Windows 2003 Server: Should it be running DNS (See: diagram)

And it's better to have DHCP running from your Domain controllers than from a wireless router. That way you can make better use of Dynamic DNS, which looks to be a big part of your problem.

I agree with above. Do not use your wireless router for anything but routing. The server should do all DHCP, AD and DNS.

So does Windows Server 2003 assign an IP to the wireless access point?

Or rather I guess the wireless router and the server should have static IPs, yes?

Yes. Your DHCP server has to be static.

But it is also recommended that all DNS servers are static too..

I always keep routers at x.x.x.1 and the main DC and other servers somewhere between x.x.x.10 and 20. That leaves you about 220 or so addresses for DHCP. The DNS on the DC should either have Forwarders configured to point to your ISP's Public DNS servers for internet communications (Or 4.2.2.2 if you like. That's a wide open public DNS server run by...someone. Just as easy to remember DNS server). From here: http://support.microsoft.com/kb/323380 

How to Configure Forwarders
Windows Server 2003 can take advantage of DNS forwarders. This feature forwards DNS requests to external servers. If a DNS server cannot find a resource record in its zones, it can send the request to another DNS server for additional attempts at resolution. A common scenario might be to configure forwarders to your ISP's DNS servers.

   1. Click Start, point to Administrative Tools, and then click DNS.
   2. Right-click ServerName, where ServerName is the name of the server, and then click the Forwarders tab.
   3. Click a DNS domain in the DNS domain list. Or, click New, type the name of the DNS domain for which you want to forward queries in the DNS domain box, and then click OK.
   4. In the Selected domain's forwarder IP address box, type the IP address of the first DNS server to which you want to forward, and then click Add.
   5. Repeat step 4 to add the DNS servers to which you want to forward.
   6. Click OK.

Configure DHCP to hand out your Domain Controller's IP as the Primary DNS server and Internet DNS requests will be forwarded out.

You'll also want to go here to figure out the DHCP setup: http://www.windowsnetworking.com/articles_tutorials/DHCP_Server_Windows_2003.html

The reason we recommend having the Server run DHCP and DNS is because Active Directory makes heavy use of Dynamic DNS, which means the IPs on your network can change a lot, but you will always be able to connect to them using the host name. Windows DHCP will automatically update your DNS entries, whereas the DHCP server from your Wireless Router will not (Without additional configuration). This is what has caused a big part of your problem. Entries in DNS are not matching up with their actual IP addresses.

Well the advice is the Windows 2003 server handle DNS and DHCP. So setting a static IP for that takes care or both.

No the router is sitting on the static IP assignment page.

I assigned it 192.168.1.1 with SNM 255.255.255.0

The gateway is the ISP's address xxx.xxx.xxx.1

Static DNS1 and DNS2 are Open DNS

It has an assigned host name and the domain name is net.sb.local, as with all other computers.

I do not know what to put for Gateway and local DNS for the router.

You need to use the ISP's gateway. This depends though on how you connect to your ISP. Some will have you setup with DHCP. If you have a static IP with your ISP, then you would set the IP, Subnet,and gateway on your WAN connection on the router to the ISPs settings. I think you are confusing external and internal IP. When we were saying that your servers and router need to be static, we were referring to internal (LAN) For external connection, you will set your WAN or external network on the router to the settings for your ISP.

Just a note, all servers should by best practice be static internally. I only mentioned DHCP because it is required.

Sorry...

The router has the ISP's gateway address.

It has a place for three static DNS addresses. I gather from above those will also be the ISP's DNS servers.

Below that there is a Gateway and local DNS address spaces.

Then would the gateway and local DNS addresses be the Windows 2003 server's static address?

Okay, I will rephrase after a change.

The router's wan addresses are set to DHCP as that is how my ISP assigns addresses.  I happen to know the ISP's DNS server addresses and those are set as DNS forwarders. And even though my address is set via the ISP's DHCP server I have had the same lease for 10 years.

The router is disabled as a DHCP server and has a LAN static IP of 192.168.1.1.

It has addresses in the LAN section for gateway and DSN.  I am assuming the Windows 2003 Server which also has a static IP is the LAN Gateway and LAN DNS server for the router. Is that correct?

The router should not have a gateway in the LAN. On the LAN you should only be able to set the IP and the subnet.

Your network will have 1 gateway, your router.DNS on the router does not matter because DNS will be resolved by the server.

Well I have the router set with no gateway or local DNS.

DHCP on Windows 2003 is assigning leases correctly, it seems, however only the server can reach the Internet.

Where did I screw up?

Setup:
router.JPG
DNS-Forwarders.JPG
DHCP.JPG

If the setup was wrong, why would the server be able to get out on the Internet?

Ignore the step about Using root hints. That's a windows 2008 thing. Sorry :D

The reason the server still connects is because it has not renewed its IP address or anything else since I started.

I'm far from hopeless as I know I can always put things back the way they were before, but I would like to do it correctly.

Now:
003 Router                 |   Standard  | 192.168.1.1             |      None
006 DNS Servers        |   Standard  | 192.168.1.103         |       None

Local PC: ipconfig /all


        Connection-specific DNS Suffix  . : net.sb.local
        Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network
        Physical Address. . . . . . . . . : 00-13-02-A0-78-97
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.136
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.169.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.103
        DNS Servers . . . . . . . . . . . : 192.168.1.103
        Primary WINS Server . . . . . . . : 192.168.1.103
        Lease Obtained. . . . . . . . . . : Thursday, July 01, 2010 11:49:07 PM
        Lease Expires . . . . . . . . . . : Friday, July 09, 2010 11:49:07 PM

Looks right to me.

But:

C:\Documents and Settings\admin.NET>ping rodsdot.com

Pinging rodsdot.com [96.31.44.63] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 96.31.44.63:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

====================================================

I can only assume (possibly incorrectly) that DNS worked as I got the IP resilved for my domain, rodsdot.com.

So why no connectivity?

Your default gateway is set wrong. 192.169 instead of 192.168

On the system you did the IPconfig/all on I mean.

I'm going to reboot the server and guess I'll lose Internet connectivity.  If so, I'm putting things back to before the Q so I can get my e-mail and check in here.

See you in ????

Removed DHCP server. Reconfigured router to assign DHCP, and I'm back online.

After rebooting the server it had the wrong DNS servers (not the ones listed in DNS Forwarders.

Somethings odd on the server so tomorrow, or whenever I have some time, I'll remove DNS first. Then reinstall DNS and DHCP and start again.

Might be a few days as I am changing residences so it will be in between packing boxes and touching up some paint.

Probably about the same time tomorrow night, we'll see.

Thanks so far,
Rod

Honestly - to me it seems like you make it all way too complex. Maybe just my perception of the comments, however to accomplish what you want you should do:

Some basics first:

AD is the foundation for your "directory", which is in fact a whole lot of objects, contained in one or more domains, which again is contained in one or more forests. Since you are operating with domains, DNS is mandatory, and it MUST be active directory integrated DNS zones for you to host a DC.

I will here describe an setup that will work, you may have to adjust IP's to your local subnet:

Your routers internal LAN IP: 192.168.1.1
Your routers external IP config: DHCP from ISP
Disable router DHCP server.

Configure your servers TCP/IP as follows:
Static IP: 192.168.1.2
DNS: 192.168.1.2
Gateway: 192.168.1.1
IMPORTANT: Make sure that you have checked the "register this connection's addresses in DNS"

Enable DHCP on your server and create a scope as follows:
Pool range: 192.168.1.1 - 192.168.1.254
pool subnet: 255.255.255.0
Exclude addresses: 192.168.1.1 - 192.168.1.20
Scope options: Router=192.168.1.1, DNS=192.168.1.2
Since youre running an active directory - make sure that you have authorized your DHCP server in active directory, and then enable your scope.

Do NOT reserve any addresses unless you have a specific host, that you always want to have the same IP but do not want to configure with a static IP - however do that later, for now get your setup to work.

Enable DNS on the server and make sure that it has one of the following:

Forwarders configured for your ISP's DNS servers, or the full list of root hints, so that it can fully resolve DNS names.

The DNS server must have your domain forward lookup zone, and it must be an active directory integrated zone. If it does not create it and go to cmd prompt and type "net stop netlogon", then "net start netlogon" to let the server create the neccessary srv records for your domain members to be able to find the domain controller.

That should create some containers below the forward lookup zone, if it does not you may be best off removing the domain and recreating it (unless you have alot of stuff configured in the domain - which I find unlikely as the config you posted can never have been a working domain).

Note that if you implement the above configuration you should have a working domain controller, and a network setup where you have a working DHCP too.

HI:

This appears to be one of those posts that can quickly get convoluted and confusing to the author.

If you don't mind, I would like to be the fly on the wall that helps the author orchestrate this.

Guys, let's start with DNS integration. We can address DHCP afterwards.

The simple fact is, everything was set up properly except on thing. The problem is here:
        Connection-specific DNS Suffix  . : net.sb.local
        Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network
        Physical Address. . . . . . . . . : 00-13-02-A0-78-97
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.136
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.169.1.1  <---------!!!!!!!!!!!!!!!!!!!!! Right here!
        DHCP Server . . . . . . . . . . . : 192.168.1.103
        DNS Servers . . . . . . . . . . . : 192.168.1.103
        Primary WINS Server . . . . . . . : 192.168.1.103
        Lease Obtained. . . . . . . . . . : Thursday, July 01, 2010 11:49:07 PM
        Lease Expires . . . . . . . . . . : Friday, July 09, 2010 11:49:07 PM

RDivil, we didn't get a screenshot of the DHCP scope you had set up, and I think you may have misread the address that was in there for the Router option. Basically, your default gateway was wrong.

Default Gateway . . . . . . . . . : 192.169.1.1  <---------!!!!!!!!!!!!!!!!!!!!! Right here!

Should be what? Windows Servers IP?

The Router IP address, 192.168.1.1

To answer your last question, the IP should be the IP of your internet gateway (which is your router - 192.168.1.1, not 192.169.1.1 as entered in the configuration).

As it seems to me, the IPCONFIG you posted would be from a client pc obtaining a DHCP release from the server. You need to change the "router" parameter in your DHCP scope options to the correct gateway and you should be able to access the internet from your clients too.

Duh, what a stupid typo.  Now have to do it all again. Thanks.

Server has static IP, 192.168.1.10 and clients are pulling 192.168.1.xxx addresses.

Router has static LAN IP of 192.168.1.1 and is pulling DHCP from the ISP on the WAN port.

Despite the errors below, both clients and server can resolve local and Internet addresses.

DNS has forwards 64.126.4.189 and ...193. Those are the correct DNS servers for the ISP.

DHCP excludeds 192.168.1.1 through 192.168.1.10.  There are no reservations.

So per ChiefIT, looks like DNS needs some work before DHCP can be nailed down.

Regards,
Rod

C:\>DCdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\OLYMPUS
      Starting test: Connectivity

ERROR 1
================================================================================
         The host 8b536d33-c1c8-48c7-b204-c32d15e82824._msdcs.net.sb.local could
 not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (8b536d33-c1c8-48c7-b204-c32d15e82824._msdcs.net.sb.local) couldn't be
         resolved, the server name (olympus.net.sb.local) resolved to the IP
         address (192.168.1.10) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... OLYMPUS failed test Connectivity
================================================================================



Doing primary tests

   Testing server: Default-First-Site-Name\OLYMPUS

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : net

   Running enterprise tests on : net.sb.local
      Starting test: DNS
         Test results for domain controllers:

            DC: olympus.net.sb.local
            Domain: net.sb.local


               TEST: Basic (Basc)
ERROR 2 (adapter should be 192.169.1.10. I do not know where these other
IP addresses are coming from.
================================================================================
                  Error: No LDAP connectivity
                  Warning: adapter [00000001] VIA Rhine II Compatible Fast Ether
net Adapter has invalid DNS server: 192.168.1.130 (<name unavailable>)
                  Warning: adapter [00000001] VIA Rhine II Compatible Fast Ether
net Adapter has invalid DNS server: 64.126.4.189 (<name unavailable>)
                  Warning: adapter [00000001] VIA Rhine II Compatible Fast Ether
net Adapter has invalid DNS server: 64.126.4.193 (<name unavailable>)
                  Error: all DNS servers are invalid
================================================================================

ERROR 3
================================================================================
                  Error: The A record for this DC was not found
================================================================================


