft,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=NTSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=craft,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=NTSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=craft,DC=local
......................... NTSERVER1 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 1606 to 1073741823
* ntserver1.craft.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1106 to 1605
* rIDNextRID: 1151
* rIDPreviousAllocationPool is 1106 to 1605
......................... NTSERVER1 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/ntserver1.craft.local/craft.local
* SPN found :LDAP/ntserver1.craft.local
* SPN found :LDAP/NTSERVER1
* SPN found :LDAP/ntserver1.craft.local/craft
* SPN found
:LDAP/373fab7a-a60a-4e42-b30c-bd28276c8fc5._msdcs.craft.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/373fab7a-a60a-4e42-b30c-bd28276c8fc5/craft.local
* SPN found :HOST/ntserver1.craft.local/craft.local
* SPN found :HOST/ntserver1.craft.local
* SPN found :HOST/NTSERVER1
* SPN found :HOST/ntserver1.craft.local/craft
* SPN found :GC/ntserver1.craft.local/craft.local
......................... NTSERVER1 passed test
MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [NTSERVER1]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
SMTPSVC Service is stopped on [NTSERVER1]
......................... NTSERVER1 failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
NTSERVER1 is in domain DC=craft,DC=local
Checking for CN=NTSERVER1,OU=Domain
Controllers,DC=craft,DC=local in domain DC=craft,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=NTSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=craft,DC=local
in domain CN=Configuration,DC=craft,DC=local on 1 servers
Object is up-to-date on all servers.
......................... NTSERVER1 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... NTSERVER1 passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the
last 15 minutes.
......................... NTSERVER1 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0002711
Time Generated: 07/27/2004 16:48:58
Event String: Unable to start a DCOM Server:

{0C0A3666-30C9-11D0-8F20-00805F2CD064} as /. The

error: ***************************************************ERROR
##########

"%2"

Happened while starting this command:

C:\WINNT\System32\mdm.exe -Embedding
......................... NTSERVER1 failed test systemlog

Running enterprise tests on : craft.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside
the scope

provided by the command line arguments provided.
......................... craft.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\ntserver1.craft.local
Locator Flags: 0xe00001fd
PDC Name: \\ntserver1.craft.local
Locator Flags: 0xe00001fd
Time Server Name: \\ntserver1.craft.local
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\ntserver1.craft.local
Locator Flags: 0xe00001fd
KDC Name: \\ntserver1.craft.local
Locator Flags: 0xe00001fd
......................... craft.local passed test FsmoCheck
 
In
Joe said:
All users are using XP Pro with auto IP because in the
server also
running DHCP server. So if auto IP then the DNS is using
??? which
assigned by server, right?

For the following, is the value is LdapIpAddress
(literally/the word
itself?) or IP of server. Btw the data type is REG_SZ
only.
Click to expand...

No the data type is REG_MULTI_SZ you must use regedt32, for that data type.
The actual data is
LdapIpAddress
GcIpAddress

I noticed this was a global Catalog from a later post so you add both in the
data field.

Create the (same as parent folder) records only for the private addresses in
the domain zone and in the gc._msdcs sub folder.
Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

LdapIpAddress
Click to expand...


This server installed SpoonProxy so we don't use sharing

1. Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : ntserver1
Primary DNS Suffix . . . . . . . : craft.local
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : craft.local

Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : craft.local
Description . . . . . . . . . . . : D-Link DFE-530TX PCI
Fast
Ethernet Adapter (Rev A)
Physical Address. . . . . . . . . : 00-50-BA-FB-A4-FB

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.1.1.10

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 10.1.1.10

Ethernet adapter WAN:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : D-Link DFE-530TX PCI
Fast
Ethernet Adapter (Rev A) #2
Physical Address. . . . . . . . . : 00-50-BA-FB-8E-9D

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 216.xxx.xxx.aaa

Subnet Mask . . . . . . . . . . . : 255.255.255.248

Default Gateway . . . . . . . . . : 216.xxx.xxx.bbb

DNS Servers . . . . . . . . . . . : 10.1.1.10
NetBIOS over Tcpip. . . . . . . . : Disabled



2. craft.local

3. craft.local (subfolder _msdcs, _sites, _tcp, _udp)
ntserver1 host 10.1.1.10

Same as parent folder:
SOA ntserver1.craft.local
Host 216.xxx.xxx.aaa<---------you don't want this record
Host 10.1.1.10




