Re: [ActiveDir] DC Can't Handle DNS Pointed to Self

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

Stupid question?  Is the network location awareness service running?
We've found that XP machines picking up the policies from the server 
needed that service running.  It should work with 'manual' but we've 
found that we've had to kick it to auto at times.

Noah Eiger wrote:

Hi Robert

 

The firewall business comes from the fact that I have two domain-wide 
policies: if your computer is on one of the local networks, it gets no 
firewall; if it is off the network, it gets the firewall applied. 
Basically, it should not be processing that GPO that way. Something is 
amiss.

 

_Dcdiag_ shows passes except for

1) failures to replicate to the other local DC, but success to the 
bridgehead at the hub site.

2) this KCC error:

Starting test: kccevent

An Warning Event occured.  EventID: 0x80250828

Time Generated: 07/27/2006   22:31:03

(Event String could not be retrieved)

...................... VDC02 failed test kccevent

 

_Netdiag_ failures are:

Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : VDC02

        IP Address . . . . . . . . : 10.30.100.34

        Subnet Mask. . . . . . . . : 255.255.255.0

        Default Gateway. . . . . . : 10.30.100.1

        Primary WINS Server. . . . : 10.10.200.30

        Secondary WINS Server. . . : 10.10.200.31

        Dns Servers. . . . . . . . : 10.30.100.34

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        [WARNING] At least one of the <00> 'WorkStation Service', <03> 
'Messenger Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Passed

 

Trust relationship test. . . . . . : Failed

    [FATAL] Secure channel to domain 'CORPCO' is broken. 
[ERROR_NO_LOGON_SERVERS]

 

NetBT name test. . . . . . . . . . : Passed

    [WARNING] You don't have a single interface with the <00> 
'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names 
defined.

 

Finally, all this could be related to the _virtual machine portion_ of 
things. The host machine shows several informational messages in the 
System Log related to VPCNetS2 (errors 5, 10, 12, and 13). Googling 
indicates these might be creating confusion between the host, the 
guest, and the network.

 

Thanks,

 

--- nme

 

------------------------------------------------------------------------

*From:* Robert Rutherford [mailto]
*Sent:* Friday, July 28, 2006 12:20 AM
*To:* ActiveDir@mail.activedir.org
*Subject:* RE: [ActiveDir] DC Can't Handle DNS Pointed to Self

 

Sounds like its not replicating. When you say non-domain firewall, 
what do you mean? You don’t want any firewall on it… unless you have a 
specific need.

 

If you strip the firewall off, where does that leave you?

 

If you use dcdiag and netdiag they should also give you an idea about 
what’s going on. If you like, feel free to mail them to me.

 

Cheers,

 

Rob

 

        

 

        

*Robert Rutherford*
*QuoStar Solutions Limited*
 

The Enterprise Pavilion
Fern Barrow
Wallisdown
Poole
Dorset
BH12 5HH
 

        

 

        

*T:*

        

+44 (0) 8456 440 331

*F:*

        

+44 (0) 8456 440 332

*M:*

        

+44 (0) 7974 249 494

*E: *

        

[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>

*W: *

        

www.quostar.com <http://www.quostar.com>

        

 

 

------------------------------------------------------------------------

*From:* [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] *On Behalf Of *Noah Eiger
*Sent:* 28 July 2006 07:20
*To:* ActiveDir@mail.activedir.org
*Subject:* [ActiveDir] DC Can't Handle DNS Pointed to Self

 

Hello:

 

This is sort of a follow up to two recent postings. Any thoughts are 
welcome as I have now been trying to figure this one out for about a week.

 

I have DC running as a virtual machine under (host W2k3 SP1 w/ VS 2005 
R2; guest: W2k3 ENT R2). This machine was recently promoted. When its 
local DNS points to itself, the machine does not logon to the domain. 
It appears to not even know about itself. No one can get to it because 
it loads the non-domain firewall GPO (enabling the full firewall).

 

When I point DNS across the WAN, it loads – though interestingly it 
does not become visible on the network until I log into it (via the VS 
management tools). I can then log out and it stays visible. It then 
appears to function correctly.

 

Any thoughts greatly appreciated.

 

-- nme


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.4/399 - Release Date: 7/25/2006


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.4/399 - Release Date: 7/25/2006


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.4/399 - Release Date: 7/25/2006


--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will 
hunt you down...
http://blogs.technet.com/sbs

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx