Block XP machines in domain
Hello Friends,
In my Organization, they are planning to block all existing Windows XP machines in domain.
So that, no user can login on domain using XP machine. And if logged on using Local credential cannot access the network.
I thought to do the same by GPO to push a Scheduled Task which runs a Vbscript to disable all NIC's on machine.
Unfortunately, this vbscript is not running on Non English OS. It works only on English OS.
Please suggest.
Hi Jack,
Thanks!
But i am not using netsh command as it is not working on XP machines. I am using below vbscript:
'Initialization Section
Option Explicit
Const ForAppending = 8
Dim objDictionary, objFSO, wshNetwork, scriptBaseName, scriptPath, scriptLogPath
On Error Resume Next
Set objDictionary = NewDictionary
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set wshNetwork = CreateObject("Wscript.Network")
scriptBaseName = objFSO.GetBaseName(Wscript.ScriptFullName)
scriptPath = objFSO.GetFile(Wscript.ScriptFullName).ParentFolder.Path
scriptLogPath = scriptPath & "\" & scriptBaseName
If Err.Number <> 0 Then
Wscript.Quit
End If
On Error Goto 0
'Main Processing Section
On Error Resume Next
ProcessScript
If Err.Number <> 0 Then
MsgBox "An unexpected error occurred!", vbCritical, scriptBaseName
Wscript.Quit
End If
PromptScriptEnd
On Error Goto 0
'Name : ProcessScript -> Primary Function that controls all other script processing.
'Parameters : None ->
'Return : None ->
Function ProcessScript
Dim hostName, connectionNames, connectionFolder, connectionVerb
hostName = wshNetwork.ComputerName
connectionFolder = "Connexions réseaus"
'connectionsFolder = "Network and Dial-up Connections" (This value should be used for Windows 2000)
connectionVerb = "&désactiver"
'connectionVerb = "&Activer"
PromptScriptStart
If Not GetNetworkConnectionNames(hostName, connectionNames) Then
Exit Function
End If
If Not ToggleNetworkConnections(connectionNames, connectionFolder, connectionVerb) Then
Exit Function
End If
End Function
'Name : ProcessScript -> Primary Function that controls all other script processing.
'Parameters : None ->
'Return : None ->
Function GetNetworkConnectionNames(hostName, connectionNames)
Dim wmi, networkAdapters, networkAdapter, connectionsDict
GetNetworkConnectionNames = False
connectionNames = ""
On Error Resume Next
Set connectionsDict = NewDictionary
Set wmi = GetObject("winmgmts:\\" & hostName & "\root\cimv2")
Set networkAdapters = wmi.ExecQuery("Select * from Win32_NetworkAdapter",,48)
If Err.Number <> 0 Then
Exit Function
End If
For Each networkAdapter in networkAdapters
If Not IsNull(networkAdapter.NetConnectionID) Then
connectionsDict(connectionsDict.Count) = networkAdapter.NetConnectionID
End If
Next
On Error Goto 0
If Err.Number <> 0 Then
Exit Function
End If
connectionNames = connectionsDict.Items
GetNetworkConnectionNames = True
End Function
'Name : NewDictionary -> Creates a new dictionary object.
'Parameters : None ->
'Return : NewDictionary -> Returns a dictionary object.
Function NewDictionary
Dim dict
Set dict = CreateObject("scripting.Dictionary")
dict.CompareMode = vbTextCompare
Set NewDictionary = dict
End Function
'Name : DQ -> Place double quotes around a string and replace double quotes
' : -> within the string with pairs of double quotes.
'Parameters : stringValue -> String value to be double quoted
'Return : DQ -> Double quoted string.
Function DQ (ByVal stringValue)
If stringValue <> "" Then
DQ = """" & Replace (stringValue, """", """""") & """"
Else
DQ = """"""
End If
End Function
'Name : ToggleNetworkConnections -> Toggles (enables/disables) all Connexions réseaus.
'Parameters : connectionNames -> Array containing the names of the Connexions réseaus to enable\disable.
' : connectionFolder -> String containing the name of the network folder (varies dependant on OS).
' : connectionType -> String containing the verb to enable\disable all Connexions réseaus.
'Return : ToggleNetworkConnections -> Returns a True if all connections were enabled\disabled othewise returns False.
Function ToggleNetworkConnections(connectionNames, connectionFolder, connectionVerb)
Dim item, enabled, verb, connectionType, i
Dim objNetworkConnections, objNetworkConnection
ToggleNetworkConnections = False
enabled = True
'Ensure the connectionNames parameter is an Array.
If Not IsArray(connectionNames) Then
connectionNames = Array(connectionNames)
End If
'Bind to the Connexions réseaus folder
For Each item in CreateObject("Shell.Application").Namespace(3).Items
If StrComp(item.Name, "Connexions réseaus", vbTextCompare) = 0 Then
On Error Resume Next
Set objNetworkConnections = item.GetFolder
If Err.Number <> 0 Then
Exit Function
End If
Exit For
On Error Goto 0
End If
Next
'Ensure the Connexions réseaus folder is bound to an object.
If Not IsObject(objNetworkConnections) Then
Exit Function
End If
'Loop through the Array of Connexions réseau names and bind to each connection.
For i = 0 To UBound(connectionNames)
For Each item in objNetworkConnections.items
If StrComp(item.Name, connectionNames(i), vbTextCompare) = 0 Then
On Error Resume Next
Set objNetworkConnection = item
If Err.Number <> 0 Then
Exit Function
End If
Exit For
On Error Goto 0
End If
Next
'Ensure the Connexions réseau is bound to an object.
If Not IsObject(objNetworkConnection) Then
Exit Function
End If
'Ensure the Connexions réseau is bound to an object.
For Each verb in objNetworkConnection.Verbs
If verb.Name = connectionVerb Then
On Error Resume Next
Set connectionType = verb
If Err.Number <> 0 Then
Exit Function
End If
enabled = False
On Error Goto 0
End If
Next
On Error Resume Next
If enabled Then
connectionType.DoIt
Else
connectionType.DoIt
End If
If Err.Number <> 0 Then
Exit Function
End If
On Error Goto 0
WScript.Sleep 2000
Next
ToggleNetworkConnections = True
End Function
'Name : PromptScriptStart -> Prompt when script starts.
'Parameters : None
'Return : None
Function PromptScriptStart
'MsgBox "Now processing the " & DQ(Wscript.ScriptName) & " script.", vbInformation, scriptBaseName
End Function
'Name : PromptScriptEnd -> Prompt when script has completed.
'Parameters : None
'Return : None
Function PromptScriptEnd
'MsgBox "The " & DQ(Wscript.ScriptName) & " script has completed successfully.", vbInformation, scriptBaseName
End Function
Yes, you are right in this case that i will have to use the System Locale, i tried making changes in this script according to the System Locale i.e. Used Connexions réseaus in place of Network Connections and &désactiver" "&Activer" in place of Disable
Enable. But still its not working.
Please have a look at the script, if you can help me in changing the script.
Similar Messages
-
Hello All,
we have created shared folder on multiple client machine in domain environment on different 2 OS like-XP,Vista, etc.
from some day's When we facing problem when we are access from host name that shared folder is accessible but same time same computer when we are trying to access the share folder with IP it asking for credentials i have type again and again
correct credential but unable to access that. If i re-share the folder then we are access it but when we are restarted the system then same problem is occurring.
I have checked IP,DNS,Gateway and more each & everything is well.
Pls suggest us.
Pankaj KumarHi,
According to your description, my understanding is that the same shared folder can be accessed by name, but can’t be accessed be IP address and asks for credentials.
Please try to enable the option below on the device which has shared folder:
Besides, check the Advanced Shring settings of shared folder and confrim that if there is any limitation settings.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Unable to join the client machine into domain in low banswidth 16kbps
Hi,<o:p></o:p>
I'm unable to join the client machine into domain which is in low bandwidth 16 kbps.but i can able join other machine into domain which is having
more bandwidth,please help me on this issue<o:p></o:p>Depending on the version of your domain, you could try an offline join.
http://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-step(v=WS.10).aspx
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights.
I would say that it depends on the client OS (Windows 7 or Windows 8) if offline domain join could be used or not, not that much regarding the level of the domain, you can always use the
/downlevel switch to target a DC running Windows Server 2003 for example.