4. Porbably you need it. DCdiag result (THERE IS AN ERROR
I mark it
below, is that related??):
DC Diagnosis

Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [NTSERVER1]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
SMTPSVC Service is stopped on [NTSERVER1]
......................... NTSERVER1 failed test
Services
kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0002711
Time Generated: 07/27/2004 16:48:58
Event String: Unable to start a DCOM Server:

{0C0A3666-30C9-11D0-8F20-00805F2CD064} as /. The

error:
***************************************************ERROR
##########

"%2"

Happened while starting this command:

C:\WINNT\System32\mdm.exe -Embedding
......................... NTSERVER1 failed test
systemlog
Click to expand...

I don't know about the DCOM error, I'll research it, may have something to
do with the Intersite Messaging Service not running, but don't take that as
a fact. I just don't know at this time, it's out of my realm of expertise.
 
So the "Value Name" is DnsAvoidRegisterRecords
and "Value data" is LdapIpAddress, GcIpAddress ???

I am not sure how to put 2 entry in value data.
So please clarify, thanks.

gc._msdcs.craft.local. is this mean

Under hobbycraft.local zone file --> _msdcs --> gc --> (no _msdcs
within this subfolder), need to create and the subfolder??

So I need to create also the subfolder??
and then a record, what's the IP address should I used? 10.1.1.10?

Sorry if many questions, because I never do this one so just to make
sure I don't screw up live server.

Thanks for your help so far. Really appreciate it.

IHL&G,
Joe

"Give your time & energy only to the themes at the heart of your
life."
 
In
Joe said:
So the "Value Name" is DnsAvoidRegisterRecords
and "Value data" is LdapIpAddress, GcIpAddress ???

I am not sure how to put 2 entry in value data.
So please clarify, thanks.
Click to expand...

If you use regedt32 when you get to the data portion you put one in in top
of the other.

LdapIpAddress
GcIpAddress

gc._msdcs.craft.local. is this mean

Under hobbycraft.local zone file --> _msdcs --> gc -->
(no _msdcs
within this subfolder), need to create and the subfolder??
Click to expand...

The gc subfolder is in the _msdcs folder, it actually resolves
gc._msdcs.hobbycraft.local.

Win2k3 puts the _msdcs.hobbycraft.local in its own zone.

So I need to create also the subfolder??
and then a record, what's the IP address should I used?
10.1.1.10?
Click to expand...

You don't need to create a sub folder it belongs in the gc subfolder, and
yes use 10.1.1.10 if theat is the private IP of the DC.

Sorry if many questions, because I never do this one so
just to make
sure I don't screw up live server.
Click to expand...

No problem, I completely understand.
 
In
Joe said:
So the "Value Name" is DnsAvoidRegisterRecords
and "Value data" is LdapIpAddress, GcIpAddress ???

I am not sure how to put 2 entry in value data.
So please clarify, thanks.

gc._msdcs.craft.local. is this mean

Under hobbycraft.local zone file --> _msdcs --> gc --> (no _msdcs
within this subfolder), need to create and the subfolder??

So I need to create also the subfolder??
and then a record, what's the IP address should I used? 10.1.1.10?

Sorry if many questions, because I never do this one so just to make
sure I don't screw up live server.

Thanks for your help so far. Really appreciate it.

IHL&G,
Joe
Click to expand...

What Kevin is saying is to create this Multi string value. Do not choose
"String". The Multi Sting value (REG_MULTI_SZ) allows you to put in multiple
values. It will show up as a little box that you would first put in
LdapIpAddress, then hit enter to go to the next line, then type in
GcIpAddress.

Then you go into DNS and under the:
gc._msdcs.craft.local. sub folder, manually add your GC's IP address.

Same with the LdapIpAddress. To manually create that, you need to first
delete any existing LdapIpAddress. They are the ones that show up as (same
as parent) with just an IP address. Then manually create the new
LdapIpAddress you want to create by rt-clicking your zone, new Host record,
leave the hostname part blank and just give it the IP address of your inside
IP of your multihomed DC.

