Re: Directory Service Event 1311

Download and run this tool from Microsoft. You can set it to run queries for:
Domains and Trusts
IPSec
Networking
SQL
WEB Service
Exchange
Netmeeting

It will run according to what services you set it to check for and tell you
what is being filtered/blocked. Run it from the server that you cannot join
to the domain.
Also, is there a site link created between the two sites?



"Manoj" wrote:

Wow, I would have imagined this to be a routine problem, but guess not. In
my case, it seemed to be a firewall problem too, but my Cisco router guy does
not think so, saying all tcp traffic is going through the VPN tunnel. Was
there any specific ports they had to open up in the firewall?

My problem is how to prove to the router guy that it is an access control
list in the router config that is blocking the traffic. How can that be
proved. Any debugging tools to help this sort out.

Thanks
Manoj

"Net Admin" wrote:

I had to call MS Support and it took us 14 hours and 6 engineers to finally
fix the problem. The main issue was DNS. I had to point all DNS servers, even
the child domain DNS servers, to the PDC in the main site as their primary
DNS server. I had to allow zone transfers to all DNS servers in the forest.
There were issues with routers and our firewall appliance blocking certain
ports. I also had to create a zone delegation for the child doamin zone.
Since The firewall admin and router admin are 2 other administrators we all
had to get in on it to figure this thing out. I downloaded and ran the GUI
port query tool to see what was being filtered. I am happy to say that
everyhting works just fine now. It was well worth the money to call
Microsoft. Sometimes you need an expert from the outside to come in and take
a look. I hope you figure your issues out.
Good Luck!

"Manoj" wrote:

I get a similar error from a new server that is at site 2 while sending
portqry to a PDC at site 1.

I am trying to join this new server to domain and am not able to contact the
PDC at site 1.

Does this mean a firewwall is blocking it. I have windows firewall turned
off on the PDC and on this new server. My routers at both sites, do not
specifically block this TCP port. What else must be going on. How did you
solve your problem .

Thanks
Manoj


"Net Admin" wrote:

Ok our firewall admin says all traffic is allowed between child domain DCs
and parent domain DCs. I ran the query command you gave me and this is what I
got:

H:\>portqry -n childdc -e 135 -p tcp
Querying target system called:
childdc
Attempting to resolve name to IP address...
Name resolved to 10.0.17.2
TCP port 135 (epmap service): FILTERED
H:\>
Could this be filtered on the server itself?

"Paul Williams [MVP]" wrote:

Sorry for the delay!

That sounds fine. Run the following tests to be sure we've not missed
anything re. DNS:

nltest /dsgetdc:domain-name.com
nltest /dsgetsite


Run that from a client and a DC. NLTEST is a support tool.

If you don't have NLTEST and can't install the support tools for whatever
reason, use NSLOOKUP:


nslookup -type=srv _ldap._tcp.dc._msdcs.domain-name.com


If that is yielding a positive result, the problem is elsewhere. Use
REPLMON to monitor replication and see what is going on.

Are there any firewalls in between DCs and PCs? Check that you are able to
query the end-point mapper (TCP135) and one of the DS ports returned by the
end-point mapper using PORTQRY (support tool or download), like so:

portqry -n hostname -e 135 -p tcp


--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net




.

Relevant Pages

  • Re: Cannot connect to RWW from home PC
    ... That would be the address you need a DNS record for. ... You say "And in the router you need to forward to your external nic IP" ... Still can't telnet to any of your ports at your public ip address. ... Heres' the info for our server: ...
    (microsoft.public.windows.server.sbs)
  • Re: Simultaneous DSL and cable modem access on a SBS network...sorf ot.
    ... Internet Connection wizard on the SBS box, ... "More Information" button on what ports need to be opened to the SBS. ... The server and the fax (the line the DSL modem ... The cable modem already has a router attached to it as well, ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... As far as "What happens if you remove the ISP DNS servers and just use ... What are your ISP's DNS server IP addresses? ... and put in the ip of the router. ... time broadband connection - and that is what must be selected in ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 20003 R2 Newbie
    ... Try using a smarthost to send outbound mail from your SBS server. ... you may have better luck using the Earthlink ... In the router, you need to forward some ports to your SBS NIC: ...
    (microsoft.public.windows.server.sbs)
  • Re: Set up Remote Connection
    ... To know what ports you need to forward for RWW and/or OWA, VPN, etc: ... Configuring Virtual Servers on Belkin Router: ... run my internet connection directly from the cable modem to the ... server, and then to the router through the second NIC. ...
    (microsoft.public.windows.server.sbs)
Loading