Cannot access network resources

[PTS]

We have a strange problem with 2 laptops (XP Pro). Working fine for

some time, they suddenly were prevented from accessing network

printers and drives. I was able to ping the domain server (Win 2000

Server) successfully. We don't use DHCP and have IP addresses set for

each machine on the network. Going in to the network properties, I was

able to get them to see the printers and drives again by changing one

of the DNS addresses from our ISP supplied address to the address of

our server. However that then prevented the laptops from accessing the

Internet. Does anyone know what might be causing this? All other

clients are working fine.

[cluberti]

You should NEVER include public DNS servers in your client configuration in your AD. Always configure DNS on your DCs, and point your clients ONLY to your DCs. Then, in the DNS configuration on your DCs, set up your ISP's DNS server(s) as forwarders - this will keep you from having AD DNS problems internally, and your clients should then be able to browse the public internet via the forwarders in the DCs DNS configuration.

AD relies almost entirely on DNS, and if you have non-AD DNS servers configured, they won't know anything about your AD - this will confuse clients eventually, if not right away.

[PTS]

Hi,

Thanks for your reply. But these are laptops which need to access the Internet from other broadband connections outside of our network. If I point them to the DC, they won't be able to see it on those occasions.

[cluberti]

If you are using a DHCP server to assign IP and DNS information, this shouldn't be a problem when those laptops go to a different location (likely those other broadband routers are providing IP and DNS via DHCP as well) - if you're statically assigning IP and DNS, strongly configure using DHCP.

You're going to have to consider it, because having non-AD DNS servers on your clients (or worse, servers) will eventually cause AD to fail to work properly - AD is 99% reliant on valid DNS information. Since public DNS servers don't have information about your internal AD structure, your clients (or servers) will get confused, and you'll get all kinds of random errors like these. If you require each machine to have specific IP information each time it attaches to your network, use DHCP reservations to make sure that a specific MAC address gets the same DHCP IP lease each time it connects - but if you must go with static assignments, you MUST remove the public DNS servers while those machines are on your network, or you'll continue to have problems.