Win98: No domain controller - has AD Client!

[Redfox1]

Here is a odd one:

I am in the "middle" of AD conversion (i.e. I have 1 NT 4.0 BDC SP6a and 1 W2K SP3 AD Forest Root.)

All Windows XP, NT, W2K clients login just fine - with or without AD clients (NT wks.)

A windows 98 SE client WITH the AD client installed comes up with the notorious "No domain controller found" IF THE FOLLOWING CONDITIONS are met:
A RAS client establishes a connection to the AD Forest root.

Some of the issues that complicate this:
This AD Forest root servers as a Primary DNS & WINS, DHCP and RAS server. (YES, I do know you shouldn't integrate a DHCP with an DC!)
DNS is NOT integrated with AD, forward zone for "company.com" domain does allow secure dynamic updates. DCDIAG and NETDIAG show no problems (before RAS client connects.)

When the RAS client connects the server REGISTERS it's IP address with DNS as one of its own!!! (doesn't matter if a static IP address was given or one via DHCP.)

The RAS client's IP address is registered in DNS with an A record and all the usual records for a DC.: 192.168.y.ppp

Why does this happen? Is there anything I can do to prevent this from happening? Is this a bug?

See the following output of dcdiag/ipconfig/netdiag BEFORE and AFTER.


Here is the sanitized version of the logs:

BEFORE RAS CONNECTION
2000 IP Configuration

Host Name . . . . . . . . . . . . : <FOREST ROOT>
Primary DNS Suffix . . . . . . . : company.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : company.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : company.com
Description . . . . . . . . . . . : Compaq NC3163 Fast Ethernet NIC
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.yy.z
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.x.w
DNS Servers . . . . . . . . . . . : 192.168y.z
Primary WINS Server . . . . . . . : 192.168y.z
Secondary WINS Server . . . . . . : 192.168y.z

From NETDIAG
Testing DNS
The DNS registration for <FOREST ROOT>.company.com is correct on all DNS servers
PASS - All the DNS entries for DC are registered on DNS server '192.168y.z'.





*************************************************
BEFORE RAS CONNECTION

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : <FOREST ROOT>
Primary DNS Suffix . . . . . . . : company.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : company.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : company.com
Description . . . . . . . . . . . : Compaq NC3163 Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-08-02-A1-0F-79
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168y.z
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.x.w
DNS Servers . . . . . . . . . . . : 192.168.y.z
Primary WINS Server . . . . . . . : 192.168.y.z
Secondary WINS Server . . . . . . : 192.168.y.z

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.y.ppp
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1



from NETDIAG


Gathering Winsock information.
Testing DNS
[FATAL]: The DNS registration for '<FOREST ROOT>.company.com' is incorrect on all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server '192.168.y.z' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' and other DCs also have some of the names registered.

 

[BWilson77080]

did you swap out the NIC from another DC at some point in the past? if so you need to chage the GUID values for the computer objects to reflect the new GUID for the new NIC on both DCs computer objects...

just a suggestion in case thats you're scenario

 

[BWilson77080]

how are you getting secure dynamic updates without AD integrated zones??

DHCP on a DC in Win2000 shouldnt matter either

also, are you attempting to get to another forest through RAS or are the clients attempting to log on to you remotely??

also, is your RAS server is still NT it needs to be upgraded to work with AD, or else you need to relax the security in AD to allow unauthenticated access (very bad idea, so I won't say how)

reason being is NT4 RAS automatically assumes unauthenticated user account access after logon, even if authentication is enabled, this wouldnt be a connection issue on the client side, its an AD issue. I forget all the shites and giggles of it but thats the basic jist.


if your trying to get to another forest, or to another NT4 domain, like a resource domain, then you must set up explicit trusts between the domains through AD domains and trusts.....


any of this helping???? lemme know

 

[BWilson77080]

forgot to tell ya.....make sure DHCP is set to automatically legacy clients in DNS

im sure it already is

 

[Redfox1]

BWilson77080, Thanks for the replies...

