Announcement

Collapse
No announcement yet.

AD not working properly

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD not working properly

    Hi everybody.

    First of all, forgive me if I come in asking a question in my first post.
    I'm experiencing a huge problem on my company server.
    Let me make some preliminary remarks: I'm not particularly skilled in Server OSs, Active Directory, Domain Controllers and so on...

    In brief, the situation.

    In my company we have a network and domain server with Windows 2003 Server SP2 OS.
    Unfortunaly, since a few days the server is no more reachable by any pcs inside the domain!!!
    To be more exact, the domain users can still login, but they cannot access the resources shared by the server (i.e. folders, or even \\ServerName by Explorer).

    On the other hand, the server itself can see any single pcs inside the domain and it's pingable by anybody.
    Moreover, if a user accesses a pc OUTSIDE the domain but wired (i.e. connected by RJ45 cable) inside the same LAN, he can easily access the server resources, upon inserting login and password of a domain administrator.
    It's also possible to insert a new machine into the domain and/or remove it, without receiving any mistakes, apparently.

    Lastly, it isn't possible at all to add new Active Directory users; or better, even if you add them, they can NOT be recognized by any clients.

    Checking out these symptoms, the problem seems to be related to the Active Directory not working properly, but as I stated earlier I'm not so skillful in AD.
    Furthermore, if a hypothetical user opens Explorer and tries to access the server using its netword name (\\mobserver), he can't manage to do that; still, if he tries using its IP address (\\192.168.0.1) he can easily reach the server!
    Therefore, the DNS is somehow involved too.

    I'm posting the results of an ipconfig /all command run on the server:

    Windows IP Configuration

    Host name: mobserver
    Primary DNS suffix: mydomain.com
    Node type: unknown
    IP routing enabled: NO
    WINS proxy enabled: NO
    DNS suffix search list: mydomain.com


    Ethernet adapter Local Area Connection (LAN) 3:

    Connection-specific DNS suffix: (nothing's written here)
    Description: Broadcom NetXtreme Gigabit Ethernet
    Physical address: 00-09-6B-A5-76-7C
    DHCP enabled: NO
    IP address: 192.168.0.1
    Subnet mask: 255.255.255.0
    Default gateway: 192.168.0.2
    DNS Servers: 88.149.128.12
    88.149.128.22


    Should you need any other data, I can provide them anytime.
    I'd be very grateful to anybody who can help me out anyway, I'm desperate...

    Thank you in advance, have a nice day.

    Paolo

  • #2
    Re: AD not working properly

    On the DC change the primary DNS (From 88.149.128.12) to the one that's authorative for the AD (Usually that's the IP address of the DC itself if also configured as DNS server..)
    Then configure the DNS server to use these forwarders (88.149.128.12 and 22)
    Also post a Netdiag and DCdiag output so we can take a proper look of what's happening.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: AD not working properly

      Hi, thanks for your quick answer!

      Following your advice, I changed the primary DNS from 88.149.128.12 to 192.168.0.1 (both on the server and on some domain machines); then I accessed the DNS Server, using 88.149.128.12 and 22 (my provider's DNS) as forwarders.
      Nothing changed, apparently.

      What worries me more, the server worked for several years with the former configuration.
      I don't know what happened.

      Here are the outputs of DCdiag...

      ------------------------------------------------
      Domain Controller Diagnosis

      Performing initial setup:
      Done gathering initial info.

      Doing initial required tests

      Testing server: Nome-predefinito-primo-sito\MOBSERVER
      Starting test: Connectivity
      ......................... MOBSERVER passed test Connectivity

