Netdiag, active directory problems

Tutorials Win: Microsoft Windows Forum

Windows 2003 Domain, single DC. 10 XP clients. On 2 of them, I can log into
the domain, but my group policy is not being applied. DCdiag on DC passes
fine. After much research, discovered that netdiag reports errors on those
machines. the first time I ran netdiag, it failed DC discovery test, DC list
test, trust relationship test, kerberos test and LDAP test. Basic message for
all was that it couldn't find the DC in my domain (the same DC I'm logged
into !?!). Ran dcdiag /fix and then dcdiag again. Now just DC list and
kerberos fail. Ran netdiag /test:dclist and that all passed. Netdiag still
fails for DC list and Kerberos. I tried resetting the computer account and
leaving/rejoining the domain. When I tried to join, i couldn't get the login
prompt up unless I specified domainname.local for the domain to join as
opposed to the usual domainname.

The pressing issue is with the Group Policy not being applied, but I'm sure
it's because of the DCdiag issues. Can someone give me some guidance on where
to go from here?

Thanks,

Al
Top

RE: Netdiag, active directory problems by lforbes

lforbes
Thu Mar 27 21:54:00 PDT 2008

Hi,

It sounds like you have a DNS issue. When Group Policy doesn't apply it is
usually a problem with DNS.

Is DNS installed on your domain and working properly? Is the IP on your XP
client pointing to the DC/DNS server in the TCP/IP Properties?

Here are my notes on it:

http://www.sd61.bc.ca/windows2000/DNS.htm

Cheers,
Lara



"alb" wrote:

> Windows 2003 Domain, single DC. 10 XP clients. On 2 of them, I can log into
> the domain, but my group policy is not being applied. DCdiag on DC passes
> fine. After much research, discovered that netdiag reports errors on those
> machines. the first time I ran netdiag, it failed DC discovery test, DC list
> test, trust relationship test, kerberos test and LDAP test. Basic message for
> all was that it couldn't find the DC in my domain (the same DC I'm logged
> into !?!). Ran dcdiag /fix and then dcdiag again. Now just DC list and
> kerberos fail. Ran netdiag /test:dclist and that all passed. Netdiag still
> fails for DC list and Kerberos. I tried resetting the computer account and
> leaving/rejoining the domain. When I tried to join, i couldn't get the login
> prompt up unless I specified domainname.local for the domain to join as
> opposed to the usual domainname.
>
> The pressing issue is with the Group Policy not being applied, but I'm sure
> it's because of the DCdiag issues. Can someone give me some guidance on where
> to go from here?
>
> Thanks,
>
> Al
>
Top

Re: Netdiag, active directory problems by Meinolf

Meinolf
Fri Mar 28 02:42:43 PDT 2008

Hello alb,

Please post an unedited ipconfig /all from the DC and one of the clients.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Windows 2003 Domain, single DC. 10 XP clients. On 2 of them, I can log
> into the domain, but my group policy is not being applied. DCdiag on
> DC passes fine. After much research, discovered that netdiag reports
> errors on those machines. the first time I ran netdiag, it failed DC
> discovery test, DC list test, trust relationship test, kerberos test
> and LDAP test. Basic message for all was that it couldn't find the DC
> in my domain (the same DC I'm logged into !?!). Ran dcdiag /fix and
> then dcdiag again. Now just DC list and kerberos fail. Ran netdiag
> /test:dclist and that all passed. Netdiag still fails for DC list and
> Kerberos. I tried resetting the computer account and leaving/rejoining
> the domain. When I tried to join, i couldn't get the login prompt up
> unless I specified domainname.local for the domain to join as opposed
> to the usual domainname.
>
> The pressing issue is with the Group Policy not being applied, but I'm
> sure it's because of the DCdiag issues. Can someone give me some
> guidance on where to go from here?
>
> Thanks,
>
> Al
>


Top

RE: Netdiag, active directory problems by alb

alb
Fri Mar 28 07:39:03 PDT 2008

I agree it's a DNS issue, but haven't been able to sort it out. Even tried
deleting the zone, removing dns, re-installing DNS re-creating the zone. Same
thing...

"lforbes" wrote:

> Hi,
>
> It sounds like you have a DNS issue. When Group Policy doesn't apply it is
> usually a problem with DNS.
>
> Is DNS installed on your domain and working properly? Is the IP on your XP
> client pointing to the DC/DNS server in the TCP/IP Properties?
>
> Here are my notes on it:
>
> http://www.sd61.bc.ca/windows2000/DNS.htm
>
> Cheers,
> Lara
>
>
>
> "alb" wrote:
>
> > Windows 2003 Domain, single DC. 10 XP clients. On 2 of them, I can log into
> > the domain, but my group policy is not being applied. DCdiag on DC passes
> > fine. After much research, discovered that netdiag reports errors on those
> > machines. the first time I ran netdiag, it failed DC discovery test, DC list
> > test, trust relationship test, kerberos test and LDAP test. Basic message for
> > all was that it couldn't find the DC in my domain (the same DC I'm logged
> > into !?!). Ran dcdiag /fix and then dcdiag again. Now just DC list and
> > kerberos fail. Ran netdiag /test:dclist and that all passed. Netdiag still
> > fails for DC list and Kerberos. I tried resetting the computer account and
> > leaving/rejoining the domain. When I tried to join, i couldn't get the login
> > prompt up unless I specified domainname.local for the domain to join as
> > opposed to the usual domainname.
> >
> > The pressing issue is with the Group Policy not being applied, but I'm sure
> > it's because of the DCdiag issues. Can someone give me some guidance on where
> > to go from here?
> >
> > Thanks,
> >
> > Al
> >
Top

Re: Netdiag, active directory problems by alb

alb
Mon Mar 31 06:24:01 PDT 2008

CLIENT IP Configuration:

Host Name . . . . . . . . . . . . : NM41POS
Primary Dns Suffix . . . . . . . : SHOES.LOCAL
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : SHOES.LOCAL

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
Controller
Physical Address. . . . . . . . . : 00-1D-09-20-0C-4A
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.6.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.6.254
DNS Servers . . . . . . . . . . . : 192.168.1.10

Primary WINS Server . . . . . . . : 192.168.1.10



IP INFO FOR DOMAIN CONTROLLER


DNS Suffix Search List. . . . . . : SHOES.LOCAL
Ethernet adapter NICTEAM:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : BASP Virtual Adapter
Physical Address. . . . . . . . . : 00-1C-23-C9-03-53
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::21c:23ff:fec9:353%4
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.10

fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Primary WINS Server . . . . . . . : 192.168.1.10

Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . :

DisabledTunnel adapter Automatic Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : C0-A8-01-0A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.10%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled



NETDIAG ON SERVER FAILS:

Running netdiag on the server shows the following warmings/errors:

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'SERV.SHOES.LOCAL.'. [WSAEADDRNOTAVAIL ]
The name 'SERV.SHOES.LOCAL.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the
name
'SERV.SHOES.LOCAL.''. [ERROR_TIMEOUT]
The name 'SERV.SHOES.LOCAL.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the
name
'SERV.SHOES.LOCAL.''. [WSAEADDRNOTAVAIL ]
The name 'SERV.SHOES.LOCAL.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the
name
'SERV.SHOES.LOCAL.'. [ERROR_TIMEOUT]
The name 'SERV.SHOES.LOCAL.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS server '0.0.0.0'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.



"Meinolf Weber" wrote:

> Hello alb,
>
> Please post an unedited ipconfig /all from the DC and one of the clients.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
> > Windows 2003 Domain, single DC. 10 XP clients. On 2 of them, I can log
> > into the domain, but my group policy is not being applied. DCdiag on
> > DC passes fine. After much research, discovered that netdiag reports
> > errors on those machines. the first time I ran netdiag, it failed DC
> > discovery test, DC list test, trust relationship test, kerberos test
> > and LDAP test. Basic message for all was that it couldn't find the DC
> > in my domain (the same DC I'm logged into !?!). Ran dcdiag /fix and
> > then dcdiag again. Now just DC list and kerberos fail. Ran netdiag
> > /test:dclist and that all passed. Netdiag still fails for DC list and
> > Kerberos. I tried resetting the computer account and leaving/rejoining
> > the domain. When I tried to join, i couldn't get the login prompt up
> > unless I specified domainname.local for the domain to join as opposed
> > to the usual domainname.
> >
> > The pressing issue is with the Group Policy not being applied, but I'm
> > sure it's because of the DCdiag issues. Can someone give me some
> > guidance on where to go from here?
> >
> > Thanks,
> >
> > Al
> >
>
>
>
Top