WinXP Pro loses network access after a few hours on Win2K network

[rzward]

After a few hours of being logged on to a Win2K SP4 network using a new WinXP Pro machine, the WinXP Pro machine begins to have long delays accessing other machines on the network. Eventually, over the course of a few more hours, the machine can no longer access any of the other machines on the network. When I reboot the WinXP Pro machine, I get the normal access to the other machines again. This happens even when I access the other machines using the domain's administrator account.

Machines running Win2K do not have any problems accessing other machines on the network.

The network server is running Win2K SP4. The configuration on the Win2K server has not changed in years.

The new WinXP Pro machine uses DHCP and the Primary DNS is set to an IP address on the Internet. This is the way the other machines are configured on the network.

I see AutoEnrollment errors on the WinXP Pro machine's event log. The errors say "Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted."

I'm wondering if the WinXP Pro machine loses contact with the Win2K server and eventually decides to prevent access to the network because of it. Maybe the Win2K Pro machines lose access to the server as well but don't do anything about it?

Does anyone have any ideas what I can do to improve access to the network from the WinXP Pro machine?

Thank you in advance.

Richard

 

[wdoellefeld]

"DHCP and the Primary DNS is set to an IP address on the Internet"

This is one problem. The machines on your internal network need to point to a internal DNS server. THe internal DNS server should have either forwarding or root hints to the outside.

This is also the probable cause of your auto enrollment errors. The PC can't find a domain controller internally because DNS points it to the Internet. DNS is critical to a active directory domain.


FRCP

http://www.frcp.net

 

[rzward]

Thank you for the tip.

I did notice an option for forwarding when I looked at the server's DNS options and wondered if that would help. I will now read about forwarding and figure out how to use the feature.

Richard

 

[amdaxiom]

If you are using an outside IP simply because your DNS server is not resolving FQDN's to their IP address's make sure that the Forward Lookup Zone . is not in your list of forward lookup zones. Having that zone . basically tells the DNS server that it is authoritative for all domains so if the server does not have it in it's forward lookup zones it simply things it does not exist.

Without the . zone in the forward lookup zone then your DNS server will query the Internet for the zone automatically and you do not need to enable the forwarders (unless your DNS server does not have Internet access or at least UDP 53 outgoing open).

Harry

 

[rzward]

Thank you for your help.

Because of other problems with the domain controller, I finally decided to reinstall the operating system on the domain controller, start a new domain and eventually got to this problem again.

If I set the DNS for each computer on the network to an IP address of a DNS machine on the Internet, the computers can access the Internet just fine but the WinXP machines have trouble staying connected to other machines inside the network.

If I set the DNS for each computer on the network to the IP address of the domain controller, none of the computers are able to access the Internet.

Removing the . from the list of Forward Lookup Zone did the trick! Now I have DHCP on the domain controller automatically set the DNS for each computer on the network to the IP address of the domain controller.

Thank you!

Richard