Windows 2000 systems not using wins to cross subnet

[remy74]

I have recently upgraded an old NT 4.0 domain to Windows 2000/active directory, Domain A. This domain is on it's own subnet, 10.10.0.0. My second domain, Domain B, has it's subnet 10.10.2.0. Domain B has a one-way trust of users from Domain A. Domain B is still NT and I plan on merging it into Domain A.

Since I preformed the upgrade of domain A any windows 2000 machines in domain B have been reverting to B-node for netbios over tcp. They don't have a full browse list for domain A. My major problem is when a Domain A user logs into one of these machines, it will take 15-30 minutes to complete logon. During this time the "loading your personal settings..." box is displayed. If I turn off netbios over tcp/ip on the client it logs in fine, but I have a lot of old NT 4 machines so I need this.

What can I do to fix this?

Thanks,
Jeremy

 

[FilthPig]

If you have an NT 4 machine that's working correctly in that subnet, perhaps a WINS proxy would help you out.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q121004

Marc Creviere

 

[remy74]

Created a Wins proxy on the same subnet as the problem 2000 Machines. No luck, logon is still really slow.

One other thing that I noticed is if I change my DHCP assigned Wins/NetBT Node type to P-node I get a full browse list on those trouble machines. However my login is still just as slow.

Thanks,
Jeremy

 

[FilthPig]

Heh, the wheels are turnin on this one! Unfortunately, that also means that these are only guesses.

Ok. I'm having trouble deciding if I think it's a name resolution delay or not. Since it's logging you in, just slowly I'd say not, but the fact that it goes away when you disable NetBIOS over TCP/IP confuses me along that line of thinking, cause it sounds like if it's using DNS it's good to go.

Could put that arguement to bed if we tried an LMHOSTS entry on the clients, specifying a specific domain controller to log into for Domain A.

Or maybe it's something with the trust. Does domain A know it's trusted by domain B?

Marc Creviere

 

[remy74]

Tried LMHOSTS and it didn't work.

Looking into the trust relationship I found this:

On my Windows 2000 Server I open Active directory domains and trusts and open the properties on my domain. I go to trusts and the one way trust with domain B is there. If I choose edit on that and then Verify, I get this message:

"Windows cannot find a primary domain controller for the domain. Verify that the PDC is functioning and then try again."

I then ran NETDIAG form my server in Domain A and it said it couldn't retrieve a list of Domain Controllers for Domain B.

 

[FilthPig]

Ok, try LMHOSTS entries on your PDC in the NT4 domain, and whichever DC in your 2000 domain is your PDC FSMO. If you're not familiar with that it should be the first DC you installed. Entries should be formatted as follows:

10.10.x.x "DOMAINA \0x1B"

Again, if you're not familiar with how LMHOSTS files work, that \0x1B designates that the machine at the IP you specify is the domain controller for the Domain you typed in. Where you type the domain to where the \ is you need 15 spaces including the domain name. Marc Creviere

 

[remy74]

Created an LMHOSTS file on both machines as specified. Checked with nbtstat -c that it is registering and it is good. I am still getting the same problem.

I tested to see if I could ping between the servers and found trouble. From the domain controller in Domain B I can ping Domain A's PDC no problem. From Domain A's PDC I get this message:

Reply from 206.165.254.129: Destination host unreachable.

This isn't one of my addresses so I ran NSLOOKUP and go this:

Name: fa6-0-100M.drl.SCF.gblx.net
Address: 206.165.254.129

 

[FilthPig]

Sounds like a routing problem then (getting closer! ) Perhaps you're missing a route on one of your routers, probably the one acting as a gateway for Domain A. Marc Creviere

 

[remy74]

I flushed the DNS cache on the domain A PDC. After that I am able to run a good ping for my PDC in Domain B. Tracert looks good to. Unfortunatly I am still not able to verify the trust. Now I am getting this message:

Information from the primary domain controller for the domain cannot be obtained because: The RPC server is unavailable.

Make sure that the PDC is operating properly and then try again.

 

[remy74]

Time looks like it might have cured that last one. I checked and my trust verified ok. I went a tried loging on to on of my trouble computers and it went good. I will know for sure if it is working good tomarrow morining when people logon.

Thanks,
Jeremy

 

[remy74]

No luck with the logon. I can now verify the trust. Users are still experiencing 15 minute logons.

 

[FilthPig]

I'm about out of ideas. Service packs up to date? Marc Creviere

 

[Kangooru]

Helo,

I had more or less the same issues before having to solve my current one (Take a look at the thread "Network neighboorhood randomly disappears", maybe that could give you some ideas) ...
If it could help, some clues from the problem I had the last 2 months :

ReTry the LMHOSTS trick, but importing it into your WINS database (In order to make it static WINS records).
Does the "1Ch" WINS Domain Controllers records also appear in WINS database ?

Check also that you deleted (the fix is immediate) the following registry key on your win2K clients :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ExplorerRemoteComputer\NameSpace\D6277990-4C6A-11CF-8D87-00AA0060F5BF

Otherwise win2K will constantly try to acces the RPC service of the remote machines (Micro$oft referenced bug Q265590).

Another important thing is : who is the 'Master Browser' for each subnet ?
Question : how can you make your WINS proxy being the master browser for Domain A whereas it stands in Domain B, and that Domain A already have a Master Browser ?

Last thing : wich type of devices and links do you have between the two subnets ?

That's the way I solved that issue; well I still have PCs disappearing (Anyway it was like that from the beginning), but no more logon problems now ...

@+

Benj Le Kangooru.

 

[Kangooru]

Bonus question :

Do you use a registered DNS domain name ?
In such a case, take a look at your DNS and Active Directory settings ...

@+
Benj.

 

[remy74]

A Watchgaurd Firebox is the gateway between my subnets. I have to check on the LMHOSTS and WINS proxy still.

Thanks,
Jeremy