      Doing primary tests

      Testing server: Nome-predefinito-primo-sito\MOBSERVER
      Starting test: Replications
      [Replications Check,MOBSERVER] Inbound replication is disabled.
      To correct, run "repadmin /options MOBSERVER -DISABLE_INBOUND_REPL"
      [Replications Check,MOBSERVER] Outbound replication is disabled.
      To correct, run "repadmin /options MOBSERVER -DISABLE_OUTBOUND_REPL"
      ......................... MOBSERVER failed test Replications
      Starting test: NCSecDesc
      ......................... MOBSERVER passed test NCSecDesc
      Starting test: NetLogons
      ......................... MOBSERVER passed test NetLogons
      Starting test: Advertising
      Warning: MOBSERVER is not advertising as a time server.
      ......................... MOBSERVER failed test Advertising
      Starting test: KnowsOfRoleHolders
      ......................... MOBSERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
      ......................... MOBSERVER passed test RidManager
      Starting test: MachineAccount
      ......................... MOBSERVER passed test MachineAccount
      Starting test: Services
      w32time Service is stopped on [MOBSERVER]
      ......................... MOBSERVER failed test Services
      Starting test: ObjectsReplicated
      ......................... MOBSERVER passed test ObjectsReplicated
      Starting test: frssysvol
      ......................... MOBSERVER passed test frssysvol
      Starting test: frsevent
      There are warning or error events within the last 24 hours after the

      SYSVOL has been shared. Failing SYSVOL replication problems may cause

      Group Policy problems.
      ......................... MOBSERVER failed test frsevent
      Starting test: kccevent
      ......................... MOBSERVER passed test kccevent
      Starting test: systemlog
      An Error Event occured. EventID: 0x00000457
      Time Generated: 04/11/2011 15:55:04
      (Event String could not be retrieved)
      An Error Event occured. EventID: 0x40000004
      Time Generated: 04/11/2011 15:56:29
      (Event String could not be retrieved)
      ......................... MOBSERVER failed test systemlog
      Starting test: VerifyReferences
      ......................... MOBSERVER passed test VerifyReferences

      Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
      ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
      ......................... ForestDnsZones passed test CheckSDRefDom

      Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
      ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
      ......................... DomainDnsZones passed test CheckSDRefDom

      Running partition tests on : Schema
      Starting test: CrossRefValidation
      ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
      ......................... Schema passed test CheckSDRefDom

      Running partition tests on : Configuration
      Starting test: CrossRefValidation
      ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
      ......................... Configuration passed test CheckSDRefDom

      Running partition tests on : mydomain
      Starting test: CrossRefValidation
      ......................... mydomain passed test CrossRefValidation
      Starting test: CheckSDRefDom
      ......................... mydomain passed test CheckSDRefDom

      Running enterprise tests on : mydomain.com
      Starting test: Intersite
      ......................... mydomain.com passed test Intersite
      Starting test: FsmoCheck
      ......................... mydomain.com passed test FsmoCheck
      ------------------------------------------------

      ...and NetDiag:

      ------------------------------------------------
      ....................................

      Computer Name: MOBSERVER
      DNS Host Name: MOBSERVER.mydomain.com
      System info : Microsoft Windows Server 2003 (Build 3790)
      Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
      List of installed hotfixes :
      <CUT>

      Netcard queries test . . . . . . . : Passed
      [WARNING] The net card 'Miniport WAN (PPPOE)' may not be working because it has not received any packets.



      Per interface results:

      Adapter : Connessione alla rete locale (LAN) 3

      Netcard queries test . . . : Passed

      Host Name. . . . . . . . . : MOBSERVER
      IP Address . . . . . . . . : 192.168.0.1
      Subnet Mask. . . . . . . . : 255.255.255.0
      Default Gateway. . . . . . : 192.168.0.2
      Dns Servers. . . . . . . . : 192.168.0.1


      AutoConfiguration results. . . . . . : Passed

      Default gateway test . . . : Passed

      NetBT name test. . . . . . : Passed
      [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is

      missing.

      WINS service test. . . . . : Skipped
      There are no WINS servers configured for this interface.


      Global results:


      Domain membership test . . . . . . : Passed


      NetBT transports test. . . . . . . : Passed
      List of NetBt transports currently configured:
      NetBT_Tcpip_{D01ECDBF-A1F8-4EE4-A616-619A92FCE13D}
      1 NetBt transport currently configured.


      Autonet address test . . . . . . . : Passed


      IP loopback ping test. . . . . . . : Passed


      Default gateway test . . . . . . . : Passed


      NetBT name test. . . . . . . . . . : Passed
      [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20>

      'WINS' names defined.


      Winsock test . . . . . . . . . . . : Passed


      DNS test . . . . . . . . . . . . . : Passed
      PASS - All the DNS entries for DC are registered on DNS server '192.168.0.1' and other DCs also have some of the

      names registered.


