Can't join Win 2000 Pro Client to Win 2000 Adv Server Doma..

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,
I've done everthing practically possible. Well...almost I'm sure.
Otherwise I won't be here.
I've setup & configured File & Printer sharing, TCP/IP, DNS Server & AD
on a test Win 2000 Adv Server. I've also setup & configured TCP/IP on
Win 2000 Pro client. Both of them pinging each other allright, even
pinging the domain.
Then, created a user in AD with admin rights & came back to the client
to use that account to join the client to the domain using Network
Identification.
I'm able to connect to the Domain only when I put in wrong user info
like may be the userame/password or both is incorrect. This is why:
How I know that the Client is connecting to the Domain...is when the
error message comes up saying that either username/password is unknown
or bad.
If I provide the network username correct & password incorrect, then it
says "The specified network password is not correct"
Fun part is: If I put in the correct username & password, it says "The
network name cannot be found" !!!
FYI, I've gone through 8 out of 10 docs related to lookup, resolution,
joining issues from MS support site.
I have no answers now. Thanks a lot in advance for any assitance on
this issue.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Herb,

Thanks for the reply. I'm sorry I created confusion.
For "You will not get logged on with a non-existent domain or incorrect
password so that part makes zero sense without a careful and precise
explanation."
Answer: I've created a user in AD but did not check the password change
on next logon or any other checkboxes in that list. FYI, I'd added the
winpro client machine name to AD under the option in OU to add
Computer.
After configuring TCP to point to Domain...I try to join client to
domain from the Network Identification tab-properties-Select Domain &
type in Domain name. Then, in username & password section 'I put it in'
ie, the username & password I created in AD earlier. This is when the
said situations in my above message happens.

For: "Ordinary users CAN join machines to a domain so if you mean you
used a DIFFERENT (not 'wrong') user that makes sense. "
Answer: The user that I was using to join from the client was the user
that was created earlier in AD.
Query: Does 'ordinary users' mean users who can login to the client
locally OR users who have an account created in AD?

For: "has the user EVER LOGGED onto the domain? "
Answer: No. Server & Client were installed & everthing is new.

What I'm looking for is a step-by-step troucbleshooting for this issue.
Any sites or sugesstions? Have a nice day.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Yes. The user A/C locally created on Win pro Client logs on allright.
FYI: I have the username 'bijtha' created both in AD & locally on
Client with the same password. Also, have another user created on AD
but that user does not exist locally on Client. What could be the issue?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"thestriver" <searchhere@gmail.com> wrote in message
news:1122630631.870129.82910@g44g2000cwa.googlegroups.com...
> Hi,
> I've done everthing practically possible. Well...almost I'm sure.
> Otherwise I won't be here.
> I've setup & configured File & Printer sharing, TCP/IP, DNS Server & AD
> on a test Win 2000 Adv Server. I've also setup & configured TCP/IP on
> Win 2000 Pro client. Both of them pinging each other allright, even
> pinging the domain.
> Then, created a user in AD with admin rights & came back to the client
> to use that account to join the client to the domain using Network
> Identification.
> I'm able to connect to the Domain only when I put in wrong user info
> like may be the userame/password or both is incorrect. This is why:
> How I know that the Client is connecting to the Domain...is when the
> error message comes up saying that either username/password is unknown
> or bad.
> If I provide the network username correct & password incorrect, then it
> says "The specified network password is not correct"
> Fun part is: If I put in the correct username & password, it says "The
> network name cannot be found" !!!

The above is entirely unclear and quite vague. "when I put in" is not
the same as telling us precisely where youput it (Ctrl-Alt-Del logon, or
file share authentication etc.).

You will not get logged on with a non-existent domain or incorrect
password so that part makes zero sense without a careful and precise
explanation.

Ordinary users CAN join machines to a domain so if you mean you
used a DIFFERENT (not 'wrong') user that makes sense.

IF the new user was just created did you set the "must change password
at next logon" and then never logon to update the password?

I.E., has the user EVER LOGGED onto the domain?

> FYI, I've gone through 8 out of 10 docs related to lookup, resolution,
> joining issues from MS support site.
> I have no answers now. Thanks a lot in advance for any assitance on
> this issue.

Can the user account logon?

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\HCLC
Starting test: Connectivity
......................... HCLC passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\HCLC
Starting test: Replications
......................... HCLC passed test Replications
Starting test: NCSecDesc
......................... HCLC passed test NCSecDesc
Starting test: NetLogons
[HCLC] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... HCLC failed test NetLogons
Starting test: Advertising
......................... HCLC passed test Advertising
Starting test: KnowsOfRoleHolders
......................... HCLC passed test KnowsOfRoleHolders
Starting test: RidManager
......................... HCLC passed test RidManager
Starting test: MachineAccount
Could not open pipe with [HCLC]:failed with 67: The network
name cannot be found.
Could not get NetBIOSDomainName
Failed can not test for HOST SPN
Failed can not test for HOST SPN
* Missing SPN :(null)
* Missing SPN :(null)
......................... HCLC failed test MachineAccount
Starting test: Services
Could not open Remote ipc to [HCLC]:failed with 67: The
network name cannot be found.
......................... HCLC failed test Services
Starting test: ObjectsReplicated
......................... HCLC passed test ObjectsReplicated
Starting test: frssysvol
[HCLC] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... HCLC failed test frssysvol
Starting test: kccevent
Failed to enumerate event log records, error The network name
cannot be found.
......................... HCLC failed test kccevent
Starting test: systemlog
Failed to enumerate event log records, error The network name
cannot be found.
......................... HCLC failed test systemlog

Running enterprise tests on : hclc.net
Starting test: Intersite
......................... hclc.net passed test Intersite
Starting test: FsmoCheck
......................... hclc.net passed test FsmoCheck
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Does the dcdiag report, run on domain have any thing to say...any clues
from it?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I'm putting down the settings for the Server & Client

connected through cross over cable. We are I'm talking

about a network of ONLY 2 computers in a lab)

Windows 2000 Adv Server:
Client for MS Networks -- is checked.
File & Printer Sharing for MS Networks --- is checked.
Following is the TCP/IP Settings:
IP Address: 192.168.0.1
SM: 255.255.255.0
Default Gateway: Not set
Preferred DNS Server: 192.168.0.1
Alternate DNS Server: Not set
On DNS Tab:
- Append parent suffixes of the primary DS suffix is checked.
- Register this connection's addresses in DNS is checked.

Windows 2000 Pro:
Client for MS Networks -- is checked.
File & Printer Sharing for MS Networks --- is checked.
Following is the TCP/IP Settings:
IP Address: 192.168.0.2
SM: 255.255.255.0
Default Gateway: 192.168.0.1
Preferred DNS Server: 192.168.0.1
Alternate DNS Server: Not set
On DNS Tab:
- Append parent suffixes of the primary DS suffix is checked.
- Register this connection's addresses in DNS is checked.

I'm able to successfully run the following commands from cmd from
Server & Client:
ping,tracert,nslookup

I've also done the following as of now:
ipconfig /all -- It lists the correct settings as per TCP/IP settings
mentioned above.
ipconfig /flushdns -- Does not flush on Server but flushes on Clint.
ipconfig /registerdns -- works on Server & Client.
net stop netlogon works on Server
net start netlogon works on Server
DNS MMC has the required folders & Host in Forwarders
Also, has a reverse lookup for 192.168.0.1
Both, forward & Reverse is configured for allowing dynamic updates.
There was a root node...(dot) which I had deleted.

On your advise...I ran the following;
netdig /fix --- Gives error "[FATAL] Failed to get system information
of this machine"
dcdiag /fix --- comes up with same stuff as in previous message about
dc diag result.

"Just go back to the dialog and join the computer without attempting
to (re) create the account (you won't need any credentials but you
will need to be logged on as the admin of the computer."

