Jump to content


Photo

New PC in Active Directory


  • Please log in to reply
18 replies to this topic

#1 dtav

dtav

    stranger

  • Members
  • 16 posts

Posted 08 February 2005 - 12:19 PM

HI,
I have a small network with 1 W2k server and 2 w2kpro work stations. Active directory enabled on the server, DHCP active and DNS active with DNS forwarding for internet connection.
Connected via a ADSL router. The router has DHCP disabled, with the relay option selected to pass DHCP requests to the server. NAT is SUA only.

My problem is this: all was fine till one day recently, one of the WS collapsed on me. continuous blue screen crashes, and refused to boot half the time. So, I replaced the hard drive with a new 160GB seagate. Formatted everything, put the old drive back in as a slave, (+CD/DVD ROM) put it all back together again, and re-installed w2kpro.
Everything OK so far. Then I deleted the old user and computer from AD. Created a new user account, added it to the PC, and everthing should be OK. But, although I have successfully logged on, and I can see the network, and the other PCs, something is wrong.
I updated with SP4, and updated the NIC driver. (all machines have 1 realtek NIC)

So the problem is internet access. When loading IE, initially it goes fast, and the dialogue says, web site found, waiting for reply, then it starts loading, but gradually slows down and stops before completing the page. Same on any site.

The same happens when trying to access shared folders on the network. Initially, I can open shared folders on the server,but the deper I go into the file structure, the slower it gets. I cant transfer files over the network.

The other WS is fine, and Ive looked in detail at the configuration of the 2 user accounts, and I cant find any difference between them in active directory.
Any ideas?
Thanks in advance
DT

#2 clutch

clutch

    Carpal Tunnel

  • Moderators
  • 3859 posts

Posted 08 February 2005 - 07:42 PM

Does the rebuilt box have a different icon (such as a warning) in AD Users and Computers? Did you check the logs on the client for errors, such as "Could not process GPO" or "Could not locate Domain Controller"? Are you positive that the NIC is getting an IP and it is being registered in DNS?

#3 dr_grey

dr_grey

    stranger

  • Members
  • 6 posts

Posted 09 February 2005 - 07:33 AM

You can find from www.e2xpert.com?info=645&zx=88

#4 dtav

dtav

    stranger

  • Members
  • 16 posts

Posted 09 February 2005 - 12:56 PM

tahnks. There's no icon in AD users & computers. The computer name appears correctly in the computers folder. In DHCP it also appears correctly with the full domain name, and the assigned IP with the lease of 7 days
In DNS, the individual pcs do not appear.
I haven't checked the event viewer fully yet. I'll do that and come back.
I was focussing on possible hardware issues with the new hard drive.
cheers
DT

#5 clutch

clutch

    Carpal Tunnel

  • Moderators
  • 3859 posts

Posted 09 February 2005 - 05:30 PM

Make sure that your PCs are getting the right DNS server (namely, the domain controller hosting your DNS zone). In addition, make sure that you are using secure updates for that zone (it will need to be AD integrated, and not simply "primary"). If they are DHCP and not getting the right DNS IP, check the scope (or server) options on your DHCP server.

#6 clutch

clutch

    Carpal Tunnel

  • Moderators
  • 3859 posts

Posted 09 February 2005 - 05:32 PM

Also, dr_grey, stop drumming up business for your site. You are using the same link for all posts, and that link has no information on it other than a need for registration.

#7 dtav

dtav

    stranger

  • Members
  • 16 posts

Posted 10 February 2005 - 11:41 AM

Dr_Grey..this site you suggest offers no information about my problem, and it asks me to pay for a potential solution. There is nothing to suggest that the members are any more competent to resolve problems than anywhere else. NT compatible is by far the best technical forum on the net with thousands of members compared to a few hundred or less in most others. Furthermore, im a firm believer in the exchange of assistance and knowledge as the best way to resolve my own problems and those of others.

#8 dtav

dtav

    stranger

  • Members
  • 16 posts

Posted 10 February 2005 - 12:01 PM

Thanks Clutch,
Im slightly confused about your answer though.
First, here's a breakdown of the IPconfig result:
My server is 192.168.1.1
iget
Host name....correct
Primary DNS sufix...domain.domain..........correct
node type................mixed.?? (dont know what that means)
IP routing enabled........no..(is that right?)
WINS proxy enabled.........no
search list for DNS suffix....domain.domain
DOMAIN
Ethernet adaptor
Specific suffix DNS connection.....DOMAIN
Desription..................realtek bla bla bla

Ethernet NIC
Physical adress...........00-08- etc
DHCP enabled ...........yes
Automatic config enabled......yes
IP address..........192.168.1.120...(address this machine always gets)
subnet mask....255.255.255.0
gateway.......ip of router
dhcp SERVER 192.168.1.1
DNS server 192.168.1.1

All seems correct to me..can you shed any light on this?

"make sure that you are using secure updates for that zone (it will need to be AD integrated, and not simply "primary""

I dont understand this. Where do I access this setting ?

Another point: If I access the folders/drives on the server, I can see them, but its very slow as I explained before. If I try to access the ws FROM the server, I get an error "access denied" or "network path not found"
Although the icon for the machine appears in "my network places"

I checked through the event viewer, and there are some alerts that refer to the trust relationship failing.

Thanks for your help..
DT

#9 dtav

dtav

    stranger

  • Members
  • 16 posts

Posted 10 February 2005 - 06:25 PM

There's another issue that might be the source of the trouble, which is that the new hard drive is still showing as 137GB when in fact it is 160GB. According to Seagate documentation, and MS, the full drive capacity should be recognised once the OS is updated with sp4.
This has not happened. Maybe this is causing the puter to not function properly

#10 clutch

clutch

    Carpal Tunnel

  • Moderators
  • 3859 posts

Posted 10 February 2005 - 07:50 PM

The drive issue could simply require an update of the motherboard's BIOS, so I would look into that.

Your issues with browsing look a lot like your client is not registering itself with DNS. You should see a record for your client in your DNS console. Make sure you have dynamic up[censored] enabled in DNS by:

1. Open up your DNS console
2. Expand "Forward Lookup Zones"
3. Expand your AD DNS zone (i.e. mydomain.com) and select properties
4. Look at "Type", and if it isn't AD-Integrated, then click "Change" and adjust it
5. Change "Dynamic Updates" to "Secure Only"

After this is done, either reboot the machines on your network (might be the best idea) or use "ipconfig /registerdns" on your workstations, and "net stop netlogon" followed by "net start netlogon" on your server. If you choose to reboot all of the machines, shut down your workstations, and reboot the server. Then, start your workstations a few minutes after the server is started.

#11 dtav

dtav

    stranger

  • Members
  • 16 posts

Posted 10 February 2005 - 11:00 PM

THanks clutch,
sorry to say that when I checked all these things (first time id been there) they were already as you said. So no luck there.
DT

#12 clutch

clutch

    Carpal Tunnel

  • Moderators
  • 3859 posts

Posted 10 February 2005 - 11:18 PM

Originally posted by dtav:
Quote:
In DNS, the individual pcs do not appear.


This is a problem. If those PCs do not appear in DNS, then you are sunk. Try adding static records for them ("A" Host) and set the IPs and TCP properties statically on the clients as well.


#13 dtav

dtav

    stranger

  • Members
  • 16 posts

Posted 11 February 2005 - 12:08 PM

When looking at the DNS console, and after expanding "forward Lookup zones", all 3 pcs are there with the name "pcname.domain.domain"

Ive done an ipconfig on the server, and a curios result appeared, in that there wqas no dns name or computer name, only the ip addresses.
The server is configured with a static IP, subnet and gateway in the TCP/IP properties. DNS server is pointing to itself (ie 192.168.1.1)
Is this right?

Basically Im fed up with this after so many hours trying to sort it out. Isnt there any more radical way to resolve it?
I initially installed AD for interest and self education, but its turning out to be a pain in the A***.
What happens if you un-install AD
The server would revert to a stand alone server I suppose, but would all the DNS and DHCP and security settings be reset.
This is what I need to do I think. eliminate all the old configuration and start again.

#14 clutch

clutch

    Carpal Tunnel

  • Moderators
  • 3859 posts

Posted 11 February 2005 - 08:18 PM

Honestly, AD is not meant to be super easy to install, but rather a scalable method of managing many objects in an enterprise. You might want to redo everything, and follow some how-tos regarding AD.

Now, did you try using static entries for the clients? Try that first, as I mentioned before, and see what happens.

#15 dtav

dtav

    stranger

  • Members
  • 16 posts

Posted 16 February 2005 - 12:33 PM

Hi
Thanks for your advise so far.
So, as I said I was getting fed up with this business so I flushed DNS following your/and MS instructions, removed the computer from AD on the server. Then, on the offending PC, I have re-formatted the drive, and now installed a new copy of Windows XP pro. ( was still concerned about not recognising the full size of the new drive, and there were no BIOS updates available for my PC , HP pavillion,)
So I joined the domain, updateed the NIC driver, disabled the XP firewall (I read that it can interfere with LAN connections)
Installed office etc etc.
Then with breath held hit the IE icon.
Gues what...just the same
IE starts to load a page, but doesnt complete the connection
Frustrating or what!
BTW, the other PC on my little LAN works fine. Even better after the DNS flushing.
So it has to be a problem with
A) The NIC or cable
B) the router (acting as Hub)

cant be the PC..everything new and it even recognises the full drive size now!)
cant be the server, because both it and the other PC both work fine.

When exploring the LAN I can navigate around the computers OK.
any ideas?

#16 clutch

clutch

    Carpal Tunnel

  • Moderators
  • 3859 posts

Posted 16 February 2005 - 07:42 PM

Did you try the static IP entries? Just try them, as there might be an issue with the media sense portion of the client.

#17 dtav

dtav

    stranger

  • Members
  • 16 posts

Posted 17 February 2005 - 12:12 PM

Im pretty sure I have tried this, done so many things its hard to remember! I logged in as administrator on the local machine, and put in the direct IP, subnet and gateway settings, and it was the same. One thing just occurred to me, I didn't change the DNS settings. I could change them to the DNS server of my ISP and then in theory the puter should bypass the server altogether. I'll try it.

Meanwhile, to re-cap, I have been reading up on all the links you posted regarding AD. Thanks, loads of useful information, and sometimes its hard to find what you want on the windows web pages. So Im now confident that AD is correctly configured.

If it still doesnt work with the above test, then we must be dealing with an NIC or cable issue, dont you think?

The symptoms are no internet access, and if I use windows explorer to navigate the file structure in one of the other PCs (either the server or the other workstation, I can see them both perfectly,) after 2 or three levels windows explorer freezes.

DT

#18 clutch

clutch

    Carpal Tunnel

  • Moderators
  • 3859 posts

Posted 17 February 2005 - 06:05 PM

Possibly hardware issue, but remember that NONE of the systems in your AD (including the DCs) should have any DNS server IP other than that of your AD DNS server(s). If you enter your ISP's DNS servers in your clients, and you are not using fully routed (commercial) IPs your clients will not resolve your domain controllers and will eventually bomb out.

#19 dtav

dtav

    stranger

  • Members
  • 16 posts

Posted 21 February 2005 - 12:51 PM

SOLVED!!
A new NIC card, and everything works fine.
I guess sometimes we dont see the wood for the trees. The LAN is now working correctly with AD providing IPs through DHCP and DNS resolution.
If anyone reading this wants help deploying Active Directory, I'm now a Guru haha
Thanks for all your help Clutch
cheers,
DT




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

IPB Skin By Virteq