+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 36
Windows Thread, Cannot Access group policy objects in Technical; the primary DNS sever points to the second DNS server and then the alternative DNS points to the outside world ...
  1. #16
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,098
    Thank Post
    314
    Thanked 296 Times in 206 Posts
    Rep Power
    122

    Re: Cannot Access group policy objects

    the primary DNS sever points to the second DNS server and then the alternative DNS points to the outside world for the, where as all the other servers point to the primary dns and then to the second dns on the network. if you see what i mean

  2. #17

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,819
    Thank Post
    110
    Thanked 589 Times in 510 Posts
    Blog Entries
    1
    Rep Power
    226

    Re: Cannot Access group policy objects

    You can't point to external DNS servers. You need to configure forwarders. See here for more details, and implement as per your situation:

    http://support.microsoft.com/kb/825036

  3. #18

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,607
    Thank Post
    729
    Thanked 1,688 Times in 1,502 Posts
    Rep Power
    433

    Re: Cannot Access group policy objects

    You DC's shouldn't have a dns server that is not a DC on your domain.

    For outside world resolution they can either use the root hints or you can set up a dns forwarder to resolve dns that doesn't exist on your domain.

    Ben

  4. #19
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,098
    Thank Post
    314
    Thanked 296 Times in 206 Posts
    Rep Power
    122

    Re: Cannot Access group policy objects

    ye we have got forward lookup zones in place too... or have i totally got the wrong end of the stick?

  5. #20

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,607
    Thank Post
    729
    Thanked 1,688 Times in 1,502 Posts
    Rep Power
    433

    Re: Cannot Access group policy objects

    Your forward lokoup zone is your network.

    What you need to do is go into the DNS admin window.

    Right click on your server name and select properties, click on the forwarders tab and set up a forwarder for all other dns domains using the ip addresses given to you by your lea.

    Ben

  6. #21
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,098
    Thank Post
    314
    Thanked 296 Times in 206 Posts
    Rep Power
    122

    Re: Cannot Access group policy objects

    ah... we arent with the lea with the internet connection.. we are totally independant to the lea as we can do the internet, filtering etc a hell of a lot cheaper. But i have already got my 2 DNS servers in there from my ISP.

  7. #22

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,819
    Thank Post
    110
    Thanked 589 Times in 510 Posts
    Blog Entries
    1
    Rep Power
    226

    Re: Cannot Access group policy objects

    Ok, that's fine. You can leave the forwarders in there then. Just make sure you have the DNS settings correct on your DC's as per my previous post.

  8. #23

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,607
    Thank Post
    729
    Thanked 1,688 Times in 1,502 Posts
    Rep Power
    433

    Re: Cannot Access group policy objects

    Ok well LEA settings other ISP same bones makes no difference.

    Ben

  9. #24
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,098
    Thank Post
    314
    Thanked 296 Times in 206 Posts
    Rep Power
    122

    Re: Cannot Access group policy objects

    Right ok, ive checked all the dns settings etc and they all seem to be ok... what now??

  10. #25

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,819
    Thank Post
    110
    Thanked 589 Times in 510 Posts
    Blog Entries
    1
    Rep Power
    226

    Re: Cannot Access group policy objects

    On the DC that isn't registered in DNS correctly run:

    Code:
    ipconfig /registerdns
    That should allow Ntfrs on the other DC be able to find the DC and begin replicating. Check the event logs that this is the case.

  11. #26
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,098
    Thank Post
    314
    Thanked 296 Times in 206 Posts
    Rep Power
    122

    Re: Cannot Access group policy objects

    nope... still not work grrr

  12. #27

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,819
    Thank Post
    110
    Thanked 589 Times in 510 Posts
    Blog Entries
    1
    Rep Power
    226

    Re: Cannot Access group policy objects

    Then there's something else broken as well. What other errors are there?

  13. #28
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,098
    Thank Post
    314
    Thanked 296 Times in 206 Posts
    Rep Power
    122

    Re: Cannot Access group policy objects

    Ive just looked in the directory service...
    NTDS Replication, NTDS, KCC, NTDS General, NTDS ISAM... there seems to be a load of errors with those sources.
    On security we are getting a lot of anonymous logons

  14. #29

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,819
    Thank Post
    110
    Thanked 589 Times in 510 Posts
    Blog Entries
    1
    Rep Power
    226

    Re: Cannot Access group policy objects

    NTDS Replication, NTDS, KCC, NTDS General, NTDS ISAM... there seems to be a load of errors with those sources.
    What errors? These will all likely be a result of replication faliures.

    On security we are getting a lot of anonymous logons
    Anonymous logins wont work with W2k3 server. Whatever's trying to use them is misconfigured/broken. You should have an IP/Hostname listed in each distinct logon/logoff event. You can track down the device/user that way.

  15. #30
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,098
    Thank Post
    314
    Thanked 296 Times in 206 Posts
    Rep Power
    122

    Re: Cannot Access group policy objects

    NTDS Replication:
    This is the replication status for the following directory partition on the local domain controller.

    Directory partition:
    CN=Schema,CN=Configuration,DC=shs,DC=com

    The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided into the following intervals.

    More than 24 hours:
    1
    More than a week:
    1
    More than one month:
    1
    More than two months:
    1
    More than a tombstone lifetime:
    1
    Tombstone lifetime (days):
    60
    Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.

    To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe.
    You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".

    NTDS KCC
    The attempt to establish a replication link for the following writable directory partition failed.

    Directory partition:
    CN=Configuration,DC=shs,DC=com
    Source domain controller:
    CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shs,DC=com
    Source domain controller address:
    552f59d1-eee5-423a-8143-76bb77105d74._msdcs.shs.com
    Intersite transport (if any):


    This domain controller will be unable to replicate with the source domain controller until this problem is corrected.

    User Action
    Verify if the source domain controller is accessible or network connectivity is available.

    Additional Data
    Error value:
    8524 The DSA operation is unable to proceed because of a DNS lookup failure.

    NTDS General
    Duplicate event log entries were suppressed.

    See the previous event log entry for details. An entry is considered a duplicate if the event code and all of its insertion parameters are identical. The time period for this run of duplicates is from the time of the previous event to the time of this event.

    Event Code:
    80000785
    Number of duplicate entries:
    15


    And just keep getting teh SceCli source error on the machine with the main policies on

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Group policy
    By pedster666 in forum Hardware
    Replies: 5
    Last Post: 27th February 2008, 10:03 AM
  2. group policy
    By kevin_lane in forum How do you do....it?
    Replies: 2
    Last Post: 27th July 2007, 12:17 PM
  3. Group Policy
    By jman167 in forum Windows
    Replies: 1
    Last Post: 28th June 2007, 10:27 PM
  4. Group Policy
    By faza in forum Wireless Networks
    Replies: 27
    Last Post: 5th July 2006, 06:34 AM
  5. Group Policy
    By faza in forum Windows
    Replies: 15
    Last Post: 23rd May 2006, 09:39 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •