lack of network connectivity to a domain controller
This is in a test environment. I have a 2008 Server standard DC. A 2008 Server standard, Member server that has been joined to the domain. On the member server I run: gpupdate /force and get this message: The processing of Group Policy failed because of lack of network connectivity to a domain controller. The DC only has one NIC. Static IP. There is an A record in DNS and a PTR record in a reverse lookup zone (not sure if that matters). From the Member Server I can ping the DC by host name, and vice versa. Any idea what would cause this, and how to trouble shoot it? Thanks.
February 2nd, 2011 9:18am

start by running the following from the member server: dcdiag /s:<DCName> Post the output pleaseChris Morgan
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 9:41am

That's weird, dcdiag was missing from the System32 folder. So I copied it from the DC. This is the output.... but that doesn't look right. Resource ID 0x60d not found. Unable to print Resource ID 0x60d . Unable to print Resource ID 0x60d . Resource ID 0x41d not found. Unable to print Resource ID 0x41d . Unable to print Resource ID 0x41d . Resource ID 0x61a not found. Unable to print Resource ID 0x61a . Unable to print Resource ID 0x61a . Message 0xc0001780 not found. Resource ID 0x61b not found. Unable to print Resource ID 0x61b . Unable to print Resource ID 0x61b .
February 2nd, 2011 9:52am

Hello, in addition, please post also an unedited ipconfig /all from both servers. How are they connected, with a switch? If the Active directory domain services are not installed on the member server you will get an error with dcdiag command. Please run the following command on the DC directly, "dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt" without the quotes. As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) and add the link from it here.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 9:55am

Here it is: Directory Server Diagnosis Performing initial setup: * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\GLASGOW Starting test: Connectivity The host de5f7dce-f6c9-4bbe-9234-fb9df2865394._msdcs.contoso.internal could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc. Neither the the server name (Glasgow.contoso.internal) nor the Guid DNS name (de5f7dce-f6c9-4bbe-9234-fb9df2865394._msdcs.contoso.internal) could be resolved by DNS. Check that the server is up and is registered correctly with the DNS server. ......................... GLASGOW failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\GLASGOW Skipping all tests, because server GLASGOW is not responding to directory service requests. Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : contoso Starting test: CheckSDRefDom ......................... contoso passed test CheckSDRefDom Starting test: CrossRefValidation ......................... contoso passed test CrossRefValidation Running enterprise tests on : contoso.internal Starting test: LocatorCheck ......................... contoso.internal passed test LocatorCheck Starting test: Intersite ......................... contoso.internal passed test Intersite IPconfig /ALL from both servers: Domain Controller ------------- Host Name . . . . . . . . . . . . : Glasgow Primary Dns Suffix . . . . . . . : contoso.internal Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : contoso.internal Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter Physical Address. . . . . . . . . : 08-00-27-6E-9C-69 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.10.252(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.3 DNS Servers . . . . . . . . . . . : 192.168.10.12 192.168.10.13 Member Server ---------------- Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter Physical Address. . . . . . . . . : 08-00-27-B3-B8-E9 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.10.51(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, February 02, 2011 8:23:54 AM Lease Expires . . . . . . . . . . : Thursday, February 03, 2011 8:23:56 AM Default Gateway . . . . . . . . . : 192.168.10.3 DHCP Server . . . . . . . . . . . : 192.168.10.12 DNS Servers . . . . . . . . . . . : 192.168.10.12 192.168.10.13 Primary WINS Server . . . . . . . : 192.168.10.12 Secondary WINS Server . . . . . . : 192.168.10.13
February 2nd, 2011 10:05am

Please run the following command on the DC directly, "dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt" without the quotes. As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) and add the link from it here. When I run that I get a message saying "AD DS /Lightweight Directory Services diagnosis utility has stopped working"
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 10:09am

Please run the following command on the DC directly, "dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt" without the quotes. As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) and add the link from it here. When I run that I get a message saying "AD DS /Lightweight Directory Services diagnosis utility has stopped working" Hello, please post the server roles you have installed in detail.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
February 2nd, 2011 10:29am

Hello, your DC and domain DNS server is 192.168.10.252. So on the domain controller and the member server use ONLY 192.168.10.252 as DNS server. What are 192.168.10.12/13 for DNS servers? Do you have on GLASGOW the following DNS zones and are the server registered with an A record and the DC/DNS server also with the name server record: msdcs.contoso.internal and contoso.internal Also make sure the DHCP client service is started and set to automatic, it is requried for correct DNS registration.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 10:33am

Hi John, Meinolf's suggestion is right. DNS records play an important role for domain controllers in the Active Directory domain. Client computers (Winlogon Service) always query DNS Server to find the IP Address of the domain controller. Please make sure that the member server use domain controller (192.168.10.252) as DNS server and you can follow the simple steps to ensure SRV records of a domain controller are registered in the DNS Server. Open Command Prompt Type NSLOOKUP and hit enter Type Set Type=all and press enter At NSLOOKUP prompt, type _LDAP._TCP.DC._MSDCS.Domain_Name.com and hit enter. How to Verify the Creation of SRV Records for a Domain Controller http://support.microsoft.com/kb/241515 How To Reregister SRV records of a Domain Controller In DNS Zone http://support.microsoft.com/kb/556002 BrentPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
February 2nd, 2011 10:06pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics