"Jeff" <Jeff@discussions.microsoft.com> wrote in message
news:C03176D7-0173-4FE3-B3B5-80A81819811A@microsoft.com...

Quote:

Hi Ace, Thanks again to you and Meinholf. I know we're getting there. Thanks also for explaining the authentication and earlier issues. I thought if the F/S was also setup as a DC replicating AD from the Primary, it woud authenticate if the SBSDC was down. Here is the ipconfig from the abcfs01. I'm about to install DNS on it as you recommend. Windows IP Configuration Host Name . . . . . . . . . . . . : abcfs01 Primary Dns Suffix . . . . . . . : abc.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abc.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.2

It can answer authentication, if DNS is installed on it and the IP is set on
the client machines so the clients can find and use it. DNS is the *key* to
AD.

As mentioned earlier, I recommend to install DNS on it, wait 30 minutes,
make DNS on it as itself as the first entry, then the SBS as the second.
Make this the second entry on the SBS.

Did you change the scope range yet?

Once you install DNS on the other server, change Scope Option 006 to:
192.168.0.2 and 192.168.0.3

Ace

Hi Ace,
I’ve installed DNS on the abcfs01 (192.168.0.3). DNS propagated so I
haven’t done anything more in relation to DNS on it. In networking, I
updated the DNS so that it points to itself and has the SBSDC as the
alternate DNS server. On the SBSDC I made the F/S the alternate DNS. On
workstations I added the FS as the alternate DNS.

In DHCP on the SBSDC, I added 192.168.0.3 to the 006 scope so both DNS’s
servers are listed.

Again when confirming the 192.168.0.2 address, I received the error that the
IP was allocated to a NIC that was no longer installed in that PC. The
message popped up previously when I removed the ISP’s IPS from the DNS server
list and responded to accept the IP. It is odd because I cannot recall a NIC
referred to a Compaq Model and our servers are all IBM Series. Anyway I used
the MS procedure to attempt to remove it (viz: set
devmgr_show_nonpresent_devices=1 and ran DEVMGMT.MSC, clicked View to Show
Hidden Devices, expanded the Network Adapters tree) but the hidden NIC device
as per the error message was not listed. Could this be causing a problem?

Here is the current IPConfig from JSRfs01

Windows IP Configuration

Host Name . . . . . . . . . . . . : abcfs01
Primary Dns Suffix . . . . . . . : abc.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abc.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.3
192.168.0.2

Windows firewall is turned off and I looked at Group Policies on the SBS.
None were enforced or configured, but I disabled SBS firewall in the GP
Management on the SBSDC.

Would the DNS be affecting the ability to remote desktop to the SBSDC?

The SBS-DC has connectivity but to the network (evidenced by the network
security and SBS being able to ping other PCs and receive ISP email, but why
else couldn’t we ping the SBS?


"Ace Fekay [Microsoft Certified Trainer]" wrote:

Quote:

"Jeff" <Jeff@discussions.microsoft.com> wrote in message news:C03176D7-0173-4FE3-B3B5-80A81819811A@microsoft.com... Hi Ace, Thanks again to you and Meinholf. I know we're getting there. Thanks also for explaining the authentication and earlier issues. I thought if the F/S was also setup as a DC replicating AD from the Primary, it woud authenticate if the SBSDC was down. Here is the ipconfig from the abcfs01. I'm about to install DNS on it as you recommend. Windows IP Configuration Host Name . . . . . . . . . . . . : abcfs01 Primary Dns Suffix . . . . . . . : abc.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abc.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.2 It can answer authentication, if DNS is installed on it and the IP is set on the client machines so the clients can find and use it. DNS is the *key* to AD. As mentioned earlier, I recommend to install DNS on it, wait 30 minutes, make DNS on it as itself as the first entry, then the SBS as the second. Make this the second entry on the SBS. Did you change the scope range yet? Once you install DNS on the other server, change Scope Option 006 to: 192.168.0.2 and 192.168.0.3 Ace

Hi Ace,
I’ve installed DNS on the abcfs01 (192.168.0.3). DNS propagated so I
haven’t done anything more in relation to DNS on it. In networking, I
updated the DNS so that it points to itself and has the SBSDC as the
alternate DNS server. On the SBSDC I made the F/S the alternate DNS. On
workstations I added the FS as the alternate DNS.

In DHCP on the SBSDC, I added 192.168.0.3 to the 006 scope so both DNS’s
servers are listed. I’ve changed the scope address range for addresses to
distribute to 192.168.0.10 - 192.168.0.10.254 so there is no overlap. Wins
was already active on SBSDC

Other DHCP scope options are as you recommend, viz
Option 003 = 192.168.0.1
Option 006 = 192.168.0.2 and 192.168.0.3 (after installing DNS on F/S)
Option 015 = abc.local


Again when confirming the 192.168.0.2 address in Network setup, IP
properties, I received the error that the IP was allocated to a NIC that was
no longer installed in that PC. The message popped up previously when I
removed the ISP’s IPs from the DNS server list and responded to accept the
IP. It is odd because I cannot recall a NIC referred to a Compaq Model and
our servers are all IBM Servers with intel NICs. Anyway I used the MS
procedure to attempt to remove it (viz: set devmgr_show_nonpresent_devices=1
and ran DEVMGMT.MSC, clicked View to Show Hidden Devices, expanded the
Network Adapters tree) but the hidden NIC device as per the error message was
not listed. Could this be causing a problem?

Here is the current IPConfig from JSRfs01

Windows IP Configuration

Host Name . . . . . . . . . . . . : abcfs01
Primary Dns Suffix . . . . . . . : abc.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abc.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.3
192.168.0.2

Here is the current Ipconfig from SBSDC

Windows IP Configuration

Host Name . . . . . . . . . . . . : abcsbs01
Primary Dns Suffix . . . . . . . : abc.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : abc.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter
Physical Address. . . . . . . . . : 00-04-23-B9-AF-15
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.2
192.168.0.3

Windows firewall is turned off and I looked at Group Policies on the SBS.
None were enforced or configured, but I disabled SBS firewall in the GP
Management on the SBSDC.


Would the DNS be affecting the ability to remote desktop or ping to the SBSDC?

The SBS-DC has connectivity but to the network (evidenced by the network
security and SBS being able to ping other PCs and receive ISP email, but why
else couldn’t we ping the SBS?

Jeff

"Ace Fekay [Microsoft Certified Trainer]" wrote:

Quote:

"Jeff" <Jeff@discussions.microsoft.com> wrote in message news:B4EB5185-684A-47E4-B498-F9B08C4DE25D@microsoft.com... Hi Ace, The DHCP on the cable router & on the Smoothwall firewall are disabled. I’ve also shutdown the cable modem & smoothwall firewall and attempted to login as part of my tests. I’ve shut them I looked at RRAS. Yes it is installed but there don’t seem to be any policies that could prevent login. There are 3 default remote access policies - Mobile users, connections to routing & remote access servers & login time restrictions which allow 24/7. But I did stop it and attempted to log in from a Vista PC and still couldn't & the local DNS server name doesn’t display when doing IPCOnfig from that workstation. I've started RRAS again. The settings look correct. The 7 ports in use are WAN miniport VPNs, PPPoe & parallel. IP routing –General Loopback - 127.0.01, Local Area Connection – Dedicated - Enable IP Router Manager Use IP address has 192.168.0.2 (SBSDC). Multicast heartbeat & broadcast have no entries, not enabled Internal interfaces – IP Manager enabled but nothing specified Static routes – nothing specified I looked again at the DHCP setup and it appears correct Scope has 192.168.0.1 through 192.168.0.254 On the DNS tab, Enable DNS dynamic updates is not selected “Dynamically update DNS A & PTR Records if specifically requested by DHCP clients is ticked and greyed out. DHCP only is ticked on the Advanced tab. But going back to basics – I can’t ping the SBSDC (either IP or w/s name) from any other PC on the Lan, but the SBSDC can ping any PC on the LAN. On the SBSDC I can open OWA and see my current mail, but OWA on any workstation (or via remote access) gives IE errors. Jeff, Good DHCP on your two other devices are disabled. RRAS was just a possible cause. It looks like the settings are fine. For DHCP, the scope is overlapping existing IP addresses, such as your router (192.168.0.1), and your two servers (192.168.00.2 and .the other server, I think is 192.168.0.3). This will cause conflicts and may be the cause of why the workstations can't get an IP. You may have to delete the scope and re-created it, with settings such as: Scope: 192.168.0.100 - 192.168.0.254 Option 003 = 192.168.0.1 Option 006 = 192.168.0.2 and 192.168.0.3 (for the other DC after you install DNS on it) Option 015 = abc.local If you are using RRAS, I would suggest to use WINS so the remote users will be able to browse server shares and resources. If you do install WINS, add the following to Scope options: Option 044 = 192.168.0.2 Option 046 = 0x8 Getting closer. Also, I haven't seen the ipconfig /all of the other server. Ace

"Jeff" <Jeff@discussions.microsoft.com> wrote in message
news:B16FA6D4-B38F-4B5D-B097-7B853A1C049F@microsoft.com...

