Add permissions for local workstation client
in [Windows Servers]
|
Prev: new forest domain setup not allowing domain logins
Next: Doesn't file sharing really need "NetBios over TCP" in Win2000/XP?
From: Terry on 9 Mar 2010 06:46 thanks The router is a Linksys Wireless Router WRT160N I will change the Forwarders then DHCP today and post tonight "Ace Fekay [MVP-DS, MCT]" wrote: > "Terry" <Terry(a)discussions.microsoft.com> wrote in message news:47CFFB4C-9243-4E20-8E28-C5619108A31B(a)microsoft.com... > > Ace, > > Using your directions I could get a workstation to add a domain user to the > > administrators group on the workstation. - thanks > > > > The problem now is the workstation cannot do anything on the Internet. Could > > this be the forwarders in the DNS? > > > > If I add a external DNS number to the properties of the TCP/IP on the > > workstation then the Internet works. > > > > You can see images of the DNS and Active Directory at: > > http://eriemetroparks.com/Network/default.html > > > > Here is the IPCONFIG for hte Work station when it cannot get to the Interenet: > > Windows IP Configuration > > Host Name . . . . . . . . . . . . : Spare > > Primary Dns Suffix . . . . . . . : EPMapleGrove.local > > Node Type . . . . . . . . . . . . : Hybrid > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : EPMapleGrove.local > > Ethernet adapter Local Area Connection: > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network > > Connection > > Physical Address. . . . . . . . . : 00-11-11-1D-5A-9A > > Dhcp Enabled. . . . . . . . . . . : Yes > > Autoconfiguration Enabled . . . . : Yes > > IP Address. . . . . . . . . . . . : 192.168.1.11 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.1.1 > > DHCP Server . . . . . . . . . . . : 192.168.1.1 > > DNS Servers . . . . . . . . . . . : 192.168.1.10 > > Lease Obtained. . . . . . . . . . : Monday, March 08, 2010 6:12:22 PM > > Lease Expires . . . . . . . . . . : Monday, March 08, 2010 7:02:22 PM > > > > Here is the IPconfig of the Server: > > Windows IP Configuration > > Host Name . . . . . . . . . . . . : EMPSERVER4112 > > Primary Dns Suffix . . . . . . . : EPMapleGrove.local > > Node Type . . . . . . . . . . . . : Hybrid > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : EPMapleGrove.local > > Ethernet adapter Server Local Area Connection: > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network > > Connection with I/O Acceleration > > Physical Address. . . . . . . . . : 00-30-48-63-71-52 > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 192.168.1.10 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.1.1 > > Primary WINS Server . . . . . . . : 192.168.8.10 > > > > Thanks for your help > > Terry > > > > > > > > > > > > Terry, > > As Dave said, DO NOT put the ISP's DNS on any machines' IP properties. > > What I do see is you have way too many Forwarders. The resolver service algorithm will time out after two of them, so the additional two are superfluous. > > I also see that you are using WINS, yet it is not specified on the workstation. > > I also see you are using the router as a DHCP server. Router DHCP services do not support many of the functions that Windows DHCP supports regarding DNS registration, WINS settings including Hybrid node type, and basically Option 081. I highly recommend disabling the router's DHCP service and use your Windows server DHCP and set the following options: > > 003 192.168.1.1 > 006 192.168.1.10 > 015 EPMapleGrove.local > 044 192.168.1.10 (this is the WINS server) > 046 0x8 (this is the WINS node type) > > As for the fowarders you have listed, jot the list down on paper, then remove them, and try the following: > 4.2.2.2 > 4.2.2.3 > > Then flush the DNS cache. To do that, right click the server name in DNS, and click clear cache. Then go to the workstation, in a CMD prompt, clear the local resolver cache by running: > ipconfig /flushdns > > Test your internet access. Test it with at least five different domain names, please. > > If it still doesn't work, post the domain names. My feeling is the router may not be allowing EDNS0. Is it a firewall? What brand and model router do you have? > > To test if EDNS0 is allowed or note: > > You can test it too and see how large the response is. Use nslookup with the vc option, which forces TCP only. This will also tell you if the response goes thru as TCP and not UDP. Try an nslookup for Yahoo's MX records before you make the changes and you can see how large the response is. If you count each line, (each line is 80 bytes), it's more than 512 bytes. > > Keep in mind, EDNS0 uses UDP packets sizes up to 1280 bytes. Non-EDNS0 is limited to UDP packets of 512 bytes. Nslookup and queries in general, default to UDP, and Windows 2003 defaults to using UDP & EDNS0. > > nslookup > > set q=mx (this forces it to search for mail records) > >microsoft.com > > Does a response return or does it error out? > If it errors out, try yahoo.com. If that errors out too, try the following commands: > > > set vc (this forces TCP) > > > yahoo.com > Server: london.nwtraders.msft > Address: 192.168.5.200 > > Non-authoritative answer: > yahoo.com MX preference = 1, mail exchanger = mx2.mail.yahoo > yahoo.com MX preference = 1, mail exchanger = mx3.mail.yahoo > yahoo.com MX preference = 5, mail exchanger = mx4.mail.yahoo > yahoo.com MX preference = 1, mail exchanger = mx1.mail.yahoo > > yahoo.com nameserver = ns5.yahoo.com > yahoo.com nameserver = ns1.yahoo.com > yahoo.com nameserver = ns2.yahoo.com > yahoo.com nameserver = ns3.yahoo.com > yahoo.com nameserver = ns4.yahoo.com > mx2.mail.yahoo.com internet address = 67.28.114.35 > mx2.mail.yahoo.com internet address = 67.28.114.36 > mx2.mail.yahoo.com internet address = 4.79.181.13 > mx2.mail.yahoo.com internet address = 64.156.215.8 > mx3.mail.yahoo.com internet address = 64.156.215.5 > mx3.mail.yahoo.com internet address = 64.156.215.6 > mx3.mail.yahoo.com internet address = 4.79.181.12 > mx3.mail.yahoo.com internet address = 64.156.215.18 > mx4.mail.yahoo.com internet address = 66.218.86.156 > mx4.mail.yahoo.com internet address = 67.28.113.19 > mx4.mail.yahoo.com internet address = 68.142.202.11 > mx4.mail.yahoo.com internet address = 68.142.202.12 > mx1.mail.yahoo.com internet address = 67.28.113.11 > mx1.mail.yahoo.com internet address = 4.79.181.14 > mx1.mail.yahoo.com internet address = 4.79.181.15 > mx1.mail.yahoo.com internet address = 67.28.113.10 > ns5.yahoo.com internet address = 216.109.116.17 > ns1.yahoo.com internet address = 66.218.71.63 > ns2.yahoo.com internet address = 66.163.169.170 > ns3.yahoo.com internet address = 217.12.4.104 > ns4.yahoo.com internet address = 63.250.206.138 > > > > If you see the above response with the set vc and not before it or only a partial set before using the vc switch, then it is clearly an EDNS0 issue on the router. > > The set vc switch tells it to use TCP instead of UDP. If it works with the vc switch, and not without it, then it is an EDNS0 block. I provided hotmail.com as an example because it's response is definitely greater than 512 bytes. You can also not set it to 'mx' and leave it default when you invoke nslookup, and then try aol.com, microsoft.com, yahoo.com, as some examples with large responses. > > > Ace > > > . >
From: kj [SBS MVP] on 9 Mar 2010 12:14 Jumping in late and not seeing which verison of SBS is in play. This configuration is automatically ( and correctly ) done for you in SBS by using the built in wizards (CIEW). EDNSO support is a different matter, but configuration of SBS should be done with the wizard and verified with the Best Practices Analyzer. This will allow you to focus troubelshooting to the external devices. Terry wrote: > thanks The router is a Linksys Wireless Router WRT160N > I will change the Forwarders then DHCP today and post tonight > > "Ace Fekay [MVP-DS, MCT]" wrote: > >> "Terry" <Terry(a)discussions.microsoft.com> wrote in message >> news:47CFFB4C-9243-4E20-8E28-C5619108A31B(a)microsoft.com... >>> Ace, >>> Using your directions I could get a workstation to add a domain >>> user to the administrators group on the workstation. - thanks >>> >>> The problem now is the workstation cannot do anything on the >>> Internet. Could this be the forwarders in the DNS? >>> >>> If I add a external DNS number to the properties of the TCP/IP on >>> the workstation then the Internet works. >>> >>> You can see images of the DNS and Active Directory at: >>> http://eriemetroparks.com/Network/default.html >>> >>> Here is the IPCONFIG for hte Work station when it cannot get to the >>> Interenet: Windows IP Configuration >>> Host Name . . . . . . . . . . . . : Spare >>> Primary Dns Suffix . . . . . . . : EPMapleGrove.local >>> Node Type . . . . . . . . . . . . : Hybrid >>> IP Routing Enabled. . . . . . . . : No >>> WINS Proxy Enabled. . . . . . . . : No >>> DNS Suffix Search List. . . . . . : EPMapleGrove.local >>> Ethernet adapter Local Area Connection: >>> Connection-specific DNS Suffix . : >>> Description . . . . . . . . . . . : Intel(R) PRO/1000 CT >>> Network Connection >>> Physical Address. . . . . . . . . : 00-11-11-1D-5A-9A >>> Dhcp Enabled. . . . . . . . . . . : Yes >>> Autoconfiguration Enabled . . . . : Yes >>> IP Address. . . . . . . . . . . . : 192.168.1.11 >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>> Default Gateway . . . . . . . . . : 192.168.1.1 >>> DHCP Server . . . . . . . . . . . : 192.168.1.1 >>> DNS Servers . . . . . . . . . . . : 192.168.1.10 >>> Lease Obtained. . . . . . . . . . : Monday, March 08, 2010 >>> 6:12:22 PM Lease Expires . . . . . . . . . . : Monday, March >>> 08, 2010 7:02:22 PM >>> >>> Here is the IPconfig of the Server: >>> Windows IP Configuration >>> Host Name . . . . . . . . . . . . : EMPSERVER4112 >>> Primary Dns Suffix . . . . . . . : EPMapleGrove.local >>> Node Type . . . . . . . . . . . . : Hybrid >>> IP Routing Enabled. . . . . . . . : No >>> WINS Proxy Enabled. . . . . . . . : No >>> DNS Suffix Search List. . . . . . : EPMapleGrove.local >>> Ethernet adapter Server Local Area Connection: >>> Connection-specific DNS Suffix . : >>> Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network >>> Connection with I/O Acceleration >>> Physical Address. . . . . . . . . : 00-30-48-63-71-52 >>> DHCP Enabled. . . . . . . . . . . : No >>> IP Address. . . . . . . . . . . . : 192.168.1.10 >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>> Default Gateway . . . . . . . . . : 192.168.1.1 >>> Primary WINS Server . . . . . . . : 192.168.8.10 >>> >>> Thanks for your help >>> Terry >>> >>> >>> >>> >>> >> >> Terry, >> >> As Dave said, DO NOT put the ISP's DNS on any machines' IP >> properties. >> >> What I do see is you have way too many Forwarders. The resolver >> service algorithm will time out after two of them, so the additional >> two are superfluous. >> >> I also see that you are using WINS, yet it is not specified on the >> workstation. >> >> I also see you are using the router as a DHCP server. Router DHCP >> services do not support many of the functions that Windows DHCP >> supports regarding DNS registration, WINS settings including Hybrid >> node type, and basically Option 081. I highly recommend disabling >> the router's DHCP service and use your Windows server DHCP and set >> the following options: >> >> 003 192.168.1.1 >> 006 192.168.1.10 >> 015 EPMapleGrove.local >> 044 192.168.1.10 (this is the WINS server) >> 046 0x8 (this is the WINS node type) >> >> As for the fowarders you have listed, jot the list down on paper, >> then remove them, and try the following: >> 4.2.2.2 >> 4.2.2.3 >> >> Then flush the DNS cache. To do that, right click the server name in >> DNS, and click clear cache. Then go to the workstation, in a CMD >> prompt, clear the local resolver cache by running: >> ipconfig /flushdns >> >> Test your internet access. Test it with at least five different >> domain names, please. >> >> If it still doesn't work, post the domain names. My feeling is the >> router may not be allowing EDNS0. Is it a firewall? What brand and >> model router do you have? >> >> To test if EDNS0 is allowed or note: >> >> You can test it too and see how large the response is. Use nslookup >> with the vc option, which forces TCP only. This will also tell you >> if the response goes thru as TCP and not UDP. Try an nslookup for >> Yahoo's MX records before you make the changes and you can see how >> large the response is. If you count each line, (each line is 80 >> bytes), it's more than 512 bytes. >> >> Keep in mind, EDNS0 uses UDP packets sizes up to 1280 bytes. >> Non-EDNS0 is limited to UDP packets of 512 bytes. Nslookup and >> queries in general, default to UDP, and Windows 2003 defaults to >> using UDP & EDNS0. >> >> nslookup >>> set q=mx (this forces it to search for mail records) >>> microsoft.com >> >> Does a response return or does it error out? >> If it errors out, try yahoo.com. If that errors out too, try the >> following commands: >> >>> set vc (this forces TCP) >> >>> yahoo.com >> Server: london.nwtraders.msft >> Address: 192.168.5.200 >> >> Non-authoritative answer: >> yahoo.com MX preference = 1, mail exchanger = mx2.mail.yahoo >> yahoo.com MX preference = 1, mail exchanger = mx3.mail.yahoo >> yahoo.com MX preference = 5, mail exchanger = mx4.mail.yahoo >> yahoo.com MX preference = 1, mail exchanger = mx1.mail.yahoo >> >> yahoo.com nameserver = ns5.yahoo.com >> yahoo.com nameserver = ns1.yahoo.com >> yahoo.com nameserver = ns2.yahoo.com >> yahoo.com nameserver = ns3.yahoo.com >> yahoo.com nameserver = ns4.yahoo.com >> mx2.mail.yahoo.com internet address = 67.28.114.35 >> mx2.mail.yahoo.com internet address = 67.28.114.36 >> mx2.mail.yahoo.com internet address = 4.79.181.13 >> mx2.mail.yahoo.com internet address = 64.156.215.8 >> mx3.mail.yahoo.com internet address = 64.156.215.5 >> mx3.mail.yahoo.com internet address = 64.156.215.6 >> mx3.mail.yahoo.com internet address = 4.79.181.12 >> mx3.mail.yahoo.com internet address = 64.156.215.18 >> mx4.mail.yahoo.com internet address = 66.218.86.156 >> mx4.mail.yahoo.com internet address = 67.28.113.19 >> mx4.mail.yahoo.com internet address = 68.142.202.11 >> mx4.mail.yahoo.com internet address = 68.142.202.12 >> mx1.mail.yahoo.com internet address = 67.28.113.11 >> mx1.mail.yahoo.com internet address = 4.79.181.14 >> mx1.mail.yahoo.com internet address = 4.79.181.15 >> mx1.mail.yahoo.com internet address = 67.28.113.10 >> ns5.yahoo.com internet address = 216.109.116.17 >> ns1.yahoo.com internet address = 66.218.71.63 >> ns2.yahoo.com internet address = 66.163.169.170 >> ns3.yahoo.com internet address = 217.12.4.104 >> ns4.yahoo.com internet address = 63.250.206.138 >>> >> >> If you see the above response with the set vc and not before it or >> only a partial set before using the vc switch, then it is clearly an >> EDNS0 issue on the router. >> >> The set vc switch tells it to use TCP instead of UDP. If it works >> with the vc switch, and not without it, then it is an EDNS0 block. I >> provided hotmail.com as an example because it's response is >> definitely greater than 512 bytes. You can also not set it to 'mx' >> and leave it default when you invoke nslookup, and then try aol.com, >> microsoft.com, yahoo.com, as some examples with large responses. >> >> >> Ace >> >> >> . -- /kj
From: Ace Fekay [MVP-DS, MCT] on 9 Mar 2010 23:18 "kj [SBS MVP]" <KevinJ.SBS(a)SPAMFREE.gmail.com> wrote in message news:%23t2DFw6vKHA.3896(a)TK2MSFTNGP02.phx.gbl... > Jumping in late and not seeing which verison of SBS is in play. This > configuration is automatically ( and correctly ) done for you in SBS by > using the built in wizards (CIEW). EDNSO support is a different matter, but > configuration of SBS should be done with the wizard and verified with the > Best Practices Analyzer. This will allow you to focus troubelshooting to the > external devices. > Good point about the wizard. I forgot to mention that! :-) Ace
From: Terry on 11 Mar 2010 13:21 First I want to thank everyone that replied to this post. I tried all the suggestions even the Best Practices Analyzer, nothing helped. So I bit the bullet and called Microsoft. After 5 hours of the MS tech logged on to the server and one of the workstations he came to the figured it was the Norton (even though it was turned off)! We uninstalled Norton I experienced no problems after that. Again Thanks "Ace Fekay [MVP-DS, MCT]" wrote: > "kj [SBS MVP]" <KevinJ.SBS(a)SPAMFREE.gmail.com> wrote in message news:%23t2DFw6vKHA.3896(a)TK2MSFTNGP02.phx.gbl... > > Jumping in late and not seeing which verison of SBS is in play. This > > configuration is automatically ( and correctly ) done for you in SBS by > > using the built in wizards (CIEW). EDNSO support is a different matter, but > > configuration of SBS should be done with the wizard and verified with the > > Best Practices Analyzer. This will allow you to focus troubelshooting to the > > external devices. > > > > Good point about the wizard. I forgot to mention that! :-) > > Ace > > > . >
From: Ace Fekay [MVP-DS, MCT] on 12 Mar 2010 01:10
"Terry" <Terry(a)discussions.microsoft.com> wrote in message news:E7119AFA-A99C-4971-BD11-D2FEBF2B003E(a)microsoft.com... > First I want to thank everyone that replied to this post. > > I tried all the suggestions even the Best Practices Analyzer, nothing > helped. So I bit the bullet and called Microsoft. After 5 hours of the MS > tech logged on to the server and one of the workstations he came to the > figured it was the Norton (even though it was turned off)! We uninstalled > Norton I experienced no problems after that. > > Again Thanks > Interesting. Sounds like Norton's DLLs are similar to Zone Alarm's DLLs. Even when disabled, they affect functionality until uninstalled. Thank you for updating us and letting us know what the problem was and the fix. Ace |