Options
Trouble adding domain user and pinging
Comments
-
Options
rwwest7
Member Posts: 300
Can someone please explain why this may be a networking issue? If it were a networking issue wouldn't he be getting a "domain not found" error when trying to join instead of the SRV error he's getting below.
Code:
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain EAD.local:The error was: "DNS name does not exist."(error code 0x0000232B RCODE_NAME_ERROR)The query was for the SRV record for _ldap._tcp.dc._msdcs.EAD.localCommon causes of this error include the following:- The DNS SRV record is not registered in DNS.- One or more of the following zones do not include delegation to its child zone:EAD.locallocal. (the root zone)
He's getting a DNS error, so why are we troubleshooting routing???? He clearly has his server set up wrong and the answer was given to him back on page 1. -
Options
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
Can someone please explain why this may be a networking issue? If it were a networking issue wouldn't he be getting a "domain not found" error when trying to join instead of the SRV error he's getting below.
Code:
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain EAD.local:The error was: "DNS name does not exist."(error code 0x0000232B RCODE_NAME_ERROR)The query was for the SRV record for _ldap._tcp.dc._msdcs.EAD.localCommon causes of this error include the following:- The DNS SRV record is not registered in DNS.- One or more of the following zones do not include delegation to its child zone:EAD.locallocal. (the root zone)
He's getting a DNS error, so why are we troubleshooting routing???? He clearly has his server set up wrong and the answer was given to him back on page 1.
I never said it was likely a networking problem either, just that it was a possibility. Maybe the DNS data is getting corrupted. Underlying networking issues could manifest themselves in all sorts of weird ways. It's always good to be mindful of that and check cables, try wired instead of wireless, etc. if you get weird errors.Also, I'm having trouble finding updated Server 03 downloads on MS' website for the dcdiag tools and such. They only have Win2K.
Sorry, I missed this response. They're part of the support tools: Windows Server 2003 Service Pack 1 Support Tools -
Options
undomiel
Member Posts: 2,818
Here's my reasoning at least, rwwest7. With all sorts of computers not able to ping each other it leans heavily towards there being a networking issue. Also if you will look a bit farther down the thread you will see that he corrects pointing to the proper DNS server. Now instead of not finding SRV records it times out. That means that the client is not communicating with the server at all. That's another reason why I'm believing it to be a networking issue. We'll get through this eventually though and find out!
Another test that could be done is going into the nslookup CLI and seeing if it can look up anything from the server. Also run the same test from the server itself to see if there is resolution on the server outside of the network.Jumping on the IT blogging band wagon -- http://www.jefferyland.com/ -
Options
rsutton
Member Posts: 1,029 ■■■■■□□□□□
I know I'm coming in late here but If you can't ping by IP why even worry about DNS?
Are you sure you don't have any other software on the computer(s) that could be blocking ICMP requests? Are you sure the 2wire isn't blockign ICMP?
I would swap out the 2wire with a hub or a switch and see if you can ping between devices.
Sorry if some of this was already said/covered, I'm still a bit hungover from the weekend. -
Options
crrussell3
Member Posts: 561
I know I'm coming in late here but If you can't ping by IP why even worry about DNS?
Are you sure you don't have any other software on the computer(s) that could be blocking ICMP requests? Are you sure the 2wire isn't blockign ICMP?
I would swap out the 2wire with a hub or a switch and see if you can ping between devices.
Sorry if some of this was already said/covered, I'm still a bit hungover from the weekend.
He does indicate that his server is unable to ping his tablet pc, but his tablet pc can ping the server.
I would also recommend swapping the port that the server is plugged into on the isp router, just to make sure that port isn't having issues.MCTS: Windows Vista, Configuration
MCTS: Windows WS08 Active Directory, Configuration -
Optionsrwwest7
Member Posts: 300
The firewall in XP and Vista by default bocks incoming ICMP ping requests but does not block the ports needed to join a domain. So it's very possible to join a domain without ever being able to ping. Has the OP ever stated he disabled the firewalls on his client computers?crrussell3 wrote: »He does indicate that his server is unable to ping his tablet pc, but his tablet pc can ping the server.
I would also recommend swapping the port that the server is plugged into on the isp router, just to make sure that port isn't having issues. -
Optionscrrussell3
Member Posts: 561
The firewall in XP and Vista by default bocks incoming ICMP ping requests but does not block the ports needed to join a domain. So it's very possible to join a domain without ever being able to ping. Has the OP ever stated he disabled the firewalls on his client computers?
Reply #9 indicates that he disabled the Windows Firewall on all pc's involved.MCTS: Windows Vista, Configuration
MCTS: Windows WS08 Active Directory, Configuration -
Optionsrwwest7
Member Posts: 300
Thanks, I see that now.crrussell3 wrote: »Reply #9 indicates that he disabled the Windows Firewall on all pc's involved.
If the XP client can ping the server, then the cabling between them should be good because the server is sending a reply back and it's getting to the XP client. The server not being able to ping the XP client has to be a problem with the XP client. If routing was messed up then the reply would not make it back or the request would never get to the server. They're both using the same router, but that's irrelevant because they're on the same subnet. Something on that client is blocking ICMP requests. Maybe he's installed a 3rd party anti-virus/firewall program like Norton or McAfee? -
Optionsdynamik
Banned Posts: 12,312 ■■■■■■■■■□
If the XP client can ping the server, then the cabling between them should be good because the server is sending a reply back and it's getting to the XP client.
That's why I haven't been focusing on the ping problem. I'm more curious to see what dcdiag and netdiag come up with. -
Options
genXrcist
Member Posts: 531
undomiel, I am able to ping my gateway from the server, Tablet, Vista laptop, and WinXP Pro desktop. I am able to ping my server from my Tablet, Vista laptop, and desktop. However, the Tablet, Vista laptop, and desktop cannot ping each other. I get messages of "Request timed out" each and every time and each computer. I get the same "Request timed out" messages when trying to ping the tablet, vista laptop, and desktop from my server. And yes, I'm only pinging using the IP address, not a name.
Wanted to point out that none of the PC's can ping each other so I think it's unlikely to be something on the PCs. I think the OP would know if he had some kind of firewall running on 'em.
I'm curious as to whether or not the OP manually entered in a MAC address for one of the PCs using ARP -s to see if it it gets replies afterwards? I don't really think this will work since the servers ARP table didn't have any entry for anything other than the GW but it's worth a shot.
Any chance you have Wireshark installed and can take a look at the packets?
I'll make this more complicated yet! 1) CCNP Goal: by August 2012 -
Optionsrwwest7
Member Posts: 300
I think we're all nuking this. It's not like he has 15 Cisco routers configured in OSPF areas. He has a simple made for home router connecting a couple PC's. And seeing as how he doesn't have the DNS on his Domain Controller set up properly I wouldn't assume anything about 3rd party firewalls. I've seen it happen more times than I can count where someone doesn't realize that the "client security" software they installed was blocking pretty much everything except internet.Wanted to point out that none of the PC's can ping each other so I think it's unlikely to be something on the PCs. I think the OP would know if he had some kind of firewall running on 'em.
I'm curious as to whether or not the OP manually entered in a MAC address for one of the PCs using ARP -s to see if it it gets replies afterwards? I don't really think this will work since the servers ARP table didn't have any entry for anything other than the GW but it's worth a shot.
Any chance you have Wireshark installed and can take a look at the packets?
I'll make this more complicated yet!
It also seems he's abandoned this thread, so he's likely figured it out by now anyway. -
Optionspenguinking
Member Posts: 80 ■■□□□□□□□□
Nope, didn't figure it out, but I finally got home today as fast as I could and ran the dcdiag and netdiag utilities. Here's what I got:
Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\ENTERPRI-TWM2D5 Starting test: Connectivity ......................... ENTERPRI-TWM2D5 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\ENTERPRI-TWM2D5 Starting test: Replications ......................... ENTERPRI-TWM2D5 passed test Replications Starting test: NCSecDesc ......................... ENTERPRI-TWM2D5 passed test NCSecDesc Starting test: NetLogons ......................... ENTERPRI-TWM2D5 passed test NetLogons Starting test: Advertising ......................... ENTERPRI-TWM2D5 passed test Advertising Starting test: KnowsOfRoleHolders ......................... ENTERPRI-TWM2D5 passed test KnowsOfRoleHolder s Starting test: RidManager ......................... ENTERPRI-TWM2D5 passed test RidManager Starting test: MachineAccount ......................... ENTERPRI-TWM2D5 passed test MachineAccount Starting test: Services ......................... ENTERPRI-TWM2D5 passed test Services Starting test: ObjectsReplicated ......................... ENTERPRI-TWM2D5 passed test ObjectsReplicated Starting test: frssysvol ......................... ENTERPRI-TWM2D5 passed test frssysvol Starting test: frsevent ......................... ENTERPRI-TWM2D5 passed test frsevent Starting test: kccevent ......................... ENTERPRI-TWM2D5 passed test kccevent Starting test: systemlog An Error Event occured. EventID: 0x00000416 Time Generated: 08/03/2009 20:25:07 Event String: The DHCP/BINL service on the local machine, ......................... ENTERPRI-TWM2D5 failed test systemlog Starting test: VerifyReferences ......................... ENTERPRI-TWM2D5 passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : EAD Starting test: CrossRefValidation ......................... EAD passed test CrossRefValidation Starting test: CheckSDRefDom ......................... EAD passed test CheckSDRefDom Running enterprise tests on : EAD.local Starting test: Intersite ......................... EAD.local passed test Intersite Starting test: FsmoCheck ......................... EAD.local passed test FsmoCheck.................................... Computer