Question

  • Creator
    Topic
  • #2158509

    Unable to login into SBS 2003 Domain server

    Locked

    by jeff ·

    Problems:
    1. Vista workstations are configured for DHCP but cannot get an IP address from the SBS Server/DC. They get 169.254 ip addresses
    2. Vista & XP Workstations cannot access their email via Outlook
    3. Workstations cannot remote desktop to SBS server/Domain controller
    4. SBS/DC Server (ABCSBS01)

    We think the problem is with the DNS setup, however nothing has changed in DNS Setup.

    Environment:
    ? Vista SP1 workstations with Office/Outlook 2007
    ? XP SP2 & SP3 workstations with Office/Outlook 2003
    ? Win 2003 SBS Server SP2 with Exchange, is Domain Controller & DNS Server DHCP Server (SBS/DC) (192.168.0.2 & 192.168.0.8). No Windows firewall (ABCSBS01)
    ? Win 2003 File Server, also a Domain Controller (192.168.0.3). No Windows Firewall. (ABCFS01)
    ? Motorola Surfboard Cable Modem ? DHCP is disabled (192.168.100.1)
    ? Smoothwall firewall (192.168.0.1)

    Recent maintenance tasks on server
    The only maintenance task done on the SBS/DC was to swap the EXCHSRVR disk that contains the MDBData files. No program folder locations were changed. After stopping the Exchange services, these files were relocated to a new disk and the disk was allocated the same drive letter as the former disk. All the Exchange services start without error and we can access the Exchange mail box via OWA on the SBS/DC.

    Connectivity tests

    Workstations
    ? Vista workstations attempt to log on to the SBS and get a 169.254.* IP address as the IP address is not handed out.
    ? On Vista workstations, Connection-specific DNS suffix is blank in IPconfig.
    ? When doing Network Diagnostics, we get Windows cannot find ?ABCSBS01? Click for more information about DNS.
    ? When doing ipconfig /displayDNS, Name does not exist appears in relation to all the DNS servers that are described in our DNS setup (viz ABCSBS01, ABCFS01, _kerberos._tcp.dc._msdcs.ABC.local, _ldap._tcp.dc._msdcs.ABC.local. Many external web sites are listed here also.
    ? Have done Ipconfig /flushDNS, Ipconfig /degisterDNS
    ? XP workstations can get a valid 192.168 ip address but cannot access Exchange via Outlook. Connection-specific DNS suffix is not blank in IPconfig
    ? If we configure a Vista Workstations with Fixed IP address, it can access the domain resources (files & folders on the file server) but cannot access email on the exchange server. Either a local PST is opened or a workstation issues the error Microsoft Exchange server is unavailable. Retry/Work offline/Cancel.
    ? Can remote desktop to the ABCFS01 File server but not to the SBS/DC ABCSBS01
    ? From any workstation, when we attempt to ping the SBS/DC ? via IP address or workstation name, we get time-outs
    ? When doing NSLookup we get a DNS request timeout with Server UnKnown however the correct Ip address of the DNS server is returned.
    ? Only some workstations are displayed in Network leaf of Explorer.

    SBS/DC (ABCSBS01) ? Connectivity
    ? When doing IPConfig, we get 2 IP addresses returned for the same NIC (192.168.0.2 & 192.168.0.8). This has been the case for a very long time without problem. The old IP address that probably was used by an old NIC is displaying along with the current IP address.
    ? When pinging itself via w/station name ? viz ABCsbs01, we get the valid ip address returned. When we ping that same IP address, we get the workstation name returned
    ? When we ping the additional IP address, we also get successful
    ? Can access the File server file via Remote Desktop and can access files & folders on the file server
    ? Can access the internet

    DHCP ? services are started
    Net Logon services are started

    I don’t believe we have any group policies that would be preventing us from logging in.

    DNS Setup

    Round robin is not enabled. Dynamic updates is enabled ? secure only 7 days.

    The server name ABCSBS01.local appears with every occurrence of the valid IIP address (192.168.0.2). The old IP address (192.168.0.8) is also listed with the server name in the DNS setup along with the current IP addressof the server in DomainDNSZones & ForestDNSZones in the DNS setup

    We have done, Ipconfig /FlushDNS, Ipconfig /RegisterDNS, DCDiag /FIX, Net stop netlogin, Net Start netLogin.

