Re: RPC server is unavaible
- From: HawleyBeach <HawleyBeach@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 16 Jan 2007 21:10:01 -0800
Hi Martin,
Just by accident, i thought opening firewall to let access to external DNS
servers (not too bad huh ;-) )
I have found this web site http://support.microsoft.com/kb/179442 on how to
configure a firewall for DC. But i am not sure how to fit in port, UDP, TCP
to zonealarm trust setting? On the ZoneAlarm, i can add trust by IP / Subnet/
IP range / Host as shown but they don't seem to fit in with UDP/ TCP etc:
http://i132.photobucket.com/albums/q11/plee61/ZoneAlarm.jpg
"Herb Martin" wrote:
.
"HawleyBeach" <HawleyBeach@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DE7B5009-8C24-42A6-9179-A78EBBF11AF1@xxxxxxxxxxxxxxxx
Hi Martin,
At this point on Domain controller, i have configured a fixed IP on TCPIP
setting and set the DNS Server address on NIC pointing to the same IP,
therefore making the DNS server internal.
I added primary and secondary DNS servers provided by ISP (external) to
the
list of DNS MMC -> DNS Server -> property -> forwarder tab so that all DNS
queries that cannot be answered by internal DNS server will be forwarded
to
the external DNS.
That's all correct
(Techical terms though: Those ISP DNS servers are called "Preferred and
Alternates" as Primary and Secondary are technical terms which ONLY apply
to a specific zone and not the job of forwarding or the way a client uses
DNS.)
DNS Server addresses on TCPIP setting should not be set with external DNS
addresses to make sure all DNS queries are attended internally first. Am i
right?
Exactly. All internal machiens including especially DCs and other servers
too.
Interface tab on DNS MMC -> DNS server -> property should always have the
same IP setting as DNS Server address on TCPIP. Am i right?
Yes, or 127.0.0.1 is ok most of the time too (like you had that last time.)
If yes, what is the purpose of having Interface tab?
For (true) multihome where you only want the DNS server to answer on
(some) IP addresses, e.g., inside but not external queries, or vice versa,
but
not both.
Before i stop/start net logon, i added Internal and both external DNS
server
addresses to trust on ZoneAlarm firewall. Then i stop, start net logon,
netdiag /fix.
Trust them only on port 53 UDP AND TCP.
This is your first mention of Zone Alarm -- or I would have warned you
early there are MANY things a DC must allow to service clients. You can
use the ZoneAlarm warnings to figure out most of this or you can try to
set it from the KB articles on the MS website.
[Personally I hate trying to get ZA to work on a DC.]
Search for Google for something like:
[ microsoft: firewall ports open DC | "Domain Controller" ]
or
[ site:microsoft.com firewall ports open DC | "Domain Controller" ]
Or tell me and I will find it for you.
Below is the result of dcdiag i ran lastly, the Initial error
1722 RPC Server unavailable is resolved but fail test on netlogon access
denied etc:
You are getting closer but you have more stuff to open for internal
machines.
UDP 88, 138, 139,
TCP 135, TCP 445,
Both 53, 389,
Probably some more; these are just off the top of my head -- mostly
you need to
Probably easiest to just trust everything on your INTERNAL net range.
C:\Documents and Settings\Administrator.GATEWAY>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GATEWAY
Starting test: Connectivity
......................... GATEWAY passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GATEWAY
Starting test: Replications
......................... GATEWAY passed test Replications
Starting test: NCSecDesc
......................... GATEWAY passed test NCSecDesc
Starting test: NetLogons
[GATEWAY] An net use or LsaPolicy operation failed with error 5,
Access
is denied..
......................... GATEWAY failed test NetLogons
Starting test: Advertising
......................... GATEWAY passed test Advertising
Starting test: KnowsOfRoleHolders
......................... GATEWAY passed test KnowsOfRoleHolders
Starting test: RidManager
......................... GATEWAY passed test RidManager
Starting test: MachineAccount
Could not open pipe with [GATEWAY]:failed with 5: Access is
denied.
Could not get NetBIOSDomainName
Failed can not test for HOST SPN
Failed can not test for HOST SPN
* Missing SPN :(null)
* Missing SPN :(null)
......................... GATEWAY failed test MachineAccount
Starting test: Services
Could not open Remote ipc to [GATEWAY]:failed with 5: Access is
denied.
......................... GATEWAY failed test Services
Starting test: ObjectsReplicated
......................... GATEWAY passed test ObjectsReplicated
Starting test: frssysvol
[GATEWAY] An net use or LsaPolicy operation failed with error 5,
Access
is denied..
......................... GATEWAY failed test frssysvol
Starting test: frsevent
......................... GATEWAY failed test frsevent
Starting test: kccevent
Failed to enumerate event log records, error Access is denied.
......................... GATEWAY failed test kccevent
Starting test: systemlog
Failed to enumerate event log records, error Access is denied.
......................... GATEWAY failed test systemlog
Starting test: VerifyReferences
......................... GATEWAY passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : contoso
Starting test: CrossRefValidation
......................... contoso passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... contoso passed test CheckSDRefDom
Running enterprise tests on : contoso.com
Starting test: Intersite
......................... contoso.com passed test Intersite
Starting test: FsmoCheck
......................... contoso.com passed test FsmoCheck
C:\Documents and Settings\Administrator.GATEWAY>
- Follow-Ups:
- Re: RPC server is unavaible
- From: Herb Martin
- Re: RPC server is unavaible
- References:
- RPC server is unavaible
- From: HawleyBeach
- Re: RPC server is unavaible
- From: Herb Martin
- Re: RPC server is unavaible
- From: HawleyBeach
- Re: RPC server is unavaible
- From: Herb Martin
- Re: RPC server is unavaible
- From: HawleyBeach
- Re: RPC server is unavaible
- From: Herb Martin
- Re: RPC server is unavaible
- From: HawleyBeach
- Re: RPC server is unavaible
- From: Herb Martin
- RPC server is unavaible
- Prev by Date: Re: Append domain suffix automatically
- Next by Date: Re: How to resolve timestamp?
- Previous by thread: Re: RPC server is unavaible
- Next by thread: Re: RPC server is unavaible
- Index(es):
Relevant Pages
|