Logged in as local Admin on Client & tried this...but at the username &
password section (after providing the A/C information as registered in
AD)...it says "Network name cannot be found"

What can be done now?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

It is a network of 1 Server & 1 Client. Server has 2 NICS. 1 connected
to internet through cable modem. The other, connected to LAN. LAN NIC
is configured for DNS & AD.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I can run dsa.msc from the client as I'd installed the adminpak. I
could connect to the domain: hclc.net using this & can see all the
OU's, users etc as I see it on Server in AD MMC.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"thestriver" <searchhere@gmail.com> wrote in message
news:1122637832.963556.53770@g14g2000cwa.googlegroups.com...
> Yes. The user A/C locally created on Win pro Client logs on allright.
> FYI: I have the username 'bijtha' created both in AD & locally on
> Client with the same password.

Irrelevant -- except that you might get confused and logon as 'wrong'
user.

They are two SEPARATE accounts and only the domain version has
any privilege on the domain, or on other machines of the domain.

> Also, have another user created on AD
> but that user does not exist locally on Client. What could be the issue?

DNS maybe. See other response and do try to keep you messages
organized and explicit.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"thestriver" <searchhere@gmail.com> wrote in message
news:1122637562.478506.210790@g44g2000cwa.googlegroups.com...
> Hi Herb,
>
> Thanks for the reply. I'm sorry I created confusion.

Not an issue for us -- you will just get better help if you
explain the problem clearly then give the detail following
the basics of the problem.

Give all error messages verbatim and explain exactly where
and what you are doing -- don't assume we can figure out what
"the machine" or "the user" means without a clear context.

Otherwise it may take you three or four rounds of messages for
us to figure out what your situation is -- but no apology is necessary.

> For "You will not get logged on with a non-existent domain or incorrect
> password so that part makes zero sense without a careful and precise
> explanation."
> Answer: I've created a user in AD but did not check the password change
> on next logon or any other checkboxes in that list. FYI, I'd added the
> winpro client machine name to AD under the option in OU to add
> Computer.

Then you don't need credentials to add user to domain. You need only
be an admin of the computer which is joining the domain -- the account
is already created for this machine in AD.

> After configuring TCP to point to Domain...

TCP cannot "point to a domain" so what do you mean by this?

Can you ping? By both name and ip of the DC?

> I try to join client to
> domain from the Network Identification tab-properties-Select Domain &
> type in Domain name. Then, in username & password section 'I put it in'
> ie, the username & password I created in AD earlier. This is when the
> said situations in my above message happens.

But since you already created the COMPUTER ACCOUNT you cannot
create that same name a second time and therefore do not need to use
credentials.

Just join the domain.

> For: "Ordinary users CAN join machines to a domain so if you mean you
> used a DIFFERENT (not 'wrong') user that makes sense. "
> Answer: The user that I was using to join from the client was the user
> that was created earlier in AD.

Any user can create in domain by default (up to 10 computers) unless this
has been changed.

You don't need to create account however.

> Query: Does 'ordinary users' mean users who can login to the client
> locally OR users who have an account created in AD?

User == Domain users. Ordinary == Whether admin or not.

Local users (the admin of the computer) can add the computer to the
domain (from the point of view of the computer) once the account is
created.

Generally you must logon to the computer as an ADMIN of that
computer.

> For: "has the user EVER LOGGED onto the domain? "
> Answer: No. Server & Client were installed & everthing is new.

You cannot expect to use an account without testing it for logon etc.
but I don't think you need this account (right now.)

> What I'm looking for is a step-by-step troucbleshooting for this issue.
> Any sites or sugesstions? Have a nice day.

There are plenty of step by steps on the MS web site for joining a
computer OR creating the computer account in a domain.

You seem to have already created the account.

Just go back to the dialog and join the computer without attempting
to (re) create the account (you won't need any credentials but you
will need to be logged on as the admin of the computer.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

You don't seem to have posted the full DCDiag output but
with all those "network name not found" you likely have
your DNS setup incorrectly.

Check the following:

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"thestriver" <searchhere@gmail.com> wrote in message
news:1122643418.476755.275500@f14g2000cwb.googlegroups.com...
> DC Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
>
> Doing initial non skippeable tests
>
> Testing server: Default-First-Site-Name\HCLC
> Starting test: Connectivity
> ......................... HCLC passed test Connectivity
>
> Doing primary tests
>
> Testing server: Default-First-Site-Name\HCLC
> Starting test: Replications
> ......................... HCLC passed test Replications
> Starting test: NCSecDesc
> ......................... HCLC passed test NCSecDesc
> Starting test: NetLogons
> [HCLC] An net use or LsaPolicy operation failed with error 67,
> The network name cannot be found..
> ......................... HCLC failed test NetLogons
> Starting test: Advertising
> ......................... HCLC passed test Advertising
> Starting test: KnowsOfRoleHolders
> ......................... HCLC passed test KnowsOfRoleHolders
> Starting test: RidManager
> ......................... HCLC passed test RidManager
> Starting test: MachineAccount
> Could not open pipe with [HCLC]:failed with 67: The network
> name cannot be found.
> Could not get NetBIOSDomainName
> Failed can not test for HOST SPN
> Failed can not test for HOST SPN
> * Missing SPN :(null)
> * Missing SPN :(null)
> ......................... HCLC failed test MachineAccount
> Starting test: Services
> Could not open Remote ipc to [HCLC]:failed with 67: The
> network name cannot be found.
> ......................... HCLC failed test Services
> Starting test: ObjectsReplicated
> ......................... HCLC passed test ObjectsReplicated
> Starting test: frssysvol
> [HCLC] An net use or LsaPolicy operation failed with error 67,
> The network name cannot be found..
> ......................... HCLC failed test frssysvol
> Starting test: kccevent
> Failed to enumerate event log records, error The network name
> cannot be found.
> ......................... HCLC failed test kccevent
> Starting test: systemlog
> Failed to enumerate event log records, error The network name
> cannot be found.
> ......................... HCLC failed test systemlog
>
> Running enterprise tests on : hclc.net
> Starting test: Intersite
> ......................... hclc.net passed test Intersite
> Starting test: FsmoCheck
> ......................... hclc.net passed test FsmoCheck
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"" wrote:
> Hi,
> I've done everthing practically possible. Well...almost I'm
> sure.
> Otherwise I won't be here.
> I've setup & configured File & Printer sharing, TCP/IP, DNS
> Server & AD
> on a test Win 2000 Adv Server. I've also setup & configured
> TCP/IP on
> Win 2000 Pro client. Both of them pinging each other allright,
> even
> pinging the domain.
> Then, created a user in AD with admin rights & came back to
> the client
> to use that account to join the client to the domain using
> Network
> Identification.
> I'm able to connect to the Domain only when I put in wrong
> user info
> like may be the userame/password or both is incorrect. This is
> why:
> How I know that the Client is connecting to the Domain...is
> when the
> error message comes up saying that either username/password is
> unknown
> or bad.
> If I provide the network username correct & password
> incorrect, then it
> says "The specified network password is not correct"
> Fun part is: If I put in the correct username & password, it
> says "The
> network name cannot be found" !!!
> FYI, I've gone through 8 out of 10 docs related to lookup,
> resolution,
> joining issues from MS support site.
> I have no answers now. Thanks a lot in advance for any
> assitance on
> this issue.

have you tried using the default administrator account in the domain?

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-join-Win-2000-Pro-Client-Win-2000-Adv-Server-Domain-ftopict402158.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1330560
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"thestriver" <searchhere@gmail.com> wrote in message
news:1122649210.685076.273420@g43g2000cwa.googlegroups.com...
> It is a network of 1 Server & 1 Client. Server has 2 NICS. 1 connected
> to internet through cable modem. The other, connected to LAN. LAN NIC
> is configured for DNS & AD.



"thestriver" <searchhere@gmail.com> wrote in message
news:1122649766.805274.327050@g14g2000cwa.googlegroups.com...
> I can run dsa.msc from the client as I'd installed the adminpak. I
> could connect to the domain: hclc.net using this & can see all the
> OU's, users etc as I see it on Server in AD MMC.


"thestriver" <searchhere@gmail.com> wrote in message
news:1122647839.871023.271060@g44g2000cwa.googlegroups.com...
> I'm putting down the settings for the Server & Client
> connected through cross over cable. We are I'm talking
> about a network of ONLY 2 computers in a lab)

Plus the Internet you say. DCs have been known to have trouble
with multiple NICs although I have never had any real serious
issue myself so that may say more about who set them up than
a real problem with DCs.

> Windows 2000 Adv Server:
> Client for MS Networks -- is checked.
> File & Printer Sharing for MS Networks --- is checked.
> Following is the TCP/IP Settings:
> IP Address: 192.168.0.1
> SM: 255.255.255.0
> Default Gateway: Not set
> Preferred DNS Server: 192.168.0.1
> Alternate DNS Server: Not set

It works better when you use IPConfig /all and copy and paste
the text -- allows us to see precisely what the machine says and
not have it retyped/translated/summarized.

Not you didn't give me the NAME of the machine which is
very important for DNS registration issues.

> On DNS Tab:
> - Append parent suffixes of the primary DS suffix is checked.
> - Register this connection's addresses in DNS is checked.

Irrelevant -- strictly a convenience for the user.

> Windows 2000 Pro:
> Client for MS Networks -- is checked.
> File & Printer Sharing for MS Networks --- is checked.
> Following is the TCP/IP Settings:
> IP Address: 192.168.0.2
> SM: 255.255.255.0
> Default Gateway: 192.168.0.1
> Preferred DNS Server: 192.168.0.1
> Alternate DNS Server: Not set


> I'm able to successfully run the following commands from cmd from
> Server & Client: ping,tracert,nslookup

> I've also done the following as of now:
> ipconfig /all -- It lists the correct settings as per TCP/IP settings
> mentioned above.
> ipconfig /flushdns -- Does not flush on Server but flushes on Clint.
> ipconfig /registerdns -- works on Server & Client.

/registerdns is INSUFFICIENT for a DC -- working with DCDiag/NetDiag
/fix or restarting the NetLogon service is required to fixup the DNS
entries for a DC.

Did you go through the DNS for AD I gave you and confirm each item
(or you can ask for an explanation if you do not understand an item.)

> net stop netlogon works on Server
> net start netlogon works on Server

Is the DNS zone dynamic? Did the _Underscore subdomains (_MSDCS,
_Sites, etc) get registered?

> DNS MMC has the required folders & Host in Forwarders

What required folders? When you report something like "has
required" we don't know if you know what is required or what
that even means precisely.

> Also, has a reverse lookup for 192.168.0.1

Almost irrelevant.

> Both, forward & Reverse is configured for allowing dynamic updates.
> There was a root node...(dot) which I had deleted.

Good. But irrelevant to the immediate problem -- you would have
trouble resolving the Internet without that.

I need the DNS settings for your OTHER NIC on the DC. I am betting
you have the ISP listed there.

DNS clients for AD Domains -- and the DCs are DEFINITELY DNS
CLIENTS -- must use ONLY the internal DNS server which can
register and answer all requests.

> On your advise...I ran the following;
> netdig /fix --- Gives error "[FATAL] Failed to get system information
> of this machine"
> dcdiag /fix --- comes up with same stuff as in previous message about
> dc diag result.

Show me IPConfig /all -- no graphics, cut and paste the full text only.

> "Just go back to the dialog and join the computer without attempting
> to (re) create the account (you won't need any credentials but you
> will need to be logged on as the admin of the computer."
>
> Logged in as local Admin on Client & tried this...but at the username &
> password section (after providing the A/C information as registered in
> AD)...it says "Network name cannot be found"
>
> What can be done now?

Fix your DNS as per the last message. Chances are it's the "wrong"
(i.e., the ISP) DNS listed on the external NIC.

If so, write that down, remove it, put the value in the DNS server
FORWARDING tab.

You must not have the DC "client" (NIC) settings pointing to both
the ISP and itself.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Not you didn't give me the NAME of the machine which is
very important for DNS registration issues.

DC Name: HCLC

Show me IPConfig /all -- no graphics, cut and paste the full text only.


Will get back to office some time later today & post you the ipconfig
result as is. However, kindly send in your comments regardless of this.

Is the DNS zone dynamic? Did the _Underscore subdomains (_MSDCS,
_Sites, etc) get registered?

Yes...even udp & tcp.

I need the DNS settings for your OTHER NIC on the DC. I am betting
you have the ISP listed there.

As I said...Ist NIC is connected to internet & the other 1(LAN NIC)
configured for DNS. The settings I'd mentioned above are the settings
for the LAN NIC. The internet NIC has settings w.r.t the internet. LAN
NIC settings has no entries/IP addresses related to the internet NIC as
you can see in my earlier message.
Also, Client NIC settings have no entries related to the internet NIC
on the Server. The Clint NIC is configured ONLY for the LAN NIC on
server(Plz refer previous message about settings)

Fix your DNS as per the last message. Chances are it's the "wrong"
(i.e., the ISP) DNS listed on the external NIC.

There is an IP address entry in Forwarders(not in any _folder) that
relates to 1 of the IP addresses mentioned in the settings for the
internet NIC.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

New developments: I ran, after going through internet, a vbs script
meant to join client to DC...now I can't even open Active Directory
users & computers console using dsa.net from Client as it errors out
saying can't find domain or does not exist. This happened after I ran
the vbs script that I found on the internet without modifying the
values for it to match my requirements....like domain name, client
computer name.

I feel as this has gone quite far...may be I should uninstall dns & AD
& reinstall them back again & start everything afresh...with your
guidance?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"thestriver" <searchhere@gmail.com> wrote in message
news:1122706683.966529.189960@g49g2000cwa.googlegroups.com...
> Not you didn't give me the NAME of the machine which is
> very important for DNS registration issues.
>
> DC Name: HCLC

No, I meant you didn't give me the ENTIRE IPConfig so I can
see what it actually has configured.

Like above when you post the 'name' -- that is only the computer
specific version and doesn't tell me if the machine has a full
DNS name (HCLC.domain.com) or is missing it, or even has
a one label "domain portion" (domain and not domain.com is
BAD.)

> Show me IPConfig /all -- no graphics, cut and paste the full text only.
>
>
> Will get back to office some time later today & post you the ipconfig
> result as is. However, kindly send in your comments regardless of this.
>
> Is the DNS zone dynamic? Did the _Underscore subdomains (_MSDCS,
> _Sites, etc) get registered?
>
> Yes...even udp & tcp.
>
> I need the DNS settings for your OTHER NIC on the DC. I am betting
> you have the ISP listed there.
>
> As I said...Ist NIC is connected to internet & the other 1(LAN NIC)
> configured for DNS. The settings I'd mentioned above are the settings
> for the LAN NIC.

Didn't you understand that the settings on one NIC can interfere with
things like DNS and such?

DNS is NOT NIC specific so the other NIC might easily be overriding
the DNS setting if you have incorrectly allowed different settings on
the NIC.

Note: This is an especially common mistake if the Internet side is
a Dynamic address -- people don't realize they CAN and MUST
override that external DNS setting -- optinally transferring the value
to the DNS forwarder tab.

> The internet NIC has settings w.r.t the internet. LAN
> NIC settings has no entries/IP addresses related to the internet NIC as
> you can see in my earlier message.

Yes, and that isn't fully relevant if the external NIC is referencing the
ISP.

> Also, Client NIC settings have no entries related to the internet NIC
> on the Server. The Clint NIC is configured ONLY for the LAN NIC on
> server(Plz refer previous message about settings)
>
> Fix your DNS as per the last message. Chances are it's the "wrong"
> (i.e., the ISP) DNS listed on the external NIC.
>
> There is an IP address entry in Forwarders(not in any _folder) that
> relates to 1 of the IP addresses mentioned in the settings for the
> internet NIC.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"thestriver" <searchhere@gmail.com> wrote in message
news:1122707296.657478.256060@g14g2000cwa.googlegroups.com...
> New developments: I ran, after going through internet, a vbs script
> meant to join client to DC...now I can't even open Active Directory
> users & computers console using dsa.net from Client as it errors out
> saying can't find domain or does not exist. This happened after I ran
> the vbs script that I found on the internet without modifying the
> values for it to match my requirements....like domain name, client
> computer name.
>
> I feel as this has gone quite far...may be I should uninstall dns & AD
> & reinstall them back again & start everything afresh...with your
> guidance?
>

No, you should fix them.

I keep pointing you to the likely source of your problem and you
keep ignoring it.

Re-installing is a form of FLAILING -- randomly doing things
in the hope it might help.

DNS is actually very simple BUT it is also a bit tricky to understand
at first and when you don't understand it fully it is very easy to miss
one or two critical points.



--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

No, I meant you didn't give me the ENTIRE IPConfig so I can
see what it actually has configured.

Server:
Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : hclc
Primary DNS Suffix . . . . . . . : hclc.net
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hclc.net

Ethernet adapter Private:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139A/B/C/D RTL81XX
10/100Mbps Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-00-E8-50-2B-A5

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 192.168.0.1

Ethernet adapter Public:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connection
Physical Address. . . . . . . . . : 00-11-11-26-8E-71

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 110.7.4.51

Subnet Mask . . . . . . . . . . . : 255.0.0.0

Default Gateway . . . . . . . . . : 110.7.4.1

DNS Servers . . . . . . . . . . . : 213.197.128.5
213.122.63.142
110.7.4.1

Client:
Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : hclc-client
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No


Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : RTL8139A/B/C/D RTL81xx 10/100Mbps
PCI Adapter
Physical Address. . . . . . . . . : 00-00-E8-50-2D-4F

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.0.0.0

Default Gateway . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

No, you should fix them

Yes I've fixed them OK. However, we r back to the same issue. Network
name cannot be found while joining. In other words, we r back to the
point just before I ran that script from the internet. So we'r going
somewhere it looks like :)

The reason I said a reinstall would be better...coz...I'm new to this
thats why. I have no issues if we carry on troubleshooting till we get
to a point were we can find something. It is all the more more better
for me as I can learn more in the doing. Thanks.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

MUST override that external DNS setting -- optinally transferring the
value
to the DNS forwarder tab.

How do u do this?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"thestriver" <searchhere@gmail.com> wrote in message
news:1122813714.479771.4680@z14g2000cwz.googlegroups.com...
Herb asked for more info:
>> No, I meant you didn't give me the ENTIRE IPConfig so I can
>> see what it actually has configured.
>
> Server:
> Windows 2000 IP Configuration
>
> Host Name . . . . . . . . . . . . : hclc
> Primary DNS Suffix . . . . . . . : hclc.net

This is a BAD thing. You have a server and the Domain
likely named with the same NetBIOS name and since it
is a DC you will have a lot of trouble changing that name.

It may not be the problem you are currently facing but it
isn't a good thing.

> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : hclc.net

> Ethernet adapter Private:
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Realtek RTL8139A/B/C/D RTL81XX
> 10/100Mbps Fast Ethernet Adapter
> Physical Address. . . . . . . . . : 00-00-E8-50-2B-A5
>
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.0.1
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.168.0.1

This should be the ONLY value used for the DNS server
on EITHER NIC.

> Ethernet adapter Public:
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
> Connection
> Physical Address. . . . . . . . . : 00-11-11-26-8E-71
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 110.7.4.51
> Subnet Mask . . . . . . . . . . . : 255.0.0.0

That is a REALLY odd mask did you ISP really give you that
value to use?

255.255.255.0 would be MUCH more likely to be correct --
but there is no way I can actually tell without talking to the
ISP.

It's is difficult to imagine the ISP would use a Class A address
AND not subnet it down to 254 nodes per network OR LESS.

BUT then, that 110 address doesn't seem to be a publicly assigned
range anyway. Whois says not, and it is unroutable from the Internet.

> Default Gateway . . . . . . . . . : 110.7.4.1
> DNS Servers . . . . . . . . . . . : 213.197.128.5
> 213.122.63.142
> 110.7.4.1

There's your problem right there -- as I predicted.

You need to remove these DNS servers from the NIC.

(Put them in the DNS SERVER MMC property for
Forwarding if you wish -- but right them down somewhere
so you will know them if/when you need them.)

> Client:
> Windows 2000 IP Configuration
>
> Host Name . . . . . . . . . . . . : hclc-client
> Primary DNS Suffix . . . . . . . :
> Node Type . . . . . . . . . . . . : Broadcast
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
>
> Ethernet adapter Local Area Connection:
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : RTL8139A/B/C/D RTL81xx 10/100Mbps
> PCI Adapter
> Physical Address. . . . . . . . . : 00-00-E8-50-2D-4F
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.0.2
> Subnet Mask . . . . . . . . . . . : 255.0.0.0

Legal but odd that you have different mask on the
Client and DC -- this is NOT actually a problem but
it looks goofy.

> Default Gateway . . . . . . . . . : 192.168.0.1
> DNS Servers . . . . . . . . . . . : 192.168.0.1

You probably cannot route through the server since it
doesn't seem to have routing enabled, but that wasn't
what you asked about.

From you other message you quoted me and then asked...
>>MUST override that external DNS setting -- optionally transferring the
>>value to the DNS forwarder tab.

> How do u do this?

Open the External NIC properties in Network and Dial-up connections, IP
Properties -> erase the DNS entry. (Write them down first.)

Open the DNS MMC (Start->Run->dnsmgmt.msc -- right click on the
SERVER->Properties-->Forwarder tab: Add them there if you wish.
(It's likely a good idea.)

Who is your ISP?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"thestriver" <searchhere@gmail.com> wrote in message
news:1122814354.861083.314020@z14g2000cwz.googlegroups.com...
> No, you should fix them
>
> Yes I've fixed them OK. However, we r back to the same issue. Network
> name cannot be found while joining. In other words, we r back to the
> point just before I ran that script from the internet. So we'r going
> somewhere it looks like :)

Yes. This time you are going to fix those NIC->DNS server entries.

> The reason I said a reinstall would be better...coz...I'm new to this
> thats why.

That doesn't make it better to re-install when you are not able to just
change one or two settings and fix the problem.

You would just be flailing -- and likely just type those bad entries
back into the same place unless you first understand how to do it
right. (The only reason that even APPROACHES needing a re-install
is that your DC is named the same as the NetBIOS name of the
Domain. You MIGHT decide to DCPromo->Non-DC, rename
DC, then DCPromo (again) back to DC.)

No need or even value in a full re-install.

> I have no issues if we carry on troubleshooting till we get
> to a point were we can find something. It is all the more more better
> for me as I can learn more in the doing. Thanks.

We JUST STARTED troubleshooting -- I guess the problem the problem
five messages ago, but you just now got around to posting the IPConfig
and confirming my guess.

Just fix the problem.

Then go through my DNS for AD checklist and either check/fix each
item or ask a question until you understand what each item means....


DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

1) Dynamic for the zone supporting AD

Already set to Secure updates.

2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)

I'm sure it specified so...going by ipconfig result on Client in my
message above. I've also made similar the Subnet mask of both, the
Private NIC (See IPConfig result above) & Client to 255.0.0.0. Also,
Enabled Router & Remote Access.

3) DCs and even DNS servers are DNS clients too -- see #2

If I specify the same IP/NIC values that is present now in the server's
Private NIC (See IPConfig result above), to both the NIC's, then will
it allow internet accessibility? I guess you mean to say that both
NIC's have to have the same values in IP/NIC? But will it allow me to
access the internet then?
It could also mean that there is no need for the second NIC if internet
connectivity is not required, correct? But, it is reqd as I need to
access internet also.
Is there a workaround so that I could access the internet as well? FYI,
I have only 1 Server & 1 Client.

4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or
indirectly)

As I mentioned earlier...there is only 1 Server & 1 Client, both
connected through cross over cable. So there is only 1 domain & 1 DNS
Server (Both on the same Win2000 Adv Server)