Re: AD clients can no longer connect to DC in 2003
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 08/01/04
- Next message: ptwilliams: "Re: Newbie having a problem with AD"
- Previous message: ptwilliams: "Re: DNS on child domain"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 1 Aug 2004 18:58:59 +0100
Yes, rebooting would also have forced the netlogon service to reregister the
SRV records. ;-)
Seeing as you can logon to your DCs and you've proved network connectivity
to not be the fault, perhaps you should look at the clients. Where are the
clients pointing for DNS resolution. They should point to internal DNS
servers. Also, with regards to the failover not working, you need to
configure a minimum of two different internal DNS servers in the client's
TCP/IP properties. You will also need multiple GCs.
Verify that the clients are pointing to an existing, internal DNS server
(usually a DC) and are pointing to another different internal DNS server as
the second. Then type the following at the command prompt:
C:\>nltest /dsgetdc:yourDomain.com
You will need the nltest util which I believe is part of the support tools.
A simple ping test only proves the name-to-IP resolution is working (a good
start). However it does not prove that the correct SRV records are present.
You have to use the nslookup utility and set the record type to SRV to do
this (or use nltest, etc.).
-- Paul Williams _________________________________________ http://www.msresource.net Join us in our new forums! http://forums.msresource.net _________________________________________ "marc" <anonymous@discussions.microsoft.com> wrote in message news:675e01c47575$75879620$a301280a@phx.gbl... That didn't do anything (and wouldn't rebooting the DC, which I have done, have had the same effect??) any other ideas? >-----Original Message----- >Login locally to the DC .... > >net stop netlogin >net start netlogin > >That should get logins going again. > >"marc" wrote: > >> AD was working but has stopped (Windows 2003, all >> patches) and we have no idea why >> >> - can log into DC's, no problem >> >> - can log into DC clients via local ADMIN but not >> DOMAIN ADMIN >> >> - all machines are on same subnet >> >> - no machines are multihomed >> >> - all name services seem to be working, though >> testing shows that redundant services are not (e.g.: shut >> down 1st listed DNS server and client can no long ping, >> though if client is rebooted it uses the 2nd DNS server >> correctly) >> >> - initial symptom was "Unable to log on to Windows: >> RPC server is not available" >> >> - after removing client from domain to workgroup, the >> error on trying to rejoin the domain is "The following >> error occurred trying to join the domain "lan.com" >> Windows can not find the network path >> >> - I can ping by name >> * the fully qualified domain name >> * the fully qualified client name >> * the domain servers >> * the client name >> >> - I can do nslookup (forward and backward) on all of >> the above >> >> - we have other domains (with separate controllers) >> on the same physical networks (e.g.: L2 & L3 switches) >> that have no problems >> >> - we have isolated testing to a specific client and >> DC attached to the same L2 switch and with all redundant >> DNS/DC entries removed, to no avail - same errors >> >> Everything was installed from scratch for Windows 2003, >> so there were no upgrade issues, etc. >> >> I'm not sure how to diagnose this further ... >> >> HELP!! >> >. >
- Next message: ptwilliams: "Re: Newbie having a problem with AD"
- Previous message: ptwilliams: "Re: DNS on child domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
