Arrow_Runner Posted October 24, 2007 Author Posted October 24, 2007 It turns out that there are definitely some conflicting group policies. I'm just going to unlink the old ones the vendor put in and start from scratch. Thank you all for your insight.
deda Posted October 25, 2007 Posted October 25, 2007 OK, I'm a "old" newby. I never heard use different subnets on a single NIC, maybe I'm saying something stupid but doesn't work. When you have more than a NIC to access different domains/workgroups it's OK. Try to use a single subnet and your problems go away, doesn't matter the physical locations, DNS exists for this.
zunger Posted October 25, 2007 Posted October 25, 2007 OK, I'm a "old" newby. I never heard use different subnets on a single NIC, maybe I'm saying something stupid but doesn't work. When you have more than a NIC to access different domains/workgroups it's OK. Try to use a single subnet and your problems go away, doesn't matter the physical locations, DNS exists for this.IP Route fixes the issue with the seperate subnets on a single nic. You can add up to 127 different ip's all having different subnets in 2003 (maybe more now).It sounds like your DC may be foobared. You may try and bring up another box to promote it as a bdc and see if your gpo/dns settings replicate to it. You're probably going to have to go through each event in ev and start by fixing one by one. If you can post a few of the errors, there might be more detailed info on troubleshooting it.
rion Posted October 29, 2007 Posted October 29, 2007 (edited) If you realy wanna know whats up with your DC.. Run this tool from Microsoft, it creates a CAB file with a huge amount of logfiles that can show you what might be amiss!http://download.microsoft.com/download/b/b...SRPT_DirSvc.exeYou can go thru the dcdiag.txt file to see what's the status of your domain.Also, you can post the files for us to take a look at so we can help you!/ Joseph Edited October 29, 2007 by rion
Arrow_Runner Posted October 29, 2007 Author Posted October 29, 2007 I've got some of the things figured out. I'll post later with what I've found.
Arrow_Runner Posted November 4, 2007 Author Posted November 4, 2007 So here's what I found.There were conflicting GPs. The one in particular forced the Shared Access service to start, but was too restrictive on permissions I believe.The time issue is gong to be fixed today when a script on the DC makes it sync to a government time server. Also, a couple PCs weren't running the time service for some reason.I still don't know why we're getting the other errors in event viewer, but as long as everything is working, I'm not going to worry too much about it atm.Also, we have multiple subnets because our DC is also the server for 3 remote branches. Routers split up the networks, not the DC.Thanks to deda for the time commands, that really helped!I have just one finally question that's got nothing to do with the network mentioned. I have a test network at home, and I set DNS/AD up, but when I go to do an nslookup on a PC without the full domain suffix, it errors out. For example:nslookup PC00.domain.local --Worksnslookup PC00 --FailsWhat am I missing here? I've got forward and reverse zones set up correctly.
touchstone_81 Posted November 11, 2007 Posted November 11, 2007 check the primary dns suffix being used on the pc.
Arrow_Runner Posted November 11, 2007 Author Posted November 11, 2007 Found the answer to that problem too, and I think you're right. I was using a 2003 Terminal Server (in domain) and XP PRO (not in domain) to run nslookup on. I'm not sure why the TS wouldn't wouldn't work, but I suppose maybe I have to manually specify the DNS suffix. Once I joined the XP Pro machine to the domain though, it's nslookups worked just fine.Thanks!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now