With all due respect sir, honestly, this additional administrative overhead,
altering default registry values and DC/AD functionality, is more the reason
not to mutli home a DC. It's actually *highly* recommended to purchase a
$39.00 Linksys DSL/Cable router to give you secure Internet access and offer
NAT and let the DC be a DC on the internal network and be done with these
headaches. Those routers are very easy to setup. I can have one setup and
running in less than 5 minutes. This also relieves your DC of running the
WinPoet (PPPoE) software, and NAT services under RRAS, which is alot of
additional overhead, which I'm assuming you have installed since you have an
ADSL line.

No disrepect implied here, just trying to point out facts about multihomed
DCs/DNS servers and trying to make your job easier.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
No event 7063 and if I try use public domain to do nslookup -d2 ....
it works fine, but if use craft.local doesn't work and I think should
won't work right...cause local domain not public registered domain.
 
I see also in the System Log:

Source: DCOM
Event ID: 10001
Desc: Unable to start DCOM server as /.The error " Thy system cannot
find the file specified." Happened while starting this command:
c:\winnt\system32\mdm.exe -Embedding

Is this related with DNS problem?

Also Event 5781 (NetLogon) always occured everytime rebooted and login
after
Error Source: server
Event ID: 2511
Desc: The server service was unable to recreate the share .....
because the directory c:\....\... no longer exists.

Is this also related?


We are experience problem which in the beginning I thought related to
ISP DNS problem because after server reboot in the morning because
cannot connect to internet several hours later (probably 6 hours or
more) we cannot connect internet again eventually I see that ping to
public IP no problem but ping to domain name is problem so I call and
try troubleshoot with ISP and find conclusion that our server problem.
This problem resolve everytime we reboot the server, if we just reboot
the DSL modem and router without reboot the server still cannot ping
the domain (FQDN) even though able to ping any public IP.

FYI:
This dual NIC W2K server connect to Internet & LAN as follow

ISP--> DSL modem --> static PUBLIC IP Router -->
1. Static PUBLIC WAN NIC
2. Static Internal LAN NIC --> all users PC

This server are running with Spoonproxy sw, DNS w/AD, DC, DHCP, s/w
firewall (the default setting from MS, actually if i was setup this
server I won't use AD and dual NIC... more headache but no choice now,
cannot reinstall from scratch cause the ONLY live server to handle
15-20 users.

Actually users just using email, internet and run centralize
application thoruh mapping drive network, so no need AD or DNS I
guess, but I think to let to change it.

In the past this server running ok until around 3 weeks ago begin
problem even though no changes in the server. So now every morning
need to reboot and also on lunch time otherwise after 6 or more hours
cannot ping to FQDN even though ping to any IP works, so users cannot
get to internet.
That's really weird and make me headache.

I also try run netdiag to see if somebody could help to check it. I
list it at very bottom here.

Computer Name: NTSERVER1
DNS Host Name: ntserver1.craft.local
System info : Windows 2000 Server (Build 2195)

Netcard queries test . . . . . . . : Passed


Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 10.1.1.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : WAN

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ntserver1
IP Address . . . . . . . . : 216.xxx.xxx.aaa
Subnet Mask. . . . . . . . : 255.255.255.248
Default Gateway. . . . . . : 216.xxx.xxx.bbb
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.1.1.10


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].

Adapter : IPX Internal Interface

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II



Adapter : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 3bf8a0c6
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2



Adapter : NDISWANIPX

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 601120524153
Frame type . . . . . . : Ethernet II


Global results:

Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00>
'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names
defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.1.1.10' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{8A7AEEE3-F3B6-48F1-93F5-6D39CAC7C19E}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.

The command completed successfully





If anybody could help, really appreciate it.
I am in the dead end now.

Thanks,
Joe
Click to expand...
 
Another thing after I did changes sometime ago to solve the problem.
Now if I do nslookup, it's gonna give me "can't find server name
address for 10.1.1.10 "
So something wrong somewhere?

Btw what GC =? Global Catalogue??
Then you go into DNS and under the:
gc._msdcs.craft.local. sub folder, manually add your GC's IP address.
Click to expand...

So the GC IP is internal IP address, right?!
Same with the LdapIpAddress. To manually create that, you need to first
delete any existing LdapIpAddress. They are the ones that show up as (same
as parent) with just an IP address. Then manually create the new
LdapIpAddress you want to create by rt-clicking your zone, new Host record,
leave the hostname part blank and just give it the IP address of your inside
IP of your multihomed DC.
Click to expand...

So LdapIpAddress that exists are 10.1.1.10 and 216.xxx.xxx.aaa
So I delete both and recreate just 10.1.1.10 only?

There is also ntserver1 as A record to 10.1.1.10 exist, do I need to
delete and recreate or leave or delete it too.
But the SOA and Name Server even though have (same as parent), but I
shouldn't delete it right?!

Ace, actually as I mention in the beginning of this thread and I
listed here for easier to see

FYI:
This dual NIC W2K server connect to Internet & LAN as follow

ISP--> DSL modem --> static PUBLIC IP Router -->
1. Static PUBLIC WAN NIC
2. Static Internal LAN NIC --> all users PC

This server are running with Spoonproxy sw, DNS w/AD, DC, DHCP, s/w
firewall (the default setting from MS, actually if i was setup this
server I won't use AD and dual NIC... more headache but no choice now,
cannot reinstall from scratch cause the ONLY live server to handle
15-20 users.

Actually users just using email, internet and run centralize
application thoruh mapping drive network, so no need AD or DNS I
guess.
********************************


So there is a router but because this server and LAN setup by previous
netadmin so I couldn't change much, especially this is live server and
the only one server for 15-20 users.

I wish could reinstalled this server from scratch, it's make my life
easier.

So for now I just want to make this server work fine like before
although you could suggest me the detail about make this sever network
better without changing much, so if possible later on I could change
it with permission of my boss.

So instead of using NAT from the router, the previous netadmin setup
router and server with static IP and server has dual NIC (no installed
PPPoE s/w on server) and run Spoonproxy s/w so client with internal IP
could connect to internet.

I don't understand why he set it up that way, probably because to
allow access admin remotely. But if use NAT the server could just
mapping the internal IP with public IP in router and open port for
remote adm then, isn't it?
Or install VPN server in this server and pass the VPN access in the
router, i think.


During this troubleshooting period, I just could test if the set up ok
or still problem JUST twice a day -- at night and early in the morning
before reboot again, because in the morning I set to reboot server
automatically before user come in and also in the lunch time so during
working hour users doesn't exp problem when try to connect to internet
(the problem usually begin in interval 5-7 hours). I really hope this
problem resolve soon.
I really appreciate for both of your assistance. Without you guys, I
don't know what i could do.
 
In
Joe said:
Another thing after I did changes sometime ago to solve
the problem.
Now if I do nslookup, it's gonna give me "can't find
server name
address for 10.1.1.10 "
So something wrong somewhere?
Click to expand...

No, nothing is "wrong", this is just a message from nslookup, which is
performing a reverse lookup on the IP of the DNS server it is using.
You can:
a. Ignore the message because because a reverse lookup is not required for
proper AD operation.
b. Create a reverse lookup zone named 1.1.10.in-addr.arpa. and place a PTR
with IP number 10 and your server's name ntserver1.craft.local.
Btw what GC =? Global Catalogue??
Click to expand...

Yes in your case this server is a Global Catalog and its private IP is
10.1.1.10.
So the GC IP is internal IP address, right?!
Right!


So LdapIpAddress that exists are 10.1.1.10 and
216.xxx.xxx.aaa
So I delete both and recreate just 10.1.1.10 only?
Click to expand...

When you put in the reg entriy and restart the netlogon service, these
records will go away, you need to recreate them with the server's internal
IP.
There is also ntserver1 as A record to 10.1.1.10 exist,
do I need to
delete and recreate or leave or delete it too.
Click to expand...

Leave that record alone, DNS creates that record for the IP it is listening
on.
There is a different reg entry that changes this behavior, we're not going t
here!

But the SOA and Name Server even though have (same as
parent), but I
shouldn't delete it right?!

Ace, actually as I mention in the beginning of this
thread and I
listed here for easier to see

FYI:
This dual NIC W2K server connect to Internet & LAN as
follow

ISP--> DSL modem --> static PUBLIC IP Router -->
1. Static PUBLIC WAN NIC
2. Static Internal LAN NIC --> all users PC

This server are running with Spoonproxy sw, DNS w/AD, DC,
DHCP, s/w
firewall (the default setting from MS, actually if i was
setup this
server I won't use AD and dual NIC... more headache but
no choice now,
cannot reinstall from scratch cause the ONLY live server
to handle
15-20 users.
Click to expand...

I haven't seen any reson for even thinking about a re-install yet.
Actually users just using email, internet and run
centralize
application thoruh mapping drive network, so no need AD
or DNS I
guess.
********************************


So there is a router but because this server and LAN
setup by previous
netadmin so I couldn't change much, especially this is
live server and
the only one server for 15-20 users.

I wish could reinstalled this server from scratch, it's
make my life
easier.

So for now I just want to make this server work fine like
before
although you could suggest me the detail about make this
sever network
better without changing much, so if possible later on I
could change
it with permission of my boss.

So instead of using NAT from the router, the previous
netadmin setup
router and server with static IP and server has dual NIC
(no installed
PPPoE s/w on server) and run Spoonproxy s/w so client
with internal IP
could connect to internet.
Click to expand...

They could connect to the internet with out Spoonproxy, but that is another
story the proxy may be there for other reasons, does it have AV scanning in
it?
Does the Proxy have a DNS proxy in it? If it does possibly that is the
problem.
 
In
Kevin D. Goodknecht Sr. said:
In

No, nothing is "wrong", this is just a message from nslookup, which is
performing a reverse lookup on the IP of the DNS server it is using.
You can:
a. Ignore the message because because a reverse lookup is not
required for proper AD operation.
b. Create a reverse lookup zone named 1.1.10.in-addr.arpa. and place
a PTR with IP number 10 and your server's name ntserver1.craft.local.


Yes in your case this server is a Global Catalog and its private IP is
10.1.1.10.


When you put in the reg entriy and restart the netlogon service, these
records will go away, you need to recreate them with the server's
internal IP.


Leave that record alone, DNS creates that record for the IP it is
listening on.
There is a different reg entry that changes this behavior, we're not
going t here!



I haven't seen any reson for even thinking about a re-install yet.


They could connect to the internet with out Spoonproxy, but that is
another story the proxy may be there for other reasons, does it have
AV scanning in it?
Does the Proxy have a DNS proxy in it? If it does possibly that is the
problem.
Click to expand...

I'm starting to think that as well.

Also agree that no need to reinstall, just reconfigure who the router is.
When Joe is mentioning 'router', I am assuming its this dual homed machine
in question, unless I misread it and there is actually a router connected to
the DSL modem?

I was suggesting to get a Linksys router. If VPN is needed, they have a
router that has VPN features, but costs a little more money. Very well worth
it. Once its working, I would suggest to point the gateway address at the
new router, then remove the extra NIC from the dual homed machine, take out
that reg entry, and let it do its thing, be a DC. No reason to reinstall.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Yes, there is Netgear simple router connect to DSL modem and from this
router connect to dual homed W2K SP3 Server.
Thank you for the info and suggestion Ace.
 
Kevin D. Goodknecht Sr. said:
In

No, nothing is "wrong", this is just a message from nslookup, which is
performing a reverse lookup on the IP of the DNS server it is using.
You can:
a. Ignore the message because because a reverse lookup is not required for
proper AD operation.
b. Create a reverse lookup zone named 1.1.10.in-addr.arpa. and place a PTR
with IP number 10 and your server's name ntserver1.craft.local.


Yes in your case this server is a Global Catalog and its private IP is
10.1.1.10.


When you put in the reg entriy and restart the netlogon service, these
records will go away, you need to recreate them with the server's internal
IP.


Leave that record alone, DNS creates that record for the IP it is listening
on.
There is a different reg entry that changes this behavior, we're not going t
here!



I haven't seen any reson for even thinking about a re-install yet.


They could connect to the internet with out Spoonproxy, but that is another
story the proxy may be there for other reasons, does it have AV scanning in
it?
Does the Proxy have a DNS proxy in it? If it does possibly that is the
problem.
Click to expand...

The proxy is just for internet, email, ftp, etc no AV within or DNS.
Just simple small utility/software.
I don't know if there is another purpose for that proxy as far as I know that's it.
Hopefully after this last changes I made and the server working ok.
Till now still the dns/ping fqdn after 6 hours or so will fail :(
I will let you know the result.
Please works my 'baby'.......
 
Back
Top