Cannot resolve UNC name of child domain controller from win2k servers

By rachilles ·
This has frustrated me to no end! We have a newly upgraded Win2k3 domain, ourdomain.dom, with a child domain child.ourdomain.dom. Our citrix server cannot view the child domain controller \\childdc.child.ourdomain.dom . It cannot browse to it via My Network Places. I have no problem doing this from my main domain controller, dc.ourdomain.dom. Just from our Citrix server, a mere member server still running win2k. DNS seems fine, WINS settings seem fine. The citrix server can ping childdc without an issue. I can access it by typing the ip address into the address bar (\\, but anytime I type in \\childdc it fails saying "there are currently no logon servers available to service the logon request.)

I've even tried adding the host in LMHosts and the hosts file, with no success. This happens on both our citrix servers. Any ideas?


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Run NBTSTAT to see if you can resolve the name of failing server

by Why Me Worry? In reply to Cannot resolve UNC name o ...

Your problem is definitely netbios related, and I'd look into the WINS database as a possible culprit. Also, run the nbtstat -rr command server you can't get to and see if that works. Also, are your routers blocking any traffic perhaps? I've seen this happen with miscofigured routers and firewalls.

Collapse -

Happens on some other servers as well...

by rachilles In reply to Run NBTSTAT to see if you ...

Interesting. nbtstat -rr run on the Citrix server reports 439 names resolved by name server, 114 registered, and none by broadcast. The DC of the child domain reports 199 resolved by broadcast, with one registered. 86 resolved by name server, 11 registered. WINS is set to the DC of the parent domain, I did change it from the Default NetBIOS setting to "Enable NetBIOS over TCP/IP". I wonder if that will make a difference, running nbtstat -R and -RR didn't seem to make a difference.... The name still won't resolve.

The citrix server, and a few other servers that are having trouble resolving the child domain DC, seem to all have externally facing DNS and IP addresses as well as their internal addresses. This is how they've previously been configured, and all was working fine until a few weeks ago. I can't really figure out what broke it either, as it worked fine after the domain upgrade. Maybe running forestprep for our exchange 2k3 upgrade messed things up?

Suffice to say, I don't think its a firewall issue given that it worked fine with this same configuration previously, but maybe I'm missing something else?

Collapse -

2 cents: a trust issue? event log error? will parent admin account work?

by sgt_shultz In reply to Cannot resolve UNC name o ...

that is a weird one. makes me think you need to flush some cache on the citrix box.
I googled this and apparently others have this issue. here is one link that looked interesting:
here is another link from the citrix site:
i was thinking 'trust issue' but since all the other servers can reach the childdc that doesn't add up (does it?)
any thing in the event log?
which account do you use when you try this?
(parent admin or child admin)

Collapse -

Another note

by rachilles In reply to Cannot resolve UNC name o ...

I've found that the problem only happens on servers that have outside facing IP addresses alongside the intranet IPs. I'm thinking this must be something to do with it, maybe a security setting on the child DC which disallows them access? No problems exist in contacting other servers on the child domain, so its hard to figure this out!

Collapse -

Help? Anyone else have some ideas?

by rachilles In reply to Cannot resolve UNC name o ...
Collapse -

How are you doing with this?

by bob.hunt In reply to Help? Anyone else have s ...

I have some other ideas if you haven't resolved this.

Email me and let me know.

Collapse -

Might look at a couple of things

by bob.hunt In reply to Cannot resolve UNC name o ...

Assuming the Citrix servers are in the parrent domain....

1. Is the delegation set correctly for the child domain? I'm assuming also that both dc's in each domain are active directory integrated.

2. What happens if if create a stub zone for the child domain in the parent domain?

3. I had issues with not viewing network places before that were definately due to WINS. Believe it had something to do with the master browser.

4. Is this only from the Citix server? Try removing the Citrix server from the domain and then readding it. Not sure what issues this may cause to Citrix.

Collapse -

Not just the citirx servers...

by rachilles In reply to Might look at a couple of ...

Its not just the citrix servers that aren't getting through. I've got about 5 Win2k servers that have dual IP addresses, one internal and one external, and none of these servers are able to resolve the Netbios name of the child domain controller. They can access it fine if the \\ipaddress is entered. They can access all member servers of the child domain, just not the DC itself. Both child and parent are Win2k3 servers, both are PDC Emulators as we are still in the midst of the upgrade away from NT. The WINS has the child DC name mapped correctly... testing trusts works fine. Not sure why a stub zone would help, not even sure what that would do. Not quite sure how the master browser works.



Collapse -

Need to know more

by bob.hunt In reply to Not just the citirx serve ...

1. Are each of the DC's in each domain DNS with both Active Directory Integrated Forward and Reverse lookup zones?

2. Assuming each DC has DNS, it has a primary zone for it's domain. Does it contain a secondary zone for the other domain?

3. If you have s secondary zone for each domain, what happens when you change the primary DNS server in the IP properties of the citrix server to the DNS on the DC of the child domain?

4. Each of the DC's with DNS needs both A and NS records for the DNS on the DC in the other domain?

5. Here's a link for Master Browser issues

6. Grasping at straws here, there may be an issue with some of the service accounts on the new domain controllers. Did you run the Domain Prep programs before upgrading to 2003 domain? There are some service accounts that get added. You can reset the passwords on these if they are creating problems. Be careful with this.

Collapse -

bobs right need to know more

by CG IT In reply to Need to know more

but again is there a zone in DNS that encompasses the child domain which points to the DC of the child domain? note DNS zones can encompass contigious namespaces e.g. where support is the child domain of the parent

but if you have non contigious domain namespaces, you need seperate DNS Zones.

in any event you need a zone in DNS which is authoritative for the the namespace be it the <childdomain>.<parentdomian>.com or <child domain>.com & <parentdomain>.com

At issue is logon servers can't be found. So that tells me that a client sends a query to DNS Hey! need a logon server for [or the non contigious namespace] and DNS comes back and says "Sorry don't know of any" .

WINS isn't just a big ole host file either. you can enter names resolving to addresses in WINS but in an Active Directory environment if those names and addresses aren't in DNS, then they aren't worth anything. AD requires DNS to function properly. DNS breaks AD breaks.

Related Discussions

Related Forums