My domain does not exist?

[Irazmus]

Hey guys

My network's developed a slight problem and I'm hoping you can point me in the right direction for fixing it.
All was fine until last week when I started getting reports of inaccessible internet and error messages during login on multiple machines for multiple accounts (but not all, I can't recreate the error on any of my accounts, but I've seen it on others).
Internet Explorer branding is failing, I've done a Group Policy Results check using the GPMC which is showing a warning, the event for which is:

The Group Policy client-side extension Internet Explorer Branding failed to log RSOP (Resultant Set of Policy) data. Please look for any errors reported earlier by that extension.

The only other error present in the event log is:

Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Which is appearing fairly frequently (much more frequently than I'm happy with).

The login errors are coming from my global login script, specifically line 42:

Code:

#39 ' Use the NameTranslate object to find the NetBIOS domain name from the
#40 ' DNS domain name.
#41 Set objTrans = CreateObject("NameTranslate")
#42 objTrans.Init ADS_NAME_INITTYPE_GC, ""
#43 objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
#44 strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)

With an error of:

The specified domain either does not exist or could not be contacted

As the log messages are damn near identical, I can only assume they're symptoms of the same problem, which my limited knowledge of Active Directory suggests would be a DNS error, however both my Domain Controllers are accessible, and they resolve using nslookup.
There are no errors in the DC's DNS logs, the only errors listed are:
[list=1][*]PDC/Application: An ASP error I could care less about.[*] PDC/System: MrxSmb 8003

The master browser has received a server announcement from the computer NP00030D22A764 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8136B2A3-1DEA. The master browser is stopping or an election is being forced.

Which is odd as that machine is a curriculum laptop.[*] BCD/System: MrxSmb 3019

The redirector failed to determine the connection type.

Which MicroSoft says I can ignore (http://support.microsoft.com/default...;en-us;q267934)[/list]
Oddly this only seems to be affecting staff accounts, students are unaffected, even though all accounts use the same logon script.

Any help you can give in tracking down this problem (and it's solution) will be greatfully recieved.

[Geoff]

What do netdiag and dcdiag think?

[DCDiag]

I have not spoken to netdiag recently but I have no idea at the moment.

[NetDiag]

Hi There DCDiag! Long time no see! You should look-me-up more often! Still, It will do no good to ask me i'm affraid as I don't have the foggiest either!

[webman]

What do netdiag and dcdiag think?

I have not spoken to netdiag recently but I have no idea at the moment.

Hi There DCDiag! Long time no see! You should look-me-up more often! Still, It will do no good to ask me i'm affraid as I don't have the foggiest either!

Lol

[Irazmus]

DCDiag

Code:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\THOR
      Starting test: Connectivity
         ......................... THOR passed test Connectivity
   
   Testing server: Default-First-Site-Name\ODIN
      Starting test: Connectivity
         ......................... ODIN passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\THOR
      Starting test: Replications
         ......................... THOR passed test Replications
      Starting test: NCSecDesc
         ......................... THOR passed test NCSecDesc
      Starting test: NetLogons
         ......................... THOR passed test NetLogons
      Starting test: Advertising
         ......................... THOR passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... THOR passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... THOR passed test RidManager
      Starting test: MachineAccount
         ......................... THOR passed test MachineAccount
      Starting test: Services
         ......................... THOR passed test Services
      Starting test: ObjectsReplicated
         ......................... THOR passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... THOR passed test frssysvol
      Starting test: frsevent
         ......................... THOR passed test frsevent
      Starting test: kccevent
         ......................... THOR passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00002F1D
            Time Generated: 10/02/2006   12:42:55
            Event String: Session from user "le" was timed out and

         An Error Event occured.  EventID: 0x00002F1D
            Time Generated: 10/02/2006   13:03:26
            Event String: Session from user "le" was timed out and

         ......................... THOR failed test systemlog
      Starting test: VerifyReferences
         ......................... THOR passed test VerifyReferences
   