      Redir and Browser test . . . . . . : Passed
      List of NetBt transports currently bound to the Redir
      NetBT_Tcpip_{D01ECDBF-A1F8-4EE4-A616-619A92FCE13D}
      The redir is bound to 1 NetBt transport.

      List of NetBt transports currently bound to the browser
      NetBT_Tcpip_{D01ECDBF-A1F8-4EE4-A616-619A92FCE13D}
      The browser is bound to 1 NetBt transport.


      DC discovery test. . . . . . . . . : Passed


      DC list test . . . . . . . . . . . : Passed


      Trust relationship test. . . . . . : Skipped


      Kerberos test. . . . . . . . . . . : Passed


      LDAP test. . . . . . . . . . . . . : Passed


      Bindings test. . . . . . . . . . . : Passed


      WAN configuration test . . . . . . : Skipped
      No active remote access connections.


      Modem diagnostics test . . . . . . : Passed

      IP Security test . . . . . . . . . : Skipped

      Note: run "netsh ipsec dynamic show /?" for more detailed information


      The command completed successfully
      ------------------------------------------------


      Thank you, THANK YOU in advance for your kind answers!
      Best,

      Paolo
      Last edited by Paolo977; 11th April 2011, 15:18.

      Comment


      • #4
        Re: AD not working properly

        A couple of things,
        Can you make sure the DNS resolver cache is cleared at both ends (client and server).
        dnscmd /clearcache on the server
        ipconfig /flushdns and /registerdns on the clients
        Also can you check the time is sync'd properly. How is the time setup in there?
        What events are logged in the event viewer?
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: AD not working properly

          Originally posted by L4ndy View Post
          A couple of things,
          Can you make sure the DNS resolver cache is cleared at both ends (client and server).
          dnscmd /clearcache on the server
          ipconfig /flushdns and /registerdns on the clients
          Also can you check the time is sync'd properly. How is the time setup in there?
          What events are logged in the event viewer?
          Hi, I've tried to clear the cache on both server and clients, but nothing changed.
          Server's time and client are sync'd for what i can say, and time is setup correctly, +1 GMT on all machines.

          As for event logger I can see some new messages, event_id 10009, "DCOM cannot comunicate with computer 88.149.128.22 using specified protocols" and this for ALL my DNS ip! I can ping them though.
          These errors appears after launching ipconfig /flushdns and ipconfig /registerdns

          Thanks!

          Comment


          • #6
            Re: AD not working properly

            Forgot to mention that clients need to point to 192.168.0.1 as their primary DNS as well.
            Caesar's cipher - 3

            ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

            SFX JNRS FC U6 MNGR

            Comment


            • #7
              Re: AD not working properly

              y said that you can join new pc to the domain, so do you have DHCP or you give the new pc the TCP/IP settings manually ?
              if so , what is the IP of the DNS u set or distribute via DHCP?
              make sure that there is no group policy prevent the domain users form accessing the shares

              you said that the mobeserver in pingable , so tell me did u ping it form the client pc by ping mobeserver
              and does the dns resolve the name to the ip

              Comment


              • #8
                Re: AD not working properly

                Originally posted by L4ndy View Post
                Forgot to mention that clients need to point to 192.168.0.1 as their primary DNS as well.
                Yeah, I've already set the right DNS on clients.

                Originally posted by Hassan Tofaha View Post
                y said that you can join new pc to the domain, so do you have DHCP or you give the new pc the TCP/IP settings manually ?
                if so , what is the IP of the DNS u set or distribute via DHCP?
                make sure that there is no group policy prevent the domain users form accessing the shares
                I have both cases, TCP/IP settings manually and using DHCP. In last case, ip DNS is 192.168.0.1, while primary DNS suffix is mydomain.it

                Originally posted by Hassan Tofaha View Post
                you said that the mobeserver in pingable , so tell me did u ping it form the client pc by ping mobeserver
                and does the dns resolve the name to the ip
                Yes, i did the ping from client using mobserver, and the DNS resolve the name without any problems.

                Thanks again all!

                Comment

                Working...
                X