PDA

View Full Version : Server Issue


mobiledudes
10-06-2011, 12:53 PM
I'm having issues adding a PC to a domain I right click on My Computer, etc
Type in the domain and I receive the following error

several machines are on this server with no problems I did a virus removal and afterwards it could not connect again.

PC Windows XP Pro

Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.

The domain name Server might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain server:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.server etc

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child zone:

Server etc

oldtech
10-06-2011, 02:04 PM
That appears to be the message you get when trying to add to a domain remotely i.e. not physically (wireless or ethernet) on the same LAN. If you are physically connected then the DNS information you are using cannot locate the Domain Controller. You can manually set one of the DNS addresses to the IP of the DC to see if it works.

NETWizz
10-06-2011, 02:12 PM
The query was for the SRV record for _ldap._tcp.dc._msdcs.server etc

1.) Is the Microsoft Active Directory domain really called SERVER?

1.5.) It is more likely to be DOMAIN.COM or something like that. If you just put in DOMAIN, you have to hope the DNS Suffix is correct.
i.e. I once worked for a school district:

This might not work SOMETHINGUSD, but this SOMETHINGUSD.K12.CA.US would.

2.) Have you done an ipconfig /all and verified your IP address was provided by a Windows DHCP server in the Domain?

3.) Have you then verified that the DNS IP address(es) are provided by DHCP and not improperly statistically configured?

4.) If someone statically configured it, did they put in the proper DNS Suffix?


Have you queried for the SRV records of the Active Directory Domain Controllers' services?

i.e. (Where 10.1.50.1 is the DNS server you want to execute the query on):

nslookup -type=srv _kerberos._tcp 10.1.50.1
nslookup -type=srv _kpasswd._tcp 10.1.50.1
nslookup -type=srv _gc._tcp 10.1.50.1
nslookup -type=srv _ldap._tcp 10.1.50.1

What you are asking is can this DNS server find the Active Directory Domain Controllers?

**********************************************

The very beginning of your answer will look like this: (this has no specific DNS server specified. I recommend verifying EACH DNS server like above)?

C:\Program Files\Windows AIK\Tools\PETools>nslookup -type=srv _ldap._tcp
Server: DC4.companyname.com <==This will be the Active Directory Domain.
Address: 10.1.50.3


Have you looked in DNS under the Forward Lookup Zones > _tcp to see it has the correct SRV records?

Should have entries like this:
http://img51.imageshack.us/img51/3448/dnsy.png

I had a huge post were I troubleshooted something like this and it ended up being an IP address conflict of a DNS server with a caching DNS server running on a Cisco ASA! That IS why I say to check EACH DNS server by IP address!

==> You might have a BIND 9 Internet compliant DNS server that can answer DNS queries like www.google.com but can't locate the SRV records for AD.
===> This might be a caching DNS server (i.e. Caching things like A, NS, WWW, but not SRV )like some Goofus-es setup and called me in to fix:

This might help you:
http://www.technibble.com/forums/showthread.php?p=240349

This is another good read:
http://www.technibble.com/forums/showthread.php?p=241114




***********************************

Look for an IP address conflict especially on a DNS server!!!! <=== Experience.


Another possibility is a Rogue DHCP server (i.e. A Linksys Access Point plugged into the network incorrectly...) It could provide an improper IP Address Configuration & Improper DNS servers etc. However, it is possible it could Route Internet Traffic and STILL do Internet lookups! <== Double check where DHCP is coming from on the workstation.

Compare the IPCONFIG /ALL reports on a Working and Non-Working Computer.

teksquad
10-06-2011, 03:13 PM
Great post NETWizz :)

mobiledudes
10-06-2011, 10:48 PM
No lucks guys this company has a weird set up they are running a Windows NT server then a Windows 2003 server standard edition
The computer would connect fine prior to the virus removal not sure what could of happen but I'm having issues troubleshooting this.

mobiledudes
10-06-2011, 10:50 PM
10 pcs are working with no problem not sure what could have the virus cause to the OS thats it is not working..

NETWizz
10-07-2011, 12:05 AM
The 10 pcs that are working fine may have a different network configuration.

The issue you describe is not typical of a virus.

If the Microsoft Client for Windows is corrupt or some DNS helper services are broken on that Windows Client machine... you may as well just do a Nuke and Pave - you shouldn't need our help for that.

I don't know what the company is doing with Windows NT, but if they are using it for DNS, that would be bad; since, it will almost certainly not support the SRV records... certainly not Active Directory integrated Zones.


I would suggest getting rid of ANY Windows NT or 2000 server ==> They are not supported by Microsoft or you.

Similarly, I would not recommend you support anything older than XP/2003

mobiledudes
10-07-2011, 12:31 AM
Thanks but I know i regret removing viruses of this unit!

NETWizz
10-07-2011, 04:34 AM
Tried to help mobiledudes... I TOTALLY stuck-out!

This network is crazy!


Server 2003 NOT running as a Domain Controller (No Active Directory)

A couple of NT 4 Servers running an NT Domain



The 2003 Server is joined to the NT Domain

Network information is the same on XP and 2003 only XP won't join the NT Domain... it makes reference to a DNS error and a NetBIOS error.

