I have an XP workstation on a remote subnet that is not able to download the group policies. The Event Log entries are pretty clear. Upon troubleshooting it is clear that the workstation isn't able to translate the domains DNS into something it can connect to.
\\our.ad.dns.domain\SysVol\our.ad.dns.domain\Policies{5310CCFF-43F3-4424-A7AC-96942D065331}\
Won't resolve. "net view \\our.ad.dns.domain" returns "network path not found".
And yet, nslookup on our.ad.dns.domain returns the IPs of all of the domain controllers. What's more, these work:
- \\addc1\SysVol\our.ad.dns.domain\Policies{5310CCFF-43F3-4424-A7AC-96942D065331}\
- \\addc2\SysVol\our.ad.dns.domain\Policies{5310CCFF-43F3-4424-A7AC-96942D065331}\
- \\addc3\SysVol\our.ad.dns.domain\Policies{5310CCFF-43F3-4424-A7AC-96942D065331}\
So it can talk to the DC's just fine once it figures out how to get there.
The problem initially presented as an inability to log in, which was traced down not being able to resolve one of the domain controller's name, "addc3". A "net view \\addc3" failed with "network path not found". Once we added an ADDC3 entry into WINS (yes we still have it) resolution started working.
So WINS resolution is working fine, but for some reason DNS lookups aren't being performed when resolving Windows addresses.
Unfortunately for all involved, this one subnet is served by an ISC DHCP server that I don't have access to. All but two of the rest of our subnets are served by Microsoft DHCP servers I DO have access to. So it could be a case of a bad DHCP option, but I can't get in to look, nor do I know the right questions to ask of the network guys.
They probably forgot to set the DNS search suffix, Note that you only get 1 (option 15) so if you want more you should remotely edit registry, or run a script like this..
Also verify that netbios over tcp/ip is enabled and that the TCP/IP NetBIOS Helper Service is enabled and running.