Arrow_Runner

Found the answer to that problem too, and I think you're right. I was using a 2003 Terminal Server (in domain) and XP PRO (not in domain) to run nslookup on. I'm not sure why the TS wouldn't wouldn't work, but I suppose maybe I have to manually specify the DNS suffix. Once I joined the XP Pro machine to the domain though, it's nslookups worked just fine. Thanks!

So here's what I found. There were conflicting GPs. The one in particular forced the Shared Access service to start, but was too restrictive on permissions I believe. The time issue is gong to be fixed today when a script on the DC makes it sync to a government time server. Also, a couple PCs weren't running the time service for some reason. I still don't know why we're getting the other errors in event viewer, but as long as everything is working, I'm not going to worry too much about it atm. Also, we have multiple subnets because our DC is also the server for 3 remote branches. Routers split up the networks, not the DC. Thanks to deda for the time commands, that really helped! I have just one finally question that's got nothing to do with the network mentioned. I have a test network at home, and I set DNS/AD up, but when I go to do an nslookup on a PC without the full domain suffix, it errors out. For example: nslookup PC00.domain.local --Works nslookup PC00 --Fails What am I missing here? I've got forward and reverse zones set up correctly.

I've got some of the things figured out. I'll post later with what I've found.

It turns out that there are definitely some conflicting group policies. I'm just going to unlink the old ones the vendor put in and start from scratch. Thank you all for your insight.

Yup. There's only 50ish PCs total, so it's not a huge hassle though. I completely understand what you mean by layered and not shoveled. I'm semi-in-the-process of researching for a full IT audit here to get things right. One of the things I'm going to try and push is a white-list software restriction policy. The real issue here is not how I set up the firewall, it's that I set up the firewall and Group Policy should be making it happen, but it doesn't always. How can I use soft-restriction policies if they're only going to work MOST of the time? I should have also mentioned that the XP firewall stops functioning correctly as soon as I reboot after adding the PC to the domain. The firewall would be off but the PC would not accept incoming connections(ex. for remote admin) I've had to script a fix in the logon script which has helped a lot, but it's only a band-aid since the problem is still intermittent. I think what I'm going to do now is block inheritence on a GPO so I can add a new PC without any policies or logon scripts affecting it. I THINK there may be a conflicting policy of some sort.

There is just one NIC in the server. And I got here after everything was set up, but there are 4 physical locations, so it does make some sense. I still would have done it a little differently though.

As far as the subnets go, the #1 reason why we aren't running DHCP is because we run a special application that requires PCs to have a static IP. As far as the Firewalls go, I see you're point where they could just as easily be turned off, but due to the type of industry my company is in, security should be as high as possible.

Thanks for the info on the time related stuff, but I'm more concerned on the netlogon errors and group policy not updating on PCs. I think the time issue will clear up when I find the solution to those problems. If I haven't mentioned, Group Policy will load on PCs about 7 out of 10 times. Sometimes just logging on and off and on and off, I'll find a few times where none of the policies I set for the Firewall Ports have loaded, although the Firewall Service is forced on per GP.

Yes Yes, we're not running DHCP. For a client to work correctly, does it need more on the DNS server other than a HOST record in the FWD Lookup Zone? Most, if not all of the first subnet PCs have a Pointer record in the Reverse Lookup Zone as well, and even those ones have intermittent problems.

I'm pretty sure DNS is working fine, this is how it's set up We have 4 subnets for PCs. The DNS server is set to point at itself for DNS with our ISPs 2 DNS servers as Forwarders. The Forward Lookup Zone is had 3 entries for the DNS/DC IP, one for mail.domain.local, one for dc.domain.local, and one that says (same as parent folder). There is only 1 reverse lookup zone, there should be 4 I think. Nslookup for IPs on the other 3 subnets fails, but works fine on the reverse zone subnet. The DNS/DC is listed in the Reverse Lookup Zone twice, once with a PTR record and once as a Name Server. The DNS server passes simple self-tests and works with Nslookups. I've found that some PCs are more prone to errors than others. Some only have 1 netlogon or time error in eventvwr while others always fail updating time....

Symptoms * Time not sync'd sometimes * Eventviewer errors * No Domain Controller Available * No Time Server Available * Group policy not updating * Windows XP Firewall was originally broken on clients * A logon script band-aid fixed this problem * Errors when adding PCs to the domain - but it still works * Profiles will not load occasionally These errors are rather random and don't seem to have any pattern. Most of the time things work, but sometimes they don't. The server itself isn't under hardly any load, and I'm pretty sure there's no network congestion. It's a DC, file server, exchange server, DNS, and has IIS for something... Any ideas? I can post eventvwr messages if that would help. I'm also looking to see if I can script something like nmap to continuously check ports/services on the DC, to see if there's some sort of pattern or certain service that's dropping.

Ouch, I haven't seen anything about wiki software authenticating against anything else except it's own database.

So is anybody else using a wiki? We've already got support outside the IT department and I don't even have it running in production yet!

AFAIK, one of TWiki's features is adding files to pages, not just word docs, but I haven't tried this. I'm also hoping to be able to use hyperlinks to files on share drives, that way if a user manually browses to the file or just clicks the link, any changes are made to the same file. If you mean copying and pasting a word doc into a wiki, then I'm not so sure how well that will work. I'm sure it will, but it might not be quick and easy like copying something into Outlook, but again, I haven't tried it. As far as content goes, you're completely right. That's why I brought up the idea of using a wiki as our central information base because it's so easy to manipulate and track changes. All of our information as of now is randomly dispersed in different email accounts, written paper, notepad files, and a IT dept folder with word docs.

I was just curious if anyone on here is using or has thought of using a wiki as a knowledge base for their IT dept. We're going to start using one after a couple of other projects get taken care of. If anyone could share their experience, thoughts, or how they organized things, that would be cool! BTW, we're planning on using Twiki as our wiki.