Name resolution and connectivity issues occur on Windows 2000 domain controllers that have the Routing and Remote Access service and DNS installed (830063)
The information in this article applies to:
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Advanced Server SP3
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows Registry SYMPTOMSA domain controller that is running Microsoft Windows 2000 Server may exhibit connectivity issues. The connectivity issues may occur when the domain controller is configured in the following manner: - The Routing and Remote Access service is configured to permit incoming connections.
- Domain Name System (DNS) is installed and configured locally.
- The hotfix that is included in the following Microsoft Knowledge Base article is installed:
308512 The gethostbyaddr() Function May Take More Time Than Expected to Resolve an Unknown IP Address
Additionally, one or more of the following symptoms may occur: Note Virtual private network (VPN) clients may not be able to browse the network, but the VPN clients can access
resources if the domain controller is a multihomed computer that is running as the domain master browser. CAUSEThis issue occurs because the Routing and Remote Access service does not respond to User Datagram Protocol (UDP) traffic on port 138 after you apply Microsoft Windows 2000 Service Pack 2 (SP2) and the hotfix that is listed in the "Symptoms" section. This issue also occurs after you apply Microsoft Windows 2000 SP3 or later service packs. When Windows 2000 SP2 is installed without the hotfix, you can set the DisableNetBIOSOverTCPIP registry value so that the computer is no longer multihomed. However, after you apply the hotfix to a computer that is running Windows 2000 SP2, or after you apply Windows 2000 SP3 or later service packs to the computer, the DisableNetBIOSOverTCPIP registry value causes logon problems for Windows NT clients, Windows 98 clients, and Windows 95 clients. The registry value also causes browsing problems for Windows XP clients and Windows 2000 clients because NetBIOS over TCP/IP is disabled on the remote access interface.
Windows NT clients, Windows 98 clients, and Windows 95 clients must use the UDP protocol to log on to a domain controller that is running Windows 2000 Server. Windows XP and Windows 2000 clients do not have to use the UDP protocol to log on to a domain controller that is running Windows 2000 Server because these clients can log on by using Kerberos authentication and DNS. Windows XP clients and Windows 2000 clients must use the UDP protocol to browse a Windows 2000-based network.RESOLUTIONTo resolve this issue, follow these steps on the domain controller that is running Windows 2000 Server. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. - Add the PublishAddresses registry value. To do this, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate and then click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters - On the Edit menu, click Add Value, and then add the following registry value:
Value name: PublishAddresses Data type: REG_SZ
Value data: Specify the Internet Protocol (IP) address of the internal interface. If you want to specify more than one IP address, separate the addresses by using spaces.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
289735
Routing and remote access IP addresses register in DNS
- Add the RegisterDnsARecords registry value. To do this, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate and then click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters - On the Edit menu, click Add Value, and then add the following registry value:
Value name: RegisterDnsARecords Data type: REG_DWORD Range: Change this value to 0. The default value is 1.
Note This registry key disables the registration of Net Logon A resource records for the domain name. After you set this value to 0 (zero), you must create two A resource records in DNS. You must create an A resource record in the root of the domain for the domain name, and you must also create an A resource record for your global catalog in gc._msdcs.domain name.com.
To do so, follow these steps: - Click Start, point to Programs, point to Administrative Tools, and then click DNS.
- In the console tree, expand Your Server, expand the Forward Lookup Zones branch, and then click Your Domain Name.
- On the Action menu, click New Host.
- In the IP address text box, type the internal IP address of your server.
- Leave the Name box empty, click Create Associated PTR Record, and then click Add Host.
- When you receive the following message, click
Yes:(same as parent folder) is not a valid host name. Are you sure you want to add this record?
- Under Forward Lookup Zones in the console tree, expand Your Domain Name, expand MSDCS, and then click the GC folder.
- On the Action menu, click New Host.
- In the Name box, type the name of your server as the DNS computer name for the new host.
- In the IP address box, type the internal IP address of your server.
- As an option, select the Create associated pointer (PTR) record check box to create an additional pointer record in a reverse zone for this host, based on the information that you entered in the Name box and the IP address box.
- Click Add Host to add the new host record to the zone.
- Right-click Your Server, and then select Update Server Data Files.
- Delete the DisableNetBIOSoverTcpip registry value. To do this, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate and then click the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Parameters\IP - Click the DisableNetBIOSoverTcpip registry value, and then click Delete on the Edit menu.
- In the Confirm Value Delete box, click Yes.
- Quit Registry Editor.
- Configure the Routing and Remote Access service to use a static IP address pool that is a range of addresses from a subnet that is different from the local network. The IP address range must be from a subnet that is different from the local network because after multihomed registrations occur, the client receives a local network IP address and a remote access IP address. The NetBIOS over TCP/IP component (Netbt.sys) on the client must use the IP address that is on the local subnet.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section of this article.
Modification Type: | Major | Last Reviewed: | 2/27/2004 |
---|
Keywords: | kbfix kbprb KB830063 kbAudITPRO |
---|
|