Name: ENTERPRI-TWM2D5 DNS Host Name: enterpri-twm2d5.EAD.local System info : Microsoft Windows Server 2003 R2 (Build 3790) Processor : x86 Family 6 Model 23 Stepping 6, GenuineIntel List of installed hotfixes : KB923561 KB924667-v2 KB925398_WMP64 KB925876 KB925902-v2 KB926122 KB926139-v2 KB927891 KB929123 KB930178 KB932168 KB933854 KB936357 KB936782 KB938127 KB938464-v2 KB941569 KB943055 KB943460 KB943729 KB944338-v2 KB944653 KB945553 KB946026 KB948496 KB950762 KB950974 KB951066 KB951748 KB952004 KB952069 KB952954 KB954550-v5 KB954600 KB955069 KB955839 KB956572 KB956802 KB956803 KB957097 KB958644 KB958687 KB959426 KB960225 KB960803 KB961063 KB961118 KB961371 KB961501 KB967715 KB968537 KB969805 KB969897 KB969897-IE8 KB970238 KB971633 KB971930-IE8 KB972260-IE8 KB972636-IE8 KB973346 Q147222 Netcard queries test . . . . . . . : Passed Per interface results: Adapter : Local Area Connection Netcard queries test . . . : Passed Host Name. . . . . . . . . : enterpri-twm2d5 IP Address . . . . . . . . : 192.168.1.1 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.1.254 Dns Servers. . . . . . . . : 192.168.1.1 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Passed [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge r Service', <20> 'WINS' names is missing. WINS service test. . . . . : Skipped There are no WINS servers configured for this interface. Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{72378097-AD84-4BDD-936D-32977DDFF0B1} 1 NetBt transport currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Servi ce', <03> 'Messenger Service', <20> 'WINS' names defined. Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Passed PASS - All the DNS entries for DC are registered on DNS server '192.168.1.1' . Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{72378097-AD84-4BDD-936D-32977DDFF0B1} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{72378097-AD84-4BDD-936D-32977DDFF0B1} The browser is bound to 1 NetBt transport. DC discovery test. . . . . . . . . : Passed DC list test . . . . . . . . . . . : Passed Trust relationship test. . . . . . : Skipped Kerberos test. . . . . . . . . . . : Passed LDAP test. . . . . . . . . . . . . : Passed Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information The command completed successfully F:\Documents and Settings\Administrator.ENTERPRI-TWM2D5>
I have another router laying around so I might get to installing that tonight and seeing what happens (I'll try hard to get a layer 1/2 device too). I'll let you guys know ASAP.
And I really appreciate all the help/replies. These are seemingly very simple problems that I've never encountered with any other DC setup before. -
Optionsrwwest7
Member Posts: 300
Could you possibly write whats listed in your DNS settings under the Forward Lookup Zone...domain name..._tcp section?
And what kind of Anti-Virus software is your XP machine running? -
Optionsundomiel
Member Posts: 2,818
I'm pretty sure it isn't a DNS issue from this line: DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.1'
.
I'm interested to see what the results will be from trying a different router and/or switch.Jumping on the IT blogging band wagon -- http://www.jefferyland.com/ -
Optionsrwwest7
Member Posts: 300
Don't forget a ping tests connectivity both ways:I'm pretty sure it isn't a DNS issue from this line: DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.1'
.
I'm interested to see what the results will be from trying a different router and/or switch.
The client sends out ping request addressed to the servers MAC address.
The server receives the request, then sends back a ping reply addressed to the clients MAC address.
So, the server can send a ping reply to the client computer but for some reason when it sends a ping request to the exact same address the router gets confused???
http://www.inetdaemon.com/tools/ping/how_ping_works.shtml -
Optionspenguinking
Member Posts: 80 ■■□□□□□□□□
So I tried a new hub, switch, and router with no luck. But after wasting that hour of my life, I finally figured that maybe the recently installed anti-virus was the culprit, and I figured since I had tried everything else I might as well uninstall Comodo to see what happened. And even though I "exited" the program, it was still setting my firewall policies in the background like a punk apparently, and of course bam, after the uninstall I'm able to add a domain, ping better, make love longer, etc.
Thanks for all the help guys. Lots of great posters here, with a couple calling it from the beginning that firewalls had to be turned off, I just never figured that my Comodo one had to be uninstalled altogether. I'll install it later and see what happens. Knew it had to be something stupid like that. I only recently installed Comodo but I remember having pinging problems before ever adding Comodo. Apparently my memory was faulty. -
Optionsrwwest7
Member Posts: 300
That's happened to us all. The good thing is you'll always check for something like this first in the future. Nice job sticking to it!
-
Optionsundomiel
Member Posts: 2,818
Thanks for coming back and letting us know how it went too! We appreciate it. I'm glad you've got that all resolved. Hopefully smooth sailing for you from here on out!Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
-
Optionscrrussell3
Member Posts: 561
I had a similar issue like that with Zone Alarm about 10 years ago. Good to hear that you figured it out!MCTS: Windows Vista, Configuration
MCTS: Windows WS08 Active Directory, Configuration