    When we run DCDiag again, we still get the error GUID ._msdcs.jsr.local) couldn’t be resolved, the server name (jsrsbs01.jsr.local) resolved to the IP address (192.168.0.2) and was pingable. Check that the IP address is registered correctly with the DNS server. ABCSBS01 failed test Connectivity

    Other DCDiag tests pass.

    Where do we enter the name of the server to overcome the UnKnown error in the DNS name?

    We have looked through the event logs and haven?t found anything that looks particularly informative.

    Where else do we need to check/look to overcome the login problem which I believe is preventing Access to the Exchange mail boxes via Outlook?

All Answers

  • Author
    Replies
    • #2938112

      Clarifications

      by jeff ·

      In reply to Unable to login into SBS 2003 Domain server

      Clarifications

    • #2938086

      Static IP

      by bincarnato ·

      In reply to Unable to login into SBS 2003 Domain server

      Can you put a static IP address in your clinet PC and connect successfully?

      Is the DHCP server authorized?

      • #2937994

        DHCP Authorization & IPConfig settings

        by jeff ·

        In reply to Static IP

        Yes, the DHCP server shows authorised. I looked at the logs and they dont show anyutign apart from Events 24 & 25.

        When I configure a static IP address on a workstation, I can access the resources on the file server and can Remote Desktop to the File server but not access email on the SBS/DC or remote desktop to the SBS/.

        On a Vista PC with Static IP, IPCONFIGlooks like this:

        Ethernet adapter Local Area Connection 4:

        Media State . . . . . . . . . . . : Media disconnected
        Connection-specific DNS Suffix . :

        Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix . :
        Link-local IPv6 Address . . . . . : fe80::9dbd:7262:29d8:18b9%8
        IPv4 Address. . . . . . . . . . . : 192.168.0.11
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1

        NSLookup on the same PC looks like this:

        DNS request timed out.
        timeout was 2 seconds.
        Default Server: UnKnown
        Address: 192.168.0.2

        Here is IPConfig from the DNS server:

        Microsoft Windows [Version 5.2.3790]
        (C) Copyright 1985-2003 Microsoft Corp.

        G:\>ipconfig

        Windows IP Configuration

        Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix . :
        IP Address. . . . . . . . . . . . : 192.168.0.8
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : 192.168.0.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1

        Both 192.168.0.2 & 192.168.0.8 are configured for the same NIC. I?m not sure why there are 2 IP addresses on the server. They have both been there for some years.

    • #2937967

      when you do a recursive DNS test what happens?

      by cg it ·

      In reply to Unable to login into SBS 2003 Domain server

      what happens when you do a simple query [DNS/properties/monitoring/simple query and recursive query tests]

      This part concerns me. you posted:

      The server name ABCSBS01.local appears with every occurrence of the valid IIP address (192.168.0.2). The old IP address (192.168.0.8) is also listed with the server name in the DNS setup along with the current IP addressof the server in DomainDNSZones & ForestDNSZones in the DNS setup

      if you have 2 addresses listed in DNS for your SBS box, chances are workstations are probably trying to use the old address.

      Note: SBS setups DHCP options through the use of wizards. If you change anything on the SBS box, you must rerun the tasks on the Things to Do list in the management console. Especially if you change server IP addresses. The CIECW wizard configures your DHCP with the appropriate options necessary for workstations. If you used and old IP address and changed to a new one and didn’t rerun the CIECW, then the router and DNS options in DHCP are probably configured wrong. Rerun the CIECW wizard.

      Post back with results.

      • #2939592

        DNS Tests

        by jeff ·

        In reply to when you do a recursive DNS test what happens?

        The simple & recursive tests both pass.

        The IP address 192.168.0.8 was actually an additional IP address that was setup for the server NIC, but I have removed it.

        I deselected the V6 IP and also removed the external (ISP) IP addresses from the DNS settings of the workstation so just the local DNS Server Ip is there. But I still cannot connect to the SBS server.

        When doing ipconfig/renew I get the error ” An error occurred while renewing interface Unable to contact your DHCP server. Request time out.

