Re: [ActiveDir] sysvol problems
Dunno if this is still a problem for you - but if it is: Given that SYSVOL is really just a dfs root - is the DFS service running on the DC? If this were me I would: Install Etherreal on a client (free net sniffer) Run ipconfig /flushdns Run "klist purge" - say yes to purge all tickets Start the sniffer go to \\domain.com\sysvol - wait for the error "The network path was not found." Stop sniffer Analyze it or make it available to me (or us) and we can take a look see Thats the easiest and fastest way to tell what REALLY is going on IMO -steve - Original Message - From: "Robbie Foust" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 29, 2004 7:57 AM Subject: Re: [ActiveDir] sysvol problems > > Kern, Tom wrote: > > >they really should delegate you authority for your AD zone and these issues will go away. > > > Not really. We still would have a shared IP address space so reverse > lookups in AD would still be disabled and would have to be manually > registered in the campus DNS system. There really isn't a good way to > do it in environments like ours. Luckily Microsoft has realized that > and added appropriate configuration/policy options. > > > point your dns server from your child domain to the root as a forwarder or pull down a secondary copy of the root AD domain would be even better. > > > >until then or if then, maybe if you fiddle around with your dns properties on the dc's network adapter. like uncheck "append parent suffixes of the primary dns suffix" > > > > > I'm pretty sure the problem has to do with the server thinking it has > two names. It probably happened during the initial dcpromo when it was > pointing to two different dns systems. (btw, this is a single > forest/single domain) Either way, its going to be a pain to correct so > I'm just going to recommend that they join our central forest which is > properly configured. > > Thanks for the suggestions! > > - Robbie > > > -- > Robbie Foust, IT Analyst > OIT/CASI - Administrative Information Support > Duke University > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] sysvol problems
Kern, Tom wrote: they really should delegate you authority for your AD zone and these issues will go away. Not really. We still would have a shared IP address space so reverse lookups in AD would still be disabled and would have to be manually registered in the campus DNS system. There really isn't a good way to do it in environments like ours. Luckily Microsoft has realized that and added appropriate configuration/policy options. point your dns server from your child domain to the root as a forwarder or pull down a secondary copy of the root AD domain would be even better. until then or if then, maybe if you fiddle around with your dns properties on the dc's network adapter. like uncheck "append parent suffixes of the primary dns suffix" I'm pretty sure the problem has to do with the server thinking it has two names. It probably happened during the initial dcpromo when it was pointing to two different dns systems. (btw, this is a single forest/single domain) Either way, its going to be a pain to correct so I'm just going to recommend that they join our central forest which is properly configured. Thanks for the suggestions! - Robbie -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] sysvol problems
they really should delegate you authority for your AD zone and these issues will go away. point your dns server from your child domain to the root as a forwarder or pull down a secondary copy of the root AD domain would be even better. until then or if then, maybe if you fiddle around with your dns properties on the dc's network adapter. like uncheck "append parent suffixes of the primary dns suffix" thanks -Original Message- From: Robbie Foust [mailto:[EMAIL PROTECTED] Sent: Friday, October 29, 2004 10:39 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] sysvol problems Hi Tom, Yes, all of those have been checked. The first time I tried ipconfig /registerdns, I got an error and thats when I realized the admin had disabled netbios and disabled the dhcp client. So I re-enabled it and /registerdns worked. The DNS topic was one I was trying to avoid. :-) Like most universities, we already have a DNS (unix-based) system in place which isn't going away. So, when an Active Directory forest is set up, we configure it as its own DNS system (ad-integrated), but the primary campus DNS systems pull zone transfers from the AD domain controllers. They aren't willing to delegate the domain to us, which is mostly a political issue, but anyway, when configured properly, it works fine. Also, in AD, we don't have a reverse zone configured because there's no way to sync that to the main campus DNS servers. AD forests on campuses don't have their own IP address space so there isn't a clean way to do it. Anyway, this particular domain wasn't configured that way. They had configured the server as ad-integrated with its own 3rd level dns name, but the main campus dns servers don't pull zone transfers from it. The server name registered on the main campus DNS is completely different from what is registered in AD DNS. The network card DNS info on the DC was initially configured to point to itself for primary DNS, and campus DNS for secondary. I figure that might be why the server seems to think it has two names, but I'm not sure how to correct it. I've killed off the secondary DNS entry so it is only pointing to itself for DNS now, so it shouldn't care what is registered in the main campus DNS system. Everything in AD DNS is configured correctly now. So thats what I mean by it is "somewhat" fixed. :-) Hope that makes sense... - Robbie Kern, Tom wrote: >do you have all the srv records in DNS for this server? >do you have "File and Print sharing" installed? >did you do and "ipconfig/registerdns"? > >when you say "DNS config should be somewaht correct", what do you mean by "somewhat" > >thanks > >-Original Message- >From: Robbie Foust [mailto:[EMAIL PROTECTED] >Sent: Friday, October 29, 2004 10:10 AM >To: [EMAIL PROTECTED] >Subject: [ActiveDir] sysvol problems > > >Hi, > >I'm trying to track down a problem. This particular domain only has one >domain controller (don't blame me) :-) and I am unable to access the >sysvol through the domain name, like when I try to go to >\\domain.duke.edu\sysvol I get "The network path was not found." One >other weird thing about the server, is that on the login dialog box, >instead of listing the domain name as the domain to log in to, it lists >something like "domainserv". (names changed to protect the innocent) > >There's more to the story, but I'll leave it at that for now. The DNS >config should be somewhat correct, at least enough that it should be >working. I've corrected many problems associated with that, but still >no go. A nslookup to the domain name does resolve to the server's IP >address. Netbt was disabled so I've reenabled it to see if that >helped. dcdiag things everything is fine, netdiag thinks everything is >fine except it says: > >NetBT name test. . . . . . . . . . : Passed >[WARNING] You don't have a single interface with the <00> >'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined. > >I'm not 100% sure exactly what its talking about, since the server has >everything registered in WINS. In fact, it has both "server names" >registered. Both the real DC name and the name that shows up in the >login dialog box. :-) > >Thanks! > >- Robbie > > > -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] sysvol problems
check your DNS. it seems to be pointing to an issue with srv records for your DC not being properly registered. I'd say run dcpromo and demote your dc but its your only one so i don't advise it. are you running AD intergrated dns? or standard dns? is your dc pointing to the correct dns server? do you have "allow automatic updates" checked off on your zone? is this a child domain or the root domain? thanks -Original Message- From: Robbie Foust [mailto:[EMAIL PROTECTED] Sent: Friday, October 29, 2004 10:30 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] sysvol problems Hi Robert, Thanks for the reply. If I net view the real "dc" name, then yes. If I net view the name that shows up in the login dialog box, then no. I get the network path not found message. - Robbie Robert Rutherford wrote: >If you do a 'net view \\servername' can u see the shares, i.e. sysvol? > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust >Sent: 29 October 2004 15:10 >To: [EMAIL PROTECTED] >Subject: [ActiveDir] sysvol problems > >Hi, > >I'm trying to track down a problem. This particular domain only has one > >domain controller (don't blame me) :-) and I am unable to access the >sysvol through the domain name, like when I try to go to >\\domain.duke.edu\sysvol I get "The network path was not found." One >other weird thing about the server, is that on the login dialog box, >instead of listing the domain name as the domain to log in to, it lists >something like "domainserv". (names changed to protect the innocent) > >There's more to the story, but I'll leave it at that for now. The DNS >config should be somewhat correct, at least enough that it should be >working. I've corrected many problems associated with that, but still >no go. A nslookup to the domain name does resolve to the server's IP >address. Netbt was disabled so I've reenabled it to see if that >helped. dcdiag things everything is fine, netdiag thinks everything is >fine except it says: > >NetBT name test. . . . . . . . . . : Passed >[WARNING] You don't have a single interface with the <00> >'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names >defined. > >I'm not 100% sure exactly what its talking about, since the server has >everything registered in WINS. In fact, it has both "server names" >registered. Both the real DC name and the name that shows up in the >login dialog box. :-) > >Thanks! > >- Robbie > > > -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] sysvol problems
Hi Tom, Yes, all of those have been checked. The first time I tried ipconfig /registerdns, I got an error and thats when I realized the admin had disabled netbios and disabled the dhcp client. So I re-enabled it and /registerdns worked. The DNS topic was one I was trying to avoid. :-) Like most universities, we already have a DNS (unix-based) system in place which isn't going away. So, when an Active Directory forest is set up, we configure it as its own DNS system (ad-integrated), but the primary campus DNS systems pull zone transfers from the AD domain controllers. They aren't willing to delegate the domain to us, which is mostly a political issue, but anyway, when configured properly, it works fine. Also, in AD, we don't have a reverse zone configured because there's no way to sync that to the main campus DNS servers. AD forests on campuses don't have their own IP address space so there isn't a clean way to do it. Anyway, this particular domain wasn't configured that way. They had configured the server as ad-integrated with its own 3rd level dns name, but the main campus dns servers don't pull zone transfers from it. The server name registered on the main campus DNS is completely different from what is registered in AD DNS. The network card DNS info on the DC was initially configured to point to itself for primary DNS, and campus DNS for secondary. I figure that might be why the server seems to think it has two names, but I'm not sure how to correct it. I've killed off the secondary DNS entry so it is only pointing to itself for DNS now, so it shouldn't care what is registered in the main campus DNS system. Everything in AD DNS is configured correctly now. So thats what I mean by it is "somewhat" fixed. :-) Hope that makes sense... - Robbie Kern, Tom wrote: do you have all the srv records in DNS for this server? do you have "File and Print sharing" installed? did you do and "ipconfig/registerdns"? when you say "DNS config should be somewaht correct", what do you mean by "somewhat" thanks -Original Message- From: Robbie Foust [mailto:[EMAIL PROTECTED] Sent: Friday, October 29, 2004 10:10 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] sysvol problems Hi, I'm trying to track down a problem. This particular domain only has one domain controller (don't blame me) :-) and I am unable to access the sysvol through the domain name, like when I try to go to \\domain.duke.edu\sysvol I get "The network path was not found." One other weird thing about the server, is that on the login dialog box, instead of listing the domain name as the domain to log in to, it lists something like "domainserv". (names changed to protect the innocent) There's more to the story, but I'll leave it at that for now. The DNS config should be somewhat correct, at least enough that it should be working. I've corrected many problems associated with that, but still no go. A nslookup to the domain name does resolve to the server's IP address. Netbt was disabled so I've reenabled it to see if that helped. dcdiag things everything is fine, netdiag thinks everything is fine except it says: NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined. I'm not 100% sure exactly what its talking about, since the server has everything registered in WINS. In fact, it has both "server names" registered. Both the real DC name and the name that shows up in the login dialog box. :-) Thanks! - Robbie -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] sysvol problems
Sounds like a filthy setup. Will then entertain the idea of hacking out the duplicate server/domain names? You could start messing around with DNS, creating SRV records, etc. I'd try to get a buy in for a cleanup though. How many users are we talking about? BR Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: 29 October 2004 15:30 To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] sysvol problems Hi Robert, Thanks for the reply. If I net view the real "dc" name, then yes. If I net view the name that shows up in the login dialog box, then no. I get the network path not found message. - Robbie Robert Rutherford wrote: >If you do a 'net view \\servername' can u see the shares, i.e. sysvol? > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust >Sent: 29 October 2004 15:10 >To: [EMAIL PROTECTED] >Subject: [ActiveDir] sysvol problems > >Hi, > >I'm trying to track down a problem. This particular domain only has one > >domain controller (don't blame me) :-) and I am unable to access the >sysvol through the domain name, like when I try to go to >\\domain.duke.edu\sysvol I get "The network path was not found." One >other weird thing about the server, is that on the login dialog box, >instead of listing the domain name as the domain to log in to, it lists >something like "domainserv". (names changed to protect the innocent) > >There's more to the story, but I'll leave it at that for now. The DNS >config should be somewhat correct, at least enough that it should be >working. I've corrected many problems associated with that, but still >no go. A nslookup to the domain name does resolve to the server's IP >address. Netbt was disabled so I've reenabled it to see if that >helped. dcdiag things everything is fine, netdiag thinks everything is >fine except it says: > >NetBT name test. . . . . . . . . . : Passed >[WARNING] You don't have a single interface with the <00> >'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names >defined. > >I'm not 100% sure exactly what its talking about, since the server has >everything registered in WINS. In fact, it has both "server names" >registered. Both the real DC name and the name that shows up in the >login dialog box. :-) > >Thanks! > >- Robbie > > > -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ === Scanned for virus infection by Messagelabs === List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] sysvol problems
Hi Robert, Thanks for the reply. If I net view the real "dc" name, then yes. If I net view the name that shows up in the login dialog box, then no. I get the network path not found message. - Robbie Robert Rutherford wrote: If you do a 'net view \\servername' can u see the shares, i.e. sysvol? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: 29 October 2004 15:10 To: [EMAIL PROTECTED] Subject: [ActiveDir] sysvol problems Hi, I'm trying to track down a problem. This particular domain only has one domain controller (don't blame me) :-) and I am unable to access the sysvol through the domain name, like when I try to go to \\domain.duke.edu\sysvol I get "The network path was not found." One other weird thing about the server, is that on the login dialog box, instead of listing the domain name as the domain to log in to, it lists something like "domainserv". (names changed to protect the innocent) There's more to the story, but I'll leave it at that for now. The DNS config should be somewhat correct, at least enough that it should be working. I've corrected many problems associated with that, but still no go. A nslookup to the domain name does resolve to the server's IP address. Netbt was disabled so I've reenabled it to see if that helped. dcdiag things everything is fine, netdiag thinks everything is fine except it says: NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined. I'm not 100% sure exactly what its talking about, since the server has everything registered in WINS. In fact, it has both "server names" registered. Both the real DC name and the name that shows up in the login dialog box. :-) Thanks! - Robbie -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] sysvol problems
do you have all the srv records in DNS for this server? do you have "File and Print sharing" installed? did you do and "ipconfig/registerdns"? when you say "DNS config should be somewaht correct", what do you mean by "somewhat" thanks -Original Message- From: Robbie Foust [mailto:[EMAIL PROTECTED] Sent: Friday, October 29, 2004 10:10 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] sysvol problems Hi, I'm trying to track down a problem. This particular domain only has one domain controller (don't blame me) :-) and I am unable to access the sysvol through the domain name, like when I try to go to \\domain.duke.edu\sysvol I get "The network path was not found." One other weird thing about the server, is that on the login dialog box, instead of listing the domain name as the domain to log in to, it lists something like "domainserv". (names changed to protect the innocent) There's more to the story, but I'll leave it at that for now. The DNS config should be somewhat correct, at least enough that it should be working. I've corrected many problems associated with that, but still no go. A nslookup to the domain name does resolve to the server's IP address. Netbt was disabled so I've reenabled it to see if that helped. dcdiag things everything is fine, netdiag thinks everything is fine except it says: NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined. I'm not 100% sure exactly what its talking about, since the server has everything registered in WINS. In fact, it has both "server names" registered. Both the real DC name and the name that shows up in the login dialog box. :-) Thanks! - Robbie -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] sysvol problems
If you do a 'net view \\servername' can u see the shares, i.e. sysvol? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: 29 October 2004 15:10 To: [EMAIL PROTECTED] Subject: [ActiveDir] sysvol problems Hi, I'm trying to track down a problem. This particular domain only has one domain controller (don't blame me) :-) and I am unable to access the sysvol through the domain name, like when I try to go to \\domain.duke.edu\sysvol I get "The network path was not found." One other weird thing about the server, is that on the login dialog box, instead of listing the domain name as the domain to log in to, it lists something like "domainserv". (names changed to protect the innocent) There's more to the story, but I'll leave it at that for now. The DNS config should be somewhat correct, at least enough that it should be working. I've corrected many problems associated with that, but still no go. A nslookup to the domain name does resolve to the server's IP address. Netbt was disabled so I've reenabled it to see if that helped. dcdiag things everything is fine, netdiag thinks everything is fine except it says: NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined. I'm not 100% sure exactly what its talking about, since the server has everything registered in WINS. In fact, it has both "server names" registered. Both the real DC name and the name that shows up in the login dialog box. :-) Thanks! - Robbie -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ === Scanned for virus infection by Messagelabs === List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] sysvol problems
Hi, I'm trying to track down a problem. This particular domain only has one domain controller (don't blame me) :-) and I am unable to access the sysvol through the domain name, like when I try to go to \\domain.duke.edu\sysvol I get "The network path was not found." One other weird thing about the server, is that on the login dialog box, instead of listing the domain name as the domain to log in to, it lists something like "domainserv". (names changed to protect the innocent) There's more to the story, but I'll leave it at that for now. The DNS config should be somewhat correct, at least enough that it should be working. I've corrected many problems associated with that, but still no go. A nslookup to the domain name does resolve to the server's IP address. Netbt was disabled so I've reenabled it to see if that helped. dcdiag things everything is fine, netdiag thinks everything is fine except it says: NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined. I'm not 100% sure exactly what its talking about, since the server has everything registered in WINS. In fact, it has both "server names" registered. Both the real DC name and the name that shows up in the login dialog box. :-) Thanks! - Robbie -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/