Possible DNS issues with SOHO Domain Controller and Terminal Server
map diagram updated
administrate 2 servers on our soho lan, including 1 domain controller, , terminal server.
joined domain is: terminal server, , windows xp , windows 7 workstations in office.
network overview
# of workstations: 6 (windows xp), 12 (windows 7)
# of servers: 1 domain controller (sbs 2008), 1 terminal server (sbs 2008)
# of infrastructure equipment: 2 24 port unmanaged switches, 1 wifi access-point (not shown), isp modem, , d-link dsr-250 router
2 nights ago had power outage resulted in equipment going down (the duration of outage exceed our 30 minute ups window) , fried primary router (a linksys rv series small business router).
after, linksys router replaced brand new d-link dsr-250 small business router. reconfigured close linksys remember, ie: just admin password change, address , subnet configuration 10.0.20.x, dhcp lease set @ default (1 thru 254), , router dns set domain controller 10.0.20.4.
things worked okay while. however, next day no workstations able log onto domain. error "windows cannot connect domain either because domain controller down or otherwise unavailable, or because computer account not found. please try again later. if message continues appear contact system administrator assistance." thrown every time tried log onto work station. no matter credentials tried.
employees able log on because of roaming profiles, , terminal server log on working users because of roaming profiles.
bigger issues when logged onto terminal server, threw errors accounts not existing or something, or accounts not having proper privileges, same domain controller down error mentioned above. after logging on local ts administrator account, able in terminal server.
@ time not aware of workstations being affected in office, 11:00 @ night. so, figured isolated issue terminal server experiencing certificate or authentication error kerberos or , attempted re-join domain. went the system properties , unjoined/re-joined domain. however, domain controller kept throwing me errors again permissions , accounts not existing. tried both netbios (ex: domain) , fqdn (domain.com) type identifiers , used variety of credentials including dc's inbuilt administrator account.
thought funny , had experienced similar issues because of dns problems before @ site. so, went dc active directory users , computers mmc snap-in , removed computer account terminal server. tried re-joining domain ts. had luck , ts joined domain without issue.
tried logging ts various accounts. worked. log in slow @ first, related again dns issues. @ point wasn't sure if ts handshaking domain controller @ all. later convinced case when noticed ts computer account had not been re-created under dc active directory mmc snap-in. decided recreate ts computer account myself manually default settings windows recommended me using default "domain administrators" permissions , same host name of ts.
had luck logging in , testing connectivity dc terminal server using active directory user accounts changed access permissions on (ie disable account, , password changes) , attempted log ts credentials. users failed log in (the ones disabled) expected. however, denied access when entering in user name windows 7 mstsc (rdp) client, did not throw error commonly expected "error: cannot log in user. insufficient privileges." however, when disabled user's ts access, got error "cannot log in. not have sufficient privilege use remote access server." assumed normal because in rdc client , not @ actual windows log-in need press "ctrl-alt-del".
wasn't end of problems. office workstations still cannot in, , there problems accessing user's home shares (that's biggest problems of them all) maps @ log-on. error "failed connect network drive z:" little bubble popup in system tray. our home shares redirected user's documents folder it's important have access it.
tried going computer , clicking on mapped share z:, had red "x" on , not accessed. tried re-map share manually drive letter y:, failed thrown error "share cannot found. host cannot contacted/resolved."
tried last line of hope, manually entered in unc path address bar "\\corp-pdc1" , died same error. tried full path of "\\corp-pdc1\users\brian" , failed too.
now, thinking somehow dns related. dns error log full of warnings saying dns service not start because of active directory synchronization in progress or like. never got around checking if dns services started in services.msc.
dependent on dns server installed on dc box , if it's down, nothing get's internet. can tell, configuration quite close default "dcpromo" configuration done when setting domain controller. ie dns , entries being created , installed automatically. workstations , ts have dns entries (under nic options) added reference domain controller 10.0.20.4. nic netbios on ts set on automatic configuration.
thing changed router, all. nothing else adjusted or changed, other modifications resolve issue on equipment mentioned in post. lost , can't figure out what's causing these problems. configuration added router mentioned @ beginning of post. beyond that, it's defaults.
or sense of direction appreciated.
thank you.
brian d.
administrate 2 servers on our soho lan, including 1 domain controller, , terminal server.
joined domain is: terminal server, , windows xp , windows 7 workstations in office.
network overview
# of workstations: 6 (windows xp), 12 (windows 7)
# of servers: 1 domain controller (sbs 2008), 1 terminal server (sbs 2008)
# of infrastructure equipment: 2 24 port unmanaged switches, 1 wifi access-point (not shown), isp modem, , d-link dsr-250 router
2 nights ago had power outage resulted in equipment going down (the duration of outage exceed our 30 minute ups window) , fried primary router (a linksys rv series small business router).
after, linksys router replaced brand new d-link dsr-250 small business router. reconfigured close linksys remember, ie: just admin password change, address , subnet configuration 10.0.20.x, dhcp lease set @ default (1 thru 254), , router dns set domain controller 10.0.20.4.
things worked okay while. however, next day no workstations able log onto domain. error "windows cannot connect domain either because domain controller down or otherwise unavailable, or because computer account not found. please try again later. if message continues appear contact system administrator assistance." thrown every time tried log onto work station. no matter credentials tried.
employees able log on because of roaming profiles, , terminal server log on working users because of roaming profiles.
bigger issues when logged onto terminal server, threw errors accounts not existing or something, or accounts not having proper privileges, same domain controller down error mentioned above. after logging on local ts administrator account, able in terminal server.
@ time not aware of workstations being affected in office, 11:00 @ night. so, figured isolated issue terminal server experiencing certificate or authentication error kerberos or , attempted re-join domain. went the system properties , unjoined/re-joined domain. however, domain controller kept throwing me errors again permissions , accounts not existing. tried both netbios (ex: domain) , fqdn (domain.com) type identifiers , used variety of credentials including dc's inbuilt administrator account.
thought funny , had experienced similar issues because of dns problems before @ site. so, went dc active directory users , computers mmc snap-in , removed computer account terminal server. tried re-joining domain ts. had luck , ts joined domain without issue.
tried logging ts various accounts. worked. log in slow @ first, related again dns issues. @ point wasn't sure if ts handshaking domain controller @ all. later convinced case when noticed ts computer account had not been re-created under dc active directory mmc snap-in. decided recreate ts computer account myself manually default settings windows recommended me using default "domain administrators" permissions , same host name of ts.
had luck logging in , testing connectivity dc terminal server using active directory user accounts changed access permissions on (ie disable account, , password changes) , attempted log ts credentials. users failed log in (the ones disabled) expected. however, denied access when entering in user name windows 7 mstsc (rdp) client, did not throw error commonly expected "error: cannot log in user. insufficient privileges." however, when disabled user's ts access, got error "cannot log in. not have sufficient privilege use remote access server." assumed normal because in rdc client , not @ actual windows log-in need press "ctrl-alt-del".
wasn't end of problems. office workstations still cannot in, , there problems accessing user's home shares (that's biggest problems of them all) maps @ log-on. error "failed connect network drive z:" little bubble popup in system tray. our home shares redirected user's documents folder it's important have access it.
tried going computer , clicking on mapped share z:, had red "x" on , not accessed. tried re-map share manually drive letter y:, failed thrown error "share cannot found. host cannot contacted/resolved."
tried last line of hope, manually entered in unc path address bar "\\corp-pdc1" , died same error. tried full path of "\\corp-pdc1\users\brian" , failed too.
now, thinking somehow dns related. dns error log full of warnings saying dns service not start because of active directory synchronization in progress or like. never got around checking if dns services started in services.msc.
dependent on dns server installed on dc box , if it's down, nothing get's internet. can tell, configuration quite close default "dcpromo" configuration done when setting domain controller. ie dns , entries being created , installed automatically. workstations , ts have dns entries (under nic options) added reference domain controller 10.0.20.4. nic netbios on ts set on automatic configuration.
thing changed router, all. nothing else adjusted or changed, other modifications resolve issue on equipment mentioned in post. lost , can't figure out what's causing these problems. configuration added router mentioned @ beginning of post. beyond that, it's defaults.
or sense of direction appreciated.
thank you.
brian d.
please post unedited ipconfig /all of dc , problem client.
regards, dave patrick ....
microsoft certified professional
microsoft mvp [windows]
disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights.
Windows Server > Windows Server General Forum
Comments
Post a Comment