Jump to content
Forum²

Recommended Posts

Posted

Mhhhh that's a good question.

 

I think you should copy the original file, modify it as I suggested before, stop dns service (open DNS snap-in > right click > stop), rename the new file properly, flush DNS cache, restart DNS and export again everything just to be sure everything has gone in the properly way.

 

EDIT ***Uh... DELETE ALSO the entry for ipv6!***

 

After that, try to open sites and services and tell me if you have the same error again.

 

DO NOT RENAME YOUR SERVER! We are going to fix this problem in another way.

 

Check event log for a while.

 

If you can open sites and services with no errors... we can be a bit more happy :)

 

If not... well... I still have time before the clean install :P

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

  • Replies 105
  • Created
  • Last Reply

Top Posters In This Topic

Posted

Still not sure on the "rename properly" part of the above.

 

Can I just go into the DNS snapin and change the enrties?

 

 

yes :)

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

OK, got the DNS reconfigured and I still get the "interface is unknown" problem when opening the AD Dimain Services. :wallbash:

 

Output from dcdiag.exe still shows references to big-rig2 (I can post if you want to see.)

 

Shuld I go through and try seizing roles again now that the DNS stuff is cleared up?

 

FYI, there is no deadline for doing a clean install on Saturday. I'm happy to keep working on this as long as you are!

Posted

Other information.... I grabbed the event log from a reboot after I changed the DNS entries. The file is attached.

 

 

Grrrrrrrr f****ng ipv6!!!

 

First try this procedure which surely disable IPv6:

http://www.windowsreference.com/networking/disable-ipv6-in-windows-server-20008-full-core-installation/

 

Then Export and post the DNS configuration again.

 

The first error is interesting:

The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.

 

It looks like it's trying to access another server via the wrong interface!

 

I'm still trying to find a way to manage domain and trust from command line...

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Do you have another server?

 

If yes, open domain and trusts from there and connect to the dc by typing the ip.

 

Let me know.

 

 

Somebody explain me WHY you can't manage a server with core install -.- now I want to open a new topic in this forum!

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Here's the output after doing the registry edit & rebooting.

 

;
; Database file (null) for wtbhome.net zone.
; Zone version: 5632
;

@ IN SOA big-rig.wtbhome.net. admin.wtbhome.net. (
5632 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; default TTL

;
; Zone NS records
;

@ NS big-rig.wtbhome.net.
@ NS somewhere-hot.wtbhome.net.

;
; Zone records
;

@ 600 A 192.168.0.2
@ 600 AAAA fd47:dced:df9d:5a5f::1
63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs 600 CNAME big-rig.wtbhome.net.
_kerberos._tcp.wtbhome._sites.dc._msdcs 600 SRV 0 100 88 big-rig.wtbhome.net.
_ldap._tcp.wtbhome._sites.dc._msdcs 600 SRV 0 100 389 big-rig.wtbhome.net.
_kerberos._tcp.dc._msdcs 600 SRV 0 100 88 big-rig.wtbhome.net.
_ldap._tcp.dc._msdcs 600 SRV 0 100 389 big-rig.wtbhome.net.
_ldap._tcp.d170d4c1-dda7-4565-b23c-024adc8e5aa9.domains._msdcs 600 SRV 0 100 389 big-rig.wtbhome.net.
gc._msdcs 600 A 192.168.0.100
600 A 192.168.0.2
600 AAAA fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.gc._msdcs 600 SRV 0 100 3268 big-rig.wtbhome.net.
_ldap._tcp.gc._msdcs 600 SRV 0 100 3268 big-rig.wtbhome.net.
_ldap._tcp.pdc._msdcs 600 SRV 0 100 389 big-rig.wtbhome.net.
_gc._tcp.wtbhome._sites 600 SRV 0 100 3268 big-rig.wtbhome.net.
_kerberos._tcp.wtbhome._sites 600 SRV 0 100 88 big-rig.wtbhome.net.
_ldap._tcp.wtbhome._sites 600 SRV 0 100 389 big-rig.wtbhome.net.
_gc._tcp 600 SRV 0 100 3268 big-rig.wtbhome.net.
_kerberos._tcp 600 SRV 0 100 88 big-rig.wtbhome.net.
_kpasswd._tcp 600 SRV 0 100 464 big-rig.wtbhome.net.
_ldap._tcp 600 SRV 0 100 389 big-rig.wtbhome.net.
_kerberos._udp 600 SRV 0 100 88 big-rig.wtbhome.net.
_kpasswd._udp 600 SRV 0 100 464 big-rig.wtbhome.net.
apocalypso 1200 A 192.168.0.68
ATMRACK 1200 A 192.168.0.54
BankOfBadHabits 1200 A 192.168.0.53
big-rig A 192.168.0.2
big-rigx 1200 A 192.168.0.7
CHGSINLATTITUDE 1200 A 192.168.0.55
DomainDnsZones 600 A 192.168.0.2
600 AAAA fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.DomainDnsZones 600 SRV 0 100 389 big-rig.wtbhome.net.
_ldap._tcp.DomainDnsZones 600 SRV 0 100 389 big-rig.wtbhome.net.
ForestDnsZones 600 A 192.168.0.2
600 AAAA fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.ForestDnsZones 600 SRV 0 100 389 big-rig.wtbhome.net.
_ldap._tcp.ForestDnsZones 600 SRV 0 100 389 big-rig.wtbhome.net.
JamaciaMistaka 1200 A 192.168.0.54
mame-cabinet 1200 A 192.168.0.57
mamecab 1200 A 192.168.0.69
mamestation 1200 A 192.168.0.59
Margaritaville 1200 A 192.168.0.54
miss-magic 1200 A 192.168.0.57
missmagic 1200 A 192.168.0.51
overkill 1200 A 192.168.0.55
virtoverkill 1200 A 192.168.0.69
WIN7TEST-PC 1200 A 192.168.131.66