Quote:

Hi Ace, I’ve installed DNS on the abcfs01 (192.168.0.3). DNS propagated so I haven’t done anything more in relation to DNS on it. In networking, I updated the DNS so that it points to itself and has the SBSDC as the alternate DNS server. On the SBSDC I made the F/S the alternate DNS. On workstations I added the FS as the alternate DNS. In DHCP on the SBSDC, I added 192.168.0.3 to the 006 scope so both DNS’s servers are listed. Again when confirming the 192.168.0.2 address, I received the error that the IP was allocated to a NIC that was no longer installed in that PC. The message popped up previously when I removed the ISP’s IPS from the DNS server list and responded to accept the IP. It is odd because I cannot recall a NIC referred to a Compaq Model and our servers are all IBM Series. Anyway I used the MS procedure to attempt to remove it (viz: set devmgr_show_nonpresent_devices=1 and ran DEVMGMT.MSC, clicked View to Show Hidden Devices, expanded the Network Adapters tree) but the hidden NIC device as per the error message was not listed. Could this be causing a problem? Here is the current IPConfig from JSRfs01 Windows IP Configuration Host Name . . . . . . . . . . . . : abcfs01 Primary Dns Suffix . . . . . . . : abc.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abc.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.3 192.168.0.2 Windows firewall is turned off and I looked at Group Policies on the SBS. None were enforced or configured, but I disabled SBS firewall in the GP Management on the SBSDC. Would the DNS be affecting the ability to remote desktop to the SBSDC? The SBS-DC has connectivity but to the network (evidenced by the network security and SBS being able to ping other PCs and receive ISP email, but why else couldn’t we ping the SBS?

Hmm, it could be a problem. How are you answering the error message? To use
the IP or not use the IP, or is it not allowing you to use it?

As for RDP to the SBS, how are you connecting to it? Are you connecting to
it from within the office, or from home? What name aer you using? Does it
work if you connect by the fqdn (sbsdc.abc.local) or the IP address? Does it
work if you use the companyweb site, choosing Remote WebWorkplace to
remotely connect to your desktop then choosing the SBSDC?

If you run a gpresults at a command prompt, what GPOs are being applied to
the SBS? Maybe there is a group policy on it controlling the firewall that
is blocking ICMP Echos (ping responses). Go into control panel, Windows
Firewall, is the setting grayed out?

Did you adjust the DHCP Scope's IP range?

Ace

"Jeff" <Jeff@discussions.microsoft.com> wrote in message
news:E2839D63-2191-4A1F-87F4-94C18C31C690@microsoft.com...

Quote:

Hi Ace, I’ve installed DNS on the abcfs01 (192.168.0.3). DNS propagated so I haven’t done anything more in relation to DNS on it. In networking, I updated the DNS so that it points to itself and has the SBSDC as the alternate DNS server. On the SBSDC I made the F/S the alternate DNS. On workstations I added the FS as the alternate DNS. In DHCP on the SBSDC, I added 192.168.0.3 to the 006 scope so both DNS’s servers are listed. I’ve changed the scope address range for addresses to distribute to 192.168.0.10 - 192.168.0.10.254 so there is no overlap. Wins was already active on SBSDC Other DHCP scope options are as you recommend, viz Option 003 = 192.168.0.1 Option 006 = 192.168.0.2 and 192.168.0.3 (after installing DNS on F/S) Option 015 = abc.local Again when confirming the 192.168.0.2 address in Network setup, IP properties, I received the error that the IP was allocated to a NIC that was no longer installed in that PC. The message popped up previously when I removed the ISP’s IPs from the DNS server list and responded to accept the IP. It is odd because I cannot recall a NIC referred to a Compaq Model and our servers are all IBM Servers with intel NICs. Anyway I used the MS procedure to attempt to remove it (viz: set devmgr_show_nonpresent_devices=1 and ran DEVMGMT.MSC, clicked View to Show Hidden Devices, expanded the Network Adapters tree) but the hidden NIC device as per the error message was not listed. Could this be causing a problem? Here is the current IPConfig from JSRfs01 Windows IP Configuration Host Name . . . . . . . . . . . . : abcfs01 Primary Dns Suffix . . . . . . . : abc.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abc.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.3 192.168.0.2 Here is the current Ipconfig from SBSDC Windows IP Configuration Host Name . . . . . . . . . . . . : abcsbs01 Primary Dns Suffix . . . . . . . : abc.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : Yes DNS Suffix Search List. . . . . . : abc.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter Physical Address. . . . . . . . . : 00-04-23-B9-AF-15 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.2 192.168.0.3 Windows firewall is turned off and I looked at Group Policies on the SBS. None were enforced or configured, but I disabled SBS firewall in the GP Management on the SBSDC. Would the DNS be affecting the ability to remote desktop or ping to the SBSDC? The SBS-DC has connectivity but to the network (evidenced by the network security and SBS being able to ping other PCs and receive ISP email, but why else couldn’t we ping the SBS? Jeff

The ipconfigs look good.

As for that NIC IP error, if continues to be an issue, IF you want, choose
another IP, 192.168.0.4. Make sure you change it for the DNS address, too.
Then go into Advanced, WINS tab, and make sure the WINS address is updated,
but I don;t see it in ipconfig, so it appears you;ve never set the WINS
address on the SBS. You still have to tell a server to use itself for WINS.
Then go to the other DC and reflect that change, too for both DNS and WINS.

Once you do that, go into a command prompt:
ipconfig /registerdns
net stop netlogon
net start netlogon

Then change the DHCP options to reflect the new IP for DNS and WINS.

Ace

Hi Ace,

re: the NIC Error message - I respond to accept the IP and I dont get any
different errors. The error/warning only appears when changing the DNS
server Ips in network configuration. That IP is returned when pinging the
SBS name (abcsbs01) on the sbs box so Im assuming it works. On reflection, I
beleive it is why the additional IP (192.168.0. was also setup for this NIC
in the event the current one (with a ghost) was problematic.

Re: WINS - Probably never used since Win 2003. But I've now added the IP
of the SBS in SBS network configuration so it points to itself with the other
server IP second. Done similar on the file server pointing to itself first,
then the SBS as the second WINS address. Enable LMHosts is selected, but
there is no LMHosts file in system32\drivers\etc.

But I'm not sure where to change/setup the WINS in DNS? I've just done it
on the WINS tab in networking. and added ther Ip to the WINS list in DHCP
Scope 044 after net IPconfig /registerdns, net stop/start.

When looking at the newly setup DNS for ancfs01, I noticed a few
error/warning messages in the DNS log.

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 20/04/2009
Time: 10:57:54 PM
User: N/A
Computer: JSRFS01
Description:
The DNS server has encountered a critical error from the Active Directory.
Check that the Active Directory is functioning properly. The extended error
debug information (which may be empty) is "". The event data contains the
error.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 00 00 00 Q...


and


Event Type: Information
Event Source: DNS
Event Category: None
Event ID: 4514
Date: 20/04/2009
Time: 10:56:23 PM
User: N/A
Computer: JSRFS01
Description:
The DNS server detected that it is not enlisted in the replication scope of
the directory partition DomainDnsZones.jsr.local. This prevents the zones
that should be replicated to all DNS servers in the jsr.local domain from
replicating to this DNS server. For information on how to add a DNS server to
the replication scope of an application directory partition, please see Help
and Support.

To create or repair the domain-wide DNS directory partition, open the the
DNS console. Right-click the applicable DNS server, and then click 'Create
Default Application Directory Partitions'. Follow the instructions to create
the default DNS application directory partitions. For more information, see
'To create the default DNS application directory partitions' in Help and
Support.
The error was 8367.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: af 20 00 00 ¯ ..


On SBSDC I selected the DNS Server, right button moused and selected ..
Create ..
I then got a message "The partition to replicate zone data to all DNS
servers in the Active Directory domain was not created. The specified
directory partitin already exists. So not sure what to in relation to this
error message.

Thanks,

Jeff


"Ace Fekay [Microsoft Certified Trainer]" wrote:

Quote:

"Jeff" <Jeff@discussions.microsoft.com> wrote in message news:E2839D63-2191-4A1F-87F4-94C18C31C690@microsoft.com... Hi Ace, I’ve installed DNS on the abcfs01 (192.168.0.3). DNS propagated so I haven’t done anything more in relation to DNS on it. In networking, I updated the DNS so that it points to itself and has the SBSDC as the alternate DNS server. On the SBSDC I made the F/S the alternate DNS. On workstations I added the FS as the alternate DNS. In DHCP on the SBSDC, I added 192.168.0.3 to the 006 scope so both DNS’s servers are listed. I’ve changed the scope address range for addresses to distribute to 192.168.0.10 - 192.168.0.10.254 so there is no overlap. Wins was already active on SBSDC Other DHCP scope options are as you recommend, viz Option 003 = 192.168.0.1 Option 006 = 192.168.0.2 and 192.168.0.3 (after installing DNS on F/S) Option 015 = abc.local Again when confirming the 192.168.0.2 address in Network setup, IP properties, I received the error that the IP was allocated to a NIC that was no longer installed in that PC. The message popped up previously when I removed the ISP’s IPs from the DNS server list and responded to accept the IP. It is odd because I cannot recall a NIC referred to a Compaq Model and our servers are all IBM Servers with intel NICs. Anyway I used the MS procedure to attempt to remove it (viz: set devmgr_show_nonpresent_devices=1 and ran DEVMGMT.MSC, clicked View to Show Hidden Devices, expanded the Network Adapters tree) but the hidden NIC device as per the error message was not listed. Could this be causing a problem? Here is the current IPConfig from JSRfs01 Windows IP Configuration Host Name . . . . . . . . . . . . : abcfs01 Primary Dns Suffix . . . . . . . : abc.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abc.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.3 192.168.0.2 Here is the current Ipconfig from SBSDC Windows IP Configuration Host Name . . . . . . . . . . . . : abcsbs01 Primary Dns Suffix . . . . . . . : abc.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : Yes DNS Suffix Search List. . . . . . : abc.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter Physical Address. . . . . . . . . : 00-04-23-B9-AF-15 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.2 192.168.0.3 Windows firewall is turned off and I looked at Group Policies on the SBS. None were enforced or configured, but I disabled SBS firewall in the GP Management on the SBSDC. Would the DNS be affecting the ability to remote desktop or ping to the SBSDC? The SBS-DC has connectivity but to the network (evidenced by the network security and SBS being able to ping other PCs and receive ISP email, but why else couldn’t we ping the SBS? Jeff The ipconfigs look good. As for that NIC IP error, if continues to be an issue, IF you want, choose another IP, 192.168.0.4. Make sure you change it for the DNS address, too. Then go into Advanced, WINS tab, and make sure the WINS address is updated, but I don;t see it in ipconfig, so it appears you;ve never set the WINS address on the SBS. You still have to tell a server to use itself for WINS. Then go to the other DC and reflect that change, too for both DNS and WINS. Once you do that, go into a command prompt: ipconfig /registerdns net stop netlogon net start netlogon Then change the DHCP options to reflect the new IP for DNS and WINS. Ace

Hi Ace,

I've responded to use the IP. Otherwise it prompts for a new IP.

re: RDP - im connecting to it int he office - same LAN - just with abcsbs01
which I've previously always used successfully. I've also tried 192.168.0.2
unsucessfully.
But I can connect from SBS to f/s using abcfs01 successfully.

Remote Web Workplace isnt setup, but I can do so later. Could OWA
internally be not functioning (apart from directly on the SBS/Exchange box)
because of a routing issue?

Here is GPResult:
C:\>gpresult

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 4/21/2009 at 1:36:14 AM


RSOP data for ABC\jeffr on ABCSBS01 : Logging Mode
---------------------------------------------------

OS Type: Microsoft(R) Windows(R) Server 2003 for Small
Busin
ess Server
OS Configuration: Primary Domain Controller
OS Version: 5.2.3790
Terminal Server Mode: Remote Administration
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\jeffr
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
CN=ABCSBS01,OU=Domain Controllers,DC=abc,DC=local
Last time Group Policy was applied: 4/21/2009 at 1:33:24 AM
Group Policy was applied from: abcsbs01.abc.local
Group Policy slow link threshold: 500 kbps
Domain Name: abc
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Small Business Server Auditing Policy
Default Domain Controllers Policy
Windows Update Server
Small Business Server Client Computer
Small Business Server Remote Assistance Policy
Small Business Server Lockout Policy
Small Business Server Domain Password Policy
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Small Business Server Windows Firewall
Filtering: Disabled (GPO)

Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2

Windows Client Firewall Policy ITM & Etrust
Filtering: Disabled (GPO)

Local Group Policy
Filtering: Not Applied (Empty)

Small Business Server - Windows Vista policy
Filtering: Denied (WMI Filter)
WMI Filter: Vista

The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
Windows Authorization Access Group
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
ABCSBS01$
Domain Controllers
Exchange Domain Servers
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
RAS and IAS Servers
Exchange Enterprise Servers


USER SETTINGS
--------------
CN=Jeff B,CN=Users,DC=abc,DC=local
Last time Group Policy was applied: 4/21/2009 at 12:13:16 AM
Group Policy was applied from: abcsbs01.abc.local
Group Policy slow link threshold: 500 kbps
Domain Name: ABC
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Small Business Server Lockout Policy
Filtering: Disabled (GPO)

Small Business Server Windows Firewall
Filtering: Disabled (GPO)

Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2

Windows Client Firewall Policy ITM & Etrust
Filtering: Denied (WMI Filter)
WMI Filter: PostSP2

Small Business Server Client Computer
Filtering: Not Applied (Empty)

Local Group Policy
Filtering: Not Applied (Empty)

Small Business Server Remote Assistance Policy
Filtering: Disabled (GPO)

Small Business Server - Windows Vista policy
Filtering: Denied (WMI Filter)
WMI Filter: Vista

Small Business Server Domain Password Policy
Filtering: Not Applied (Empty)

The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Domain Admins
SBS Internet Users
SBS Mobile Users
SBS Report Users
Offer Remote Assistance Helpers


re: DHCP Scope - Yes adjusted . the scope for availalbe handout is
192.168.0.10 to 192.168.0.254. Not availalbe is 192.168.0.1 to 192.168.0.9

re: Firewall - When I selected Control Panel Windows Firewall, I got the
message Windows Firewall cannot run because another program or service is
running that might use the network address translation component (IPNat.sys).

Jeff


"Ace Fekay [Microsoft Certified Trainer]" wrote:

Quote:

"Jeff" <Jeff@discussions.microsoft.com> wrote in message news:B16FA6D4-B38F-4B5D-B097-7B853A1C049F@microsoft.com... Hi Ace, I’ve installed DNS on the abcfs01 (192.168.0.3). DNS propagated so I haven’t done anything more in relation to DNS on it. In networking, I updated the DNS so that it points to itself and has the SBSDC as the alternate DNS server. On the SBSDC I made the F/S the alternate DNS. On workstations I added the FS as the alternate DNS. In DHCP on the SBSDC, I added 192.168.0.3 to the 006 scope so both DNS’s servers are listed. Again when confirming the 192.168.0.2 address, I received the error that the IP was allocated to a NIC that was no longer installed in that PC. The message popped up previously when I removed the ISP’s IPS from the DNS server list and responded to accept the IP. It is odd because I cannot recall a NIC referred to a Compaq Model and our servers are all IBM Series. Anyway I used the MS procedure to attempt to remove it (viz: set devmgr_show_nonpresent_devices=1 and ran DEVMGMT.MSC, clicked View to Show Hidden Devices, expanded the Network Adapters tree) but the hidden NIC device as per the error message was not listed. Could this be causing a problem? Here is the current IPConfig from JSRfs01 Windows IP Configuration Host Name . . . . . . . . . . . . : abcfs01 Primary Dns Suffix . . . . . . . : abc.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abc.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.3 192.168.0.2 Windows firewall is turned off and I looked at Group Policies on the SBS. None were enforced or configured, but I disabled SBS firewall in the GP Management on the SBSDC. Would the DNS be affecting the ability to remote desktop to the SBSDC? The SBS-DC has connectivity but to the network (evidenced by the network security and SBS being able to ping other PCs and receive ISP email, but why else couldn’t we ping the SBS? Hmm, it could be a problem. How are you answering the error message? To use the IP or not use the IP, or is it not allowing you to use it? As for RDP to the SBS, how are you connecting to it? Are you connecting to it from within the office, or from home? What name aer you using? Does it work if you connect by the fqdn (sbsdc.abc.local) or the IP address? Does it work if you use the companyweb site, choosing Remote WebWorkplace to remotely connect to your desktop then choosing the SBSDC? If you run a gpresults at a command prompt, what GPOs are being applied to the SBS? Maybe there is a group policy on it controlling the firewall that is blocking ICMP Echos (ping responses). Go into control panel, Windows Firewall, is the setting grayed out? Did you adjust the DHCP Scope's IP range? Ace

"Jeff" <Jeff@discussions.microsoft.com> wrote in message
news:ECEF5583-5CD4-456F-B6E7-6EACB7027F67@microsoft.com...

Quote:

Hi Ace, I've responded to use the IP. Otherwise it prompts for a new IP. re: RDP - im connecting to it int he office - same LAN - just with abcsbs01 which I've previously always used successfully. I've also tried 192.168.0.2 unsucessfully. But I can connect from SBS to f/s using abcfs01 successfully. Remote Web Workplace isnt setup, but I can do so later. Could OWA internally be not functioning (apart from directly on the SBS/Exchange box) because of a routing issue? Here is GPResult: C:\>gpresult Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0 Copyright (C) Microsoft Corp. 1981-2001 Created On 4/21/2009 at 1:36:14 AM RSOP data for ABC\jeffr on ABCSBS01 : Logging Mode --------------------------------------------------- OS Type: Microsoft(R) Windows(R) Server 2003 for Small Busin ess Server OS Configuration: Primary Domain Controller OS Version: 5.2.3790 Terminal Server Mode: Remote Administration Site Name: Default-First-Site-Name Roaming Profile: Local Profile: C:\Documents and Settings\jeffr Connected over a slow link?: No COMPUTER SETTINGS ------------------ CN=ABCSBS01,OU=Domain Controllers,DC=abc,DC=local Last time Group Policy was applied: 4/21/2009 at 1:33:24 AM Group Policy was applied from: abcsbs01.abc.local Group Policy slow link threshold: 500 kbps Domain Name: abc Domain Type: Windows 2000 Applied Group Policy Objects ----------------------------- Small Business Server Auditing Policy Default Domain Controllers Policy Windows Update Server Small Business Server Client Computer Small Business Server Remote Assistance Policy Small Business Server Lockout Policy Small Business Server Domain Password Policy Default Domain Policy The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Small Business Server Windows Firewall Filtering: Disabled (GPO) Small Business Server Internet Connection Firewall Filtering: Denied (WMI Filter) WMI Filter: PreSP2 Windows Client Firewall Policy ITM & Etrust Filtering: Disabled (GPO) Local Group Policy Filtering: Not Applied (Empty) Small Business Server - Windows Vista policy Filtering: Denied (WMI Filter) WMI Filter: Vista The computer is a part of the following security groups ------------------------------------------------------- BUILTIN\Administrators Everyone BUILTIN\Users BUILTIN\Pre-Windows 2000 Compatible Access Windows Authorization Access Group NT AUTHORITY\NETWORK NT AUTHORITY\Authenticated Users This Organization ABCSBS01$ Domain Controllers Exchange Domain Servers NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS RAS and IAS Servers Exchange Enterprise Servers USER SETTINGS -------------- CN=Jeff B,CN=Users,DC=abc,DC=local Last time Group Policy was applied: 4/21/2009 at 12:13:16 AM Group Policy was applied from: abcsbs01.abc.local Group Policy slow link threshold: 500 kbps Domain Name: ABC Domain Type: Windows 2000 Applied Group Policy Objects ----------------------------- Default Domain Policy The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Small Business Server Lockout Policy Filtering: Disabled (GPO) Small Business Server Windows Firewall Filtering: Disabled (GPO) Small Business Server Internet Connection Firewall Filtering: Denied (WMI Filter) WMI Filter: PreSP2 Windows Client Firewall Policy ITM & Etrust Filtering: Denied (WMI Filter) WMI Filter: PostSP2 Small Business Server Client Computer Filtering: Not Applied (Empty) Local Group Policy Filtering: Not Applied (Empty) Small Business Server Remote Assistance Policy Filtering: Disabled (GPO) Small Business Server - Windows Vista policy Filtering: Denied (WMI Filter) WMI Filter: Vista Small Business Server Domain Password Policy Filtering: Not Applied (Empty) The user is a part of the following security groups --------------------------------------------------- Domain Users Everyone BUILTIN\Administrators BUILTIN\Users NT AUTHORITY\INTERACTIVE NT AUTHORITY\Authenticated Users This Organization LOCAL Domain Admins SBS Internet Users SBS Mobile Users SBS Report Users Offer Remote Assistance Helpers re: DHCP Scope - Yes adjusted . the scope for availalbe handout is 192.168.0.10 to 192.168.0.254. Not availalbe is 192.168.0.1 to 192.168.0.9 re: Firewall - When I selected Control Panel Windows Firewall, I got the message Windows Firewall cannot run because another program or service is running that might use the network address translation component (IPNat.sys). Jeff

Jeff,

The IPNAT error is an indication the machine is setup to share a connection.
Since you are using a separate router, and this machine only has a single
NIC enabled, it should be disabled. Apparently this error is RAS is causing
the issue with not being able to RDP into it. How did you configure RRAS?
Did you use the SBS Console? Did you setup it up to share a connection? I
suggest to disable RRAS. If you only need RRAS for VPNs, it must be setup
manually to be a VPN server, but not to share the connection. See if the
following will help you configure a VP (similar to 2003).

HOW TO: Turn On and Configure Inbound VPN Access in Small Business Server
2000
http://support.microsoft.com/kb/320697

I also cross posted this to the SBS group to see if the SBS experts can
offer anything I am not seeing.

Ace

"Jeff" <Jeff@discussions.microsoft.com> wrote in message
news:91E9B98F-351B-46D1-807B-518A9DF1A784@microsoft.com...

Quote:

Hi Ace, re: the NIC Error message - I respond to accept the IP and I dont get any different errors. The error/warning only appears when changing the DNS server Ips in network configuration. That IP is returned when pinging the SBS name (abcsbs01) on the sbs box so Im assuming it works. On reflection, I beleive it is why the additional IP (192.168.0. was also setup for this NIC in the event the current one (with a ghost) was problematic. Re: WINS - Probably never used since Win 2003. But I've now added the IP of the SBS in SBS network configuration so it points to itself with the other server IP second. Done similar on the file server pointing to itself first, then the SBS as the second WINS address. Enable LMHosts is selected, but there is no LMHosts file in system32\drivers\etc. But I'm not sure where to change/setup the WINS in DNS? I've just done it on the WINS tab in networking. and added ther Ip to the WINS list in DHCP Scope 044 after net IPconfig /registerdns, net stop/start. When looking at the newly setup DNS for ancfs01, I noticed a few error/warning messages in the DNS log. Event Type: Error Event Source: DNS Event Category: None Event ID: 4015 Date: 20/04/2009 Time: 10:57:54 PM User: N/A Computer: JSRFS01 Description: The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 51 00 00 00 Q... and Event Type: Information Event Source: DNS Event Category: None Event ID: 4514 Date: 20/04/2009 Time: 10:56:23 PM User: N/A Computer: JSRFS01 Description: The DNS server detected that it is not enlisted in the replication scope of the directory partition DomainDnsZones.jsr.local. This prevents the zones that should be replicated to all DNS servers in the jsr.local domain from replicating to this DNS server. For information on how to add a DNS server to the replication scope of an application directory partition, please see Help and Support. To create or repair the domain-wide DNS directory partition, open the the DNS console. Right-click the applicable DNS server, and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information, see 'To create the default DNS application directory partitions' in Help and Support. The error was 8367. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: af 20 00 00 ¯ .. On SBSDC I selected the DNS Server, right button moused and selected .. Create .. I then got a message "The partition to replicate zone data to all DNS servers in the Active Directory domain was not created. The specified directory partitin already exists. So not sure what to in relation to this error message. Thanks, Jeff

WINS is not setup in DNS. Simply install WINS (already installed in your
case), then in IP properties, Advance, WINS tab, make sure the IP address of
the WINS server (this server) is in the WINS server IP list, which you did.
That;s all you need to do. This, along with DHCP set to give it out, will
allow all machines to use it, including your VPN clients.

