Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

cannot find domain controller 2

Status
Not open for further replies.
VBmim

VBmim

Programmer
Jun 25, 2001
361
BE
My situation

Server = Windows 2000. (upgraded 6 months ago)

My company has 4 shops. In the main shop (where the server is) all computers are in the network with DHCP.
For each other shop, there is a router. The pc's there have a static ip adress and standard gateway is the router.

If the pc (in the other shops) is w2k there is no problem.
If the pc is NT4, it gives an 'cannot find domain controller' error when you try to log on to the network as a user. When you logon as local administrator, you have connection (eg outlook works, ping to the server works).

This problem only occurs with 'new' pc's (pc's that have not been in the specific shop's network yet). The 'old' pc's (prior to the server upgrade') get an error ('cannot find domain controller. Logon using cache memory (or something like that)), but they can log in and everything looks fine.

I already tried to reset the computers account (gives the same domaincontroller error). Also, the name and ip of our server is in the host-file of the pc.

Does someone have a clue on what could be the problem?

Help is greatly appreciated. It has been bugging me for the last 6 months.

Greetz

VBMim
 
Sort by date Sort by votes
your not running "restrict anonymous = 2"

that would stop all NT and other downlevel clients to register with the 2k domain controller.

MVH Nicolai
 
Upvote 0 Downvote
Hello

Thanks for your reply.

Could you explain more in detail what you mean with 'restrict anonymous = 2'?

Greetz

VBMim
 
Upvote 0 Downvote
I found a 'Additional restriction for anonymous connection' policy in the security options. Is it that what you mean?
And if so, this policy has to be set on 'No access without explicit annonymous permissions'?
 
Upvote 0 Downvote
1 Make sure the dc has a static ipaddress
You should be able to edit the lmhosts file on the nt machines to include the dc. NT 4 does not support dynamic DNS. Since the NT machines are not using dhcp and do not support dynamic DNS you will have to add them manually to the DNS database.NT uses netbios names hence the reference to lmhosts. Delete the entry in the hosts file. This should work for you.
 
Upvote 0 Downvote
NT needs to see a "1C" entry for the it to recognize a domain controller. (NT or otherwise)

You have a few options... you could change the "host type" from the default "0X8" to a "0X4" Broadcast node on the clients, this would let them broadcast and receive the info advertising the DC's status, or ugly as it is, add the domain registration to an lmhosts file... Gawd!

Your issue lies in the predominant dependancy for 2K boxes to rely on DNS rather than WINS for their primary NBT name resolution.

It sounds to me like you have a small enough environment to put a force move on getting all your client machines up to minimum 2K or XP, this environment along with native AD Dynamic DNS drops all of the old NT secure channel shortcommings.

 
Upvote 0 Downvote
Hello

thanks all for your replies...


vbrock:
I just tried deleting the entry in the host file and entering it in the lmhost file, but that didn't solve it.

msclusterguy:
How (or where) can I change the host type?
I wish I could install win2k on all our computers but that's not possible. Because we are a small company the informatics-budget isn't that big so we can't upgrade the machines (most of them not powerfull enough).

Greetz

VBMim
 
Upvote 0 Downvote
Your best bet is to have DHCP assign the IP address for all client machines that attach to the network.
there are two options you can appply in the Global DHCP scope settings (Option 44 WINS/NBNS Servers and 46 WINS/NBNS Node Type) Check back on this thread a little later today, as I have a link to a good description of each "Node Type" and how they interact with WINS/DNS/Broadcast. I will look for the registry key (TCPIP/NBT/Paramerers...) off the top of my head for the boxes that simply can not get served by DHCP.
Adding the "1C" entry to LMHOSTS is a little tricky too as the domain has to be in double quotes with exactly 18 spaces between the quotes etc. I will see what I can scrape up on that as well.
I feel your pain, it is not easy to convince Old school management that their cost saving measures keeping archaeic machines and operating systems to drain every drop of value out of them when their well went dry sometime a couple of months after Y2K...

ClusterGuy
 
Upvote 0 Downvote
Please check your nt4 machines with the nbtstat -F command to see if everything is ok....
 
Upvote 0 Downvote
Hello

I checked nbtstat but it doesn't have an option -F...
This is what I can give you:

Nbtstat –a SERVERNAME

Naam Type Status
SERVERNAME <00> UNIQUE Geregistreerd
SERVERNAME <20> UNIQUE Geregistreerd
DOMAIN <00> GROUP Geregistreerd
DOMAIN <1C> GROUP Geregistreerd
DOMAIN <1B> UNIQUE Geregistreerd
DOMAIN <1E> GROUP Geregistreerd
SERVERNAME <03> UNIQUE Geregistreerd
SERVERNAME$<03> UNIQUE Geregistreerd
DOMAIN <1D> UNIQUE Geregistreerd
Inet~Services<1C> GROUP Geregistreerd
ADMINISTRATOR<03> UNIQUE Geregistreerd
..__MSBROWSE<01> GROUP Geregistreerd
IS~SERVERNAME...<00> UNIQUE Geregistreerd

MAC-adres = 00-0A-0B-0C-0D-0E

---

Nbtstat -c

Naam type Hostadres Duur [sec]
SERVERNAME<00> UNIQUE 100.100.100.105 300

---

Nbtstat –n

NetBIOS-tabel met lokale namen

Naam Type Status
NAMECOMPUTER <00> UNIQUE Geregistreerd
DOMAIN <00> GROUP Geregistreerd
NAMECOMPUTER <03> UNIQUE Geregistreerd
NAMECOMPUTER <20> UNIQUE Geregistreerd
DOMAIN <1E> GROUP Geregistreerd
NAMECOMPUTER <6A> UNIQUE Geregistreerd
NAMECOMPUTER <87> UNIQUE Geregistreerd
ADMINISTRATOR<03> UNIQUE Geregistreerd

---

Greetz

VBMim
 
Upvote 0 Downvote
Hello all

I solved this on one computer!

The entry I made in the lmhost file the first time was not good... I tried again and it worked...

the entry
100.100.100.100 SERVERNAME #DOM:DOMAIN #PDC

What I don't understand is that the entry in the host file must be deleted...

Thanks for your help guys!

Greetz

VBMim
 
Upvote 0 Downvote
I have one note to add...
For some of the computers I had to reset the computer account and add a dns entry (in the forward lookup zones) manually on the server...

Anywho... I'm very releaved this problem is finaly solved for me. And I learned something new about neworking today...
 
Upvote 0 Downvote
Sorry about the misstype, it should have been nbtstat -R.
Since your nt4 machines use netbios names instead of Fully Qualified Domain Names, they get their info from the lmhost file. Unfortunately the lmhost file is the last place to look when resolving names, so it would go to the hosts file first, causing the error.
 
Upvote 0 Downvote
Thankyou for the star...........Maybe going back to school to learn networking is paying off!
 
Upvote 0 Downvote
Sorry I goofed again .....

The correct syntax is ....

nbtstat -A ipaddress
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
374
goombawaho
goombawaho
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
228
fightaccording
fightaccording
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
137
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
337
fredmartinmaine
fredmartinmaine
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
108
RRankin355
RRankin355

Part and Inventory Search

Sponsor

Back
Top