   Testing server: Default-First-Site-Name\ODIN
      Starting test: Replications
         ......................... ODIN passed test Replications
      Starting test: NCSecDesc
         ......................... ODIN passed test NCSecDesc
      Starting test: NetLogons
         ......................... ODIN passed test NetLogons
      Starting test: Advertising
         ......................... ODIN passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ODIN passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... ODIN passed test RidManager
      Starting test: MachineAccount
         ......................... ODIN passed test MachineAccount
      Starting test: Services
         ......................... ODIN passed test Services
      Starting test: ObjectsReplicated
         ......................... ODIN passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... ODIN passed test frssysvol
      Starting test: frsevent
         ......................... ODIN passed test frsevent
      Starting test: kccevent
         ......................... ODIN passed test kccevent
      Starting test: systemlog
         ......................... ODIN passed test systemlog
      Starting test: VerifyReferences
         ......................... ODIN passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : stowmarketmiddle
      Starting test: CrossRefValidation
         ......................... stowmarketmiddle passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... stowmarketmiddle passed test CheckSDRefDom
   
   Running enterprise tests on : stowmarketmiddle.suffolk.sch.uk
      Starting test: Intersite
         ......................... stowmarketmiddle.suffolk.sch.uk passed test Intersite
      Starting test: FsmoCheck
         ......................... stowmarketmiddle.suffolk.sch.uk passed test FsmoCheck

NetDiag PDC

Code:

    Computer Name: THOR
    DNS Host Name: thor.stowmarketmiddle.suffolk.sch.uk
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
    List of installed hotfixes : 
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : thor
        IP Address . . . . . . . . : 10.163.4.105
        Subnet Mask. . . . . . . . : 255.255.252.0
        Default Gateway. . . . . . : 10.163.4.1
        Dns Servers. . . . . . . . : 10.163.4.105
                                     10.163.4.106


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : thor
        IP Address . . . . . . . . : 10.169.194.253
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 
        Dns Servers. . . . . . . . : 10.169.194.253
                                     10.169.194.106


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{8136B2A3-1DEA-4BD8-A887-A66795869A0A}
        NetBT_Tcpip_{ABBEEF9C-7701-4C04-9673-B9B72653CF60}
    2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.163.4.105' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '10.163.4.106' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '10.169.194.253' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '10.169.194.106' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{8136B2A3-1DEA-4BD8-A887-A66795869A0A}
        NetBT_Tcpip_{ABBEEF9C-7701-4C04-9673-B9B72653CF60}
    The redir is bound to 2 NetBt transports.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{ABBEEF9C-7701-4C04-9673-B9B72653CF60}
        NetBT_Tcpip_{8136B2A3-1DEA-4BD8-A887-A66795869A0A}
    The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

NetDiag BDC

Code:

    Computer Name: ODIN
    DNS Host Name: odin.stowmarketmiddle.suffolk.sch.uk
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
    List of installed hotfixes : 
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : odin
        IP Address . . . . . . . . : 10.163.4.106
        Subnet Mask. . . . . . . . : 255.255.252.0
        Default Gateway. . . . . . : 10.163.4.1
        Dns Servers. . . . . . . . : 10.163.4.105
                                     10.163.4.106


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : odin
        IP Address . . . . . . . . : 10.169.194.106
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 
        Dns Servers. . . . . . . . : 10.169.194.253
                                     10.169.194.106


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{E3D517D4-C5B7-44A0-8C37-BADC77FAD83E}
        NetBT_Tcpip_{4C8D7A04-C66A-452F-8549-07F7849DB5CE}
    2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.163.4.105' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '10.163.4.106' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '10.169.194.253' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '10.169.194.106' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{E3D517D4-C5B7-44A0-8C37-BADC77FAD83E}
        NetBT_Tcpip_{4C8D7A04-C66A-452F-8549-07F7849DB5CE}
    The redir is bound to 2 NetBt transports.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{4C8D7A04-C66A-452F-8549-07F7849DB5CE}
        NetBT_Tcpip_{E3D517D4-C5B7-44A0-8C37-BADC77FAD83E}
    The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
    Secure channel for domain 'STOWMARKETM' is to '\\thor.stowmarketmiddle.suffolk.sch.uk'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

[Geoff]

Your DNS settings are backwards on your DCs. They should point at another DC for their primary DNS and then back at themselves as the secondary DNS.

Other than that (and that's a minor niggle) I see nothing wrong.

Is there any sort of firewalling, routing or VLAN usage that might be causing a problem?

[DMcCoy]

I point it locally and then at a secondary dc for dns, that way it will attempt all its looksups locally first rather than having to use another server for every lookup.

[Geoff]

Yes, but the reason for doing it the other way round is because of the order Windows starts its services. It starts the Netlogon service before the DNS server service. Thus Netlogon can't register the DC in the DNS server (because it's not running yet). This leads to a little bleating in the system log by the netlogon service.

It's not a big deal though, as the netlogon service will manage it on the second time round. Either because the DNS server service has started or because it's given up on the Primary DNS already and used the secondary DNS.

It will, however, lose you a mark on your MSCE exam.

[Irazmus]

Cheers Geoff, I'll make sure to remember that if/when I do that exam (assuming SMT approve some funding for training).

Other than client's XP firewalls, the only firewall I currently have here is protecting the webserver (naughty I know), there's no routing I'm aware of, and VLANs are something most of our hubs/switches don't support.

[bossman]

I do beleive that this could be your problem:

The master browser has received a server announcement from the computer NP00030D22A764 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8136B2A3-1DEA. The master browser is stopping or an election is being forced.

somehow it seems that this laptop for whatever reasons has probably won the forced election and has become the master browser. Only a thought but i have read somewhere of this happening and causing similar problems. I would shutdaown all my windows servers and boot them up in order pdc etc. It may help

[Irazmus]

@bossman: I was wondering if that message might have some relevance, I'll try rebooting the servers tonight and see if the problems go away. Any idea why a laptop would try to become the master browser? All my curriculum laptops have identical (RIS'd) setups and that one's the only one doing it.

[Geoff]

That only applies to broadcast/rpc. W2k/XP/w2k3 use DNS.

[DMcCoy]

Yes, but the reason for doing it the other way round is because of the order Windows starts its services. It starts the Netlogon service before the DNS server service. Thus Netlogon can't register the DC in the DNS server (because it's not running yet). This leads to a little bleating in the system log by the netlogon service.

It's not a big deal though, as the netlogon service will manage it on the second time round. Either because the DNS server service has started or because it's given up on the Primary DNS already and used the secondary DNS.

It will, however, lose you a mark on your MSCE exam.

This doesn't actually happen if the other DC is on, the only time it is slow and errors is if both of my DCs are off. I don't see why *every* *single* dns request should be forwarded to another server when a loopback will be significantly faster. Microsoft are wrong :P

[Irazmus]

Well since I rebooted the servers I havn't had any more reports of login script errors, but I'm still seeing errors in client event logs along with a new one:

Code:

No Domain Controller is available for domain STOWMARKETM due to the following: 
There are currently no logon servers available to service the logon request. . 
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

And also a new one on the PDC:

Code:

Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. 
 
Source domain controller: 
 odin 
Failing DNS host name: 
 ff31245a-8c0f-433c-baca-0cfc893f855f._msdcs.stowmarketmiddle.suffolk.sch.uk 
 
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur.  To log all individual failure events, set the following diagnostics registry value to 1: 
 
Registry Path: 
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client 
 
User Action: 
 
 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498. 
 
 2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>". 
 
 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns 
 
  dcdiag /test:dns 
 
 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows: 
 
  dcdiag /test:dns 
 
 5) For further analysis of DNS error failures see KB 824449: 
   http://support.microsoft.com/?kbid=824449 
 
Additional Data 
Error value: 
 11004 The requested name is valid, but no data of the requested type was found. 


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I've run dcdiag /test:dns for each DC and they both pass, I've done an nslookup of ff31245a-8c0f-433c-baca-0cfc893f855f._msdcs.stowmarketmiddle.suffolk.sch.u k from all 4 DNS IP's, all return

Code:

Name:    odin.stowmarketmiddle.suffolk.sch.uk
Addresses:  10.169.194.106, 10.163.4.106
Aliases:
	  ff31245a-8c0f-433c-baca-0cfc893f855f._msdcs.stowmarketmiddle.suffolk.sch.uk

net view \\thor, net view \\odin, all work.

Just to add to my confusion, we're now getting a very odd problem. User logs on with no errors, opens mapped network drive and gets asked to reauthenticate, and the authentication dialog always has the same user listed regardless of what user account and machine is being used (even machines they've never used). I've no idea if it's related, but it's confusing the hell out of me.