The replication error may be a sign of the IPNAT error causing an issue with
communication wtih this server. See my other post, which I cross posted to
the SBS group to see if they can offer anything additional I am not seeing.

Ace

OK thanks - appreciated. I'll reply in your other post above.

"Ace Fekay [Microsoft Certified Trainer]" wrote:

Quote:

"Jeff" <Jeff@discussions.microsoft.com> wrote in message news:91E9B98F-351B-46D1-807B-518A9DF1A784@microsoft.com... Hi Ace, re: the NIC Error message - I respond to accept the IP and I dont get any different errors. The error/warning only appears when changing the DNS server Ips in network configuration. That IP is returned when pinging the SBS name (abcsbs01) on the sbs box so Im assuming it works. On reflection, I beleive it is why the additional IP (192.168.0. was also setup for this NIC in the event the current one (with a ghost) was problematic. Re: WINS - Probably never used since Win 2003. But I've now added the IP of the SBS in SBS network configuration so it points to itself with the other server IP second. Done similar on the file server pointing to itself first, then the SBS as the second WINS address. Enable LMHosts is selected, but there is no LMHosts file in system32\drivers\etc. But I'm not sure where to change/setup the WINS in DNS? I've just done it on the WINS tab in networking. and added ther Ip to the WINS list in DHCP Scope 044 after net IPconfig /registerdns, net stop/start. When looking at the newly setup DNS for ancfs01, I noticed a few error/warning messages in the DNS log. Event Type: Error Event Source: DNS Event Category: None Event ID: 4015 Date: 20/04/2009 Time: 10:57:54 PM User: N/A Computer: JSRFS01 Description: The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 51 00 00 00 Q... and Event Type: Information Event Source: DNS Event Category: None Event ID: 4514 Date: 20/04/2009 Time: 10:56:23 PM User: N/A Computer: JSRFS01 Description: The DNS server detected that it is not enlisted in the replication scope of the directory partition DomainDnsZones.jsr.local. This prevents the zones that should be replicated to all DNS servers in the jsr.local domain from replicating to this DNS server. For information on how to add a DNS server to the replication scope of an application directory partition, please see Help and Support. To create or repair the domain-wide DNS directory partition, open the the DNS console. Right-click the applicable DNS server, and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information, see 'To create the default DNS application directory partitions' in Help and Support. The error was 8367. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: af 20 00 00 ¯ .. On SBSDC I selected the DNS Server, right button moused and selected .. Create .. I then got a message "The partition to replicate zone data to all DNS servers in the Active Directory domain was not created. The specified directory partitin already exists. So not sure what to in relation to this error message. Thanks, Jeff WINS is not setup in DNS. Simply install WINS (already installed in your case), then in IP properties, Advance, WINS tab, make sure the IP address of the WINS server (this server) is in the WINS server IP list, which you did. That;s all you need to do. This, along with DHCP set to give it out, will allow all machines to use it, including your VPN clients. The replication error may be a sign of the IPNAT error causing an issue with communication wtih this server. See my other post, which I cross posted to the SBS group to see if they can offer anything additional I am not seeing. Ace

Hi Ace,
I've disabled the RAS service. Actually it has never been configured and
tthe other day was the first time I looked at it in reponse to your
questions. RDP has always previously worked. I've only ever used RDP from
inside our LAN, not externally accessed.

I''lm currently lokoing at the DNS errors on both servers. I've checked FRS
is running on both. Have run ntfrsut1 version.

On SBSDC dcdiag /testdns abc.local passed all. But when running the same
test on the DNS installed last night, I got a few errors when it was
validating back to the SBSDC

Here is the DCDiag from abcfs01

Doing initial required tests

Testing server: Default-First-Site-Name\abcFS01
Starting test: Connectivity
......................... abcFS01 passed test Connectivity

Doing primary tests
Testing server: Default-First-Site-Name\abcFS01

DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : abc
Running enterprise tests on : abc.local
Starting test: DNS
Test results for domain controllers:

DC: abcfs01.abc.local
Domain: abc.local

TEST: Basic (Basc)
Warning: adapter [00000001] Broadcom NetXtreme Gigabit
Ethernet has invalid DNS server: 192.168.0.2 (<name unavailable>)

Summary of test results for DNS servers used by the above domain controllers:

DNS server: 192.168.0.2 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.2
Name resolution is not functional. _ldap._tcp.abc.local.
failed on the DNS server 192.168.0.2

Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: abc.local
abcfs01 PASS WARN PASS PASS PASS PASS
n/a

......................... abc.local passed test DNS

Can you please let me know what I should do about the PTR record error
reported on trhe file server diag?

Here is a curent ipconfig from SBSDC

Windows IP Configuration
Host Name . . . . . . . . . . . . : abcsbs01
Primary Dns Suffix . . . . . . . : abc.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abc.local

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter
Physical Address. . . . . . . . . : 00-04-23-B9-AF-15
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.2
192.168.0.3
Primary WINS Server . . . . . . . : 192.168.0.2
Secondary WINS Server . . . . . . : 192.168.0.3


Here is the IPconfig from file server abcfs01 (with new DNS that shows
problems)

Windows IP Configuration
Host Name . . . . . . . . . . . . : abcfs01
Primary Dns Suffix . . . . . . . : abc.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abc.local

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.3
192.168.0.2
Primary WINS Server . . . . . . . : 192.168.0.3
Secondary WINS Server . . . . . . : 192.168.0.2


Thanks.
Jeff


"Ace Fekay [Microsoft Certified Trainer]" wrote:

Quote:

"Jeff" <Jeff@discussions.microsoft.com> wrote in message news:ECEF5583-5CD4-456F-B6E7-6EACB7027F67@microsoft.com... Hi Ace, I've responded to use the IP. Otherwise it prompts for a new IP. re: RDP - im connecting to it int he office - same LAN - just with abcsbs01 which I've previously always used successfully. I've also tried 192.168.0.2 unsucessfully. But I can connect from SBS to f/s using abcfs01 successfully. Remote Web Workplace isnt setup, but I can do so later. Could OWA internally be not functioning (apart from directly on the SBS/Exchange box) because of a routing issue? Here is GPResult: C:\>gpresult Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0 Copyright (C) Microsoft Corp. 1981-2001 Created On 4/21/2009 at 1:36:14 AM RSOP data for ABC\jeffr on ABCSBS01 : Logging Mode --------------------------------------------------- OS Type: Microsoft(R) Windows(R) Server 2003 for Small Busin ess Server OS Configuration: Primary Domain Controller OS Version: 5.2.3790 Terminal Server Mode: Remote Administration Site Name: Default-First-Site-Name Roaming Profile: Local Profile: C:\Documents and Settings\jeffr Connected over a slow link?: No COMPUTER SETTINGS ------------------ CN=ABCSBS01,OU=Domain Controllers,DC=abc,DC=local Last time Group Policy was applied: 4/21/2009 at 1:33:24 AM Group Policy was applied from: abcsbs01.abc.local Group Policy slow link threshold: 500 kbps Domain Name: abc Domain Type: Windows 2000 Applied Group Policy Objects ----------------------------- Small Business Server Auditing Policy Default Domain Controllers Policy Windows Update Server Small Business Server Client Computer Small Business Server Remote Assistance Policy Small Business Server Lockout Policy Small Business Server Domain Password Policy Default Domain Policy The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Small Business Server Windows Firewall Filtering: Disabled (GPO) Small Business Server Internet Connection Firewall Filtering: Denied (WMI Filter) WMI Filter: PreSP2 Windows Client Firewall Policy ITM & Etrust Filtering: Disabled (GPO) Local Group Policy Filtering: Not Applied (Empty) Small Business Server - Windows Vista policy Filtering: Denied (WMI Filter) WMI Filter: Vista The computer is a part of the following security groups ------------------------------------------------------- BUILTIN\Administrators Everyone BUILTIN\Users BUILTIN\Pre-Windows 2000 Compatible Access Windows Authorization Access Group NT AUTHORITY\NETWORK NT AUTHORITY\Authenticated Users This Organization ABCSBS01$ Domain Controllers Exchange Domain Servers NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS RAS and IAS Servers Exchange Enterprise Servers USER SETTINGS -------------- CN=Jeff B,CN=Users,DC=abc,DC=local Last time Group Policy was applied: 4/21/2009 at 12:13:16 AM Group Policy was applied from: abcsbs01.abc.local Group Policy slow link threshold: 500 kbps Domain Name: ABC Domain Type: Windows 2000 Applied Group Policy Objects ----------------------------- Default Domain Policy The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Small Business Server Lockout Policy Filtering: Disabled (GPO) Small Business Server Windows Firewall Filtering: Disabled (GPO) Small Business Server Internet Connection Firewall Filtering: Denied (WMI Filter) WMI Filter: PreSP2 Windows Client Firewall Policy ITM & Etrust Filtering: Denied (WMI Filter) WMI Filter: PostSP2 Small Business Server Client Computer Filtering: Not Applied (Empty) Local Group Policy Filtering: Not Applied (Empty) Small Business Server Remote Assistance Policy Filtering: Disabled (GPO) Small Business Server - Windows Vista policy Filtering: Denied (WMI Filter) WMI Filter: Vista Small Business Server Domain Password Policy Filtering: Not Applied (Empty) The user is a part of the following security groups --------------------------------------------------- Domain Users Everyone BUILTIN\Administrators BUILTIN\Users NT AUTHORITY\INTERACTIVE NT AUTHORITY\Authenticated Users This Organization LOCAL Domain Admins SBS Internet Users SBS Mobile Users SBS Report Users Offer Remote Assistance Helpers re: DHCP Scope - Yes adjusted . the scope for availalbe handout is 192.168.0.10 to 192.168.0.254. Not availalbe is 192.168.0.1 to 192.168.0.9 re: Firewall - When I selected Control Panel Windows Firewall, I got the message Windows Firewall cannot run because another program or service is running that might use the network address translation component (IPNat.sys). Jeff Jeff, The IPNAT error is an indication the machine is setup to share a connection. Since you are using a separate router, and this machine only has a single NIC enabled, it should be disabled. Apparently this error is RAS is causing the issue with not being able to RDP into it. How did you configure RRAS? Did you use the SBS Console? Did you setup it up to share a connection? I suggest to disable RRAS. If you only need RRAS for VPNs, it must be setup manually to be a VPN server, but not to share the connection. See if the following will help you configure a VP (similar to 2003). HOW TO: Turn On and Configure Inbound VPN Access in Small Business Server 2000 http://support.microsoft.com/kb/320697 I also cross posted this to the SBS group to see if the SBS experts can offer anything I am not seeing. Ace

"Jeff" <Jeff@discussions.microsoft.com> wrote in message
news:A91EACE0-EF33-46E5-AA79-D3C08EBBEB87@microsoft.com...

Quote:

Hi Ace, I've disabled the RAS service. Actually it has never been configured and tthe other day was the first time I looked at it in reponse to your questions. RDP has always previously worked. I've only ever used RDP from inside our LAN, not externally accessed. I''lm currently lokoing at the DNS errors on both servers. I've checked FRS is running on both. Have run ntfrsut1 version. On SBSDC dcdiag /testdns abc.local passed all. But when running the same test on the DNS installed last night, I got a few errors when it was validating back to the SBSDC Here is the DCDiag from abcfs01 Doing initial required tests Testing server: Default-First-Site-Name\abcFS01 Starting test: Connectivity ......................... abcFS01 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\abcFS01 DNS Tests are running and not hung. Please wait a few minutes... Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : abc Running enterprise tests on : abc.local Starting test: DNS Test results for domain controllers: DC: abcfs01.abc.local Domain: abc.local TEST: Basic (Basc) Warning: adapter [00000001] Broadcom NetXtreme Gigabit Ethernet has invalid DNS server: 192.168.0.2 (<name unavailable>) Summary of test results for DNS servers used by the above domain controllers: DNS server: 192.168.0.2 (<name unavailable>) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.2 Name resolution is not functional. _ldap._tcp.abc.local. failed on the DNS server 192.168.0.2 Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext ________________________________________________________________ Domain: abc.local abcfs01 PASS WARN PASS PASS PASS PASS n/a ......................... abc.local passed test DNS Can you please let me know what I should do about the PTR record error reported on trhe file server diag? Here is a curent ipconfig from SBSDC Windows IP Configuration Host Name . . . . . . . . . . . . : abcsbs01 Primary Dns Suffix . . . . . . . : abc.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abc.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter Physical Address. . . . . . . . . : 00-04-23-B9-AF-15 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.2 192.168.0.3 Primary WINS Server . . . . . . . : 192.168.0.2 Secondary WINS Server . . . . . . : 192.168.0.3 Here is the IPconfig from file server abcfs01 (with new DNS that shows problems) Windows IP Configuration Host Name . . . . . . . . . . . . : abcfs01 Primary Dns Suffix . . . . . . . : abc.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abc.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.3 192.168.0.2 Primary WINS Server . . . . . . . : 192.168.0.3 Secondary WINS Server . . . . . . : 192.168.0.2 Thanks. Jeff

The 127.0.0.1 PTR error may be coming from that hidden interface you were
talking about in an earlier post. Go into Services, and make sure RRAS is
disabled. Go into Computer Management, and make sure it is disabled there as
well.

The connection issue to the SBS from the second machine appears to be
related to the RRAS IPNAT issue.

Run the SBS BPA on the SBS:
Microsoft Windows Small Business Server 2003 Best Practices Analyzer
http://207.46.19.190/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en

Small Business Server 2003 Best Practices Analyzer Updated
http://blogs.technet.com/sbs/archive/2008/02/20/small-business-server-2003-best-practices-analyzer-updated.aspx

How to Use the Windows SBS 2003 BPA
http://blogs.technet.com/sbs/archive/2007/10/22/how-to-use-the-windows-sbs-2003-bpa.aspx

Ace

Hi Ace,

Thanks a lot for your help. I ran the SBS best practices and worked through
one article that helped me identify the rogue NIC that I couldnt remove
earlier (documented in MS KB875422 method 3). I think that has helped
overcome the problem however it is curious as to why I that server all of a
sudden lost connectivity.

Anyway SBS is almost back on track and I now just have these DCDIAG problems
to sort out.

Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... JSRFS01 failed test frsevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2009 01:03:55
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2009 01:03:55
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2009 01:03:56
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2009 01:04:04
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2009 01:04:05
(Event String could not be retrieved)
......................... ABCFS01 failed test systemlog


Thanks,
Jeff


"Ace Fekay [Microsoft Certified Trainer]" wrote:

Quote:

"Jeff" <Jeff@discussions.microsoft.com> wrote in message news:A91EACE0-EF33-46E5-AA79-D3C08EBBEB87@microsoft.com... Hi Ace, I've disabled the RAS service. Actually it has never been configured and tthe other day was the first time I looked at it in reponse to your questions. RDP has always previously worked. I've only ever used RDP from inside our LAN, not externally accessed. I''lm currently lokoing at the DNS errors on both servers. I've checked FRS is running on both. Have run ntfrsut1 version. On SBSDC dcdiag /testdns abc.local passed all. But when running the same test on the DNS installed last night, I got a few errors when it was validating back to the SBSDC Here is the DCDiag from abcfs01 Doing initial required tests Testing server: Default-First-Site-Name\abcFS01 Starting test: Connectivity ......................... abcFS01 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\abcFS01 DNS Tests are running and not hung. Please wait a few minutes... Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : abc Running enterprise tests on : abc.local Starting test: DNS Test results for domain controllers: DC: abcfs01.abc.local Domain: abc.local TEST: Basic (Basc) Warning: adapter [00000001] Broadcom NetXtreme Gigabit Ethernet has invalid DNS server: 192.168.0.2 (<name unavailable>) Summary of test results for DNS servers used by the above domain controllers: DNS server: 192.168.0.2 (<name unavailable>) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.2 Name resolution is not functional. _ldap._tcp.abc.local. failed on the DNS server 192.168.0.2 Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext ________________________________________________________________ Domain: abc.local abcfs01 PASS WARN PASS PASS PASS PASS n/a ......................... abc.local passed test DNS Can you please let me know what I should do about the PTR record error reported on trhe file server diag? Here is a curent ipconfig from SBSDC Windows IP Configuration Host Name . . . . . . . . . . . . : abcsbs01 Primary Dns Suffix . . . . . . . : abc.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abc.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter Physical Address. . . . . . . . . : 00-04-23-B9-AF-15 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.2 192.168.0.3 Primary WINS Server . . . . . . . : 192.168.0.2 Secondary WINS Server . . . . . . : 192.168.0.3 Here is the IPconfig from file server abcfs01 (with new DNS that shows problems) Windows IP Configuration Host Name . . . . . . . . . . . . : abcfs01 Primary Dns Suffix . . . . . . . : abc.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abc.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.3 192.168.0.2 Primary WINS Server . . . . . . . : 192.168.0.3 Secondary WINS Server . . . . . . : 192.168.0.2 Thanks. Jeff The 127.0.0.1 PTR error may be coming from that hidden interface you were talking about in an earlier post. Go into Services, and make sure RRAS is disabled. Go into Computer Management, and make sure it is disabled there as well. The connection issue to the SBS from the second machine appears to be related to the RRAS IPNAT issue. Run the SBS BPA on the SBS: Microsoft Windows Small Business Server 2003 Best Practices Analyzer http://207.46.19.190/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en Small Business Server 2003 Best Practices Analyzer Updated http://blogs.technet.com/sbs/archive/2008/02/20/small-business-server-2003-best-practices-analyzer-updated.aspx How to Use the Windows SBS 2003 BPA http://blogs.technet.com/sbs/archive/2007/10/22/how-to-use-the-windows-sbs-2003-bpa.aspx Ace

"Jeff" <Jeff@discussions.microsoft.com> wrote in message
news:4D8ABB65-3C7F-4F2B-A13E-43D46DAC84B1@microsoft.com...

Quote:

Hi Ace, Thanks a lot for your help. I ran the SBS best practices and worked through one article that helped me identify the rogue NIC that I couldnt remove earlier (documented in MS KB875422 method 3). I think that has helped overcome the problem however it is curious as to why I that server all of a sudden lost connectivity. Anyway SBS is almost back on track and I now just have these DCDIAG problems to sort out. Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... JSRFS01 failed test frsevent Starting test: systemlog An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:03:55 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:03:55 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:03:56 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:04:04 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:04:05 (Event String could not be retrieved) ......................... ABCFS01 failed test systemlog Thanks, Jeff

Jeff,

Glad you got the hidden NIC taken care of, but reading that article, didn't
make sense. But I guess it could if you had the scope range not on the same
subnet as the internal NIC that you want DHCP to give out addresses for.

As for the errors, the EventID: 0x00000457 indicates there is an Event log
error associated with it. Can you post any errors you see, please?

Ace

Hi Ace,

I now have the DCDAIG test on the file server passing all tests after
creating "Enable Journal Wrap Automatic Restore" registry parameter to 1 in
"System\CurrentControlSet\Services\NtFrs\Parameters". Replication messages
indicate replicatonis working from SBS to FS.

DCDIAG /test:dns passes on the SBS, but a couple of errors are reported
with a standard DCDIAG on the SBS indicating replication is not working from
FS to SBS.

An Error Event occured. EventID: 0x00000457
Time Generated: 04/22/2009 16:08:12
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/22/2009 16:08:45
(Event String could not be retrieved)

FRS service is running on both. I've looked at AD Sites & Servers. The
servers leaf has both servers designated to replaicate from eachother (same
as F/S).

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 4/22/2009
Time: 12:15:16 AM
User: N/A
Computer: JSRSBS01
Description:
The File Replication Service is having trouble enabling replication from
JSRFS01 to JSRSBS01 for c:\windows\sysvol\domain using the DNS name
jsrfs01.jsr.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name jsrfs01.jsr.local from this
computer.
[2] FRS is not running on jsrfs01.jsr.local.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem is
fixed you will see another event log message indicating that the connection
has been established.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 04 00 00 Õ...

When I looked through the system event log, I noticed some DCOM errors
communicating with ISP IPs that I think is ominous. These IPs were formerly
in the list of DNS Servers that I previously removed and flushed.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10009
Date: 4/22/2009
Time: 4:08:45 PM
User: N/A
Computer: JSRSBS01
Description:
DCOM was unable to communicate with the computer 61.9.194.49 using any of
the configured protocols.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I'm wondering if these 2 errors are related?

Thanks,
Jeff

"Ace Fekay [Microsoft Certified Trainer]" wrote:

Quote:

"Jeff" <Jeff@discussions.microsoft.com> wrote in message news:4D8ABB65-3C7F-4F2B-A13E-43D46DAC84B1@microsoft.com... Hi Ace, Thanks a lot for your help. I ran the SBS best practices and worked through one article that helped me identify the rogue NIC that I couldnt remove earlier (documented in MS KB875422 method 3). I think that has helped overcome the problem however it is curious as to why I that server all of a sudden lost connectivity. Anyway SBS is almost back on track and I now just have these DCDIAG problems to sort out. Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... JSRFS01 failed test frsevent Starting test: systemlog An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:03:55 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:03:55 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:03:56 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:04:04 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:04:05 (Event String could not be retrieved) ......................... ABCFS01 failed test systemlog Thanks, Jeff Jeff, Glad you got the hidden NIC taken care of, but reading that article, didn't make sense. But I guess it could if you had the scope range not on the same subnet as the internal NIC that you want DHCP to give out addresses for. As for the errors, the EventID: 0x00000457 indicates there is an Event log error associated with it. Can you post any errors you see, please? Ace

Sorry i forgot that the above errors were part of these errors


IsmServ Service is stopped on [JSRSBS01]
......................... JSRSBS01 failed test Services

Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may
cause
Group Policy problems.
......................... JSRSBS01 failed test frsevent

And this error in the event log in addition to 13508

Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13509
Date: 4/22/2009
Time: 3:56:53 PM
User: N/A
Computer: JSRSBS01
Description:
The File Replication Service has enabled replication from JSRFS01 to
JSRSBS01 for c:\windows\sysvol\domain after repeated retries.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Netdiag on both servers passed.


"Jeff" wrote:

Quote:

Hi Ace, I now have the DCDAIG test on the file server passing all tests after creating "Enable Journal Wrap Automatic Restore" registry parameter to 1 in "System\CurrentControlSet\Services\NtFrs\Parameters". Replication messages indicate replicatonis working from SBS to FS. DCDIAG /test:dns passes on the SBS, but a couple of errors are reported with a standard DCDIAG on the SBS indicating replication is not working from FS to SBS. An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 16:08:12 (Event String could not be retrieved) An Error Event occured. EventID: 0xC0002719 Time Generated: 04/22/2009 16:08:45 (Event String could not be retrieved) FRS service is running on both. I've looked at AD Sites & Servers. The servers leaf has both servers designated to replaicate from eachother (same as F/S). Event Type: Warning Event Source: NtFrs Event Category: None Event ID: 13508 Date: 4/22/2009 Time: 12:15:16 AM User: N/A Computer: JSRSBS01 Description: The File Replication Service is having trouble enabling replication from JSRFS01 to JSRSBS01 for c:\windows\sysvol\domain using the DNS name jsrfs01.jsr.local. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name jsrfs01.jsr.local from this computer. [2] FRS is not running on jsrfs01.jsr.local. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: d5 04 00 00 Õ... When I looked through the system event log, I noticed some DCOM errors communicating with ISP IPs that I think is ominous. These IPs were formerly in the list of DNS Servers that I previously removed and flushed. Event Type: Error Event Source: DCOM Event Category: None Event ID: 10009 Date: 4/22/2009 Time: 4:08:45 PM User: N/A Computer: JSRSBS01 Description: DCOM was unable to communicate with the computer 61.9.194.49 using any of the configured protocols. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. I'm wondering if these 2 errors are related? Thanks, Jeff "Ace Fekay [Microsoft Certified Trainer]" wrote: "Jeff" <Jeff@discussions.microsoft.com> wrote in message news:4D8ABB65-3C7F-4F2B-A13E-43D46DAC84B1@microsoft.com... Hi Ace, Thanks a lot for your help. I ran the SBS best practices and worked through one article that helped me identify the rogue NIC that I couldnt remove earlier (documented in MS KB875422 method 3). I think that has helped overcome the problem however it is curious as to why I that server all of a sudden lost connectivity. Anyway SBS is almost back on track and I now just have these DCDIAG problems to sort out. Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... JSRFS01 failed test frsevent Starting test: systemlog An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:03:55 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:03:55 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:03:56 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:04:04 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:04:05 (Event String could not be retrieved) ......................... ABCFS01 failed test systemlog Thanks, Jeff Jeff, Glad you got the hidden NIC taken care of, but reading that article, didn't make sense. But I guess it could if you had the scope range not on the same subnet as the internal NIC that you want DHCP to give out addresses for. As for the errors, the EventID: 0x00000457 indicates there is an Event log error associated with it. Can you post any errors you see, please? Ace

