Lab testing hangups: Halp!

Agent6376Agent6376 Member Posts: 201
Evening, first time poster so I'd like to say hello and thank everyone who contributes to this forum. I find it's a fantastic place for studying up for exams and getting questions answered by friendly, helping people.

In any case I bring to you all an issue that I cant for the life of me figure out. I'm working with a virtual team which consists of a Windows Server 2k3 Enterprise Edition and two Windows XP machines. Both XP machines are running service pack two, and my server currently is running AD/DNS/DHCP/WSUS(IIS)/RRAS

I currently have my workstations set to acquire IP information and DNS information from the DHCP scope options I have set for the 192.168.1.0/24 network. I have valid network connectivity, and I'm able to communicate locally between my server and two workstations, however I cannot access the internet from the workstations. My server currently has two NICs: One is configured to share the IP of my physical machine, and the other is configured along with the other client's on the network to use the LAN segment built into VMware Workstation. My questions that I hope someone can help me with are the following:

1. Why can't my workstations access the internet? My server can without issues and RRAS is configured for LAN Routing I've enabled NAT on the network adapter that is currently receiving the internet connection from my physical computer.

2. Why wont my computer show up in the WSUS console? I've read multiple articles online while researching these issues, only to come up empty each time. My computers and users are in an OU named Security, where I have a custom GPO that specifies a Microsoft intranet site (in this case http://server) as well as automatic updates enabled via GPO, and a computer policy which defines waiting for network connections before login.

3. Why are my computers receving an error in the event viewer that they cannot obtain the DC name, even though they pull valid IP address and DNS info upon startup, and there are no issues with name resolution on the local network?

I appreciate any and all help that can be sent over my way. I passed 70-290 a little over a week ago, and this exam will give me MCSA as I've knocked out 70-270, A+/N+ in the past as well.

Thanks in advance


**Update**

My client machines can access the internet, though at a very slow rate. Not too sure what's up with that, but at least they're functioning online.

Comments

  • dreadnoughtdreadnought Member Posts: 13 ■□□□□□□□□□
    Hi there,

    Assuming all is well with your GPO it may still take a while for the clients to check in.

    From the clients I like to run:

    wuauclt.exe /TestWSUSServer (check for any obvious errors reported)

    and then

    wuauclt.exe /detectnow (forces the client to register with WSUS rather than waiting for the period determined in your GPO)

    After that check your windowsupdate.log file (found in C:\Windows) and see whether the client has detected the WSUS server you have specified in your GPO.

    You may also like to run the client diag tool for WSUS found here:

    Microsoft Windows Server Update Services Tools and Utilities

    It gives you a detailed output when run on the client as to whether the WSUS server is reachable/functioning.

    I take it that you have specified in your GPO the container in WSUS in which you want your clients to appear in?

    Let me know how that goes.

    Dreadnought
  • Agent6376Agent6376 Member Posts: 201
    Just got home from work and I have to get ready for a family event, but I'll try out the advice that was given tonight once I get home.

    Thanks for the insight and I'll keep you posted.


    **Update** The issue was caused by my overlooking the GPO policy. After running gpresult on the client machines, I found that my policy was not successfully being applied because though I changed the permissions on my domain local group to allow gpo enforcement, I somehow forgot to enable it for the authenticated users built in group.

    Once I changed the permissions and updated the machines passed the WSUS client side testing.

    Thanks!
  • whatthehellwhatthehell Member Posts: 920
    So since the issue is essentially caused by permissions (or more specifically a GPO), would a Process Monitor trace help here? Wireshark trace?

    I have run and understand gpresult, but just seeing what else would have helped with this scenario.
    2017 Goals:
    [ ] Security + [ ] 74-409 [ ] CEH
    Future Goals:
    TBD
Sign In or Register to comment.