Posted

Here's the output after doing the registry edit & rebooting.

 

;
; Database file (null) for wtbhome.net zone.
; Zone version: 5632
;

@ IN SOA big-rig.wtbhome.net. admin.wtbhome.net. (
5632 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; default TTL

;
; Zone NS records
;

@ NS big-rig.wtbhome.net.
@ NS somewhere-hot.wtbhome.net.

;
; Zone records
;

@ 600 A 192.168.0.2
@ 600 AAAA fd47:dced:df9d:5a5f::1
63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs 600 CNAME big-rig.wtbhome.net.
_kerberos._tcp.wtbhome._sites.dc._msdcs 600 SRV 0 100 88 big-rig.wtbhome.net.
_ldap._tcp.wtbhome._sites.dc._msdcs 600 SRV 0 100 389 big-rig.wtbhome.net.
_kerberos._tcp.dc._msdcs 600 SRV 0 100 88 big-rig.wtbhome.net.
_ldap._tcp.dc._msdcs 600 SRV 0 100 389 big-rig.wtbhome.net.
_ldap._tcp.d170d4c1-dda7-4565-b23c-024adc8e5aa9.domains._msdcs 600 SRV 0 100 389 big-rig.wtbhome.net.
gc._msdcs 600 A 192.168.0.100
600 A 192.168.0.2
600 AAAA fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.gc._msdcs 600 SRV 0 100 3268 big-rig.wtbhome.net.
_ldap._tcp.gc._msdcs 600 SRV 0 100 3268 big-rig.wtbhome.net.
_ldap._tcp.pdc._msdcs 600 SRV 0 100 389 big-rig.wtbhome.net.
_gc._tcp.wtbhome._sites 600 SRV 0 100 3268 big-rig.wtbhome.net.
_kerberos._tcp.wtbhome._sites 600 SRV 0 100 88 big-rig.wtbhome.net.
_ldap._tcp.wtbhome._sites 600 SRV 0 100 389 big-rig.wtbhome.net.
_gc._tcp 600 SRV 0 100 3268 big-rig.wtbhome.net.
_kerberos._tcp 600 SRV 0 100 88 big-rig.wtbhome.net.
_kpasswd._tcp 600 SRV 0 100 464 big-rig.wtbhome.net.
_ldap._tcp 600 SRV 0 100 389 big-rig.wtbhome.net.
_kerberos._udp 600 SRV 0 100 88 big-rig.wtbhome.net.
_kpasswd._udp 600 SRV 0 100 464 big-rig.wtbhome.net.
apocalypso 1200 A 192.168.0.68
ATMRACK 1200 A 192.168.0.54
BankOfBadHabits 1200 A 192.168.0.53
big-rig A 192.168.0.2
big-rigx 1200 A 192.168.0.7
CHGSINLATTITUDE 1200 A 192.168.0.55
DomainDnsZones 600 A 192.168.0.2
600 AAAA fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.DomainDnsZones 600 SRV 0 100 389 big-rig.wtbhome.net.
_ldap._tcp.DomainDnsZones 600 SRV 0 100 389 big-rig.wtbhome.net.
ForestDnsZones 600 A 192.168.0.2
600 AAAA fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.ForestDnsZones 600 SRV 0 100 389 big-rig.wtbhome.net.
_ldap._tcp.ForestDnsZones 600 SRV 0 100 389 big-rig.wtbhome.net.
JamaciaMistaka 1200 A 192.168.0.54
mame-cabinet 1200 A 192.168.0.57
mamecab 1200 A 192.168.0.69
mamestation 1200 A 192.168.0.59
Margaritaville 1200 A 192.168.0.54
miss-magic 1200 A 192.168.0.57
missmagic 1200 A 192.168.0.51
overkill 1200 A 192.168.0.55
virtoverkill 1200 A 192.168.0.69
WIN7TEST-PC 1200 A 192.168.131.66

 

Can you please DELETE all the entries for IPv6? I see there's a zone for IPv6 and a A record. Also the two A records have the same "weight", when the DC try to use the IPv6 it doesn't work.

 

We must delete everything related to IPv6!

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

So I removed ALL IPv6 entries in the DNS server. I then restarted the DNS server service and attempted to open the AD Sites & Services with the same error. :-(

 

After the AD Sites & Services app came up I tried to manually connect to big-rig and it also failed with the interface unknown error. It also fails with the same error if I put in the IP address for connecting instead of the DNS name.

 

What are the next steps?

Posted

So I removed ALL IPv6 entries in the DNS server. I then restarted the DNS server service and attempted to open the AD Sites & Services with the same error. :-(

 

After the AD Sites & Services app came up I tried to manually connect to big-rig and it also failed with the interface unknown error. It also fails with the same error if I put in the IP address for connecting instead of the DNS name.

 

What are the next steps?

 

Ok, now we just need to set up NETLOGON properly, because it's trying to start with the wrong server's name (big-rig 2).

 

Now the point is: how to point netlogon to the right name?

 

Let's try this first:

 

Open the registry and select your computer, press CTRL+F and type big-rig2 and also check "Match whole string only". Once a result has been found, rename it to big-rig. After that press F3 (find next) and continue until the end.

Once done, restart the server and open a command prompt and type: net start netlogon and let me know if it's working or it gives you the same error.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Quite sadly, the same error after "cleasning" the registry.

 

Event viewer event ID = 5602

description = An internal error occurred while accessing the computer's local or network security database

 

Next? ;-)

 

On the plus side, dcdiag is looking a bit more like we're erasing traces of big-rig2. But the minus is that there seems to be an IPv6 entry "stuck" somewhere. Here's the output:

 


Directory Server Diagnosis


Performing initial setup:

Trying to find home server...

Home Server = big-rig

* Identified AD Forest. 
Done gathering initial info.


Doing initial required tests


Testing server: wtbhome\BIG-RIG2

Starting test: Connectivity

The host 63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net could

not be resolved to an IP address. Check the DNS server, DHCP, server

name, etc.

Neither the the server name (big-rig2.wtbhome.net) nor the Guid DNS

name (63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net) could

be resolved by DNS. Check that the server is up and is registered

correctly with the DNS server. 
Got error while checking LDAP and RPC connectivity. Please check your

firewall settings.

......................... BIG-RIG2 failed test Connectivity



Doing primary tests


Testing server: wtbhome\BIG-RIG2

Skipping all tests, because server BIG-RIG2 is not responding to

directory service requests.



Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation


Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation


Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation


Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation


Running partition tests on : wtbhome

Starting test: CheckSDRefDom

......................... wtbhome passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... wtbhome passed test CrossRefValidation


Running enterprise tests on : wtbhome.net

Starting test: LocatorCheck

Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722

A Global Catalog Server could not be located - All GC's are down.

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722

A Primary Domain Controller could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(TIME_SERVER) call failed, error 1722

A Time Server could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

1722

A Good Time Server could not be located.

Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722

A KDC could not be located - All the KDCs are down.

......................... wtbhome.net failed test LocatorCheck

Starting test: Intersite

......................... wtbhome.net passed test Intersite

Posted

Quite sadly, the same error after "cleasning" the registry.

 

Event viewer event ID = 5602

description = An internal error occurred while accessing the computer's local or network security database

 

Next? ;-)

 

 

Open your DNS and add a new A record:

 

Name: big-rig2 (yes with number 2) IP: IP_big-rig

 

Add AAAA record:

 

Name: big-rig2 IPv6: IP_v6_big-rig

 

Add a CNAME:

 

from BIG-RIG2 to BIG-RIG

 

 

 

Flush DNS's cache.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Open your DNS and add a new A record:

 

Name: big-rig2 (yes with number 2) IP: IP_big-rig

 

Add AAAA record:

 

Name: big-rig2 IPv6: IP_v6_big-rig

 

Add a CNAME:

 

from BIG-RIG2 to BIG-RIG

 

 

 

Flush DNS's cache.

 

Unfortunately, when I go in to add the new A record it will not let me create the A record with IP_big-rig in the IP address field. It is insisting that I put in an IP address. Should I create the records with 192.168.0.2? (and whatever the IPv6 address is)

 

Or should I just try adding the CNAME?

Posted

Unfortunately, when I go in to add the new A record it will not let me create the A record with IP_big-rig in the IP address field. It is insisting that I put in an IP address. Should I create the records with 192.168.0.2? (and whatever the IPv6 address is)

 

Or should I just try adding the CNAME?

Well of course you have to put the real IP (192.168.0.2) eheh

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

 

So, I tried the workaround listed in the KB article and no joy. When I double click on the "Manage auditing and security log" entry under "User Rights Assignment" the ass and remove buttoms are both disabled.

 

Also, I tried the "add the record twice" and I keep getting the same error.

 

Won't be able to try things for over a week due to many circumstances. Looking forward to something new to try when I'm able to "play" with this.

 

Thanks again!

Posted

you have to change this policy in the Default Domain Policy GPO not in local policy.

 

Let me know.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Finally got a moment to try this and when I open group policy management there is nothing listed. So I went to "Add forrest" and entered my domain name in the dialog. When I clicked OK it gave me the error "The specified domain either does not exist or could not be contacted."

 

I did some googling on that error but could not seem to find anything that looked useful to me.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...