Re: GPO issue on 1 pc

---

• From: Mike <Mike@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 5 Apr 2007 06:48:03 -0700

---

Morning Herb,

Latest update ...

End user is now receiving this as of this morning:

Automatic certificate enrollment for local system failed to contact the
active directory (0x8007054b). The specified domain either does not exist or
could not be contacted.

Enrollment will not be performed.


Our intranet site that has been the problem - which is supposed to be
hardcoded for the default homepage of IE is
http://trintranet/sites/portal/default.aspx

No relationship to our www website. And DNS is correct on all 9 of our
servers.

The ipconfig /all settings are correct for this pc.

C:\>ipconfig /all


Windows IP Configuration
Host Name . . . . . . . . . . . . : gwisit62jnnb1
Primary Dns Suffix . . . . . . . : company.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : company.com

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
Controller
Physical Address. . . . . . . . . : 00-15-C5-44-C3-DA
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.16.11.143
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.11.2
DHCP Server . . . . . . . . . . . : 172.16.11.79
DNS Servers . . . . . . . . . . . : 172.16.11.15
172.16.11.80
Primary WINS Server . . . . . . . : 172.16.11.23
Secondary WINS Server . . . . . . : 172.16.11.36

Lease Obtained. . . . . . . . . . : Thursday, April 05, 2007 7:41:46
AM
Lease Expires . . . . . . . . . . : Thursday, April 12, 2007 7:41:46
AM

C:\>nslookup trintranet
Server: gwdc01.company.com
Address: 172.16.11.15

Name: trintranet.company.com
Address: 172.16.32.22

What else can we try. Again, if the same user logs onto another computer
GPO's work just fine - it's the laptop, but am not sure why GPO's aren't
being applied.

Mike

"Herb Martin" wrote:

"Mike" <Mike@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AB68361F-0B96-4634-B674-EADB6745E271@xxxxxxxxxxxxxxxx

Hello Herb,

The original problem was that the Computer Config part of all GPO's wasn't
being applied to the computer - I found this running the RSOP on that
computer.

After I posted my last message, that part did resolve itself and updates
were happening. But with that said, we have an internal website set as
the
default home page for IE company wide. That laptop was not getting that
part
of the GPO for whatever reason. As I left work tonight, that still was
the
case. Even if they manually typed in the address they would receive Page
Cannot be found.

This is likely a DNS (or just possibly a routing/filter) issue.

One likely idea is that your web site is named something like:

www.yourdomain.com and people are typing it without the "www".

One that other name might not be registered, and TWO all the DCs
will register the bare name.

In any case you start troubleshooting this by performing NSLookup
tests with explicit name servers as the final parameter:

nslookp webname.domain.com IP.Internal.DNS.Server

Try every INTERNAL DNS server listed on the client "Ipconfig /all"
explicitly in place of "IP.Internal.DNS.Server"

Oddly enough everyone else in the company can get to it.
If that same user logs into another computer and opens IE - they get there
first try.

So why can't that hardware get to the webpage page?

Show me your UNEDITED text from "Ipconfig /all" and from NSLookup
commands above.


--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

.

---

• Follow-Ups:
  • Re: GPO issue on 1 pc
    • From: Herb Martin

• References:
  • Re: GPO issue on 1 pc
    • From: Herb Martin
  • Re: GPO issue on 1 pc
    • From: Herb Martin
  • Re: GPO issue on 1 pc
    • From: Mike
  • Re: GPO issue on 1 pc
    • From: Herb Martin
  • Re: GPO issue on 1 pc
    • From: Herb Martin
  • Re: GPO issue on 1 pc
    • From: Mike
  • Re: GPO issue on 1 pc
    • From: Herb Martin

• Prev by Date: Re: removing computers from domain
• Next by Date: Re: change standalone server to active directory
• Previous by thread: Re: GPO issue on 1 pc
• Next by thread: Re: GPO issue on 1 pc
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: DNS Authentication Issue ... NSLOOKUP is failing because you do not have a reverse- ... always recommend a Reverse lookup Zone. ... -- Ensure that the DC is pointing to it's own IP for DNS ... Check that both DNS servers are listed in the Name Servers ... (microsoft.public.cert.exam.mcse) Re: google.com get redirected to google.co.uk ... This will tell you whether it is or is not their servers causing this. ... nslookup www.google.com xxx.xxx.xxx.xxx ... They have four internal AD DNS servers. ... In DNS console, under Cached Lookups, we can see under, co, uk a cname ... (microsoft.public.windows.server.dns) Re: w2k3 DNS Server Manual ... nslookup mydomain.com ... directory and i need some servers to have communication to the outside world ... > guide to defining DNS zones. ... > If where you run this is a domain member then those DNS ... (microsoft.public.windows.server.dns) Re: Read-Only Access to DNS ... Dèjì Akómöláfé, MCSE MCSA MCP+I ... Nslookup is not enough for them. ... These are legacy DNS servers, ... > not used with AD. I'm running Windows 2000 servers that reside in Windows ... (microsoft.public.win2000.dns) Re: Help SMPT Errors ... FAIL Reverse DNS entries for MX records ERROR: The IP of one or more of your ... it may mean that your DNS servers did not respond fast enough). ... INFO NS records at parent servers Your NS records at the parent servers ... PASS Parent nameservers have your nameservers listed OK. ... (microsoft.public.exchange.admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)