Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 HALP! Questions on Windows and Windows Server
 Windows Server 2008
 DNS error joining Win2k3 domain		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Curt
Moderator

USA
6648 Posts
Status: offline
Posted - 04/09/2012 :  12:22:38 PM  Show Profile  Visit Curt's Homepage  Reply with Quote
Have a client with a win2k3 forest and it's dns lost it's way with AD.

Now Window 8 servers will not join domain.

I have rebuilt DNS on the windows2k3 box with the method to delete the Objects in DNS for the zone except the -msdcs object.
Stopped and started the netlogon service and saw it recreated the objects.

my dns test with dcdiag:
DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : csicorp

Running enterprise tests on : csicorp.local
Starting test: DNS
......................... csicorp.local passed test DNS

I can't resolve the a name from anywhere on the network.
Curt Spanburgh
Microsoft Certified Business Solution Specialist.
Dynamics CRM MVP
Contributing Editor, Windows IT Pro

He that is walking with wise persons will become wise, but he that is having dealings with the stupid ones will fare badly.
Proverbs 13:20


wkasdo
Administrator

Netherlands
7403 Posts
Status: offline
Posted - 04/09/2012 :  2:49:39 PM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
> I can't resolve the a name from anywhere on the network.

- is it present in DNS?
- can you resolve it with nslookup local on the box?
- nslookup remotely (if not --> firewall)

If all this is OK, it's probably a DNS reference in the TCP/IP settings to an external DNS. Something like that.
Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page

Curt
Moderator

USA
6648 Posts
Status: offline
Posted - 04/09/2012 :  3:04:14 PM  Show Profile  Visit Curt's Homepage  Reply with Quote
The machine has an A record in the forward lookup zone.
Nothing will resolve with NSLOOKUP on any machine except the DC.
quote:
Originally posted by wkasdo

> I can't resolve the a name from anywhere on the network.

- is it present in DNS?
- can you resolve it with nslookup local on the box?
- nslookup remotely (if not --> firewall)

If all this is OK, it's probably a DNS reference in the TCP/IP settings to an external DNS. Something like that.
Curt Spanburgh
Microsoft Certified Business Solution Specialist.
Dynamics CRM MVP
Contributing Editor, Windows IT Pro

He that is walking with wise persons will become wise, but he that is having dealings with the stupid ones will fare badly.
Proverbs 13:20


Go to Top of Page

wkasdo
Administrator

Netherlands
7403 Posts
Status: offline
Posted - 04/09/2012 :  3:11:56 PM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
So, check the third option: firewall. Could be part of some crappy AV, so watch for that.
Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page

Curt
Moderator

USA
6648 Posts
Status: offline
Posted - 04/09/2012 :  3:54:30 PM  Show Profile  Visit Curt's Homepage  Reply with Quote
I shut down windows fire wall and ESET as well.
But no one can resolve DNS via nslookup.

I 'm wondering what these folks did. They got a power surge but there was a 4015 event on dns on the DC.


quote:
Originally posted by wkasdo

So, check the third option: firewall. Could be part of some crappy AV, so watch for that.
Curt Spanburgh
Microsoft Certified Business Solution Specialist.
Dynamics CRM MVP
Contributing Editor, Windows IT Pro

He that is walking with wise persons will become wise, but he that is having dealings with the stupid ones will fare badly.
Proverbs 13:20


Go to Top of Page

wkasdo
Administrator

Netherlands
7403 Posts
Status: offline
Posted - 04/09/2012 :  4:23:57 PM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
Must be something really simple. You have proven that DNS works locally, so for remote calls either the DNS request is not coming in, or the DC cannot get out out. Run netmon and find out!
Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page

Curt
Moderator

USA
6648 Posts
Status: offline
Posted - 04/09/2012 :  4:39:53 PM  Show Profile  Visit Curt's Homepage  Reply with Quote
Got a Kerberos error:
On the DC:

The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server vegsrv1$. This indicates that the ticket used against that server is not yet valid (in relationship to that server time). Contact your system administrator to make sure the client and server times are in sync, and that the KDC in realm CSICORP.LOCAL is in sync with the KDC in the client realm.
quote:
Originally posted by wkasdo

Must be something really simple. You have proven that DNS works locally, so for remote calls either the DNS request is not coming in, or the DC cannot get out out. Run netmon and find out!


I can't join it to the domain because it will not resolve the name of the DC.
Curt Spanburgh
Microsoft Certified Business Solution Specialist.
Dynamics CRM MVP
Contributing Editor, Windows IT Pro

He that is walking with wise persons will become wise, but he that is having dealings with the stupid ones will fare badly.
Proverbs 13:20


Go to Top of Page

Curt
Moderator

USA
6648 Posts
Status: offline
Posted - 04/09/2012 :  10:14:43 PM  Show Profile  Visit Curt's Homepage  Reply with Quote
Got it.
An admin installed Eset personal firewall.

Ok.
Now we know.
Curt Spanburgh
Microsoft Certified Business Solution Specialist.
Dynamics CRM MVP
Contributing Editor, Windows IT Pro

He that is walking with wise persons will become wise, but he that is having dealings with the stupid ones will fare badly.
Proverbs 13:20


Go to Top of Page

wkasdo
Administrator

Netherlands
7403 Posts
Status: offline
Posted - 04/10/2012 :  1:12:44 PM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
Thx Curt.
Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page

Curt
Moderator

USA
6648 Posts
Status: offline
Posted - 04/10/2012 :  1:43:08 PM  Show Profile  Visit Curt's Homepage  Reply with Quote
Thank you for letting me bounce it off of you.

That's how we solve problems.

I have to talk or type it through.

Now I have to configure ESET.
Curt Spanburgh
Microsoft Certified Business Solution Specialist.
Dynamics CRM MVP
Contributing Editor, Windows IT Pro

He that is walking with wise persons will become wise, but he that is having dealings with the stupid ones will fare badly.
Proverbs 13:20


Go to Top of Page

wobble_wobble
Honorable But Hopeless Addict

Ireland
4516 Posts
Status: offline
Posted - 04/10/2012 :  4:42:36 PM  Show Profile  Visit wobble_wobble's Homepage  Look at the Skype address for wobble_wobble  Reply with Quote
quote:
Originally posted by Curt

Thank you for letting me bounce it off of you.

That's how we solve problems.

I have to talk or type it through.

Now I have to configure ESET.



Add/Remove Programs and remove
Joe

After everything that has happened during the month of Jan 07, I do believe that pigs fly backwards!

http://whatismyv6.com/
Edited by - wobble_wobble on 04/10/2012 4:42:50 PM
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.17 seconds. Snitz Forums 2000