aspenjim Posted December 13, 2006 Share Posted December 13, 2006 (edited) I admit I'm a rookie at domains. I have 1 - 40 client domain w/ a 2003 standard server and when I look in the event viewer, I see these errors on almost all clients. They logon to the domain and have all domain resources available. Here's the message with a screenie...Everything seems to work properly, i just don't understand the error or how to correct it.they all have this error also....thanks to everyone helping me to understand and hopefully correct this.jim Edited December 13, 2006 by aspenjim Link to comment Share on other sites More sharing options...
ringfinger Posted December 13, 2006 Share Posted December 13, 2006 Has this always been the case? Is this happening for remote users as well or do you have any? Try adding your domain suffix to a machine connecting into the domain. Are you getting any errors on you domain controller? Link to comment Share on other sites More sharing options...
aspenjim Posted December 13, 2006 Author Share Posted December 13, 2006 Yes, most PC's have this (actually all that I have looked at) and have since the server was installed in April. Most PC's had a fresh install of XP prior to server upgrade. I had one lately say the netlogon service wasn't running so I removed and readded it to the domain.the dc has a clean logI'm not sure how to add the suffix (in this case .local) as you mention Link to comment Share on other sites More sharing options...
cluberti Posted December 13, 2006 Share Posted December 13, 2006 I'm assuming it's a single DC, in a single domain forest, and it's the DNS and DHCP (and possibly WINS) server for the domain? Make sure that the DC points to itself (and ONLY itself) for DNS and WINS resolution, and that the clients ONLY point to the DC as their DNS server. If you need clients to have internet browsing access, you'll need to configure forwarders on your DC's DNS to point to your ISP's DNS servers (check with them to see if recursion should be enabled or disabled in this configuration).These errors are 100% DNS resolution errors, so either your clients and DC have public DNS servers in their configuration, or your AD DNS is misconfigured and missing entries. Link to comment Share on other sites More sharing options...
aspenjim Posted December 13, 2006 Author Share Posted December 13, 2006 It is a single DC. When it was installed, the dns pointed toward itself. The "installers" of the server told me to put in the IP of the server in each client's dns settings. This is in a sheriff's dept where they have a cisco router doing dhcp. When I configured it as they told me, the internet just crawled. I ended up putting the ISP's dns settings as the secondary dns server (in the DC) and the internet became the normal speed. All clients are set to get dns automatically. As far as WINS, I don't have a clue about it's configuration. Also, I don't see in AD where to do any dns configuration. I fairly new at this (domains) and haven't had any formal training.What should I look for in AD and WINS?thanks for the input.jim Link to comment Share on other sites More sharing options...
cluberti Posted December 13, 2006 Share Posted December 13, 2006 WINS is optional, and if you aren't sure where it is, you probably don't have it installed or configured. As to the errors, if you enter in your ISP's DNS settings, this will happen eventually. You have to remove those and use forwarders for AD DNS to work properly - no other DNS servers should be configured on any client or server machines than the ones on your own network (other than the ISP's DNS servers on the forwarders tab of your DNS server, of course). If things are slow when this is configured, check with your ISP to make sure of whether or not to enable recursion. Link to comment Share on other sites More sharing options...
aspenjim Posted December 13, 2006 Author Share Posted December 13, 2006 Would you mind posting (or emailing me) screenies of what the forwarder tab properly configured? and a screenie of where to find DNS in AD? as far as wins, I know where it is and in 7 years of experience (with small networks), have never had to configure it.I am installing another SBS next week and would like to get it right (this is the 4th server install this year). I'm also trying to learn folder redirection and caching of local settings dir so domain logons don't take so long.thanks again.jim Link to comment Share on other sites More sharing options...
valter Posted December 13, 2006 Share Posted December 13, 2006 IN most of the cases the following works ... open registry and navigate to HKLM\System\CurecntControlSet\Services\Netlogon and edit DependOnService and add DNS to the list ... this is to be done on the server machine ...Second option might be configuring the firewall if firewall is enabled on the server and/or clients, the following ports MUST be open UDP 53, TCP 135, 445, 1025, 389 ... anyway, check the following link, excellent resource website for any network admin Link to comment Share on other sites More sharing options...
aspenjim Posted December 14, 2006 Author Share Posted December 14, 2006 (edited) thanks valter for the website.... looks like a great resource....Valter... what exactly does that reg edit do?Okay, I found the DNS forward tab and got it configured. I still don't know how to configure DNS in AD.Now the error has turned to warnings, so I made progress....I will try and figure it out from the site that valter mentioned hereThe terminology is a little over my head though (eg - single label namespace).Here is a quote from that site that I would like to learn how to do...This event will appear if the DNS Suffix on the TCP/IP properties on the Network card is invalid. In our case, the PC was setup with domainx in the field, rather than domainx.com. Once the DNS Suffix matched the AD or at least is a vaild "domain.extension" this error stops.Again thanks to all for the guidance and I WILL eventually understand this. Edited December 14, 2006 by aspenjim Link to comment Share on other sites More sharing options...
Stoic Joker Posted December 14, 2006 Share Posted December 14, 2006 Judging by you event screenshot you domain name is wcso.local which is fine, if it was only wcso then it would be considered a single lable namespace.Run ipconfig /allLook at the Primary DNS Suffix line, it should read wcso.local (Your Domain Name), if it does your fine.As far as the warnings go, just run:ipconfig /registerdnson the server, which should then allow it to properly find its own a** and stop the warnings. Link to comment Share on other sites More sharing options...
valter Posted December 14, 2006 Share Posted December 14, 2006 thanks valter for the website.... looks like a great resource....Valter... what exactly does that reg edit do?Okay, I found the DNS forward tab and got it configured. I still don't know how to configure DNS in AD.Now the error has turned to warnings, so I made progress....I will try and figure it out from the site that valter mentioned hereThe terminology is a little over my head though (eg - single label namespace).Here is a quote from that site that I would like to learn how to do...This event will appear if the DNS Suffix on the TCP/IP properties on the Network card is invalid. In our case, the PC was setup with domainx in the field, rather than domainx.com. Once the DNS Suffix matched the AD or at least is a vaild "domain.extension" this error stops.Again thanks to all for the guidance and I WILL eventually understand this.regedit is registry editor, you have to be very careful when working in registry editor, and if you're not sure what you're doing, then better don't do anything. Anyway, before you do anything in the registry editor, make sure you make a backup of your registry (File - Export - Export Rage set to All) ... the registry change I was refering to just tells Netlogon service not to start before DNS service is started ...As per your 11165 error, check that dynamic updates on your DNS zone properties is set to allow secure, this should allow all computers to dynamically register with DNS server ... Link to comment Share on other sites More sharing options...
aspenjim Posted December 15, 2006 Author Share Posted December 15, 2006 (edited) I meant what does HKLM\System\CurecntControlSet\Services\Netlogon do to the DNS Situation?edit.... nevermind, i reread what you said and you explained it. thanks Edited December 15, 2006 by aspenjim Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now