WinXP does not like Win2k Server Active Directory domain 1

[BigBZ]

We have a windows 2000 server pro server set up with domain access for all users in our network. we have two Dell Desktop PCs that came with windows XP. These two PCs continually have print/network issues which I believe are just side effects of the real problem. both machines have the following errors repeatedly, on a daily basis, and this is ONLY the XP machines.
Event Type: Warning
Event Source: w32time
Event Category: None
Event ID: 54
Date: 7/19/2003
Time: 6:08:47 PM
User: N/A
Computer: COMPUTER
Description:
The Windows Time Service was not able to find a Domain Controller. A time and date update was not possible.
Data:
0000: e5 03 00 00 å...

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 7/19/2003
Time: 4:39:18 PM
User: N/A
Computer: COMPUTER
Description:
No Windows NT or Windows 2000 Domain Controller is available for domain PULSE. The following error occurred:
There are currently no logon servers available to service the logon request.
Data:
0000: 5e 00 00 c0 ^..À

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 7/22/2003
Time: 3:21:45 AM
User: NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
Windows cannot determine the user or computer name. Return value (1722).

Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 7/22/2003
Time: 8:36:05 AM
User: N/A
Computer: TFANTEXPN
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1054
Date: 7/21/2003
Time: 11:11:17 AM
User: NT AUTHORITY\SYSTEM
Computer: TFANTEXPN
Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.


~~~~~~~~~~~~~~~~~~~
These four errors occur frequently, especially the last two.

Per the microsoft knowledge base I have hard coded the DNS (our ISP DNS) on the XP machine. I have also taken other steps such as turning on NetBIOS over tcp/ip and unchecking "register this address in DNS" and the issue continues on. I have reformatted the XP Machine, reinstalled our normal software which include acrobat reader, MS office, and all microsoft windows updates, and the issue continues on. ONLY with the XP machines!! =O

as i said before, any and all help would be greatly appreciated. thanks!

 

[Claudek]

Am assuming that you have an internal DNS server for your Active Directory (probably on your 1st Domain Controller).
Have you tried setting the primary DNS address on the XP box to be the address of your internal DNS server?



Claudius (What certifications??)

http://www.iteq.com.au

 

[Teamaker]

http://support.microsoft.com/defaul...port/kb/articles/q300/2/02.ASP&NoWebContent=1

!!A good cup of Tetley keeps the madness at bay!!

 

[ee61re]

we have had similar problems with some Dell desktops that use a gigabit ethernet card. Updating the network driver solved it.

having said that, we now have the same issue with a Fujitsu-siemens desktop that uses an intel based 10/100 nic, and updating its drivers didn't help.

our DNS has never been an issue.

We found that despite all these errors, we could log onto the domain ok, and GPO policies were applied ok, except for the software installation parts of the policy. They worked fine after the NIC driver update, except for this single Fujitsu unit.

Hope this helps

Rob

 

[MSEDDE]

One bit of helpful information would be if these XP machines are Home Edition or Pro. YOu will have a lot of problems out of the Home Editions. They aren't meant for a Domain. Other than that the "Userenv Windows cannot determine the user or computer name. Return value (1722)"

This means the local computer accound is corrupt. If you have XP Pro's and they are logged onto the domain you have to log them back off into a workgroup called WORKGROUP and then rejoin them. Make sure you are logging into the Network and not the Local Machine. This I have found will corrupt the accounts.

The error, "The Windows Time Service was not able to find a Domain Controller. A time and date update was not possible."

This could also be a major problem. This walks hand and hand with the Kerberos Security. Look up my username on this site and look at the other post I made. I made one on this error I believe and was sent a good document on it. I may write again and post it for you.

ME

 

[ee61re]

our systems are all XP Pro.

I've tried moving the problem machine into a workgroup and then rejoining the domain, but I still have the same problem.

 

[minxca]

I had similar problem while ago with one XP machine.
Try this: when you move to workgroup/domain try use Network ID, don't use Change tab.
Don't ask me why, but it worked for me.

 

[BigBZ]

The XP Machines are Dell Desktop XP Professional. Will look at your suggestions right now and get back to you guys ... all help is greatly appreciated! Thanks!

 

[tazmaniandevil]

Are the NIC's 'Intel pro 100/100VE' onboard cards? If so, we have had the same problem in the past. We order new Dells with additional 3-com cards installed, then diable the onboard ones. We also re-load every new Dell machine prior to connecting to our network. We have found that the Dell pre-load causes problems with e-mail clients.

 

[BigBZ]

Yes that is the same ethernet card. I put a 3com in it. Reboot. Same problems.

 

[Teamaker]

You said "I have hard coded the DNS (our ISP DNS) on the XP machine"

This is not right this happened on our network and we had all the same error messages the XP workstations DNS should point to your internal DNS server otherwise it cannot find the Active Directory ie the domain controllers so no TIME service no NETLOGON and so on.

