Announcement

Collapse
No announcement yet.

Unable to communicate to AD domain properly

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to communicate to AD domain properly

    I have a site that is having problems communicating with the domain

    Domain users takes forever to authenticate to the domain. Domain Controllers are hosted in other sites.

    New computers are not able to join to domain

    The gateway this site is using is a virtual gateway which is actually a firewall. Hence this gateway does not respond to pings.

    Netdiag results show gateway and dns tests failed.

    I'm able to resolve host names and reverse. Internet is not a problem either.

    NSLOOKUP shows dns is resolving host names.

    I'm puzzled about this issue. Does anyone know if the gateway does not respond to pings, it causes problems communicating to the domain? If so, is there a workaround for a non-responding gateway?
    Last edited by vfr_nc30; 15th November 2006, 14:12.

  • #2
    Re: Unable to communicate to AD domain properly

    Your gateway maybe setup to absorb pings as a security feature.

    You say you can resolve host names but can you ping any domain controllers by name?
    Server 2000 MCP
    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Unable to communicate to AD domain properly

      Yes indeed the gateway is setup that way for security reasons. Routing is not an issue although the gateway is not pingable. Yes i can ping all DCs and all hosts.
      Last edited by vfr_nc30; 15th November 2006, 14:43.

      Comment


      • #4
        Re: Unable to communicate to AD domain properly

        Can you browse the DC's shares etc.. easily?

        Can you do start > run > \\servername and hit enter? Does it come up quickly?
        Server 2000 MCP
        Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: Unable to communicate to AD domain properly

          Yes I can but not quickly because the DCs are hosted in other sites over the WAN.
          Ping response is below 150ms so that rules out latency as a possible cause.

          Comment


          • #6
            Re: Unable to communicate to AD domain properly

            Have you got slow link detection turned on? That may help as that is a slow connection.
            Server 2000 MCP
            Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment


            • #7
              Re: Unable to communicate to AD domain properly

              How many users do you have in the remote site and what is the WAN link's capacity ?
              Guy Teverovsky
              "Smith & Wesson - the original point and click interface"

              Comment


              • #8
                Re: Unable to communicate to AD domain properly

                Latency is not an issue here. I have sites with more than 300ms response and it doesn't take 40mins to login to the domain.

                I have abt 30 users on site with a 10mbps line. I've done testing after office hours so bandwidth is not an issue either.

                Comment


                • #9
                  Re: Unable to communicate to AD domain properly

                  Couple of basic questions, but still worth checking:

                  - is the subnet correcty defined in the Sites&Services ?
                  - is the subnet assigned to the correct site ?
                  - which DC is covering the remote DC-less site ? Any chance that you have some remote (branch office) DC covering this site ?
                  - have you tried enabling verbose logging of netlogon service and looking at the logs ?
                  - network trace might help. Any chance you are having fragmentation issues ?
                  - is ICMP Source Quench allowed to pass the router ?
                  Guy Teverovsky
                  "Smith & Wesson - the original point and click interface"

                  Comment


                  • #10
                    Re: Unable to communicate to AD domain properly

                    Stupid Question time:
                    Is WIndows Firewall interfering?
                    TIA

                    Steven Teiger [SBS-MVP(2003-2009)]
                    http://www.wintra.co.il/
                    sigpic
                    Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                    We donít stop playing because we grow old, we grow old because we stop playing.

                    Comment


                    • #11
                      Re: Unable to communicate to AD domain properly

                      Yes subnet correctly defined in sties & services
                      Yes subnet is in the correct site
                      I have a few other remote sites covered under these 2 DCs. Don't have problems with those sites.

                      I will try enabling verbose for the netlogon
                      trace route looks fine.
                      What is ICMP Source Quench?


                      We have enabled the gateway to respond to pings. Problem still persist, so its probably more of an AD issue

                      I don't have Windows Firewall enabled in the W2K3 DCs. Those DCs are serving other sites as well.

                      I ran netdiag again, these are the failed tests

                      DNS test . . . . . . . . . . . . . : Failed


                      Redir and Browser test . . . . . . : Failed
                      List of NetBt transports currently bound to the Redir
                      NetBT_Tcpip_{97528DFC-7E2D-45B1-AC7C-743B89DD5D47}
                      The redir is bound to 1 NetBt transport.

                      List of NetBt transports currently bound to the browser
                      NetBT_Tcpip_{97528DFC-7E2D-45B1-AC7C-743B89DD5D47}
                      The browser is bound to 1 NetBt transport.
                      [FATAL] Cannot send mailslot message to '\\SNTG*\MAILSLOT\NET\NETLOGON' via redir. [ERROR_BAD_NETPATH]


                      DC discovery test. . . . . . . . . : Passed
                      DC list test . . . . . . . . . . . : Failed
                      Trust relationship test. . . . . . : Failed
                      Kerberos test. . . . . . . . . . . : Failed

                      Does anyone know what DNS test netdiag do?

                      I can resolve host names without problems.
                      Last edited by vfr_nc30; 17th November 2006, 08:47.

                      Comment

                      Working...
                      X