Trouble adding domain user and pinging

rwwest7 · August 2009

Can someone please explain why this may be a networking issue? If it were a networking issue wouldn't he be getting a "domain not found" error when trying to join instead of the SRV error he's getting below.

Code:
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain EAD.local:The error was: "DNS name does not exist."(error code 0x0000232B RCODE_NAME_ERROR)The query was for the SRV record for _ldap._tcp.dc._msdcs.EAD.localCommon causes of this error include the following:- The DNS SRV record is not registered in DNS.- One or more of the following zones do not include delegation to its child zone:EAD.locallocal. (the root zone)

He's getting a DNS error, so why are we troubleshooting routing???? He clearly has his server set up wrong and the answer was given to him back on page 1.

dynamik · August 2009

rwwest7 wrote: »

Can someone please explain why this may be a networking issue? If it were a networking issue wouldn't he be getting a "domain not found" error when trying to join instead of the SRV error he's getting below.

Code:
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain EAD.local:The error was: "DNS name does not exist."(error code 0x0000232B RCODE_NAME_ERROR)The query was for the SRV record for _ldap._tcp.dc._msdcs.EAD.localCommon causes of this error include the following:- The DNS SRV record is not registered in DNS.- One or more of the following zones do not include delegation to its child zone:EAD.locallocal. (the root zone)

He's getting a DNS error, so why are we troubleshooting routing???? He clearly has his server set up wrong and the answer was given to him back on page 1.

I never said it was likely a networking problem either, just that it was a possibility. Maybe the DNS data is getting corrupted. Underlying networking issues could manifest themselves in all sorts of weird ways. It's always good to be mindful of that and check cables, try wired instead of wireless, etc. if you get weird errors.

Evan Lieb wrote: »

Also, I'm having trouble finding updated Server 03 downloads on MS' website for the dcdiag tools and such. They only have Win2K.

Sorry, I missed this response. They're part of the support tools: Windows Server 2003 Service Pack 1 Support Tools

undomiel · August 2009

Here's my reasoning at least, rwwest7. With all sorts of computers not able to ping each other it leans heavily towards there being a networking issue. Also if you will look a bit farther down the thread you will see that he corrects pointing to the proper DNS server. Now instead of not finding SRV records it times out. That means that the client is not communicating with the server at all. That's another reason why I'm believing it to be a networking issue. We'll get through this eventually though and find out!

Another test that could be done is going into the nslookup CLI and seeing if it can look up anything from the server. Also run the same test from the server itself to see if there is resolution on the server outside of the network.

rsutton · August 2009

I know I'm coming in late here but If you can't ping by IP why even worry about DNS?

Are you sure you don't have any other software on the computer(s) that could be blocking ICMP requests? Are you sure the 2wire isn't blockign ICMP?

I would swap out the 2wire with a hub or a switch and see if you can ping between devices.

Sorry if some of this was already said/covered, I'm still a bit hungover from the weekend.

crrussell3 · August 2009

rsutton wrote: »

I know I'm coming in late here but If you can't ping by IP why even worry about DNS?

Are you sure you don't have any other software on the computer(s) that could be blocking ICMP requests? Are you sure the 2wire isn't blockign ICMP?

I would swap out the 2wire with a hub or a switch and see if you can ping between devices.

Sorry if some of this was already said/covered, I'm still a bit hungover from the weekend.

He does indicate that his server is unable to ping his tablet pc, but his tablet pc can ping the server.

I would also recommend swapping the port that the server is plugged into on the isp router, just to make sure that port isn't having issues.

rwwest7 · August 2009

crrussell3 wrote: »

He does indicate that his server is unable to ping his tablet pc, but his tablet pc can ping the server.

I would also recommend swapping the port that the server is plugged into on the isp router, just to make sure that port isn't having issues.

The firewall in XP and Vista by default bocks incoming ICMP ping requests but does not block the ports needed to join a domain. So it's very possible to join a domain without ever being able to ping. Has the OP ever stated he disabled the firewalls on his client computers?

crrussell3 · August 2009

rwwest7 wrote: »

The firewall in XP and Vista by default bocks incoming ICMP ping requests but does not block the ports needed to join a domain. So it's very possible to join a domain without ever being able to ping. Has the OP ever stated he disabled the firewalls on his client computers?

Reply #9 indicates that he disabled the Windows Firewall on all pc's involved.

rwwest7 · August 2009

crrussell3 wrote: »

Reply #9 indicates that he disabled the Windows Firewall on all pc's involved.

