Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Win2k domain controller woes!

  • 12-12-2006 10:52pm
    #1
    Registered Users, Registered Users 2 Posts: 10,846 ✭✭✭✭


    I'm doing a disaster recovery test this week, but i've run into a problem...
    The servers are in their own room, and we have 40 PC's in another room for users to use in the event of a disaster.

    I've restored my domain controller, and my Exchange server. I can log into the Exchange server with my usual login via the domain controller, no problems there.

    But when I try to login to the network from the test PC room, I can't. I get an error that mentions DNS configuration - sorry I don't have the exact wording, I was on site nearly 12 hours and my brain was melted when I saw this error so I didn't write it down.

    The PC's will pickup an IP address in the correct range, but they can't logon to the domain..

    Any ideas?


Comments

  • Moderators, Music Moderators Posts: 23,363 Mod ✭✭✭✭feylya


    I'm going to guess that they can't find the server's name due to the DNS issue. Is the DHCP server on the DC or on a switch?


  • Closed Accounts Posts: 330 ✭✭irishpartyboy


    You need to be able to resolve the name of the DC. Therefore you must some sort of name resolution, either WINS or DNS. If you can't ping the DC either via netbios name (WINS) or FQDN (DNS), then you wont be able to logon.

    Rgds,
    Brian


  • Registered Users, Registered Users 2 Posts: 10,846 ✭✭✭✭eth0_


    That's the thing...I *can* ping the DC via hostname!
    For some reason, only the secondary DNS was showing up on the DC - when I added the primary, I was then able to log into the domain via the Exchange server.

    DHCP is running on the DC and it seems ok, as I said, the test PC's are picking up an IP in the correct range.


  • Closed Accounts Posts: 330 ✭✭irishpartyboy


    Would really need to know more about the DNS setup on the DC. Also would be interested to know exactly what info your supplied via DHCP..DNS, gateway etc. So when you say you've restored? what exactly did you do? do you have valid computer accounts (i.e. the 40 pcs) in AD?

    So did you say u can ping via netbios name or fully qualified name?


  • Registered Users, Registered Users 2 Posts: 10,846 ✭✭✭✭eth0_


    Sorry, by 'restored' I mean, I built servers and then 'restored' them using Veritas backup exec, so they are essentially a carbon copy of the servers in our server room in work.

    AD is working fine and I was using some of the computer names in AD to name the test PC's I was using.

    I can ping the DC and Exchange servers via their hostname and fully qualified name.


  • Advertisement
  • Closed Accounts Posts: 330 ✭✭irishpartyboy


    A bit odd if you can ping netbios and fqdn but cant authenticate. You need to investigate the actual error in some more detail, verify the integrity of your DNS and so on.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,567 Mod ✭✭✭✭Capt'n Midnight


    start off with ipconfig /all on the clients just to confirm dhcp is ok
    ipconfig /flushdns
    nslookup

    check the local name cache and all that nbtstat stuff

    try pinging server.domainname too

    have you tried logging in to a PC with local admin, removing from domain and then adding back to domain - may have to remove/add computer in AD
    and no you should not need to do that , might give pointers though

    similarly with lmhosts additions,

    or from a local admin a net use \\servername or
    net use \\192.168.x.y /user:domain\username


  • Registered Users, Registered Users 2 Posts: 3,093 ✭✭✭Static M.e.


    AD is working fine and I was using some of the computer names in AD to name the test PC's I was using

    Why dont you simply give the PCs new names then add them to AD?.

    Also as Capt'n Midnight said try removing from Domain then adding back in.

    Make sure your w32time is correct also.

    Check your Event log whats coming up?


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,567 Mod ✭✭✭✭Capt'n Midnight


    Make sure your w32time is correct also.
    Keep forgetting this one

    net time /domain /set /y (or similar if it fails then try by IP or computername )


  • Registered Users, Registered Users 2 Posts: 10,846 ✭✭✭✭eth0_


    Well it turns out our global directory was moved by our ex I.T. manager last week onto our backup DC.

    So we've restored that, we have DNS, DHCP...everything relevent is running.

    But still the client PC's can't join the domain. It says there is a DNS problem.

    But DNS appears to be working fine. And it shouldn't even be using DNS to find the domain controller, right? It uses the global catalogue...

    Another weird thing is that our restored DC's keep reverting back to our old domain password, which was changed several days before the backup tapes we are using were created.

    Any ideas?


  • Advertisement
  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,567 Mod ✭✭✭✭Capt'n Midnight


    what sort of replication cycle do you have - there isn't a server on a slow or old one ?


  • Registered Users, Registered Users 2 Posts: 3,093 ✭✭✭Static M.e.


    Try the following from a win xp or 2003 server (Wont work for Win 2000)

    Dcdiag /test:DNS /v /e /f:dnstest.txt

    DCdiag

    Report back


  • Registered Users, Registered Users 2 Posts: 3,093 ✭✭✭Static M.e.


    MIght be also worth checking this tool out

    DNSlint

    DNSLint is a Microsoft Windows utility that helps you to diagnose common DNS name resolution issues.

    http://support.microsoft.com/kb/321045


  • Registered Users, Registered Users 2 Posts: 2,860 ✭✭✭tech


    Can you join a new pc into the restored domain? you say you have named a few pc with the same names that are in AD, but these will have a different SID ?

    just a thought


Advertisement