[BigDaddy]

taurus-1.siol.net ---> 193.189.160.11
Is my ISP's DNS server. And my ISP's name is SIOL.
 lsasrv.png (19.14K)
Number of downloads: 140
and also nslookup does this when typing it from a client computer:
 nslookup.png (2.97K)
Number of downloads: 79
But otherwise DNS resolving works. Just look at the cache:
 cache.png (9.12K)
Number of downloads: 79


btw. The server machine on which DNS SERVER service is running is a Win2k3 SP1 machine. Configured as a workgroup and not as a domain.

My network diagram:

This post has been edited by BigDaddy: 22 December 2005 - 02:18 AM

[cluberti]

Make sure you've configured your DNS server to allow all updates, not just secure updates. Since you do not have a domain, the "secure updates" setting will not work (and you'll see those errors).

[BigDaddy]

cluberti, on Dec 12 2005, 05:19 PM, said:

Make sure you've configured your DNS server to allow all updates, not just secure updates. Since you do not have a domain, the "secure updates" setting will not work (and you'll see those errors).

This is how I've set it now, will this suffice?

Attached File(s)

•  Screenshot_SERVER___Remote_Control.png (10.19K)
  Number of downloads: 71

[cluberti]

Yes, it should.

[BigDaddy]

Nope!
Am still getting the errors and they are precissely 60minutes appart.

I attach my log file. Just open it with Event Viewer

Attached File(s)

•  lsaserv.rar (1.73K)
  Number of downloads: 21

This post has been edited by BigDaddy: 13 December 2005 - 05:09 PM

[cluberti]

Are you certain of the following?

1. All domain controllers have the same time, and are set in their proper time zones.
2. You have NO public DNS information on any of your servers or clients - they all have only internal DNS servers in their DNS configuration (or gathered from DHCP).
3. This has worked before (those error messages are not necessarily uncommon in a non-domain environment, as these are Kerberos errors).

There is one thing you can try, as these errors can occur if other services start before the DNS service. What you may wish to try is making the NETLOGON service depend on DNS. This can be done in the registry:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon
Value: DependOnService
Data: DNS (add under any other values listed here)

[BigDaddy]

cluberti, on Dec 14 2005, 04:42 PM, said:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon
Value: DependOnService
Data: DNS (add under any other values listed here)

Just did that. But I still recieve the error.

In the meantime I'm having another problem:
Eversince I installed DNS SERVER service on Win2k3 computer and naming the PRIMARY DNS SUFFIX to "workgroup.org" so the full computer name is "server.workgroup.org"
I've been getting this in IE and FF when I haven't type the full name of the address:
ex.: google instead of www.google.com

Quote

Welcome to your new web site.

If you are seeing this page, you will need to wait a few hours before you
are able to access the site via your browser.

However, you are able to FTP content to your IP address at this time.

Thank you for choosing Us.

the time now is: 10:12:54 AM



How to get rid of this?

This post has been edited by BigDaddy: 19 December 2005 - 01:32 AM

[nmX.Memnoch]

"workgroup.org" is a valid domain name that someone owns. If you open that page in your browser you'll see the same message you posted. If you're connected to the internet, which you are, you should never use a domain name that is already in use by someone else (this is easy to check using sites such as register.com or doing a simple whois). It'll cause errors in your DNS and could potentially be causing errors on their DNS server(s). When doing internal DNS domains on networks connected to the internet, but that won't be seen by the outside world you should use a suffix that isn't a "valid" suffix such as workgroup.local.

[cluberti]

Good catch - that is likely the root cause of all of the problems. I made the silly assumption that the poster did own workgroup.org.

To the original poster: if someone else owns the domain, you will have problems. Either use a domain name you own, or make the domain name <whateveryou'dlikehere>.local.

[BigDaddy]

changed it to: server.workgroup
And so far soo good but I'm still getting the LSASRV error described in my first post. How to get rid of this one?

This post has been edited by BigDaddy: 08 March 2006 - 10:27 AM

[nmX.Memnoch]

I'm willing to bet that taurus-1.siol.net is the DNS server for workgroup.org. You're getting the error because workgroup.org is probably still referenced in your DNS server somewhere...and the actual DNS server for that domain is telling your DNS server that it doesn't have access to update records.

There's a proper way to clean up all of the DNS records when you change the domain name...but I'm not exactly sure what that is. I had problems with my AD when I changed the domain name; promoted first server with dcpromo and setup domain...changed my mind and demoted via dcpromo...then did it all over again. I would periodically get DNS errors in my Event Logs for the original domain name that I wasn't using anymore. That was several machines/installs ago though (my home network changes too frequently to worry that much about it).

[BigDaddy]

Should have explained this earlier:
taurus-1.siol.net ---> 193.189.160.11
Is my ISP's DNS server. And my ISP's name is SIOL.

[BigDaddy]

finally have the sollution. Tanx to a guy at www.SLO-TECH.COM
http://www.changeip....s/nsupdates.asp

This post has been edited by BigDaddy: 13 March 2006 - 01:13 AM