        DHCP is running and authorised. It is the only DHCP server on the network. When I look at the statistics on it, it shows Nil Discovers, Offers, Requests, Acks, Nacks, Declines etc.

        The DNS server also passes the database consistency checks.

        It also seems odd that when I set a workstation a fixed IP of 192.168.0.*, I still can?t ping the SBSDC or remote desktop to it. But I can ping that workstation from the SBSDC and remote desktop from the SBSDC to another workstation.

        I’ll try the CIECW however apart from the above, nothing has changed on the server configuration in the past many years, so I’m not sure why its suddenly non-functioning.

        • #2937782

          Uhhhh

          by bfilmfan ·

          In reply to DNS Tests

          Check back in the message thread, but I beleive you said that 192.168.0.x was the DHCP scope.

          Did you remove the scope and no one can connect since there aren’t any IP addresses to hand out?

        • #2937552

          DHCP Range

          by jeff ·

          In reply to Uhhhh

          Hi,
          The range of IP address expluded is 192.168.0.1 through 192.168.0.9 as they are reserved for servers

          The range of IP address allocated for distribution is 19.168.0.10 through 192.168.0.254

    • #2939567

      SBS 2003 single NIC configuration

      by cg it ·

      In reply to Unable to login into SBS 2003 Domain server

      workstations must have the SBS server IP address listed as their DNS server to gain access to the SBS network.

      In all actuality, SBS 2003 works best using the 2 NIC configuration. 1 NIC as the external interface and 1 NIC for the internal interface.

      Only other suggestion is try the SMTP helo test to Exchange, see if Exchange returns the helo.

      • #2937786

        Exchange

        by jeff ·

        In reply to SBS 2003 single NIC configuration

        Hi,

        We can’t ping the SBS/exchange server from w/stations on the LAN (times out) but the SBS Server can ping workstations on the LAN.

        I believe Exchange works as we are receiving POP3 mail from our ISP (using the Exchange pop3 connector) and can send email using OWA from the SBS/Exchange server. But no other PCs on our LAN or external can access their mail accounts using OWA or Outlook. OWA gives a DNS error. Outlook gives the error: MS Exchange Server is not available.

        • #2937603

          can’t ping then no connectivity….

          by cg it ·

          In reply to Exchange

          RWW is a better answer for remote mail access than OWA.

          note: you have to run the CIECW wizard to set things up in SBS. If you want to change something such as Exchange or the internal web site you have to run CIECW.
          the wizard can be accessed from the management console “things to do list” “connect to the internet” wizard [CIECW].

          If your intent on using OWA, see microsoft technet for additional configuration.

    • #2959705

      NIC binding

      by p.j.hutchison ·

      In reply to Unable to login into SBS 2003 Domain server

      Since the DHCP server has two NICs, the DHCP Server has bound to the wrong nic and is not sending out DHCP information over the correct subnet.

      Have you enabled IP Forwarding on the DHCP server to allow traffic to flow between the two subnets?

      • #2959494

        NIC & IP Forwarding

        by jeff ·

        In reply to NIC binding

        Hi PJ,

        The DHCP/SBS server only has 1 NIC although there previously was another NIC in it. I believe I removed all references to the old NIC and we are now enable to log into the SBS server. The file server on which we have recently setup DNS is on the same subnet as the SBS. The file server is successfully replicating (no DNS errors) but the SBS server is reporting DNS errors 4015 followed by 3 successive 4004 errors as follows:

        Event Type: Error
        Event Source: DNS
        Event Category: None
        Event ID: 4015
        Date: 4/23/2009
        Time: 11:01:29 PM
        User: N/A
        Computer: JSRSBS01
        Description:
        The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is “”. The event data contains the error.

        For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
        Data:
        0000: 51 00 00 00 Q…

        and

        Event Type: Error
        Event Source: DNS
        Event Category: None
        Event ID: 4004
        Date: 4/23/2009
        Time: 11:01:29 PM
        User: N/A
        Computer: JSRSBS01
        Description:
        The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is “”. The event data contains the error.

        For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
        Data:
        0000: 2a 23 00 00 *#..

        I’ve just enabled Intersite Messaging on the SBS to see if that overcomes the above DNS errors.

        Thanks

Viewing 4 reply threads