Arrow_Runner

Found the answer to that problem too, and I think you're right. I was using a 2003 Terminal Server (in domain) and XP PRO (not in domain) to run nslookup on. I'm not sure why the TS wouldn't wouldn't work, but I suppose maybe I have to manually specify the DNS suffix. Once I joined the XP Pro machine to the domain though, it's nslookups worked just fine. Thanks!

So here's what I found. There were conflicting GPs. The one in particular forced the Shared Access service to start, but was too restrictive on permissions I believe. The time issue is gong to be fixed today when a script on the DC makes it sync to a government time server. Also, a couple PCs weren't running the time service for some reason. I still don't know why we're getting the other errors in event viewer, but as long as everything is working, I'm not going to worry too much about it atm. Also, we have multiple subnets because our DC is also the server for 3 remote branches. Routers split up the networks, not the DC. Thanks to deda for the time commands, that really helped! I have just one finally question that's got nothing to do with the network mentioned. I have a test network at home, and I set DNS/AD up, but when I go to do an nslookup on a PC without the full domain suffix, it errors out. For example: nslookup PC00.domain.local --Works nslookup PC00 --Fails What am I missing here? I've got forward and reverse zones set up correctly.

I've got some of the things figured out. I'll post later with what I've found.

It turns out that there are definitely some conflicting group policies. I'm just going to unlink the old ones the vendor put in and start from scratch. Thank you all for your insight.

Yup. There's only 50ish PCs total, so it's not a huge hassle though. I completely understand what you mean by layered and not shoveled. I'm semi-in-the-process of researching for a full IT audit here to get things right. One of the things I'm going to try and push is a white-list software restriction policy. The real issue here is not how I set up the firewall, it's that I set up the firewall and Group Policy should be making it happen, but it doesn't always. How can I use soft-restriction policies if they're only going to work MOST of the time? I should have also mentioned that the XP firewall stops functioning correctly as soon as I reboot after adding the PC to the domain. The firewall would be off but the PC would not accept incoming connections(ex. for remote admin) I've had to script a fix in the logon script which has helped a lot, but it's only a band-aid since the problem is still intermittent. I think what I'm going to do now is block inheritence on a GPO so I can add a new PC without any policies or logon scripts affecting it. I THINK there may be a conflicting policy of some sort.

There is just one NIC in the server. And I got here after everything was set up, but there are 4 physical locations, so it does make some sense. I still would have done it a little differently though.

As far as the subnets go, the #1 reason why we aren't running DHCP is because we run a special application that requires PCs to have a static IP. As far as the Firewalls go, I see you're point where they could just as easily be turned off, but due to the type of industry my company is in, security should be as high as possible.

Thanks for the info on the time related stuff, but I'm more concerned on the netlogon errors and group policy not updating on PCs. I think the time issue will clear up when I find the solution to those problems. If I haven't mentioned, Group Policy will load on PCs about 7 out of 10 times. Sometimes just logging on and off and on and off, I'll find a few times where none of the policies I set for the Firewall Ports have loaded, although the Firewall Service is forced on per GP.

Yes Yes, we're not running DHCP. For a client to work correctly, does it need more on the DNS server other than a HOST record in the FWD Lookup Zone? Most, if not all of the first subnet PCs have a Pointer record in the Reverse Lookup Zone as well, and even those ones have intermittent problems.

I'm pretty sure DNS is working fine, this is how it's set up We have 4 subnets for PCs. The DNS server is set to point at itself for DNS with our ISPs 2 DNS servers as Forwarders. The Forward Lookup Zone is had 3 entries for the DNS/DC IP, one for mail.domain.local, one for dc.domain.local, and one that says (same as parent folder). There is only 1 reverse lookup zone, there should be 4 I think. Nslookup for IPs on the other 3 subnets fails, but works fine on the reverse zone subnet. The DNS/DC is listed in the Reverse Lookup Zone twice, once with a PTR record and once as a Name Server. The DNS server passes simple self-tests and works with Nslookups. I've found that some PCs are more prone to errors than others. Some only have 1 netlogon or time error in eventvwr while others always fail updating time....

Symptoms * Time not sync'd sometimes * Eventviewer errors * No Domain Controller Available * No Time Server Available * Group policy not updating * Windows XP Firewall was originally broken on clients * A logon script band-aid fixed this problem * Errors when adding PCs to the domain - but it still works * Profiles will not load occasionally These errors are rather random and don't seem to have any pattern. Most of the time things work, but sometimes they don't. The server itself isn't under hardly any load, and I'm pretty sure there's no network congestion. It's a DC, file server, exchange server, DNS, and has IIS for something... Any ideas? I can post eventvwr messages if that would help. I'm also looking to see if I can script something like nmap to continuously check ports/services on the DC, to see if there's some sort of pattern or certain service that's dropping.

Ouch, I haven't seen anything about wiki software authenticating against anything else except it's own database.

So is anybody else using a wiki? We've already got support outside the IT department and I don't even have it running in production yet!

AFAIK, one of TWiki's features is adding files to pages, not just word docs, but I haven't tried this. I'm also hoping to be able to use hyperlinks to files on share drives, that way if a user manually browses to the file or just clicks the link, any changes are made to the same file. If you mean copying and pasting a word doc into a wiki, then I'm not so sure how well that will work. I'm sure it will, but it might not be quick and easy like copying something into Outlook, but again, I haven't tried it. As far as content goes, you're completely right. That's why I brought up the idea of using a wiki as our central information base because it's so easy to manipulate and track changes. All of our information as of now is randomly dispersed in different email accounts, written paper, notepad files, and a IT dept folder with word docs.

I was just curious if anyone on here is using or has thought of using a wiki as a knowledge base for their IT dept. We're going to start using one after a couple of other projects get taken care of. If anyone could share their experience, thoughts, or how they organized things, that would be cool! BTW, we're planning on using Twiki as our wiki.

That's exactly what I was looking for, thanks!

First off, I finally got a real IT job! Anyhow, I'm going to be "sprucing up" the 2003 AD here, but I can't figure out how or if this is even possible. Here's just a few of our departments: Accounting IT Training Call Center Marketing Management In AD, I'd like to make GPOs for each of these. Unfortunately, some employees occasionally do work outside of their department. For instance, a person from the Call Center will assist with training. Therefore, I can't just put everyone in their respective department OU and call it a day because they may need something that I have locked for their department but open for another that they may occasionally do work for. I thought I could create OUs for each dept, then make a group under each OU, and make a computer/user a security member of each group he/she/it needed to belong to so all the desired GPOs would be applied to him/her/it, but it doesn't seem to work like that. There has to be a good way to do this. I don't want to have to create a bunch of nested/linked OUs for 2 people out of each department.

I had WINS set up, but it may not on right now. Lately certain computers, either belonging to the domain or a workgroup have been having issues with the logon script I use to map the drives on the server. I use: net use x: \\computername\sharename which usually works but now I am having to switch it to: net use x: \\computername.domainname.local\sharename or net use x: \\192.168.0.xx\sharename I really don't know where to look to fix this. Adding to the hosts file doesn't seem to help most of the time. I REALLY have a problem when using 2003 to map to the domain controller. Any ideas?

Thank you!

I'm going to eventually need to reload 2k3 on my DC. I need to: 1. Set up a temporary DC to replicated all of the AD info from my current DC. 2. Set that DC so it will be the PDC. 3. Reload old DC's OS and then make it a DC in the domain and replicate AD again 4. Make old DC the PDC again so everything is the same except now I'll have a fresh install of the OS I thought this would be simple, but I tried it last night and ran into several problems and just decided to boot from old 2k3 install so I'm back to square one for the moment. I really need help on this one, thanks!

It is a hard drive throughput issue, I need a good PATA controller card, What exactly does multi-home the server mean? Thanks.

I just picked up a few computers and I'm using 2k3 RIS to load an OS onto them. My server is bogging down a little doing three at a time. Is there any way I can set up RIS on more that one computer to load balance between the servers?

Cool, I'm glad to hear that was an easy fix, let us know how the rest goes.

Here's part of your answer. Instead of using your Public IP to VPN to, try connecting to the Private IP of your VPN server. I had to do this to determine that my router sucked and wouldn't forward the GRE traffic. If you cannot connect to the private IP of your VPN server, then there must be something wrong in your configuration. If you CAN connect to your private IP then you may have configured VPN on the wrong NIC. I had this problem due to my router, which definitely won't be the cause for your problem. Also, make sure that your DHCP address pool isn't all used up, that caused issues with my VPN server as well. Good luck!

I'm not sure if I'm following this right, but.... Windows XP you can go Prog Files-Accessories-Communication-Remote Desktop Connection Or just type MSTSC with no parameters Windows 2000 you have to download RDC from, I think a WinXP/2k3 disc, or maybe Microsoft I'm not sure if that answers your question, but it's GUI and it's MSTSC!