Thanks, I see that now.

If the XP client can ping the server, then the cabling between them should be good because the server is sending a reply back and it's getting to the XP client. The server not being able to ping the XP client has to be a problem with the XP client. If routing was messed up then the reply would not make it back or the request would never get to the server. They're both using the same router, but that's irrelevant because they're on the same subnet. Something on that client is blocking ICMP requests. Maybe he's installed a 3rd party anti-virus/firewall program like Norton or McAfee?

dynamik · August 2009

rwwest7 wrote: »

If the XP client can ping the server, then the cabling between them should be good because the server is sending a reply back and it's getting to the XP client.

That's why I haven't been focusing on the ping problem. I'm more curious to see what dcdiag and netdiag come up with.

genXrcist · August 2009

Evan Lieb wrote: »

undomiel, I am able to ping my gateway from the server, Tablet, Vista laptop, and WinXP Pro desktop. I am able to ping my server from my Tablet, Vista laptop, and desktop. However, the Tablet, Vista laptop, and desktop cannot ping each other. I get messages of "Request timed out" each and every time and each computer. I get the same "Request timed out" messages when trying to ping the tablet, vista laptop, and desktop from my server. And yes, I'm only pinging using the IP address, not a name.

Wanted to point out that none of the PC's can ping each other so I think it's unlikely to be something on the PCs. I think the OP would know if he had some kind of firewall running on 'em.

I'm curious as to whether or not the OP manually entered in a MAC address for one of the PCs using ARP -s to see if it it gets replies afterwards? I don't really think this will work since the servers ARP table didn't have any entry for anything other than the GW but it's worth a shot.

Any chance you have Wireshark installed and can take a look at the packets?

I'll make this more complicated yet!

rwwest7 · August 2009

genXrcist wrote: »

Wanted to point out that none of the PC's can ping each other so I think it's unlikely to be something on the PCs. I think the OP would know if he had some kind of firewall running on 'em.

I'm curious as to whether or not the OP manually entered in a MAC address for one of the PCs using ARP -s to see if it it gets replies afterwards? I don't really think this will work since the servers ARP table didn't have any entry for anything other than the GW but it's worth a shot.

Any chance you have Wireshark installed and can take a look at the packets?

I'll make this more complicated yet!

I think we're all nuking this. It's not like he has 15 Cisco routers configured in OSPF areas. He has a simple made for home router connecting a couple PC's. And seeing as how he doesn't have the DNS on his Domain Controller set up properly I wouldn't assume anything about 3rd party firewalls. I've seen it happen more times than I can count where someone doesn't realize that the "client security" software they installed was blocking pretty much everything except internet.

It also seems he's abandoned this thread, so he's likely figured it out by now anyway.

penguinking · August 2009

Nope, didn't figure it out, but I finally got home today as fast as I could and ran the dcdiag and netdiag utilities. Here's what I got:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\ENTERPRI-TWM2D5
      Starting test: Connectivity
         ......................... ENTERPRI-TWM2D5 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\ENTERPRI-TWM2D5
      Starting test: Replications
         ......................... ENTERPRI-TWM2D5 passed test Replications
      Starting test: NCSecDesc
         ......................... ENTERPRI-TWM2D5 passed test NCSecDesc
      Starting test: NetLogons
         ......................... ENTERPRI-TWM2D5 passed test NetLogons
      Starting test: Advertising
         ......................... ENTERPRI-TWM2D5 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ENTERPRI-TWM2D5 passed test KnowsOfRoleHolder
s
      Starting test: RidManager
         ......................... ENTERPRI-TWM2D5 passed test RidManager
      Starting test: MachineAccount
         ......................... ENTERPRI-TWM2D5 passed test MachineAccount
      Starting test: Services
         ......................... ENTERPRI-TWM2D5 passed test Services
      Starting test: ObjectsReplicated
         ......................... ENTERPRI-TWM2D5 passed test ObjectsReplicated

      Starting test: frssysvol
         ......................... ENTERPRI-TWM2D5 passed test frssysvol
      Starting test: frsevent
         ......................... ENTERPRI-TWM2D5 passed test frsevent
      Starting test: kccevent
         ......................... ENTERPRI-TWM2D5 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000416
            Time Generated: 08/03/2009   20:25:07
            Event String: The DHCP/BINL service on the local machine,
         ......................... ENTERPRI-TWM2D5 failed test systemlog
      Starting test: VerifyReferences
         ......................... ENTERPRI-TWM2D5 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : EAD
      Starting test: CrossRefValidation
         ......................... EAD passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... EAD passed test CheckSDRefDom

   Running enterprise tests on : EAD.local
      Starting test: Intersite
         ......................... EAD.local passed test Intersite
      Starting test: FsmoCheck
         ......................... EAD.local passed test FsmoCheck

....................................

    Computer Name: ENTERPRI-TWM2D5
    DNS Host Name: enterpri-twm2d5.EAD.local
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 6 Model 23 Stepping 6, GenuineIntel
    List of installed hotfixes :
        KB923561
        KB924667-v2
        KB925398_WMP64
        KB925876
        KB925902-v2
        KB926122
        KB926139-v2
        KB927891
        KB929123
        KB930178
        KB932168
        KB933854
        KB936357
        KB936782
        KB938127
        KB938464-v2
        KB941569
        KB943055
        KB943460
        KB943729
        KB944338-v2
        KB944653
        KB945553
        KB946026
        KB948496
        KB950762
        KB950974
        KB951066
        KB951748
        KB952004
        KB952069
        KB952954
        KB954550-v5
        KB954600
        KB955069
        KB955839
        KB956572
        KB956802
        KB956803
        KB957097
        KB958644
        KB958687
        KB959426
        KB960225
        KB960803
        KB961063
        KB961118
        KB961371
        KB961501
        KB967715
        KB968537
        KB969805
        KB969897
        KB969897-IE8
        KB970238
        KB971633
        KB971930-IE8
        KB972260-IE8
        KB972636-IE8
        KB973346
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : enterpri-twm2d5
        IP Address . . . . . . . . : 192.168.1.1
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.254
        Dns Servers. . . . . . . . : 192.168.1.1


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{72378097-AD84-4BDD-936D-32977DDFF0B1}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.1'
.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{72378097-AD84-4BDD-936D-32977DDFF0B1}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{72378097-AD84-4BDD-936D-32977DDFF0B1}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

F:\Documents and Settings\Administrator.ENTERPRI-TWM2D5>

I have another router laying around so I might get to installing that tonight and seeing what happens (I'll try hard to get a layer 1/2 device too). I'll let you guys know ASAP.

And I really appreciate all the help/replies. These are seemingly very simple problems that I've never encountered with any other DC setup before.

rwwest7 · August 2009

Could you possibly write whats listed in your DNS settings under the Forward Lookup Zone...domain name..._tcp section?

And what kind of Anti-Virus software is your XP machine running?

undomiel · August 2009

I'm pretty sure it isn't a DNS issue from this line: DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.1'
.

I'm interested to see what the results will be from trying a different router and/or switch.

rwwest7 · August 2009

undomiel wrote: »

I'm pretty sure it isn't a DNS issue from this line: DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.1'
.

I'm interested to see what the results will be from trying a different router and/or switch.

Don't forget a ping tests connectivity both ways:

The client sends out ping request addressed to the servers MAC address.

The server receives the request, then sends back a ping reply addressed to the clients MAC address.

So, the server can send a ping reply to the client computer but for some reason when it sends a ping request to the exact same address the router gets confused???

http://www.inetdaemon.com/tools/ping/how_ping_works.shtml

penguinking · August 2009

So I tried a new hub, switch, and router with no luck. But after wasting that hour of my life, I finally figured that maybe the recently installed anti-virus was the culprit, and I figured since I had tried everything else I might as well uninstall Comodo to see what happened. And even though I "exited" the program, it was still setting my firewall policies in the background like a punk apparently, and of course bam, after the uninstall I'm able to add a domain, ping better, make love longer, etc.

Thanks for all the help guys. Lots of great posters here, with a couple calling it from the beginning that firewalls had to be turned off, I just never figured that my Comodo one had to be uninstalled altogether. I'll install it later and see what happens. Knew it had to be something stupid like that. I only recently installed Comodo but I remember having pinging problems before ever adding Comodo. Apparently my memory was faulty.

rwwest7 · August 2009

That's happened to us all. The good thing is you'll always check for something like this first in the future. Nice job sticking to it!

undomiel · August 2009

Thanks for coming back and letting us know how it went too! We appreciate it. I'm glad you've got that all resolved. Hopefully smooth sailing for you from here on out!

crrussell3 · August 2009

I had a similar issue like that with Zone Alarm about 10 years ago. Good to hear that you figured it out!

genXrcist · August 2009

Great job!

Trouble adding domain user and pinging

Comments