Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Domain Connectivity Problems

Status
Not open for further replies.
firthm

firthm

IS-IT--Management
Aug 21, 2003
119
GB
Hi Everyone,

I have some serious problems on my SBS 2003 domain and would like some help if anyone has any beaming ideas...?

Situation:

I have:

SBS1 (DomainCon, Exchange, DNS)Win2003
IG1 (FileServ, MemberServ,DNS)Win2000
FILE1 (DomainCon, FileServ, DNS)Win2003
IGTS01 (TermServ)Win2003

Until recently, my only two domain controllers were SBS1 & IG1 which was OK.

Last week, I demoted IG1 (Win2000) as a DC and promoted FILE1 (Win2003) to be a DC. All went well, files replicated etc...

However, on some client machines now I cannot connect to either of my domain controllers once the user has logged on (Logon goes fine, they can change passwords etc) but once in Windows they cannot connect to the DC's by either trying \\file1 \\sbs1\ or even \\domain.local !!!

Also, they are not getting group policies applied, because they cannot connect to \\domain.local !!

Any good idea's anyone?

I have checked things like dcdiag, replmon and all report no problems...

Thanks,
Mike

Michael Firth
Network Infrastructure Officer

~If it's not broke, break it and LEARN~
 
Sort by date Sort by votes
It sounds like a DNS issue to me.

where is your DHCP server? SBS1 or FILE1?

 
Upvote 0 Downvote
Hi Nsanto,

*SIGH* - Unfortunately my DHCP server is my telephone system, we have a Mitel 3300 system which provides IP's for the telephones and the PC's. I am not happy about this situation at all...

On the DHCP side I have got IP's being given out with our normal DFG and file1 and sbs1 as the name servers....

I am tempted to remove DNS from the 2000 (member) server to see if that makes a difference? Though most of the clients are using DHCP and hence not hitting the 2000 server anyway (I added DNS to it in case anyone was incorrectly pointing to it).

Thanks,
Mike

Michael Firth
Network Infrastructure Officer

~If it's not broke, break it and LEARN~
 
Upvote 0 Downvote
Your phone people can disable DHCP and provide static IPs for the phone/phone system (I had a client with that same issue - the phone system was running DHCP).

I too lean towards DNS issues. Best if you can post the DNS of your server and a couple of random clients - run IPCONFIG /ALL and post the results. (Many people THINK they have DNS setup properly, but in my experience 4 of 5 of those who think they do, DON'T.
 
Upvote 0 Downvote
LW, Thats why my first thought was DNS. 90% of Domain Connection problems lean towards a incorrectly configured DNS.
 
Upvote 0 Downvote
Hi Gents,

Here is my DNS for scrutiny:

I will post an Ipconfig after, so as not to make a huge post.

THanks,
Mike

Name Type Data
(same as parent folder) Host (A) 192.168.57.10
(same as parent folder) Host (A) 192.168.57.90
(same as parent folder) Name Server (NS) file1.domain.local.
(same as parent folder) Name Server (NS) domain-1.domain.local.
(same as parent folder) Name Server (NS) domain-sbs.domain.local.
(same as parent folder) Start of Authority (SOA) [1888], file1.domain.local.,

administrator.domain.local.
_msdcs
_sites
_tcp
_udp
athena Host (A) 192.168.57.58
chris-laptop Host (A) 192.168.57.145
companyweb Alias (CNAME) domain-sbs.domain.local.
CWD001 Host (A) 192.168.57.150
CWD002 Host (A) 192.168.57.151
CWD003 Host (A) 192.168.57.148
CWD004 Host (A) 192.168.57.152
CWD005 Host (A) 192.168.57.161
CWD006 Host (A) 192.168.57.168
CWD007 Host (A) 192.168.57.149
CWL001 Host (A) 192.168.57.143
cwl002 Host (A) 192.168.57.162
CWL003 Host (A) 192.168.57.169
DomainDnsZones
fbossett13 Host (A) 192.168.1.176
FILE1 Host (A) 192.168.57.10
ForestDnsZones
fps001 Host (A) 192.168.1.230
FWL001 Host (A) 192.168.1.170
FWL002 Host (A) 192.168.1.175
Gemini Host (A) 192.168.57.57
Gemini Host (A) 192.168.57.58
IANMATTHEWS Host (A) 192.168.57.161
domain-0uyikq8f2 Host (A) 192.168.57.21
domain-1 Host (A) 192.168.57.2
domain-51 Host (A) 192.168.57.158
domain-53 Host (A) 192.168.57.144
domain-54 Host (A) 192.168.57.166
domain-55 Host (A) 192.168.57.153
domain-58 Host (A) 192.168.57.164
domain-59 Host (A) 192.168.57.157
domain-62 Host (A) 192.168.57.146
domain-64 Host (A) 192.168.57.141
domain-gbaker Host (A) 192.168.57.147
domain-sbs Host (A) 192.168.57.90
domain-ts01 Host (A) 192.168.57.58
domain03 Host (A) 192.168.57.159
domain04 Host (A) 192.168.57.142
domain11 Host (A) 192.168.57.19
domain13 Host (A) 192.168.57.111
domain14 Host (A) 192.168.57.165
domain15 Host (A) 192.168.57.140
intranet Host (A) 192.168.57.90
Lap-Matthews Host (A) 192.168.57.160
mike Host (A) 192.168.57.6
Nicke Host (A) 192.168.57.160
Pauline Host (A) 192.168.57.156
rwl001 Host (A) 192.168.2.10
RWL002 Host (A) 192.168.57.114
Sarah Host (A) 192.168.57.154
server02 Host (A) 192.168.57.30
Shirley Host (A) 192.168.57.155
sro
SWD001 Host (A) 192.168.2.150
SWD002 Host (A) 192.168.2.160
SWD003 Host (A) 192.168.2.158
ww-CarlF-Lap01 Host (A) 192.168.57.140
your-8515743f73 Host (A) 192.168.57.121


Michael Firth
Network Infrastructure Officer

~If it's not broke, break it and LEARN~
 
Upvote 0 Downvote
And IPCONFIG from a problem host...

Thanks,
Mike

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : emma
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethe
rnet NIC
Physical Address. . . . . . . . . : 00-10-DC-6C-C4-0A
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.57.199
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.57.254
DNS Servers . . . . . . . . . . . : 192.168.57.90
192.168.57.10
Primary WINS Server . . . . . . . : 192.168.57.10

C:\Documents and Settings\Administrator>

Michael Firth
Network Infrastructure Officer

~If it's not broke, break it and LEARN~
 
Upvote 0 Downvote
Sorry just re-reading my DNS post:

"domain-1" is the 2000 server I demoted

file1 is the new 2003 (DC) server

domain-sbs is the SBS 2003 server..

Thanks,
Mike

Michael Firth
Network Infrastructure Officer

~If it's not broke, break it and LEARN~
 
Upvote 0 Downvote
I don't know... maybe it's late, but that's not helping me much.

I don't need the DNS server dump - I need IPCONFIG from the server and workstations.
 
Upvote 0 Downvote
Mike, what do they client systems have in common? Are they pre-XP systems? And do you know which of your DC's are holding which of the FSMO roles?

In the ADUC, does the old DC still show up in the list of DCs?

Are 'domain-sbs' and 'sbs1' the same server?

ShackDaddy
Shackelford Consulting
 
Upvote 0 Downvote
Hi Guys, :)

Yes the smile, I have managed to resolve the problems....

Ok, get your thinking caps on, this is a weird one, and is SBS specific! I really think this post could benefit other people in future, so I will try and be descriptive!

When my network was setup (before I got there) it was created from four separate sites.

Each site previously had it's own NT4 domain, with a bunch of PC's at each site. When my current network was created, these four sites were consolidated in to the network I now have, and all of the machines were bought to this single location and SBS was installed.

When the PC's were moved, they were not rebuilt, but basically dis-joined from their original domains and added to my SBS domain.

My 2000 domain controller was previously a PDC for one of the other domains. Again, it was not rebuilt, but added to the SBS domain.

So...I have a bunch of PC's from Site A, Site B, Site C, and Site D.

Bizarrely, all of the machines with the above problem were from Site A, and so was the demoted server.

The link was that once demoted, the PC's from Site A could not connect to any server, except the Server from Site A. :D

The following Microsoft KB article describes the problem I have been having: ( )

The cause is listed as "This problem occurs if the client computer was previously joined to a domain that had policies that disabled SMB signing."

The KB article describes a registry change applicable to all of the client machines which were from Site A. Because the domain which the Site A machines belonged to had SMB signing disabled, and SBS requires this enabled, my clients could only authenticate against/connect to their original server.

Funnily enough, the other factor which really added to the problem is the fact that the original domain the Site A PC's were connected to was called "domain.local", which is obviously the same domain name as my current domain, what a mess!

I hope this makes sense, if there are any questions please let me know!!!

*SSSSIIIIIGGGHHHHHHH*

Mike

Michael Firth
Network Infrastructure Officer

~If it's not broke, break it and LEARN~
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
878
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
274
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
667
fredmartinmaine
fredmartinmaine
axilleas
  • Locked
  • Question
Network connectivity issues for domai ncomputers
Replies
1
Views
152
gbaughma
gbaughma
froggy8
  • Locked
  • Question
cant add my windows 7 pc to my domain 1
Replies
3
Views
254
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top