Question

Locked

Cannot resolve UNC name of child domain controller from win2k servers

By rachilles ·
This has frustrated me to no end! We have a newly upgraded Win2k3 domain, ourdomain.dom, with a child domain child.ourdomain.dom. Our citrix server cannot view the child domain controller \\childdc.child.ourdomain.dom . It cannot browse to it via My Network Places. I have no problem doing this from my main domain controller, dc.ourdomain.dom. Just from our Citrix server, a mere member server still running win2k. DNS seems fine, WINS settings seem fine. The citrix server can ping childdc without an issue. I can access it by typing the ip address into the address bar (\\192.168.1.98), but anytime I type in \\childdc it fails saying "there are currently no logon servers available to service the logon request.)

I've even tried adding the host in LMHosts and the hosts file, with no success. This happens on both our citrix servers. Any ideas?

-Reg

This conversation is currently closed to new comments.

18 total posts (Page 2 of 2)   Prev   01 | 02
Thread display: Collapse - | Expand +

All Answers

Collapse -

see reply to Bob, but here's more info

by rachilles In reply to bobs right need to know m ...

One thing I just tried doing was create a secondary zone on parent.dom called child.parent.dom, resolved from the childDC. That didn't seem to help, maybe I could make it a primary zone instead and nix the DNS server on the child domain entirely? This is confusing!

Thanks for your help!

Collapse -

More info

by rachilles In reply to Need to know more

Answers to your questions:

1) Both DC DNS servers are AD integrated with all zones

2)On the parent DC, under the parent.dom zone there is a "folder" called "child", which contains the child DNS info. The host records there contain the server name for the child domain, along with its IP address. The parent has three forward zones, the _msdcs.parent.dom, parent.dom, and parent.org (which I guess serves our DNS for web hosting purposes)

On the child DC, there is only one zone, child.parent.dom . Should the child.parent.dom zone appear on the main DC as well?

3) I tried changing the DNS to the child domain, that didn't make a difference

4) I've had the childdc.child.parent.dom server as both A and NS records in both domains and this hasn't made a difference

5) I've viewed the master browser pages, I can't seem to see how it applies actually...

6) We did do domain prep (and forest prep as well for the Exchange 2k3 install) ..service accounts seem OK, it wouldn't make sense that this would cause a problem on some servers and not others....

Thanks for your help!

Collapse -

Child domain needs a DNS zone

by CG IT In reply to More info

the DNS zone for the parent domain can include the child domain provided the child domain is a contingious namespace with the parent domain. There must be DNS records in the DNS zone which resolves to child domain servers when a query is made.

this is about the best article I could find on Technet that explains DNS zones, namespaces, and delegations of primary and secondary zones. click on the How DNS Works link.

http://technet2.microsoft.com/windowsserver/en/library/6e45e81e-fb44-4a20-a752-ebe740e2acc61033.mspx?mfr=true

it's possible that DNS query information isn't being sent to clients requesting a name resolution. Note: DNS uses UDP and the Windows Firewall will block DNS traffic unless an exception is made [if the child domain servers traffic must come in from outside [different subnet]. but you can ping so mayben that's not the problems. DCs aren't necessarily DNS servers. The first server created for the domain typically must be a DNS server as AD won't function without a DNS server. You can have DNS running on a DC but you don't have to have DNS on a DC. So the domain controller for the child domain doesn't necessarily have to have DNS running on it, only that a DNS server on the network can resolve queries.

If memory holds right Citrix uses TCP port 1494 for ICA clients but other than that, not a Citrix person.

just throwing out ideas as it appears that DNS queries for the child domain are not being resolved by DNS.

Collapse -

Hmm..

by rachilles In reply to Child domain needs a DNS ...

That article is very good for helping me understand how DNS works, though this issue seems pretty complicated.

Windows Firewall isn't enabled. The problem is not just with Citrix servers, but all servers which have both outward facing and inward facing IP addresses. I tried Ethereal to see if that could help me get more of an idea but I'm not really that familiar on its usage so I wasn't able to get very far. It did seem that upon making the request some packets went out on the 64.xxx.xxx.xxx (external) ip scheme, as opposed to our internal 10.x.x.x scheme, so my thought is that maybe something is configured on the Child DC itself that is denying access to these requests thinking they are coming from the outside? It just doesn't make sense that other members of the child domain resolve without issue.

Collapse -

well that would answer some questions

by CG IT In reply to Hmm..

if queries are being sent out the wrong interface therefore not getting to a DNS server...

and yes it doesn't make sense that clients or servers can resolve while others can not.

the only other idea I came think of is that the servers and clients that can resolve are getting the right information on the right DNS server to query where as those that can't aren't being directed to the correct DNS server.

If you have a router in there somewhere or a DHCP server with the DNS option enabled, that has different scopes, it might be that the DNS option on a scope is incorrect.

Collapse -

Need to Start Troubleshooting in a logical manner

by bob.hunt In reply to Hmm..

So when things like this get really nuts, sometimes it requires looking at things from the bottom up. I have something simple you might try.

1) Am I right in assuming that the servers with two interfaces are members of the parent domain?

2) If so, I'd take a laptop (I know it probably has only one interface) that is a member of the parent domain and connect it to the same switch as the servers giving it a static IP on the same subnet as the servers and configure all other settings the same as the private interface on one of the member servers.

3) login with the same domain account you are using when you tried to connect with the servers and see if you have the same issue.

4) One thing to consider is are your member servers in an OU and your client computers in another? I'm just doing some research on GPOs right now so I'm light in this area and I don't know if different OUs would give different results. You might need to move the laptop into the same OU as the member servers.

5) I remember when we upgraded our domain to 2003 and put in 2003 servers, out of the box, those things are somewhat tight sercurity wise. I wonder if some security setting on the child domain DC is causing the issue.

6) Oh, another grasped straw, what happens if you login to a server with a user account in the child domain and try connecting?

Have fun

Collapse -

reached maximum message level on last thread...

by rachilles In reply to Might look at a couple of ...

Interesting, Bob, I tried logging on as the Administrator account for the child domain to one of the problematic servers, and I cannot browse to any server within the domain whatsoever! This user account allows me access to everything else when logged into it from the child DC. Not sure what that is all about, but its certainly odd.

Thanks for your help!

Collapse -

Well then...

by bob.hunt In reply to reached maximum message l ...

I may be wrong, but if you logged in a member server in the parent domain with an account from the child domain and the child domain only has 1 DC, then I would assume that if there is nothing in the hosts file of the server indicating #DOM for the child domain, DNS was able to resolve the request and find the DC in the child domain.

Lack of browsing still leads me to believe that there may be some sort of WINS issue.

Do you have WINS servers running on both 2003 DCs in both domains? From my limited experience, I have found that in having DCs with both DNS and WINS works best. Cuts down on network traffic by having them on same server. May increase traffic to that server but overall things generally work well.

Oh and if at all possible, remove all other WINS servers from member servers. I would start there and see what happens.

Back to Networks Forum
18 total posts (Page 2 of 2)   Prev   01 | 02

Related Discussions

Related Forums