DNS SRV records

Discussion in 'DNS Server' started by Michael R. Mastro II, Dec 28, 2006.

  1. In
    As James said, reinstalling AD is a last ditch effort due to user accounts,
    passwords, groups, permissions, etc.

    So you are saying 1055 and 1058 errors are appearing on the workstations as
    well as the DCs?

    You are sure the ISA firewall client has been completely removed on all
    machines (DCs and workstations)?
    Is ISA still installed anywhere?

    On the DCs, if you click on Start, then Run, and type in:
    \\mastro.local
    Does the Sysvol folder show up?

    If so, then if you type in:
    \\mastro.local\Sysvol\mastro.local\Policies
    Do you see your policies?
    Can you do this from a workstation as well?

    In a CMSD prompt on the DCs, run:
    dcdiag /v /fix > c:\dcdiag.txt
    netdiag /v /fix > c:\netdiag.txt

    and post those two files back here please.

    Ace
     
    Ace Fekay [MVP], Jan 4, 2007
    #21
    1. Advertisements

  2. In
    Thanks for posting the results. It definitely sounds like a communication
    issue with Server1. Error 55 indicates a network communication issue. I'm
    sure you've seen that error when connecting using DOS networking and trying
    to map to a share and misspelled it.

    Therefore, on Server1, has anything else been changed on it recently?
    Hotfix?
    Were the default C: drive permissions ever altered for security reasons?
    Is there an IPSec policy in place on it?
    Was there a Security template ever applied to it?
    Anything else that may have been changed/altered/installed, even the most
    trivial thing that may not seem to apply to this issue been done on it?

    Ace
     
    Ace Fekay [MVP], Jan 5, 2007
    #22
    1. Advertisements

  3. In Michael R. Mastro II <> stated,
    which I commented on below:


    Also, is there a clock skew on server1? Here are other causes for RPC or
    network connectivity to a DC to fail:

    - Incorrect Time and Time zone settings. Clocks MUST be within 5 minutes or
    Kerberos WILL fail.

    - The "TCP/IP NetBIOS Helper" service isn't running. A necessary service,
    along with the DHCP Client Service (whether the machine is static or not).

    - The "Remote Registry" service isn't running. Another necessary service.

    Ace
     
    Ace Fekay [MVP], Jan 5, 2007
    #23
  4. In
    There must be more going on with this than I can think of without actually
    physically remoting in to actually look at it and do some tests and check it
    out. Some type of setting, configuration, or something installed, is
    obviously preventing communication. It can also be as simple as running the
    Windows 2003 security wizard, URL scan, or some app doing it, even an AV app
    running preventing communication, or something lingering in the registry
    from the ISA firewall client or something else. Too many factors. Would need
    a full change configuration management documented history of the DC to study
    through it. WIndows 2003 just doesn't stop responding to network requests
    without something being changed on it, especially a DC.

    I think right about now, this is worth a call to Microsoft PSS. For $245,
    the Microsoft engineers will devote 100% of their time to resolve it. Plus
    they can escalate it to their dev group if need be. I would offer to do this
    for you, but if I can't resolve it in less than 30 minutes, it won't be
    helpful for you or I.

    I assume you are in the US. Here is a link to Microsoft PSS with pricing and
    phone #s.
    http://support.microsoft.com/?LN=en-us&scid=gp;en-us;offerprophone&x=17&y=7

    Let me know how you make out.

    Ace
     
    Ace Fekay [MVP], Jan 6, 2007
    #24
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.