I have NO CLUE what happened.....but I have lost all network connections on my server. I have Windows Server 2008 R2. I cannot connect to the internet nor can any computer connect to the server.....If I click on diagnostics I received: Problems Found: Windows can't communicate with the device or resource (primary DNS server). SO I go to my Server manager....Roles....DNS Server....Properties on my Server. Looking at the Forwarders tab I see my 2 dns servers: 208.67.222.222 and 208.67.220.220. Both say : <Attempting to resolve> after a minute or so both say <unable to resolve> Any other ip I put into here tells me “The server forwarders cannot be updates. The IP Address is invalid.” Here is some information from an ipconfig: Ipv4 address: 192.168.10.3 Default Gateway: 192.168.10.1 DNS Servers: 208.67.222.222 208.67.220.220 NetBIOS over Tcpip: disabled Also......IF I go to my server manager....roles....AD DS my events show......ERROR Event id 1126. A google search showed me this page: http://technet.microsoft.com/en-us/library/cc756476(WS.10).aspx So I followed the steps to: 1. test connectivity for the DC.... which worked ok. 2. Ensure that there is at least one global catalog that is configured for the forest : dssite.msc takes FOREVER to pull up….when it does I see “The directory schema is not accessible because: An invalid directory pathname was passed. For this reason, the New Menu may be inaccurate, and extension snap-ins may not work properly” OK. After I hit OK I see: “Date from Active Directory Sites and Services [servername.domain] is not available from Domain Controller servername.domain because: The server is not operational. Try again later, or choose another DC by selecting Connect to Domain Controller on the Domain context menu. OK” Hit ok and the AD Sites and services finally pops up. So I think its safe to say this isn’t working right… 3. Ensure that global catalog servers local network connection is operational: This seems to work ok. 4. Ensure that the NTDS service is running on the global catalog server. sc query ntds …..shows running net start ntds…..shows me this is already been started I do have my server connected to a Cisco Firewall. My cisco firewall was inplace prior to the server so cisco handles the dhcp services…… Things were working fine but now everything is messed up…… I really am not sure where to start or how to make things right again…… Thanks for any and all help!!

I think that there is a firewall / router that is blocking traffic. Have you made changes on your firewall settings. Use portqry to check that all is okay with ports. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Thanks for the reply! I don't recall making any changes to my cisco firewall......but maybe something minor happend and I didn't notice....... I am rather new to this server word.......can you help me with the portqry command?? Thanks again!

Refer to these article for portqry commands: http://www.windowsecurity.com/articles/mastering-portqryexe-part1.html http://www.windowsecurity.com/articles/mastering-portqryexe-part2.html This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Hello, please remove the 208.67.222.222 and 208.67.220.220 as DNS server on the NIC of the DC, use itself with the private ip address. Please post an unedited ipconfig /all from the DC/DNS server and a client machine so we can verify some other settings.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

I do have my server connected to a Cisco Firewall. My cisco firewall was inplace prior to the server so cisco handles the dhcp services…… Can you get into the Cisco firewall? Do you use ADSM?

Working on removing the DNS Servers from the NIC and posting inpconfig stats.... Yes I can get into the firewall and I do or can use the ADSM. Thanks for the help!

Here is ipconfig from SERVER C:\Users\Administrator>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : DS-T610-2010 Primary Dns Suffix . . . . . . . : abc.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abc.com Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) #2 Physical Address. . . . . . . . . : 84-2B-2B-05-65-49 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) Physical Address. . . . . . . . . : 84-2B-2B-05-65-47 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5c23:cdc5:a337:36da%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.10.3(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1 DHCPv6 IAID . . . . . . . . . . . : 243542827 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-88-78-29-84-2B-2B-05-65-47 DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{138B8BEA-2EC2-4E26-8ECA-4A1728BF3FC5}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{D3DB0B70-0340-4CD7-943B-AEBC80A43428}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Ipconfig from client pc: C:\Users\K=km-1>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : km-1 Primary Dns Suffix . . . . . . . : abc.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abc.com Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-26-55-48-CB-F8 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::b84f:ba9b:80bb:ae02%12(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.10.5(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, March 24, 2011 1:58:49 PM Lease Expires . . . . . . . . . . : Thursday, March 24, 2011 4:58:48 PM Default Gateway . . . . . . . . . : 192.168.10.1 DHCP Server . . . . . . . . . . . : 192.168.10.1 DHCPv6 IAID . . . . . . . . . . . : 251668053 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-B8-A9-35-00-26-55-48-CB-F8 DNS Servers . . . . . . . . . . . : 208.67.222.222 208.67.220.220 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{4ACB4465-BA98-4C63-973E-5026B385B447}: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5efe:192.168.10.5%13(Preferred) Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 208.67.222.222 208.67.220.220 NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Local Area Connection* 11: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:18d1:49b6:2e71:40f2(Preferred) Link-local IPv6 Address . . . . . : fe80::18d1:49b6:2e71:40f2%11(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled

Working on removing the DNS Servers from the NIC and posting inpconfig stats.... Yes I can get into the firewall and I do or can use the ADSM. If you monitor the ADSM logs you normally see if a specific machine is being blocked and for what reason. You may have to set the logging to show informational messages in ADSM.

I suppose here that DS-T610-2010 is a DC/DNS. Why it does not point to itself as DNS server? Please use 192.168.10.3 as primary DNS server for this DC. Also, make sure that it is using a static IP address. Please also disable IPv6 on this server. For the client computer, please make that it is using 192.168.10.3 as primary DNS server. Also, configure your DNS server to redirect internet DNS requests to a public DNS server. With the IP config that you had, there should be no access to domain so I am really interested to know how you have lost connectivity. Could you please tell me if you changed IP settings? This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

I thought of that too.....but I never see the servers IP. I even tried to ping the server (192.168.10.3) from the asdm......no luck. And I have no luck pinging the cisco firewall(192.168.10.1) from the server.....

Please change the IP settings like I told you and check that you don't have blocked ports using portqry.exe. For ping check that your firewalls are allowing ICMP traffic. Also, check that you don't have problems with your routes. Use nslookup to check that you don't have problems with DNS resolution. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 Thats the part that really stands out to me. Once you have assigned the DNS server you should see an improvement. BTW, typing the firewall local IP into internet explorer should get you to the Cisco login (if ping is disabled on the firewall)

OK here is what I have done.... Went to network connections.....Local Area connection properties.......tcp/ipv4......changed my preferred dns to 192.168.10.3. Which is the ip of my server. So now a ipconfig from my server shows: C:\Users\Administrator>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : DS-T610-2010 Primary Dns Suffix . . . . . . . : abc.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abc.com Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) #2 Physical Address. . . . . . . . . : 84-2B-2B-05-65-49 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) Physical Address. . . . . . . . . : 84-2B-2B-05-65-47 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.10.3(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1 DNS Servers . . . . . . . . . . . : 192.168.10.3 NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{138B8BEA-2EC2-4E26-8ECA-4A1728BF3FC5}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{D3DB0B70-0340-4CD7-943B-AEBC80A43428}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IF i perform a nslookup 192.168.10.3. I see the following: Dns request timed out. timeout was 2 seconds. Server: Unknown Address: 192.168.10.3 DNS request timed out. timeout was 2 seconds. ***Request to UnKnown timed-out as for portqry what port should or should not be blocked....... I downloaded the Port Query UI tool. I entered destination of 127.0.0.1 with query type of domains and trusts. My results are: TCP Ports 135, 389, 636, 3268, 3269, 53, 88, 445 Are listening UDP Ports 53, 88 Are Listening TCP Ports 139 and 42 ARE NOT Listening UDP Ports 137 and 138 ARE NOT Listening Thanks again for everyones' help thus far!!!

For the nslookup try to solve DNS names instead of IP addresses. As I see you don't have a reverse lookup zone so the result is perfectly normal. For DNS requests, it the port 53 that you need. Also, check that your forwarders are configured correctly so that you will be able to solve public DNS names. Run net.exe stop netlogon & net.exe start netlogon on your DCs to make sure that they have updated their DNS records. As I see, the ports needed for NetBIOS resolutions are blocked so will can only use DNS resolutions. Is there any update? This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Hello, on the server disable RRAS complete, not recommended to run on DCs: IP Routing Enabled. . . . . . . . : Yes Without reverse lookup zones errors ion nslookup are ok. Disable all not used NICs on the server and make sure the DNS zones don't contain old ones or not domain ips or APIPA. Please add again a client ipconfig /all here.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

There is something going on with those forwarders........ Currently it shows 208.67.222.222 and 208.67.220.220 <Unable to Resolve> for both. SO I entered 127.0.0.1....that works and the fqdn server is now my DST610-2010.abc.com However I can't keep that address when I click apply I get a: "The server forwarders cannot be updated. The IP address is invalid." So the 208.67.222.222 and 208.67.220.220 are the ones I am stuck with......

For the forwarders, refer to this Microsoft article: http://technet.microsoft.com/fr-fr/library/dd365067(v=WS.10).aspx What happen if you use other public DNS servers like 4.2.2.2? This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

No matter what public dns server i input I always get they it can't be resolved. I also have tried googles dns (8.8.8.8 + 8.8.4.4) open dns (208.67.222.222 + 208.67.220.220).

Looks like that there is a firewall / router that is blocking traffic between your DNS server and the public DNS server. Try to use PortQry from your DNS server to check if it is able to communicate with public DNS servers. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Using Port Query UI tool. I entered destination of 192.168.10.3 with query type of domains and trusts. My results are: TCP Ports: 135, 389, 636, 3268, 3269, 53, 88, 445, 139, 42 = Filtered UPD Ports: 389, 53, 88, 137, 138 = Listening or Filtered

You have not followed what I mentioned. To check that your client computers are able to solve local DNS names, use nslookup to check that (try to solve local DNS names). Run PortQry on the DNS server to check if it is able to communicate with the public DNS server using port 53. You can also use wireshark to sniff incoming and outcoming traffic on the server. This should be a connectivity problem. So, you should check what is blocking the traffic. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

I don't mean to ignore any help I am given......I am learning as I go here with all this....So I am very appreciative of the support/help I have received!!! Let me explain the entire situation......This server is new and the only one our agency has had now or ever......Prior to this they used 1 normal computer to act as a server and share a folder to all other computers. So currently this server isn't really being used but rather I am still attempting to set it up for use. There is (now was) only ONE client computer connected to it.....For testing purposes. The goal is to have our remote office vpn into this server for all staff to use the same data/files. The vpn connections/set up has been completed with cisco firewalls. Or atleast the cisco firewalls can pass data back and forth between them. So my next step was to start setting up the Network Policy and Access Services........Those roles where set up and installed and all was fine.....Or so I thought cause over night things went kaboom......Cause now I don't have any network connection with this server. No internet, can't see other computers, no shared files, the client computer can't connect to server/domain, ect. SO I am a bit confused......Because Monday everything seemed to be fine. NO I had not fully tested the network policy and access services that had been installed but after the install my one client pc was still able to connect to the server, the server still had a internet connection....I thought all was good. Tuesday morning everything was wrong..... Something I am noticing is most errors I see in the server manager under AD DS all state: Naming information cannot be located for the following reason: The server is no operational.

What originally performed the duties of DNS and DHCP? On Monday when "everything seemed to be fine" had you already created your Active Directory structure, connected to the network and joined the others to this machine?