"Jeff" <Jeff@discussions.microsoft.com> wrote in message
news:09597B38-1BA1-4053-8919-E39A9D13F10B@microsoft.com...

Quote:

Sorry i forgot that the above errors were part of these errors

This comes back to something on the SBS is blocking the ability for the FS
machine to communicate with it. We've went over numerous points, and I think
something is still blocking it. I would hate to say go ahead and enable
Journal Wrap on the FS, because now I would be guessing. If this is
production critical, and business is being affected, and you've been trying
to fix this since Thursday or Friday, I think it may be worth a call to
Microsoft Support. What do you think?

Ace

It's a little difficult to follow the partial dcdiag errors and while some
test may be 'passing' imporant information may be missing from your posts.

ISMServ - the intersite messenging service is by default configured to
'disabled' on SBS as it's not expecting to have additional domain
controllers let alone additional AD sites. It appears that you have added a
domain controller perhaps in a second site at some point. If this is the
case then you should configure the ismserv service to "automatic" and either
manually start the service or reboot the sbs server.

Also (if this is the case) you should make sure that the branch offiice AD
site and subnet(s) are properly configured. Then you need to make sure that
DNS is configured (initially) to resolve the name of the branch office DC.
Also both the SBS and branch office DC's should only be using themselves for
client DNS and either root hints or ISP forwarders for external resolution.

How long ago was it that the branch office DC was added?

Jeff wrote:

Quote:

Sorry i forgot that the above errors were part of these errors IsmServ Service is stopped on [JSRSBS01] ......................... JSRSBS01 failed test Services Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... JSRSBS01 failed test frsevent And this error in the event log in addition to 13508 Event Type: Warning Event Source: NtFrs Event Category: None Event ID: 13509 Date: 4/22/2009 Time: 3:56:53 PM User: N/A Computer: JSRSBS01 Description: The File Replication Service has enabled replication from JSRFS01 to JSRSBS01 for c:\windows\sysvol\domain after repeated retries. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Netdiag on both servers passed. "Jeff" wrote: Hi Ace, I now have the DCDAIG test on the file server passing all tests after creating "Enable Journal Wrap Automatic Restore" registry parameter to 1 in "System\CurrentControlSet\Services\NtFrs\Parameters". Replication messages indicate replicatonis working from SBS to FS. DCDIAG /test:dns passes on the SBS, but a couple of errors are reported with a standard DCDIAG on the SBS indicating replication is not working from FS to SBS. An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 16:08:12 (Event String could not be retrieved) An Error Event occured. EventID: 0xC0002719 Time Generated: 04/22/2009 16:08:45 (Event String could not be retrieved) FRS service is running on both. I've looked at AD Sites & Servers. The servers leaf has both servers designated to replaicate from eachother (same as F/S). Event Type: Warning Event Source: NtFrs Event Category: None Event ID: 13508 Date: 4/22/2009 Time: 12:15:16 AM User: N/A Computer: JSRSBS01 Description: The File Replication Service is having trouble enabling replication from JSRFS01 to JSRSBS01 for c:\windows\sysvol\domain using the DNS name jsrfs01.jsr.local. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name jsrfs01.jsr.local from this computer. [2] FRS is not running on jsrfs01.jsr.local. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: d5 04 00 00 Õ... When I looked through the system event log, I noticed some DCOM errors communicating with ISP IPs that I think is ominous. These IPs were formerly in the list of DNS Servers that I previously removed and flushed. Event Type: Error Event Source: DCOM Event Category: None Event ID: 10009 Date: 4/22/2009 Time: 4:08:45 PM User: N/A Computer: JSRSBS01 Description: DCOM was unable to communicate with the computer 61.9.194.49 using any of the configured protocols. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. I'm wondering if these 2 errors are related? Thanks, Jeff "Ace Fekay [Microsoft Certified Trainer]" wrote: "Jeff" <Jeff@discussions.microsoft.com> wrote in message news:4D8ABB65-3C7F-4F2B-A13E-43D46DAC84B1@microsoft.com... Hi Ace, Thanks a lot for your help. I ran the SBS best practices and worked through one article that helped me identify the rogue NIC that I couldnt remove earlier (documented in MS KB875422 method 3). I think that has helped overcome the problem however it is curious as to why I that server all of a sudden lost connectivity. Anyway SBS is almost back on track and I now just have these DCDIAG problems to sort out. Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... JSRFS01 failed test frsevent Starting test: systemlog An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:03:55 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:03:55 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:03:56 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:04:04 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 04/22/2009 01:04:05 (Event String could not be retrieved) ......................... ABCFS01 failed test systemlog Thanks, Jeff Jeff, Glad you got the hidden NIC taken care of, but reading that article, didn't make sense. But I guess it could if you had the scope range not on the same subnet as the internal NIC that you want DHCP to give out addresses for. As for the errors, the EventID: 0x00000457 indicates there is an Event log error associated with it. Can you post any errors you see, please? Ace

--
/kj

"kj [SBS MVP]" <KevinJ.SBS@SPAMFREE.gmail.com> wrote in message
news:OD0jij1wJHA.1504@TK2MSFTNGP03.phx.gbl...

Quote:

It's a little difficult to follow the partial dcdiag errors and while some test may be 'passing' imporant information may be missing from your posts. ISMServ - the intersite messenging service is by default configured to 'disabled' on SBS as it's not expecting to have additional domain controllers let alone additional AD sites. It appears that you have added a domain controller perhaps in a second site at some point. If this is the case then you should configure the ismserv service to "automatic" and either manually start the service or reboot the sbs server.

KJ,

That I didn't know about the ISM on SBS being disabled by default. Good
info. I'm not familiar with all the nuances of SBS. I'm glad I cross posted
it to the SBS group.

As for DNS, it was initially a mess, but we've spent some time making sure
his DNS settings are configured. Maybe an updated ipconfig /all from both
DCs by Jeff would be prudent to update you and the others in the SBS group.

Ace

Ace Fekay [Microsoft Certified Trainer] wrote:

Quote:

"kj [SBS MVP]" <KevinJ.SBS@SPAMFREE.gmail.com> wrote in message news:OD0jij1wJHA.1504@TK2MSFTNGP03.phx.gbl... It's a little difficult to follow the partial dcdiag errors and while some test may be 'passing' imporant information may be missing from your posts. ISMServ - the intersite messenging service is by default configured to 'disabled' on SBS as it's not expecting to have additional domain controllers let alone additional AD sites. It appears that you have added a domain controller perhaps in a second site at some point. If this is the case then you should configure the ismserv service to "automatic" and either manually start the service or reboot the sbs server. KJ, That I didn't know about the ISM on SBS being disabled by default. Good info. I'm not familiar with all the nuances of SBS. I'm glad I cross posted it to the SBS group.

In fairness the ISM handles SMTP configured site links and likely it was
configured for IP so, probably not the cause. But as a practice I turn it on
(auto) as is the Standard window configuration for multi-site AD
configurations.

Agreed on the ipconfig/all

Quote:

As for DNS, it was initially a mess, but we've spent some time making sure his DNS settings are configured. Maybe an updated ipconfig /all from both DCs by Jeff would be prudent to update you and the others in the SBS group. Ace

--
/kj