I have a single windows 2008 server running active directory, group policy, and DNS. DHCP is running from the firewall (this is because there are multiple branch locations, and each location has its own firewall supplying DHCP. But, for this problem, the server and workstation are at the same location).
On an XP workstation, if I try to visit \\domain.local or ping domain.local, the workstation can't find it. A ping returns Ping request could not find host domain.local.
If I try to visit \\server or \\server.domain.local or ping server or server.domain.local, I'm able to connect normally.
If I ping or visit domain.local on the server, I'm able to connect normally.
A-Records are in place in the DNS service for server, domain.local, and server.domain.local. A reverse lookup zone also is enabled and PTR records are in place.
If I wait 20-30 minutes, I am eventually able to ping and visit domain.local--but, when attempting to ping, it takes 30 second to return an IP address.
I am also unable to join a new workstation to the domain during this wait period. If I try, the error message returned is "network path not found".
Is there something I'm missing?
It sounds like your clients aren't using your DCs for DNS. This is a requirement for things to function properly unless you've gone through very specific steps to offload name resolution to other servers.
Your Windows clients should point to your DC(s) and only your DC(s) for name resolution.
Try the following in a command prompt:
What is the output?
Try a reverse lookup as well:
What about:
If you try to connect to \\domain.local are you prompted for a Username or Password? Try connecting to potential shares on domain.local.
For example:
Are you prompted for a Username or Password when connecting to these shares? Are there even any shares on your domain controller? Maybe there are but have you allowed access to them? When attempting to connect to your domain controller (\\domain.local) it is quite possible (and makes sense) that your domain controller doesn't have any shares. Can other systems access those shares on \\domain.local?
Its important to understand that \\server.domain.local is completely different then \\domain.local. Those are 2 different servers you are connecting to (assuming \\server has a different A record than \\domain.local).
Just because you cant ping domain.local doesn't mean you are having connectivity issues. ICMP echo request/reply (depending on the environment) can either be on of off on the domain controller (hence you getting a reply or not). In my environment, I don't get a reply when I ping my DC.
Are other systems on your network experiencing similar issues with the server taking 30 secs to respond with an IP? There are a variety of potential culprits, but if the the issue is isolated to one system/subnet/etc., check the following:
Are you having issues connecting to other systems? Is there some kind of 3rd party firewall in place? (Zone alarm?) Check the event log on the DC... anything?
Give us as much information as you can, test from different systems to isolate the problem. Once you can determine there are shares, other systems can access them, etc etc etc. than we can determine what the potential root issue is.
Same issue as OP "Unable to ping domain.local, but can ping server.domain.local"
Mine was a new domain setup for our test environment. After hours of troubleshoot and trying all the suggestions here; my colleague ran dcdiag dns test to find the issue on the domain controller: DCDiag /test:DNS
this returned something similar: DNS server: 172.16.0.98 (DC1) 1 test failure on this DNS server Name resolution is not functional. _ldap._tcp.domain.com. failed on the DNS server 172.16.0.98
DNS server: 172.16.0.99 (DC2) 1 test failure on this DNS server Name resolution is not functional. _ldap._tcp.domain.com. failed on the DNS server 172.16.0.99
based on that he then found that DNS A record for the Domain controller was missing DNS record
Adding it back fixed the issue