They are NOT using DNS

The only DNS is DSL server IP addresses or Google DNS i.e. 8.8.8.8 or 8.8.4.4



It is definitely a NetBIOS resolution problem. I don't know if something is broken on XP or if we are just Goofy. It just doesn't seem like it should be this hard.


Regardless it is really strange when it would just make sense to network XP to 2003 via Active Directory.

oldtech
10-07-2011, 09:25 AM
I'm pretty rusty on the NT stuff but in the absence of DNS do they not have to have the WINS server named in the alternate tab on the network setup on the XP machine? Perhaps he does but its worth checking. Also the following KB may help.

http://support.microsoft.com/kb/314366

It seems if there is only one protocol i.e. TCP/IP installed this error can occur.

NETWizz
10-07-2011, 01:36 PM
Thanks...

That's the thing we know... and we tried that.

It is, ofcourse, possible WINS was running on a different NT Server.

Either way, the Working Server 2003 that was a member of the NT domain didn't have any NetBT settings, which is wierd.



The error we got is actually a bit different. Either way, we looked at the exact same KB article.

Personally, I could probably figure it out in a couple of hours IF I had access to ALL their 3 or so servers and figured out what services are run where. Either way, it is a major PITA.

Now I know why I support nothing older than XP/2003. Even then I urge people to migrate to Server 2008 R2.

Tony_Scarpelli
10-09-2011, 02:27 AM
I used to try to fix everything no matter how old. Partly because I had the spare time or felt sorry for some cheap SOB.

But then I realized that supporting really old technology (Win95/98 or NT) is like wrestling with pigs. I look and smell bad when walking away from a project like this either because I have to give up or because the consulting charges are so expensive they client goes into shock.

I usually tell the client that it's more expensive for me to fix it then it would be to upgrade to current server model and then point out the additional benefits of upgrading.

If they can't afford that then I wonder if how they plan to pay my charges.

Either way we get a meeting of the minds or we agree to part company.

NETWizz
10-09-2011, 06:16 AM
I used to try to fix everything no matter how old. Partly because I had the spare time or felt sorry for some cheap SOB.

But then I realized that supporting really old technology (Win95/98 or NT) is like wrestling with pigs. I look and smell bad when walking away from a project like this either because I have to give up or because the consulting charges are so expensive they client goes into shock.

I usually tell the client that it's more expensive for me to fix it then it would be to upgrade to current server model and then point out the additional benefits of upgrading.

If they can't afford that then I wonder if how they plan to pay my charges.

Either way we get a meeting of the minds or we agree to part company.

Well this is just bad because they already have Server 2003... and like 10 XP computers in their NT Domain. I would think they would be running Active Directory! There is NO point in having Server 2003 licensed to then use NT!

The 2003 server is only a File Server & Apps Server as far as I could tell.

1. In my limited opinion, I would think it best to totally join ALL those XP machines back to a WORKGROUP (removing them from the NT Domain)... & Remove Those NT Servers & WINS...

2. Promote the 2003 Server to a Domain Controller, install DNS on it (obviously) & create a reverse zone, and install DHCP on it, too... setting up a scope in the network rage... Configure DNS Scavenging & Dynamic DNS to keep everything in sync.


3. Re-Create (from scratch) the 10 users' accounts in Active Directory.

4. Re-configure the XP computers to Automatically configure their Network Adapters from DHCP.

5. Re-Assign ALL rights to their DATA

6. Re-Write a quick logon script to map their Data Shares OR use Group Policy Preferences (& install the Group Policy Preferences Client)... could use Group Policy to deploy this.

7. Probably should enable Shadow Copies & install the Shadow Copy Client. Could use Group Policy to deploy this.

8. Certainly would have to re-configure the Backup to use an Active Directory Account.

9. Setup the 2003 Server to Automatically Update itself from Microsoft Update.

10. Install WSUS on the 2003 Server & Select Windows XP only (that is all they run).

11. Create the Group Policy Object for WSUS & configure it to point the clients at the WSUS server. Create & Apply a new WMI filter, so WSUS ONLY configures Windows XP (otherwise it will point the 2003 server at itself).



^^^^ All of the above would probably take more than a day because:

1. The customer will obviously NOT have all their information to give you.

2. The customer won't be able to answer simple questions.

3. Certain applications will probably screw up and need to be fixed.

4. Everything is probably so far out of Date R2 and Service Packs probably need to be installled, which would take significant time.

5. They will probably need hardware upgrades

6. They probably have 15 year old 3Com 10 megabit half-duplex hubs instead of Modern Cisco/HP 1000 megabit full-duplex switches... and the building's cabling is probably ancient... it probably should be re-pulled!



This is a job I wouldn't want. I would flat out refuse to support it in its given state. The only fix I would have is as described above, but I would pretty much charge $12,000 for doing it and schedule it to take 1 week.

I don't support Windows 2000 either, but if this were already running Server 2000 and Active Directory, I would quote half as much because there would be less than a quarter of the issues to make it work and get it to 2003, 2008, or 2008 R2 (anything supported by Microsoft).


Quite simply, I don't support ANYTHING that Microsoft doesn't still support. That means "NO, I am NOT going to help you with Windows 98, either."

Tony_Scarpelli
10-09-2011, 09:13 AM
I know, hard lessons learned.