Announcement

Collapse
No announcement yet.

Child domain DNS server cant view it's group in network places?!?!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Child domain DNS server cant view it's group in network places?!?!

    Hello everyone.

    We have a child domain called Accounting which has a single DC/file server and it's a DNS server.

    I noticed today that when I tried to access the child domain from network neighborhood I get the messsage: Accounting is not accessible. "You might not have permissions to use this network resource."

    why would this happen?!?!

    The 1st DNS ip address is set to itself and the 2nd DNS is the ip of the DOMAIN server.

    We're a 2003 shop and AD integrated.

    What other info must I provide for the troubleshooting process?!??!

    Thanks for reading!

    ceez
    Last edited by ceez; 10th March 2009, 21:32.

  • #2
    Re: Child domain DNS server cant view it's group in network places?!?!

    Have you got WINS setup? If so are the clients configured to resolve through it or have you got a WINS lookup configured in your DNS server?

    Cheers
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Child domain DNS server cant view it's group in network places?!?!

      thanks for the reply L4ndy.

      No, we're not using a wins server. We use NETBIOS and in the WINS tab of the server and of the workstaitons the radio button for "Enable NetBIOS over TCP\IP" is selected.

      Also, the workstations can ping by name and by ip their dc server YET the server cannot ping by name or ip the workstations?!?!?!

      On a side note, the users in this accounting domain cannot change their passwords, it says that they do not have permissions to do so.

      We have 2 other childomains which are pretty much setup the same way and we have no issues.

      We've checked DNS and all the entries of this server found everywhere (that I know of) is correct. If you know of somewhere specific that might cause issues please help me!

      We have a pretty plain vanilla setup yet dont know how to solve this.

      Thanks again for reading.

      ceez

      Comment


      • #4
        Re: Child domain DNS server cant view it's group in network places?!?!

        On your child domain, you are saing that you have a AD integrated DNS zone.
        What's the zone replication scope set as?
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: Child domain DNS server cant view it's group in network places?!?!

          L4ndy it's set to "To All DNS servers in the AD domain ACCOUNTING.DOMAIN.NET"

          I also checked my other 2 child domains and they are set the same, ie "CHILD.DOMAIN.NET"


          Now for some extra info:

          I was comparing GPO settings with the other child domains and I found that this particular domain had the following enabled:

          Domain Group Policy - Computer Configuration - Windows Settings - Security Settings - IP Security Policies on Active Directory:
          Secure Server & server options had all the check marks within those options.

          I unchecked and ran gpupdate on both the server and a test pc that was also rebooted.

          I can now ping by IP from the ACCOUNTING server and can also ping to pc name BUT using the FQDN. Ie: "ping computer.accounting.domain.net". Using the computername by itself gets no return. ***I did not try FQDN last nite when I first posted this question, but goign to assume did not work since IP didnt work either***

          This child was setup way before I got here and it was the 1st child domain of the network. This child domain doesnt do DHCP, the ACCOUNTING clients get their IPs it from the DOMAIN DC/DHCP server. So when I look at the address leases in DHCP console of the DOMAIN server I see both: "computer.domain.net" & "computername.accounting.domain.net" listed. Could this be an underlying problem?

          Now for some location information:

          The DOMAIN server and clients are here in our office, so there are 2 Domains that sit in the same locaiton. The ACCOUNTING server sits at our colocation site which has the same subnet but a different 3rd octet, ie: office:10.201.1.x & colocation: 10.201.16.x. So the ACCOUNTING clients get their IP assigned in the 1.x range instead of the 16.x range.

          Would it be safe to make that ACCOUNTING server a DHCP server? If so, would the accounting computers automatically request an IP from ACCOUNTING or would they still look at the main office because this is where they site?!??!

          The more I think about it the more screwed up this setup looks!??!

          Anything else can be going on?

          Comment


          • #6
            Re: Child domain DNS server cant view it's group in network places?!?!

            Does your router/firewall allow NetBIOS across it???

            Comment


            • #7
              Re: Child domain DNS server cant view it's group in network places?!?!

              OK I found the answer after going crazy for about a week.

              The problem had to do with the DNS suffix on group policy for this particular domain

              computer configuraiton - administrative templates - network - dns client - DNS suffix search list

              I had misstyped it for this child domain and that why I couldnt replicate the problem on other child domains, ie:

              incorrect:
              domain.net
              child1, <-I placed a comma instead of a period which broke down the child domain dns suffix search
              domain.net
              child2.domain.net
              child3.domain.net

              correct:
              domain.net
              child1.domain.net
              child2.domain.net
              child3.domain.net

              So pretty much the server couldnt see the workstations I was trying to ping because it was not adding the correct childdomain name.

              The password permission problem was also resolved. The problem being that the workstation couldnt communicate with the DNS server since the workstations in this network had the incorrect DNS suffix as listed above.

              Yet I still cant browse the ACCOUNTING domain in network neighborhood. So that's another homework.

              Thanks again for the help.

              Comment


              • #8
                Re: Child domain DNS server cant view it's group in network places?!?!

                It will be worth looking at the 'computer browser' service and seeing if that is started and set to automatic.

                Thanks for the feedback. Glad you got it sorted.

                Comment

                Working...
                X