Having trouble with Vista networking in a Domain

[Mat Brown]

I guess first some background. I got a call from a client to come get a
Vista laptop working on their domain. I haven't worked very much with
domains (I have a lot of experience with workgroups, just not so much with
domains) and even less experience with Vista. Still, it sounded like no
problem. They have the domain running on a 2003 Server, and as much as I
would like to sit down with the guy who set it up and find out how he had it
configured, he's nowhere to be found, hence why they called me. The stage is
set.

First thing I discover is that the laptop is running Home Premium, so I
have to upgrade it to Vista Ultimate. Once that's done I start by copying
network settings off of one of the XP boxes. (All the other computers in the
office except the server and the laptop I am working on are running XP Pro.)
Well, Vista gives me the Domain Controller Not Found error, and I double
check, and it has the same DNS address as the XP boxes that can find it, but
it still can't find it. So I feed it the IP address of the Domain Controller
for DNS and after that it can find it just fine. I create a new user on the
Domain Controller in the same group as the other people in that office, and
log the laptop onto the domain. So far so good. The domain controller also
doubles as their file server, and I can get into the main folder that's
shared out, but not all of the folders inside that one. I can get in to
some, but not others, access is denied. I can't figure out any pattern to
it, but it doesn't seem to be just random, it's consistent every time, it
doesn't change with reboots, the ones I can get into I can always get into,
the ones I cannot, I cannot ever get into. Get this, however, if I open the
share by IP address rather than by server name, I can get into all of the
subfolders just fine. So I map the drives they want mapped by IP rather than
by name, and that seems to work just fine. Next I go to setup the printer
shared off of another user's computer in the same room. The computer the
printer is on shows up in the network browser, but when I try to access it I
get a login dialog. I try the domain login for the laptop, I try the local
login for the computer the printer is connected to, and neither of them will
let me in. The thing is, I shouldn't need to log into that computer at all,
since the printer is shared with all the other users in the domain. I've
double and triple checked the user account on the server, and it appears to
have the exact same settings as the users who can access everything
properly. I can keep on like I have been, and find a workaround to make the
printer work, but I'm really thinking what I've been doing is finding
workarounds for the symptoms, there is some larger problem here, and unless
I identify it and fix it I will keep having to fight the symptoms. I am just
at a loss for how to fix the larger problem, or even what it really is. I'm
hoping someone here who has had experience making Vista work in a domain
will recognize what I've got going on and can give me some help, because I
need some help.

Thanks in advance!

 

[Kerry Brown]

For active directory to work properly a domain controller has to be running
an active directory integrated DNS server and all clients joined to the
domain have to use this and only this DNS server. This is a simplified
version and as always there are exceptions but if you go by that rule active
directory (and Vista) will be happy. There are many other things that will
help like an active directory DHCP server, WINS server, etc. DNS is the key
factor though.

It sounds like DNS is misconfigured on their domain. I'd recommend they or
you get someone in who knows how to set up active directory. It sounds like
the missing consultant didn't do it right. XP can sort of work with NETBIOS
when AD DNS is misconfigured. Vista is much pickier. If they get DNS working
properly they will see a speed up when accessing domain resources from XP
and Vista will work.

 

[Mat Brown]

Oh, wow, that's not very encouraging, but it makes perfect sense now
that you explain it. I don't know why, but I had been assuming that the
server had been setup correctly. This opens a whole new can of worms. I was
really hoping for something that was going to be a simple fix. Well, as much
as I don't like the answer, I still thank you for explaining it to me.
Many thanks!

----- Original Message -----

 

[Kerry Brown]

You're welcome. Is the server Windows Server 2003 or Windows Small Business
Server 2003? Both are fairly easy to get DNS configured but the procedure is
different. Post back with some details about how the network is set up and
we can help you.

 

[Mat Brown]

I had to check which it was. It's Windows Server 2003.

What kind of details about the network did you have in mind? It's half a
dozen XP Pro boxes connected through a Linksys router, nothing fancy, it's
the kind of thing one might buy at Staples or Office Depot for a home
network. It does have wireless capability, but none of the computers in the
domain are actually connected that way, thank goodness. The router is taking
care of DHCP dynamically, and pointing everything towards the ISP's DNS. The
server does have a static IP, but it is the only one. Not really sure what
other details are relevant here, I hope I hit the important points.

I had to point Vista at the Domain Controller for its DNS to get it to
connect to the Domain, and it does seem to be properly forwarding DNS
lookups, because I can still surf the web and whatnot. The Vista laptop does
not seem to be able to access shared printers or anything on any of the
other computers on the network. I can access the file shares on the server
if I use the IP address rather than the name. I can access some, but not
all, if I use the name. The XP Pro boxes seem to all be sharing with each
other without trouble, even being pointed at the outside DNS.

I have considered, with as few users as they have, whether just turning
it into a Workgroup might be the easiest solution. Everyone on the network
is in the same Group anyway, it's not like they have users in different
groups with access to different things. It doesn't seem like they're really
taking advantage of the fact that it is setup as a domain. Would changing it
to a Workgroup decrease network performance? I'm not sure if that's the
answer, but it seemed like an option worth exploring. If it will hurt
performance, then it certainly isn't the answer.

I discussed with them the idea of getting someone in who has experience
setting up DNS on an Active Directory Domain Controller, but I suspect that
it will be up to me in the end, so anything you can tell me about it, or if
you can point me towards a good online tutorial, I'd appreciate it.