 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Small Business Server / SBS 2000 / July 2004DNS not working. Help!
hi, Really stumped and wondering whether I overlooked anything or made a mistake. Migrated a SBS2k from old P2 to new Opteron h/w. Basically clean install SBS then migrate the data and as much settings as possible, using Exch Migrate Wiz for email and AD user accounts and roaming profiles for user settings. Also migrated ISA settings with ISA Tools. The main problem is DNS doesn't work/resolve outside the LAN/Domain. The router is ok; doing a ping to external IP works, but ping to domain name doesn't (hostname unknown). Ping to local PC names etc works. SBS has typical settings for LAN and WAN nic, and this config essential worked on the old SBS h/w. I just can't figure out what is wrong after looking at a few places. Other things are largely ok, but not having Internet is a real problem coz it also means email isn't coming in (using POP). Any ideas? The other issue but not really big one is with the user profile and config. Perhaps this one shd be in some FAQ (or perhaps another thread?). In order to migrate end-user settings, I specified the user roaming profile folder in their AD User profile, in each Users' folder. Each user's wallpaper, layout etc gets copied there. PCs migrate to new SBS install by changing to workgroup then after reboot join the domain of new SBS (PC account). Then user logs in and the profile settings are migrated to the local 'cache' on the PC. Well not quite so simply. I found that I needed to make the users local administrators in order for their settings to be saved, otherwise even Outlook wouldn't run. When copying the User folders, I made each user the owner of their own user folders. I also changed ownership for the local user folder (Docs and settings) on each PC, but still no go; unless the domain user is a local administrator they can't use their settings as it is not saved (no write rights). I wonder if this is any connection to the DNS problem (permissions somewhere)? Now, this is strange to me: if on a particular PC, the computer account is not created via changing domain membership, the user of the PC can login to the new server. On the server, event log says the PC tried to join but was rejected but of mismatched SID yet the user is able to logon. Furthermore, the user's profile and settings have no issue even with restricted rights unlike above. Any idea why, or an alternative workaround appreciated. TIA, Eugene Tan > hi, > [quoted text clipped - 21 lines] > it also means email isn't coming in (using POP). > Any ideas? This can occur due to DNS misconfiguration. All servers and workstations should specify *only* the internal AD-integrated DNS server's IP address in their network settings. The AD-integrated DNS server should be set up with forwarders to your ISP's DNS servers for external resolution. See http://support.microsoft.com/default.aspx?scid=kb;en-us;300202 for more info. > The other issue but not really big one is with the user profile and > config. Perhaps [quoted text clipped - 13 lines] > in order for their settings to be saved, otherwise even Outlook > wouldn't run. That should not be necessary - how did you migrate the old profiles? If you didn't migrate/copy the old ones, you had to create new ones (you have a new domain with the same name, but the SIDs won't match) > When copying the User folders, I made each user the owner of their > own user folders. I also changed ownership for the local user folder [quoted text clipped - 4 lines] > I wonder if this is any connection to the DNS problem (permissions > somewhere)? Doubtful. > Now, this is strange to me: if on a particular PC, the computer > account is not [quoted text clipped - 7 lines] > > Any idea why, or an alternative workaround appreciated. Again, more info of how you migrated the profiles might help. If you log in once as the new domain user, then log in as domain admin, you might be able to copy the old profile in control panel | system (user profiles settings) - but this can be a PITA. Depending on the number of users it may be just easier to manually recreate them. Don't expect the old roaming profile folders to work 'out of the box'. Make sure you always redirect My Documents to the users' home directories, don't let users store files on their desktops - and profiles are a lot easier to manage. I'm presuming the old profile folders are there and the users now have ownership to them - so you can copy out what you need. > TIA, > Eugene Tan hi Lanwench, Thanks for your reply. > This can occur due to DNS misconfiguration. All servers and workstations > should specify *only* the internal AD-integrated DNS server's IP address in > their network settings. The AD-integrated DNS server should be set up with > forwarders to your ISP's DNS servers for external resolution. See > http://support.microsoft.com/default.aspx?scid=kb;en-us;300202 for more > info. ok, I've read the KB, but don't really see anything flagged. This is SBS, so the DNS is AD-integrated by default and installed behind ISA. DNS has the forwarders, it has root-hints so it is not root DNS, and I believe the zone name is the same as the AD domain (which is setup by the SBS install script and nothing was changed). ISA has a filter for DNS Lookup which is UDP on p53 send/receive, but I don't really see DNS filter for TCP on p53. Could this be the problem? I also don't see any filter for RPC p135 and don't recall it being needed; the ISA's config was copied from the old SBS and imported to new SBS using one of the ISA tools - something.vbe script which I ran. So this means the ISA has the settings/filters that were sufficient for the old SBS and the new SBS isn't doing anything different. I have checked LAT etc for settings which are specific to the new server, although everything is largely the same (except for NICs, drivers and such). DNS doesn't resolve, so I've changed the POP settings to IP addr and so far can send and receive mail via exchange. But business websites and apps require me to get the DNS working. Thanks for your help and replies. Eugene Tan Check bindingorder and make sure the internal nic is on top. Are you using rRAS? Make sure you apply the regedits in 292822.  SignatureRegards, Marina Microsoft SBS-MVP > hi Lanwench, > [quoted text clipped - 30 lines] > Thanks for your help and replies. > Eugene Tan hi Marina, Thanks for your reply. I already checked all the basics, and have the old server to check against. However, it's still a problem. This server mobo has dual Broadcom nics and 1 intel server nic, and even if I config the other broadcom nic as the WAN and then run ICW again, it still doesn't DNS resolve. So, I've decided to reinstall SBS and hopefully it'll work. The only diff is that with this install, it's the first time I'm using the DVD; all other SBS have been installed using CDs and swapping. I don't think this is the issue but it's the only difference physically. There aren't any software-faulty DVD versions are there? Thanks, Eugene Tan ============================= > Check bindingorder and make sure the internal nic is on top. Are you using > rRAS? Make sure you apply the regedits in 292822. Hi Eugene, You will need to rejoin the pc's to the new sbs. SignatureRegards, Marina Microsoft SBS-MVP > hi, > [quoted text clipped - 61 lines] > TIA, > Eugene Tan Open DNS, properties from Server, tab Forwarders, put in the DNS servers from your internet connection provider. Restart DNS Server service. As for your other problem, look at Marina's response. > hi, > [quoted text clipped - 61 lines] > TIA, > Eugene Tan hi, Thanks for your reply Erik. But I've already done this, and even redid it and both restarted DNS and rebooted new SBS a few times. Here's a bit more info: I migrated by copying all the data files, then wen to stage 2 of SBS install, incl. SQL (but not enabled at the moment). After this was done, then ran the SBS SP1a. Then ran the ICW, choosing "router", POP Connector etc., and the ICW will set up some FW rules as well as setup ISP's DNS. After ICW, I didn't connect SBS to Internet yet, as I don't want POP to d/l which have no place to go to. Instead, I used migration wiz to import PST and migrate user accounts from old SBS, enable the accounts then (re)enabled the WAN nic - by plugging the nic into another switch or by disabling the WAN nic. When I finally connected WAN nic to Internet that's when I discovered that DNS names were not resolving. In summary, I don't think it is any settings (esp. obvious ones) which is the problem as I'm able to check against the old SBS which is still around (but not connected to any net). DNS is not resolving even though I can ping to the direct IP addr. The only difference procedure-wise doing this SBS install from others which I've done, is that after win2k starts up and before installing SBS, I connect the SBS win2k to the old SBS (and I will use the same domain.local name) in order to copy over the files. After copying the files, I disconnect from the domain and join to workgroup and restart. Then I install SBS. I made a mistake at this stage because I moved the wrong LAN line at the switch, so during the install SBS reported that the IP addr is in conflict, so I have to restart the install but I don't think this should have much influence right? I really can't understand why DNS would not resolve to external name. When doing DNS test (in property pages), simple Query pass but recursive query to external sites fail. From the dns log, I can see that it does contact with SND to the ISP's first DNS as well as the first Root-hint, but perhaps it is not getting a reply? I don't think the problem is with the WAN router and switch, because with another PC connected directly to this it can surf websites etc. Need help. TIA, Eugene Tan =================================== > Open DNS, properties from Server, tab Forwarders, put in the DNS servers > from your internet connection provider. > Restart DNS Server service. > > As for your other problem, look at Marina's response. I never choose router. I tried once and nothing worked. Try the other fast connection which I think is full time or broadband assuming two nics. Also check logs for any errors. Usually dns can be fixed. Folks that really know it can spot problems in a few minutes. I klnow this from two different accounts that had dns issues along with some other problems like incorrect domain name or IIS problems. >hi, > [quoted text clipped - 64 lines] >> >> As for your other problem, look at Marina's response. Jim B. SBS MVP remove the mvp to send email hi, Thanks Jim and all others for your suggestions and tips. Will give your fulltime broadband suggestion a go. No obvious logs in Event viewer. As mentioned, I decided to try to reinstall. Here is more info on my case. The SBS CD has Win2k sp1. The install to SBS went ok, and DNS works. Next I run ICW using router etc, and DNS still works. Then I apply SBSsp1a followed by SQL sp3 and DNS still resolves. Next I apply ISA sp1, and I think DNS still works. I say 'think' because at some point, I install something and then DNS fails to resolve and I forget to test which is precisely the culprit. I think after I install urlscan DNS is still ok. I believe I applied the settings/rules from the old SBS at this point and DNS still works after restarting ISA. I even rerun ICW and re-enabled custom filters on ISA. Then I add 5 CALs, and reboot. Then install another 5 CALs and also install IE6sp1 from the SBS2k3 CD3 (just run IE6setup). When IE6sp1 tries to reboot, there is some problem which I couldn't figure. When I reboot after this, DNS problem occurs. I can ping to IP but not the DNS addr. Doing a recursive test in DNS Mgr fails, simple test passes. I try to rollback to IE5, which seems to work but DNS still doesn't. Hope this provides enough of a clue for those with this knowledge on your finger tips. In DNS Mgr, the server has created a reverse lookup on its own. The server is a dual Opteron on a Tyan mobo, and I decided to put both memory dimms on the same cpu for dual-channel (this is a legal config). TIA, Eugene Tan ============================= > I never choose router. I tried once and nothing worked. Try the other > fast connection which I think is full time or broadband assuming two > nics. > Also check logs for any errors. Usually dns can be fixed. Folks that > really know it can spot problems in a few minutes. I klnow this from [quoted text clipped - 72 lines] > Jim B. SBS MVP > remove the mvp to send email Hi Eugene, Why are you installing IE 6 from the SBS 2003 cd??? SignatureRegards, Marina Microsoft SBS-MVP > hi, > [quoted text clipped - 130 lines] > > Jim B. SBS MVP > > remove the mvp to send email hi, "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in > Why are you installing IE 6 from the SBS 2003 cd??? Well, because it was the only IE6sp1 CD that I know of/have here, don't want to download form the Net to save d/l costs, faster etc. It could've been any other IE6sp1 if I had the CD from MSDN etc. Why? Is there a difference (it's one of the client apps on SBS2k3)? Regards, Eugene Tan hi, I ran ICW again and selected fulltime broadband. Unfortunately still doesn't work - DNS not resolving external names. *sigh* Now, am going to do yet another reinstall, and this time will take it step by step until I run into the roadblock. Eugene Tan ===================== > I never choose router. I tried once and nothing worked. Try the other > fast connection which I think is full time or broadband assuming two > nics. Hi Eugene, And this time don't install IE sp1 from the 2003 cd's. SignatureRegards, Marina Microsoft SBS-MVP > hi, > [quoted text clipped - 11 lines] > > fast connection which I think is full time or broadband assuming two > > nics. hi Marina, yes, I will avoid this. Is there any difference or issue? At the first attempt, I installed IE6 (no sp) which was d/l some time ago and SBS's DNS stopped working later, but can't be sure if this is related. Regards, Eugene ============================== > Hi Eugene, > [quoted text clipped - 10 lines] > > > > Eugene Tan Hi Eugene, There is a difference in IE 6 for W2k and W2k3, so don't load it. SignatureRegards, Marina Microsoft SBS-MVP > hi Marina, > [quoted text clipped - 22 lines] > > > > > > Eugene Tan |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.