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog -
User machine without domain require domain\username authentication.
Hi,
When I try to connect in lync 2013 with machine unjoined domain the "domain\username" is required, however in another organization it´s not required. How can I set this?
Thanks.
Diego Riera | Linkedin |
Twitter |
diegoriera.wordpress.com
Por favor, lembre-se de clicar em "Marcar como Resposta" no post que o ajuda, e clique em "Desmarcar como resposta" se um post marcado na verdade não responder a sua pergunta. Isto pode ser benéfico para outros membros da comunidade. Esta
postagem é fornecida, sem garantias e sem direitos.Diego,
if you set the users' UPN to match that of your SIP domain (sign-in name), then AD username should not be required. Check
http://support.microsoft.com/kb/243629
http://blog.schertz.name/2012/08/understanding-active-directory-naming-formats/
Alessio Giombini | Microsoft Solutions Architect | Twitter: @AlessioGiombini
Lync 2013 Detailed Design Calculator: try it at http://goo.gl/jU1hZR -
Error While Joining a domain.| Adding a virtual box machine to host machine's domain
Dear All,
I have a Virtual Box(guest) Where Windows Server 2008 r2 is installed.Virtual box is hosted by a machine which Uses Windows Server 2008 r2. Host machine is a domain controller.I have added guest to another domain
other than host.But whenever I tried to add guest machine to host domain It shows me following error(See below).
An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "crmrc.com".
The error was: "No records found for given DNS query."
(error code 0x0000251D DNS_INFO_NO_RECORDS)
The query was for the SRV record for _ldap._tcp.dc._msdcs.crmrc.com
Could you please suggest me the solution for it?
Thanks and Regards,
YusufHello,
C:\Users\Administrator>ipconfig/all
Windows
IP Configuration
Host Name . . . . . . . . . . . . : MSCRM
Primary Dns Suffix . . . . . . . : crmrc.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : crmrc.com
Ethernet
adapter Network Bridge:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : MAC Bridge Miniport
Physical Address. . . . . . . . . : BA-AC-6F-3F-A3-51
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8573:2122:495b:93bc%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.78(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 280669295
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-B1-48-BF-B8-AC-6F-3F-A3-51
DNS Servers . . . . . . . . . . . : 192.168.1.78
59.144.127.17
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel
adapter isatap.{39C0341C-67DC-405D-B8F4-25DA555D53C0}:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.78%12(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.78
59.144.127.17
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel
adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I suppose here that this is a DC/DNS server. I see that 59.144.127.17 is
configured as a DNS server. If 59.144.127.17 is
a public DNS server then please add it as a forwarder.
Once done, run ipconfig /registerdns and restart netlogon service on the DC.
Windows
IP Configuration
Host Name . . . . . . . . . . . . : MYLYC
Primary Dns Suffix . . . . . . . : ow.pearl
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ow.pearl
Ethernet
adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT De
Physical Address. . . . . . . . . : 08-00-27-43-C7-47
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::781f:3c7d:edc:684
IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 235405351
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-7A-16-5B
DNS Servers . . . . . . . . . . . : 192.168.1.78
59.144.127.17
NetBIOS over Tcpip. . . . . . . . : Enabled
Please delete the second DNS server.
Also, disable all security softwares and try again.
Are you able to ping the DC? If not, that may be a problem with your routes.
Also, use nslookup to check that all is okay with DNS records.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows 7, Configuring
Microsoft Certified
IT Professional: Enterprise Administrator -
DNS Error while joining the machine to domain.
I get the below error while joining a new Win7 machine to the domain.
I can ping and successfully resolve nslookup on both server and client machine.
Both client and server (2008r2) are virtual machines, with private ip's on LAN...
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain
magic.com:
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.magic.com
Common causes of this error include the following:
- The DNS SRV record is not registered in DNS.
- One or more of the following zones do not include delegation to its child zone:
magic.com
com
. (the root zone)
For information about correcting this problem, click Help.
Looks like some problem with my DNS.
Also i tried to uninstall/ re-install the DNS role.
What should be the TCP/IP network configuration???
System Security analyst at CapGI get the below error while joining a new Win7 machine to the domain.
I can ping and successfully resolve nslookup on both server and client machine.
Both client and server (2008r2) are virtual machines, with private ip's on LAN...
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain
magic.com:
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.magic.com
Common causes of this error include the following:
- The DNS SRV record is not registered in DNS.
- One or more of the following zones do not include delegation to its child zone:
magic.com
com
. (the root zone)
For information about correcting this problem, click Help.
Looks like some problem with my DNS.
Also i tried to uninstall/ re-install the DNS role.
What should be the TCP/IP network configuration???
System Security analyst at CapG
Also something to look in, i do not have the usual folders below 'Forward lookup zone', i.e, Sites, Home, tcp etc..
I beleive these are required. I am not sure.!!. I did re-install the role, no change :-(
System Security analyst at CapG -
Cannot join Server 2012 machine to domain
I am trying to join a clean Server 2012 machine configured with Active Directory Domain Services and DNS features enabled to a domain (alekatest.com) which I have purchased. The Active Directory Domain Services option in Server Manager advises me that
the server requires promotion to a Domain Controller, but if I select "Add a domain controller to an existing domain" and enter "alekatest.com", and supply Domain Admin credentials I get a message "Encountered an error contacting
domain alekatest.com. The server is not operational". The DNS server has address 10.0.0.2.
When I try and change from workgroup to new domain alekatest.com, it fails with the message "No records found for given DNS query. The query was for the SRV record for _ldap._tcp.dc._msdcs.alekatest.com". The server is connected by Ethernet to
a wireless router in a home network.
The ipconfig/all data from the server is:
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER2012
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82567LM-3 Gigabit Network Connecti
Physical Address. . . . . . . . . : 00-26-B9-82-D5-76
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.138
DNS Servers . . . . . . . . . . . : 10.0.0.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:386b:2023:f5ff:fffd(Prefer
Link-local IPv6 Address . . . . . : fe80::386b:2023:f5ff:fffd%14(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 335544320
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-FC-79-E8-00-26-B9-82-D5-76
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{6945E26E-B530-4271-8CF1-AD4BC13AF147}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable ISATAP Interface {74B5ED96-D12C-413B-9ED4-5B6270328AE0}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable ISATAP Interface {A9E91CEE-5350-4ACA-934D-D2AA5188B694}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
I can ping alekatest.com from the server:
Pinging alekatest.com [203.170.87.12] with 32 bytes of data:
Reply from 203.170.87.12: bytes=32 time=86ms TTL=50
Reply from 203.170.87.12: bytes=32 time=109ms TTL=50
Reply from 203.170.87.12: bytes=32 time=106ms TTL=50
Reply from 203.170.87.12: bytes=32 time=81ms TTL=50
and nslookup alekatest.com returns
Server: UnKnown
Address: 10.0.0.2
Non-authoritative answer:
Name: alekatest.com
Address: 203.170.87.12
if I try to return srv records from alekatest.com as follows, no records are returned
PS C:\Users\Administrator> nslookup
Default Server: UnKnown
Address: 10.0.0.2
> set q=srv
> _ldap._tcp.dc._msdcs.alekatest.com
Server: UnKnown
Address: 10.0.0.2
_ldap._tcp.dc._msdcs.alekatest.com
primary name server = ns1.crazydomains.com
responsible mail addr = dns.crazydomains.com
serial = 2010010101
refresh = 7200 (2 hours)
retry = 120 (2 mins)
expire = 1209600 (14 days)
default TTL = 3600 (1 hour)
In order to add an srv record I would appear to need to access the server ns1.crazydomains.com, which I doubt is possible.
Any help would be much appreciatedYou're confusing DNS Domains and Active Directory Domains. While there are similarities the two are and do completely different things.
A DNS domain, in your case alekatest.com hosted by crazydomains.com is used to direct people to resources, for instance on the internet, to get to things like your website, email etc. It's not specific to Windows, and generally speaking after purchasing
it from a 3rd party you control what the DNS records are through that 3rd party.
An Active Directory domain is what you're referring to when you talk about joining a machine to a domain, setting up users on a domain, controlling access to resources on your network etc. This doesn't require you to purchase a domain from a 3rd party, and
could potentially be called anything you like.
So, in terms of your AD server, assuming you don't already have an AD domain configured on another AD controller on the network, when you do the setup you'll need to select the option to create a new domain. You could then set it to use alekatest.com, but
that isn't recommended as you can get into all kinds of issues with your local and public DNS records conflicting, so unless you know what you're doing and why you're doing it I'd suggest avoiding that. A better idea would be to set the AD domain to something
like alekatest.local. That would then become the local domain, so for instance your users would login as akekatest\<username> on the domain, and your local machines can then be joined to that domain.
Once all that is done, if you did need to have local records for alekatest.com pointing to local resources, there's nothing stopping you from adding that zone into DNS Manager on the AD server and configuring the records accordingly, however be aware that
once you did that your server would assume that it has all the records for the domain. So if you had a website configured on
www.alekatest.com and had the DNS records for that pointing to your website hosted somewhere else via your domain provider, if you didn't re-create that same record on your local copy of the domain then you'll be unable
to reach that website from your local network (since your users will be trying to find it locally rather than on the internet).
Hope that makes sense. -
Problems to join a virtual machine on Domain.
Hi Everybody
Im trying to join my windows 8 virtual machine on a Domain mounted in Windows server 2012, but I.m not able to do it, when I try, i receive the below message.
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "tcsgdl.com":
The query was for the SRV record for _ldap._tcp.dc._msdcs.tcsgdl.com
The following domain controllers were identified by the query:
tcsgdldc01.tcsgdl.com
However no domain controllers could be contacted.
Common causes of this error include:
- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or are not running.
Thanks in advance, if you require extra information just let me know.Hi Susie
Yes, DC is hosting DNS Role, DC and Client are pointing to DC.
nslookup on client:
C:\Users\gdladm>NSLOOKUP
Default Server: UnKnown
Address: 169.254.187.10
> SERVER 169.254.187.10
Server: [169.254.187.10]
Address: 169.254.187.10
*** 169.254.187.10 can't find SERVER: Server failed
Outputs "IPCONFIG / ALL"
Client:
C:\Users\gdladm>IPCONFIG /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : PCTEST
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connec
n
Physical Address. . . . . . . . . : 00-50-56-3B-E7-C2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 169.254.187.40(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 169.254.187.10
DNS Servers . . . . . . . . . . . : 169.254.187.10
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{D09F1650-4E09-4AA8-B2C0-326D66081D0B}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DC:
C:\Users\Administrator.TCSGDLDC01>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : TCSGDLDC01
Primary Dns Suffix . . . . . . . : TCSGDL.COM
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : TCSGDL.COM
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connectio
n
Physical Address. . . . . . . . . : 00-50-56-39-BD-69
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 169.254.187.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 169.254.187.1
DNS Servers . . . . . . . . . . . : 169.254.187.40
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{D728DFCE-4C40-4236-82BF-2B2BFD10641B}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Thanks for the support, if any information is required please let me know.
-
Anyconnect 802.1x - "switch user" is blocked in machine authentication
hi all,
I know this is not a bug its a feature
that anyconnect blocks user switching disallowing the computer to have them both logged in. Its desirable and understandable
however
I have an environment where I use only machine authentication and remote helpdesk needs to connect to these machines using some application then they "switch user" to do their tasks (its important not to logoff cause there are some transactions in the background ...)
Is there any chance that the new version of anyconnect will have this feature (maybe its already planned on the roadmap ? )
for machine authentication there should be a checkbox for profile administrator to "allow/disallow users to switch"
or maybe there is already some trick/configuration step that I missed and it can be done?
regards
Przemekhi all,
I know this is not a bug its a feature
that anyconnect blocks user switching disallowing the computer to have them both logged in. Its desirable and understandable
however
I have an environment where I use only machine authentication and remote helpdesk needs to connect to these machines using some application then they "switch user" to do their tasks (its important not to logoff cause there are some transactions in the background ...)
Is there any chance that the new version of anyconnect will have this feature (maybe its already planned on the roadmap ? )
for machine authentication there should be a checkbox for profile administrator to "allow/disallow users to switch"
or maybe there is already some trick/configuration step that I missed and it can be done?
regards
Przemek -
How to Add VM XP Machine to Domain Controller
Hi,
I have a Server running Windows Server 2008 R2 Enterprise Edition and its a Domain Controller / AD
in the same Server i have a Hyper-V Virtual Machine running Windows XP and installed the legacy network driver and can see the network icon on the VM and mannually entered the IP for that but i cannot promot it to my Domain can any one help me..I take it you have a WS 2008 R2 server with Hyper-V and AD roles installed, with 1 WinXP VM.
I suppose you mean to join the XP VM to the domain, not promote it.
I recommend:
Upgrade your Hypervisor to 2012 R2
Follow best practices. Only Hyper-V role on the physical machine. Setup a dedicated VM as a DC
Use Win8.1 not XP. XP is no longer supported.
If you must use XP temporarily, no need for legacy vNIC, use the regular Network Adapter
To join the domain, is a matter of troubleshooting networking. Make sure the DNS server IP on the VM is set to the domain DNS servers and they're reachable/pingable
Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable) -
Block Inheritance and Default Domain Policy
Hello to all, I will run a cross-forest migration and target forest has a Default Domain Policy. Target domain is Windows 2003 Functional Level, but has almost all DCs on Windows 2008. As first level OUs represents country codes (USA, GBR, FRA,
etc) and a new country will be created I want to block GPOs from Domain level. The task itself is very easy, just configure "Block Inheritance" on the new country OU. Important: Default Domain Policy is >> not set << to "Enforce"
on target domain.
Question: the security configurations (account, password, local policies) from Default Domain Policy will be blocked? If yes, how domain users below this new country OU will have basic configurations for them (password complexity, password length,
certificates, etc) ?
Regards, EEOC.Question: the security configurations (account, password, local policies) from Default Domain Policy will be blocked? If yes, how domain users below this new country OU will have basic configurations for them (password complexity, password length,
certificates, etc) ?
The Domain security policy for passwords etc, is domain-wide, and cannot be blocked.
It applies to, and is controlled by, the Domain Controllers.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Block Based replication of Domain Controllers to DR site
I have to bring up a business critical application at a DR site using the same hostname and IP address as in production site. For this purpose, I plan to use a block replication software to replicate data from production servers to a SAN at the DR site.
For DR invocation or testing, I am planning to take a snapshot from the SAN, create virtual disks and attach them to newly created VM's at the DR site.
This application depends on Active Directory and hence I need to have a domain controller at the DR site. If I create a new domain controller for the DR site, as it will be in a separate IP subnet, it will have to be in a separate AD site and the application
servers will not be able to use this domain controllers, as they will look for domain controllers in their AD site (which is from the production site). If I put the domain controller in the same IP subnet as the application servers, the same IP subnet has
user workstations and hence user authentication requests from production site will start coming to the DR site across the WAN.
In this scenario, I am proposing to replicate the domain controllers also from the production site to the DR site, like the application servers. But I am not sure if block replication of production DC's to DR site and then when required for testing/invocation,
can we create a new VM and attaching virtual hard disks with the replicated data, will bring these VM's up as domain controllers in the DR site or will they have any negative effects ? Would this be a supported solution ? Any response will be highly appreciated.
Thanks in advance.You don't want to run any type of duplicated software to clone the DC, that is a bad idea. You could end up with lingering objects and/or Directory Service corruption.
If you want the DC's to exist in the same subnet then you are in a quandry. You can start to modify srv records so the DC won't authenticate clients (BUt you will have to manually change that at DR time).
I have a Blog that talks about lag site replication that blocks clients from ever attempting to authenticate to the DC, you should be able to use this same logic.
http://blogs.dirteam.com/blogs/paulbergson/archive/2013/05/14/how-to-build-an-ad-replication-delay-lag-site.aspx
You will want to create yourself a group policy that prevents the DC in the DR site from registering records that will advertise itself as an authenticating DC. If you need to use the DR site, you will need to remove the gpo and either reboot the DC
or run a gpupdate and restart NetLogon on the DC so it will register the records so the clients can then use this DC.
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
Existing machines ignore domain policies
I have a Mac OS X Tiger Server installation on which I've dictated several configuration policies to computer in my "Macs" group. For example, I point Software Update at the Server's SU Service, and I dictate a Login Window message, and that Network Users should appear in the Login Window list (among other things)
On a machine where I install a brand-new version of Tiger on a clean disk, everything works as it should. So, I believe the server is setup right.
However, on existing machines (installations that existed before there was a Mac OS X server around) it's kinda half and half. Policies like the Software Update setting took and work fine.
However, the Login Window settings are entirely ignored. I can't access any Network users as they're not in the list. I can't select "Other" (enabled by policy). The message does not appear. I can't turn on Fast User Switching on the machine (it's supposed to be on by policy, but I can't even enable it manually - the control is greyed out)
With Spotlight's help, I looked at the MCX files and both the working and non-working machines appear to be getting the proper policies locally in the plist files. It seems to me that the existing installations have some file or setting somewhere that prevent them from honoring domain policies.
Is there any way to get them to start working without doing a clean reinstall?Have you recently changed the Open Directory server's IP or search path? Regardless, try deleteing the MCX cache on the clients and reboot. You can also try to remove the server from Directory Access and then add it back.
-
OSX Server constantly drops Windows machines from domain
We have a 100 or so windows xp machines joined to the windows domain running on our Leopard server. Sometimes the xp machine cannot login to the domain. Says cannot connect to domain controller. This happens a LOT and happend in 10.4 and 10.5 server as well. Seems to be worse in 10.6.
The only way to fix the XP machine is to remove it from the domain, then readd it. This works until the next day when the server decides to forget about the machine again. All DNS and WINS entries are correct. The XP machine can connect to the domain controller and browse it by name and ip.
Does anyone now how to make the OSX server remember xp machines and quit doing this? It happens about 5 times a week so it's frustrating. If I join the XP machine to our real domain controller on a windows 2003 server it never loses it connection. Only when I join it to the PDC running on the mac server does it lose the domain abilities.
Lannie
PS Is there something under the hood I need to check, something misconfigured? Same symptoms on 10.4 through 10.6. Each version was a fresh build from scratch.With Apple using domain technology from 10 years ago and not supporting Windows 7 I think I got my answer. Plus the fact you cannot buy a xserve now. Moving on to Windows boxes.
-
Router blocks random IP or Domain Addresses
This appears to be a rather unusual problem and has only been noticed in the past month. Suddenly without any apparent warning, certain web sites are no longer accessible. This was first noticed when I was unable to access my pop3 email from the www.doteasy.com domain. I also was unable to access my web page located on that domain. On top of that I even was unable to access other web sites located on the same domain.
After 3 days of not being able to access the domain, I shut down my modem (a Speedstream 5100) and my Linksys WRT54G router, and my Dell Dimension 3000 computer. When everything came back up I was once again able to access my web domain and homepage.
A week later it happened again. This time I just pulled the plug on the router for 10-15 seconds and plugged it back in. Once again I was in business. It happened again today, 2/8/2008 and this time it was a Ventrilo VOIP site. Once again I pulled the plug for 10 seconds and again everything was fine.
This has me scratching my head. Anyone have any ideas what might be going on here? No changes have been made to the router setup in months.Try updating firmware of router. Do a reset after update and it may get fixed.
Maybe you are looking for
-
Takes a very long time to load pages and is laggy
The new''' FF (4) '''was good at first, but recently it is starting to lack the goodness it once had. '''It is becoming slower and slower by the day and takes a very long time to load pages. Sometimes the "loading" icon circles for 5 minutes, and whe
-
My plugins are not showing up in PS CC
Just installed PS CC ( both 32 and 64 bit version on Windows 7), looks good but not one of my plugins are showing up. I checked : Preferences-Plug-ins and it is showing login dialog to Photoshop Server. I am not familiar with CC so not sure what it
-
How to use a charctersic as a keyfigure in the BEx report
How to use a charctersic as a keyfigure in the BEx report?
-
Wrong image refresh in java applet AND Windows 7
I'm managing since few days a java applet that takes an image from an industrial product and shows it in a browser (simple web server). There is following issue: the image is not correctly loaded and refreshed in its own window if just opened but onl
-
Problem: Have created graphic of simulated instrument panel and display screens that update on clicking certain elements. After 4 such simulations, with maximum number of clicks in a given slide at about 5, the succeeding slides containing sims no lo