help-Users seem to keep losing connection to domain controller

John · Aug 1, 2003

Hello,

We are running w2k with all updates. We have just went from an NT
domain to a W2k domain and it seems that all of the users keep losing their
security credentials or just logged out of the domain. We have changed the
amount of idle time required before disconnecting session to 60 minutes, but
people are still losing connections to the domain. It's in multiple customer
applications that use authentication plus Microsoft applications like query
analyzer. Is there another setting? Are we missing something? Thanks in
advance.

John

John · Aug 1, 2003

Marina,

Yes we have DHCP and DNS running. 1 nic card (only about 15
computers connected) OS is either 98 or XP Pro. Below is ipconfig /all from
an XP Pro machine. Any help would be appreciated.

John

Windows IP Configuration

Host Name . . . . . . . . . . . . : WCPCI-37
Primary Dns Suffix . . . . . . . : wcpci.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wcpci.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ADMtek AN983 10/100Mbps PCI
Adapter
Physical Address. . . . . . . . . : 00-10-DC-3C-BE-49
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.69
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.18
DNS Servers . . . . . . . . . . . : 66.63.128.50
66.63.128.34
Lease Obtained. . . . . . . . . . : Friday, August 01, 2003 8:39:08
AM
Lease Expires . . . . . . . . . . : Saturday, August 09, 2003
8:39:08 AM

Lanwench [MVP - Exchange] · Aug 1, 2003

This can occur due to DNS misconfiguration. All servers and workstations
should specify the internal AD-integrated DNS server's IP address in their
network settings. The AD-integrated DNS server should be set up with
forwarders to several public DNS servers for external resolution.

See http://support.microsoft.com/default.aspx?scid=kb;en-us;300202 for more
info.

Marina Roos · Aug 2, 2003

Wow, that doesn't look good.
Everything should be pointing to your serverIP, especially DNS. How is the
servernic setup? Should be something like 192.168.1.18, subnet
255.255.255.0, gateway 192.168.1.1, DNS 192.168.1.18.
Your ISP-DNS-numbers should be put in the forwarders of your DNS-server.
BTW, it's much safer to put a second nic in your server to which you attach
your internet. In that case the internal nic should not have a gateway, but
DNS should still point to your DNS-server on both internal and external nic.

Marina

Lanwench [MVP - Exchange] · Aug 2, 2003

One NIC and the private IPs indicates the presence of an external router/NAT
device - no need to have a multhomed machine in that case.

Lanwench [MVP - Exchange] · Aug 2, 2003

True, but something's doing NAT, and if he has only one NIC in this device,
it ain't this server. Nothing inherently safer in using two network cards,
if he's behind a firewall/router.

Marina said:
I still think it is safer to use 2 nics, allthough it can be done
with 1. Also, John didn't tell us how he connects to the internet, so
I'm not just assuming he is using an external router/NAT-device.

Marina

"Lanwench [MVP - Exchange]"

One NIC and the private IPs indicates the presence of an external
router/NAT device - no need to have a multhomed machine in that case.

Click to expand...

John · Aug 4, 2003

Hi all,

Yes we are behind a firewall router. I changed the dhcp and the
server to point to itself as the DNS and am forwarding to the public DNS'.
So far no huge problems but I got it all done this weekend so we'll see
Monday. Thanks so much for the help so far. AS far as a second NIC are you
saying we should make one for the LAN and one for the WAN? I apologize for
being naive at this as the old sys admin got fired and I am trying to catch
up to speed as I am only a mere programmer. Any suggestions on good books
for WIN 2K? We are wanting to standardize a lot of things i.e. mappings etc
once all the workstations are on XP PRO...thanks in advance so far.

John

"Lanwench [MVP - Exchange]"

Marina said:
True, but something's doing NAT, and if he has only one NIC in this device,
it ain't this server. Nothing inherently safer in using two network cards,
if he's behind a firewall/router.

Marina said:

I still think it is safer to use 2 nics, allthough it can be done
with 1. Also, John didn't tell us how he connects to the internet, so
I'm not just assuming he is using an external router/NAT-device.

Marina

"Lanwench [MVP - Exchange]"

One NIC and the private IPs indicates the presence of an external
router/NAT device - no need to have a multhomed machine in that case.

Marina Roos wrote:
Wow, that doesn't look good.
Everything should be pointing to your serverIP, especially DNS. How
is the servernic setup? Should be something like 192.168.1.18,
subnet 255.255.255.0, gateway 192.168.1.1, DNS 192.168.1.18.
Your ISP-DNS-numbers should be put in the forwarders of your
DNS-server. BTW, it's much safer to put a second nic in your server
to which you attach your internet. In that case the internal nic
should not have a gateway, but DNS should still point to your
DNS-server on both internal and external nic.

Marina

"John" <[email protected]> schreef in bericht
Marina,

Yes we have DHCP and DNS running. 1 nic card (only about 15
computers connected) OS is either 98 or XP Pro. Below is ipconfig
/all from an XP Pro machine. Any help would be appreciated.

John

Windows IP Configuration

Host Name . . . . . . . . . . . . : WCPCI-37
Primary Dns Suffix . . . . . . . : wcpci.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wcpci.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ADMtek AN983 10/100Mbps
PCI Adapter
Physical Address. . . . . . . . . : 00-10-DC-3C-BE-49
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.69
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.18
DNS Servers . . . . . . . . . . . : 66.63.128.50
66.63.128.34
Lease Obtained. . . . . . . . . . : Friday, August 01, 2003
8:39:08 AM
Lease Expires . . . . . . . . . . : Saturday, August 09,
2003 8:39:08 AM

How many nics in the server? Got DHCP and DNS running? How are
your nics setup?
What OS on the clients? What does a IPCONFIG /All from a client
give?

Marina

"John" <[email protected]> schreef in bericht
Hello,

We are running w2k with all updates. We have just went
from an NT domain to a W2k domain and it seems that all of the
users keep losing their security credentials or just logged out
of the domain. We have changed the amount of idle time required
before disconnecting session to 60
minutes,
but
people are still losing connections to the domain. It's in
multiple customer applications that use authentication plus
Microsoft applications like query analyzer. Is there another
setting? Are we missing something? Thanks in advance.

John

Click to expand...

Click to expand...

Lanwench [MVP - Exchange] · Aug 6, 2003

You don't need a second NIC - and with your current setup it is likely only
to confuse matters. Leave it be.

Standardizing W2k workstations? Use login scripts, roaming profiles, use a
standard build of software, don't grant users local admin rights.

Books? There are a million out there - I'd check out reviews at Amazon. :-)

Marina said:
Hi all,

Yes we are behind a firewall router. I changed the dhcp
and the server to point to itself as the DNS and am forwarding to the
public DNS'. So far no huge problems but I got it all done this
weekend so we'll see Monday. Thanks so much for the help so far. AS
far as a second NIC are you saying we should make one for the LAN and
one for the WAN? I apologize for being naive at this as the old sys
admin got fired and I am trying to catch up to speed as I am only a
mere programmer. Any suggestions on good books for WIN 2K? We are
wanting to standardize a lot of things i.e. mappings etc once all the
workstations are on XP PRO...thanks in advance so far.

John

"Lanwench [MVP - Exchange]"

True, but something's doing NAT, and if he has only one NIC in this
device, it ain't this server. Nothing inherently safer in using two
network cards, if he's behind a firewall/router.

Marina said:

I still think it is safer to use 2 nics, allthough it can be done
with 1. Also, John didn't tell us how he connects to the internet,
so I'm not just assuming he is using an external router/NAT-device.

Marina

"Lanwench [MVP - Exchange]"
<[email protected]> schreef
in bericht One NIC and the private IPs indicates the presence of an external
router/NAT device - no need to have a multhomed machine in that
case.

Marina Roos wrote:
Wow, that doesn't look good.
Everything should be pointing to your serverIP, especially DNS.
How is the servernic setup? Should be something like 192.168.1.18,
subnet 255.255.255.0, gateway 192.168.1.1, DNS 192.168.1.18.
Your ISP-DNS-numbers should be put in the forwarders of your
DNS-server. BTW, it's much safer to put a second nic in your
server to which you attach your internet. In that case the
internal nic should not have a gateway, but DNS should still
point to your DNS-server on both internal and external nic.

Marina

"John" <[email protected]> schreef in bericht
Marina,

Yes we have DHCP and DNS running. 1 nic card (only about
15 computers connected) OS is either 98 or XP Pro. Below is
ipconfig /all from an XP Pro machine. Any help would be
appreciated.

John

Windows IP Configuration

Host Name . . . . . . . . . . . . : WCPCI-37
Primary Dns Suffix . . . . . . . : wcpci.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wcpci.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ADMtek AN983
10/100Mbps PCI Adapter
Physical Address. . . . . . . . . : 00-10-DC-3C-BE-49
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.69
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.18
DNS Servers . . . . . . . . . . . : 66.63.128.50
66.63.128.34
Lease Obtained. . . . . . . . . . : Friday, August 01,
2003 8:39:08 AM
Lease Expires . . . . . . . . . . : Saturday, August 09,
2003 8:39:08 AM

message How many nics in the server? Got DHCP and DNS running? How are
your nics setup?
What OS on the clients? What does a IPCONFIG /All from a client
give?

Marina

"John" <[email protected]> schreef in bericht
Hello,

We are running w2k with all updates. We have just went
from an NT domain to a W2k domain and it seems that all of the
users keep losing their security credentials or just logged out
of the domain. We have changed the amount of idle time required
before disconnecting session to 60
minutes,
but
people are still losing connections to the domain. It's in
multiple customer applications that use authentication plus
Microsoft applications like query analyzer. Is there another
setting? Are we missing something? Thanks in advance.

John

Click to expand...

Click to expand...