Can only access certain clients with FQDN
Hi, I have a strange problem that occurs every now and then. I can't access admin shares with FQDN to certain computers (some random computers in domain not the same computers everytime). The problem is fixed if i reboot the server. I just think that rebootting is not a good solution... The server is 2008 R2 (just a member server in domain) and the clients are XP SP3. When the problem is on I can: ping the client with its name xx and with xx.domain.local. I can access the computers admin share with \\xx.domain.local\c$ I can't access: \\xx\c$. I get an error stating "Windows cannot access \\xx\c$ I need this to work because our contractor has done tons scripts that uses just the name.
August 3rd, 2011 2:42am

Hello look into your dns and see how the server is registered in DNS.Isaac Oben MCITP:EA, MCSE,MCC View my MCP Certifications
Free Windows Admin Tool Kit Click here and download it now
August 3rd, 2011 3:45am

if it works with ping xx.domain.local (the FQDN, fully qualified domain name), dns is fine! single label resolution (finding an ip for just an hostname) depends on multiple things. I'l describe more or less what happens: as always the client check is hostsfile for the label to resolve it appends all dns suffixes one by one and queries dns for each until a result is found the client checks via netbios/wins if on a workign computer, you do ping xx and it deos tell you pinging xx.domain.local, you know the answer came via dns. and thus, on a non working compute, the same query fails. If they use the same dns server, the only differnce can be the dns suffixes configured. Check http://support.microsoft.com/kb/305553 on how to configure and check. You can push the suffx list by gpo if needed! If ping xx on a working computer answers with pinging xx, you know resolution was done via Netbios/WINS. If yiou have no WINS infrastructure, netbios name resolution will only work within one subnet. So verify the computers are on the same subnet. If you are using WINS, verify the configuration of the client, and clear teh netbios caches with nbtstart. Be aware emote authentication to a computer using only the single label hostname, defaults back to ntlm, were kerberos is used otherwise (kerberos needs the fqdn). I guess that exactly is the issue: NTLM is not enabled out of the box on 2008 R2, so authenticating when usign a single label lookup via wins or netbios, will not work. You should enable it, or better, not use single label hostnames when authenticating (->configure your dns suffixes!) http://technet.microsoft.com/en-us/library/dd560653(v=ws.10).aspx However, i would recommend using dns if possible (stay with kerberos!), and also to use the FQDN in configurations. This lowers the amount of dns requests needed, fences a lot better against client configuration and possible future changes in the environment, and is more secure!MCP/MCSA/MCTS/MCITP
August 3rd, 2011 6:21am

Hello, sounds like DNS, please post an unedited ipconfig /all from the DC/DNS servers and a machine with this problem.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
August 3rd, 2011 9:53am

Hi, I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help. Regards, Arthur Li Forum Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
August 8th, 2011 1:11am

Yep, it seems like a DNS problem but why the problem goes away with rebooting the server that doesn't work? The IP-addresses are partly public because of MPLS network. So won't post them unedited. There are 3 servers. win 2003 dns/dc, other win 2003 and one 2008 R2. All servers DNS point to win 2003 dns server. Also all clients point to the same win 2003 dns server
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2011 1:35am

Strange thing is that even if I add the host name xx to hostfile it still does not work from the specific server. I'll have to check the NTLM thing still. The mystery part is why it starts to work again when I reboot the server?
August 9th, 2011 1:43am

Strange thing is that even if I add the host name xx to hostfile it still does not work from the specific server. I'll have to check the NTLM thing still. The mystery part is why it starts to work again when I reboot the server? Hello, again, if rebooting solves the problems 99% belong to DNS as after the reboot the domain internal DNS is working. And as you are talking about using public ip addresses on the DC this will create conflicts, so please provide the ipconfig /all You can edit them for the public ip addresses but keep the format, also you can change the domain names to just DOMAIN.COM BUT again keep all format's the same.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2011 3:27am

Hi, I just want to touch base and check if there is anything that I can do for you on this thread. If so, please do not hesitate to let me know and I will be happy to help. Regards, Arthur Li Forum Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
August 14th, 2011 11:03pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics