netdiag DC failure

[albracco]

Windows 2003 Domain, single DC. 10 XP clients. On 2 of them, I can log into the domain, but my group policy is not being applied. DCdiag on DC passes fine. After much research, discovered that netdiag reports errors on those
machines. the first time I ran netdiag, it failed DC discovery test, DC list test, trust relationship test, kerberos test and LDAP test. Basic message for all was that it couldn't find the DC in my domain (the same DC I'm logged into !?!). Ran netdiag /fix and then netdiag again. Now just DC list and kerberos fail. Ran netdiag /test:dclist and that all passed. Netdiag still fails for DC list and Kerberos. I tried resetting the computer account and leaving/rejoining the domain. When I tried to join, i couldn't get the login prompt up unless I specified domainname.local for the domain to join as opposed to the usual domainname.

The pressing issue is with the Group Policy not being applied, but I'm sure it's because of the Netdiag issues. Can someone give me some guidance on where
to go from here?

 

[ADB100]

Sounds like DNS. Check the DNS server (which I assume is the same DC?) for the relevant DNS entries - all the SRV records etc.

http://support.microsoft.com/kb/816587

HTH

Andy

 

[albracco]

Thanks for the suggestion. Yes, it's a single DC environment. I checked the DNS entries per the article. They exist, but the path is slightly different than described in the article.Instead of the path being:

Forward Lookup Zones/Domain_Name/_msdcs/dc/_sites/Default-First-Site-Name/_tcp Forward Lookup Zones/Domain_Name/_msdcs/dc/_tcp


It is:

Forward Lookup Zones/Domain_Name/_sites/Default-First-Site-Name/_tcp

But the SRV records are there and the nslookup test seems to display the correct information. There are also other paths that have the ldap and kerberos entries


Some more information:

Running netdiag on the server shows the following warmings/errors:

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the name
'SERV.SHOES.LOCAL.'. [WSAEADDRNOTAVAIL ]
The name 'SERV.SHOES.LOCAL.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name
'SERV.SHOES.LOCAL.''. [ERROR_TIMEOUT]
The name 'SERV.SHOES.LOCAL.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name
'SERV.SHOES.LOCAL.''. [WSAEADDRNOTAVAIL ]
The name 'SERV.SHOES.LOCAL.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name
'SERV.SHOES.LOCAL.'. [ERROR_TIMEOUT]
The name 'SERV.SHOES.LOCAL.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '0.0.0.0'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.



notice the period (.) after the fqdn? Is that normal?

 

[pagy]

Yes it's normal. On the server what IP address is configured as the preferred DNS server??

Paul
MCSE


If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams

 

[albracco]

itself - 192.168.1.10

 

[albracco]

Just to provide some closure - turns out all problems were due to interference by Kaspersky Security software. As soon as I removed Kaspersky, everything worked the way it should.