Microsoft KB Archive/830063

= Name resolution and connectivity issues occur on Windows 2000 domain controllers that have the Routing and Remote Access service and DNS installed =

Article ID: 830063

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Advanced Server

-





Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
A domain controller that is running Microsoft Windows 2000 Server may exhibit connectivity issues. The connectivity issues may occur when the domain controller is configured in the following manner:  The Routing and Remote Access service is configured to permit incoming connections. Domain Name System (DNS) is installed and configured locally. The hotfix that is included in the following Microsoft Knowledge Base article is installed:

308512 The gethostbyaddr Function May Take More Time Than Expected to Resolve an Unknown IP Address



Additionally, one or more of the following symptoms may occur:  Microsoft Windows NT 4 clients, Microsoft Windows 98 clients, and Microsoft Windows 95 clients may not be able to log on to the domain. Microsoft Windows XP clients and Windows 2000 clients cannot browse the list of computers in Network Neighborhood or in My Network Places. Windows XP clients and Windows 2000 clients cannot map a network drive to the server. The client may receive the following error message:

No Logon Servers Available to Service your Logon Request

</li></ul>

Note Virtual private network (VPN) clients may not be able to browse the network, but the VPN clients can access resources if the domain controller is a multihomed computer that is running as the domain master browser.

<div class="cause_section">

CAUSE
This issue occurs because the Routing and Remote Access service does not respond to User Datagram Protocol (UDP) traffic on port 138 after you apply Microsoft Windows 2000 Service Pack 2 (SP2) and the hotfix that is listed in the &quot;Symptoms&quot; section. This issue also occurs after you apply Microsoft Windows 2000 SP3 or later service packs. When Windows 2000 SP2 is installed without the hotfix, you can set the  registry value so that the computer is no longer multihomed. However, after you apply the hotfix to a computer that is running Windows 2000 SP2, or after you apply Windows 2000 SP3 or later service packs to the computer, the  registry value causes logon problems for Windows NT clients, Windows 98 clients, and Windows 95 clients. The registry value also causes browsing problems for Windows XP clients and Windows 2000 clients because NetBIOS over TCP/IP is disabled on the remote access interface.

Windows NT clients, Windows 98 clients, and Windows 95 clients must use the UDP protocol to log on to a domain controller that is running Windows 2000 Server. Windows XP and Windows 2000 clients do not have to use the UDP protocol to log on to a domain controller that is running Windows 2000 Server because these clients can log on by using Kerberos authentication and DNS. Windows XP clients and Windows 2000 clients must use the UDP protocol to browse a Windows 2000-based network.

<div class="resolution_section">

RESOLUTION
To resolve this issue, follow these steps on the domain controller that is running Windows 2000 Server.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. <ol> Add the  registry value. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, click Run, type regedit in the Open box, and then click OK.</li> Locate and then click the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

</li> On the Edit menu, click Add Value, and then add the following registry value:

Value name:

Data type: REG_SZ

Value data: Specify the Internet Protocol (IP) address of the internal interface. If you want to specify more than one IP address, separate the addresses by using spaces.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

289735 Routing and remote access IP addresses register in DNS

</li></ol> </li> Add the  registry value. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, click Run, type regedit in the Open box, and then click OK.</li> Locate and then click the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Data type: REG_DWORD

Range: Change this value to 0. The default value is 1.

Note This registry key disables the registration of Net Logon A resource records for the domain name. After you set this value to 0 (zero), you must create two A resource records in DNS. You must create an A resource record in the root of the domain for the domain name, and you must also create an A resource record for your global catalog in gc._msdcs. .com.

To do so, follow these steps: <ol> Click Start, point to Programs, point to Administrative Tools, and then click DNS.</li> In the console tree, expand  , expand the Forward Lookup Zones branch, and then click  .</li> On the Action menu, click New Host.</li> In the IP address text box, type the internal IP address of your server.</li> Leave the Name box empty, click Create Associated PTR Record, and then click Add Host.</li> When you receive the following message, click Yes:

(same as parent folder) is not a valid host name. Are you sure you want to add this record?

</li> Under Forward Lookup Zones in the console tree, expand  , expand MSDCS, and then click the GC folder.</li> On the Action menu, click New Host.</li> <li>In the Name box, type the name of your server as the DNS computer name for the new host.</li> <li>In the IP address box, type the internal IP address of your server.</li> <li>As an option, select the Create associated pointer (PTR) record check box to create an additional pointer record in a reverse zone for this host, based on the information that you entered in the Name box and the IP address box.</li> <li>Click Add Host to add the new host record to the zone.</li> <li>Right-click  , and then select Update Server Data Files.</li></ol> </li></ol> </li> <li>Delete the  registry value. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, click Run, type regedit in the Open box, and then click OK.</li> <li>Locate and then click the following key in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Parameters\IP

</li> <li>Click the DisableNetBIOSoverTcpip registry value, and then click Delete on the Edit menu.</li> <li>In the Confirm Value Delete box, click Yes.</li> <li>Quit Registry Editor.</li></ol> </li> <li>Configure the Routing and Remote Access service to use a static IP address pool that is a range of addresses from a subnet that is different from the local network. The IP address range must be from a subnet that is different from the local network because after multihomed registrations occur, the client receives a local network IP address and a remote access IP address. The NetBIOS over TCP/IP component (Netbt.sys) on the client must use the IP address that is on the local subnet.</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
All the following must be able to access the subnet where the Routing and Remote Access service is configured:
 * Internal clients that must be accessed by using remote access or by using VPN clients.
 * Servers that must be accessed by using remote access or by using VPN clients.

Microsoft recommends that you configure the Routing and Remote Access service on a member server if you can. Microsoft also recommends that you move the Primary Domain Controller emulator to another domain controller if another domain controller is available on the network.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section of this article.

Keywords: kbfix kbprb KB830063

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.