Well, I hate to say this, but it's none of the above...

All I'm trying to do is to have a PC login to my network (via a RAS connection) so it can check logs, batch programs etc. or establish an RDP session to a TSE server... (i.e. TCP/IP traffic. I don't even want/care if I can resolve names via WINS or not from the PC client...)

When I do that the Forest root decides that the IP it just handed to the ras client is it's &quot;own&quot; and goes ahead and registers it in DNS as a DC!!!! When the ras client disconnects I'm left with this wierd DNS registration & state which seems to indicate a DC isn't working right. BUT IT IS!!!


The AD domain WAS upgraded with the &quot;Permissions compatible with Pre-W2K systems.&quot;

NO NICs were EVER swapped!

Ignore my comment about &quot;Secure Dynamic Updates&quot;; I meant to say &quot;I'm allowing Dynamic Updates&quot; to the &quot;company.com&quot; forward zone.


The RAS server is NOT running on NT 4.0. It's on the DC which I first upgraded i.e. the current Forest root which IS the RAS/DHCP/WINS/DNS server - also, all FSMO roles are handled by it for now.

I'm not trying to work with ANY other forests...
Just simply dialing in...

Sorry If I sound frustrated but It just boggles my mind why this is happening...

 

[BWilson77080]

do you have addresses reserved in DHCP for the RRAS server?

 

[Redfox1]

When I had RRAS services running and set to use DHCP then it did reserve about 10 or so.

But then I switched the RRAS settings to use a **static** (2) IP addresses and the problem was repeated...

 

[BWilson77080]

did you reserve those 2 statics inside of DHCP? if not make sure they're reserved..im sure you already did that though

 

[Redfox1]

I'd like to clear things up a little:

The DHCP server is set to use the following range: 192.168.x.200 - 192.168.x.230

When RRAS is set to use static range I use a DIFFERENT IP range; just some other IP addresses on the local network.

I guess what I'm trying to say is that even if I turn take DHCP out of the picture this problem happens.

Why does the RRAS service (runnon on the Forest root DC) think that the IP address it has just handed to the RAS client, is another IP address for itself?

I noticed one type: On the very first message after the line of '*' the line that reads

*************************************************
BEFORE RAS CONNECTION

Should be
*************************************************
AFTER RAS CONNECTION

 

[BWilson77080]

i assume you have all DNS options set on the RAS server for incoming clients also..

 

[BWilson77080]

also, are the client systems options set to register the connections in DNS, maybe some wierd DNS problem, but just speculating there

I would almost say, if possible, uninstall RRAS (note all configs first of course) and reinstall it, then see if it works.

Best bet though would probably be to put RRAS on a standalone server or one that is not as important as the forest root.I always keep my RAS servers off from DCs just for good measure so I don't have unnecessary services running on my DCs

 

[Redfox1]

The RAS client in this case is a Windows 98 SE box Not a W2K (which understands/uses registrations.)

The RAS client has a NIC card and a modem. The PC's name is different than the server (and unique.) DNS, WINS, IP etc. settings are all handed out by the RRAS service to the client.

I've tried to &quot;Delete the RRAS&quot; service settings and start a fresh one. Same problem.

For now I've got an NT workstation which accepts RAS connections setup instead...

This is so wierd. How come it seems like I'm the only having this issue? I couldn't find ANYTHING on the web on this... google/MS KBs etc.

 

[rbw522]

http://www.ucsf.edu/its/ras/win98.html

I found this link helpful. I just reviews some VERY basic stuff on how to set up the win 98 machine for RA via modem to a RAS. It does NOT however deal with the W2K server side settings.

 

[Redfox1]

It is helpful for the clients but I don't think that the issue lies with the client.

The problems could be in the fact that I'm running DHCP, DNS, WINS and RRAS ON the forest root...

<I wonder how &quot;small&quot; one server shops deal with this...>

David