XP relies on DNS far more heavily than other versions of Windows.

!!A good cup of Tetley keeps the madness at bay!!

 

[techydude]

Hi BigBZ,

Please check out thread # 779-540802 & 779-527315. You will find the solution to your problem in there. As hinted above, your problem revolves around your DNS setting on the XP machines.

Contrary to all previous versions of Windows, XP uses DNS for LAN name resolution (inc most DC resources) as well as internet name resolution, so your XP clients need to have the IP of your internal DNS server rather than your ISPs DNS, and your internal DNS (1 of your domain controllers) can have DNS forwarding turned on in order to resolve internet namespace.

 

[ee61re]

I've just resolved the issue I was having with the single Fujitsu desktop. It has an Intel 10/100 VM NIC.

I set the NIC to 100/Full instead of Auto, rebooted, and lo and behold, its now installing managed software from the AD GPO.

So, for Dells with Gigabit NICs, update the drivers, for anything else, it must have an autonegotiate problem. I think I remember reading an MS technet article about Intel NICs and autoneg, but can't find it.

Anyhow, try manually setting speed/duplex and see what gives.

Rob

 

[ee61re]

OK. I've just found another Dell with a gigabit card, that won't pull the GPO software updates, even after updating the NIC driver, and setting it to 100/full.

Now I'm annoyed.

I'm beginning to suspect the switch, although its not showing anything unusual on the stats.

Rob

 

[arlems]

Your XP machine is not the problem. Your problem resides with your DNS on the server.

 

[ee61re]

I firmly believe that in my particular case, DNS is not the issue at all.

All aspects of the GPO, domain memberships, security policies, etc, are applied and functioning fine.

The only problem I have is with deployment of software. Basically it flatly refuses to do it, complaining that it cannot determine the domain controller, however, other than this 1 machine, updating the NIC drivers has resolved this.

 

[Teamaker]

I think you will find that if your XP DNS still points to your ISP on the other machines they will still be intermittent, they will find a DC and GP's eventually by using broadcasts but not as efficiently as they should.

!!A good cup of Tetley keeps the madness at bay!!

 

[ee61re]

it is worth point out at this stage that I am not the original poster. I am experiencing similar problems, but I have all internal DNS, so have ruled out non-AD DNS as a cause.

Rob

 

[BigBZ]

From the resource you guys gave me:

""""
1. Ensure that the XP clients are all configured to point to the local DNS server which hosts the AD domain. That will probably be the win2k server itself. They should NOT be pointing an an ISP's DNS server. An 'ipconfig /all' on the XP box should reveal ONLY the domain's DNS server. You should use the DHCP server to push out the local DNS server address.

2. Ensure DNS server on win2k is configured to permit dynamic updates. Ensure the win2k server points to itself as a DNS server.

3. For external (internet) name resolution, specify your ISP's DNS server not on the clients, but in the forwarders tab of the local win2k DNS server. On the DNS server, if you cannot access the 'Forwarders' and 'Root Hints' tabs because they are greyed out, that is because there is a root zone (".&quot present on the DNS server. You MUST delete this root zone to permit the server to forward unresolved queries to yout ISP or the root servers. Accept any nags etc, and let it delete any corresponding reverse lookuop zones if it asks.
"""""

Response in order:

1. I tested one machine, pointed only the internal IP to the DNS server (192.168.1.20). Now, when I did this with one machine it worked and I was soo happy! Then I did it with another dell same model, same purchase date and it killed the dell's browsing. Then, the next morning the dell machine that was working could not browse either. We recently got some more laptops that are XP and when setting them up I have been trying to repair this issue. We host

http://www.pulsestaff.net

on our server and when I hardcode the internal DNS of our server then it drops the browsing for the pulsestaff.net but I can browse to other places (this is because We did not have the ISP DNS in the forwarding tab in our DNS configuration.) So, when internal DNS is coded we cannot access our

http://www.pulsestaff.net

which we also run a web app that our internal employees use as their core tool.

2. Yes it is enabled to do dynamic updates (only safe ones, which according to the MS knowledge base it should still work fine with safe dynamic updates) and I believe it is set up to point to itself, but could someone clarify how I could verify this???? Thanks!!!

3. We did NOT have the forwarding tab filled out for ISP DNS, but I put it in there, and we had no problems with the root zone as it had already been removed.


So i've come to the point where when I specify our internal DNS i can't browse to our server but I can get out on the internet .... PLEASE HELP I FEEL I AM SO CLOSE and just missing something small!! *newbie to DNS*

Thanks in advance!


-BZ

 

[Teamaker]

If you type in "nslookup" at the command prompt it will tell you which name server the machine is looking at.

As for browsing make sure netbios over IP is enabled.



!!A good cup of Tetley keeps the madness at bay!!