ERROR 4
================================================================================
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 64.126.4.189 (<n
ame unavailable>)
                  Error: Forwarders list has invalid forwarder: 64.126.4.193 (<n
ame unavailable>)
                  Error:k.root-servers.net. IP: <Unavailabe> Status:A record not
 found
                  Error:l.root-servers.net. IP: <Unavailabe> Status:A record not
 found
                  Error:m.root-servers.net. IP: <Unavailabe> Status:A record not
 found
================================================================================


ERROR 5
================================================================================
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network a
dapters

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 64.126.4.189 (<name unavailable>)
               2 test failures on this DNS server
               Name resolution is not functional. _ldap._tcp.net.sb.local. faile
d on the DNS server 64.126.4.189

            DNS server: 64.126.4.193 (<name unavailable>)
               2 test failures on this DNS server
               Name resolution is not functional. _ldap._tcp.net.sb.local. faile
d on the DNS server 64.126.4.193


ERROR 6 (There is no 192.168.1.130)
================================================================================
            DNS server: 192.168.1.130 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.168.1.130
               Name resolution is not functional. _ldap._tcp.net.sb.local. faile
d on the DNS server 192.168.1.130

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: net.sb.local
               olympus                      PASS FAIL FAIL PASS PASS FAIL n/a

         ......................... net.sb.local failed test DNS

C:\>

Select allOpen in new window

Following the steps carefully and in order I get the following from dcdiag /test:DNS, which is one more failure than previous tests.

From the Event log in DNS:
The DNS server encountered error 32 attempting to load zone net.sb.local from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The DNS server encountered error 32 attempting to load zone 1.168.192.in-addr.arpa from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


So: I removed all computers (except the DC:OLYMPUS) and all non-native users from AD Users And Computers and will redo all of the recommended steps again.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>DCdiag /test:DNS

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\OLYMPUS
      Starting test: Connectivity
         The host 8b536d33-c1c8-48c7-b204-c32d15e82824._msdcs.net.sb.local could
 not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (8b536d33-c1c8-48c7-b204-c32d15e82824._msdcs.net.sb.local) couldn't be
         resolved, the server name (olympus.net.sb.local) resolved to the IP
         address (192.168.1.10) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... OLYMPUS failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\OLYMPUS

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : net

   Running enterprise tests on : net.sb.local
      Starting test: DNS
         Test results for domain controllers:

            DC: olympus.net.sb.local
            Domain: net.sb.local


               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Warning: adapter [00000001] VIA Rhine II Compatible Fast Ether
net Adapter has invalid DNS server: 192.168.1.130 (<name unavailable>)
                  Warning: adapter [00000001] VIA Rhine II Compatible Fast Ether
net Adapter has invalid DNS server: 64.126.4.189 (<name unavailable>)
                  Warning: adapter [00000001] VIA Rhine II Compatible Fast Ether
net Adapter has invalid DNS server: 64.126.4.193 (<name unavailable>)
                  Error: all DNS servers are invalid
                  Error: The A record for this DC was not found

               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 64.126.4.189 (<n
ame unavailable>)
                  Error: Forwarders list has invalid forwarder: 64.126.4.193 (<n
ame unavailable>)

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network a
dapters

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 64.126.4.189 (<name unavailable>)
               2 test failures on this DNS server
               Name resolution is not functional. _ldap._tcp.net.sb.local. faile
d on the DNS server 64.126.4.189

            DNS server: 64.126.4.193 (<name unavailable>)
               2 test failures on this DNS server
               Name resolution is not functional. _ldap._tcp.net.sb.local. faile
d on the DNS server 64.126.4.193

            DNS server: 192.168.1.130 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.168.1.130
               Name resolution is not functional. _ldap._tcp.net.sb.local. faile
d on the DNS server 192.168.1.130

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: net.sb.local
               olympus                      PASS FAIL FAIL PASS PASS FAIL n/a

         ......................... net.sb.local failed test DNS

C:\Documents and Settings\Administrator>

Select allOpen in new window

DNS-20100703-1351HRS.jpg

Removed all root hints, deleted forward and reverse zones.

The ran Ipconfig /flushdns

Added the forward zone net.sb.local

Ran:
Ipconfig /registerdns
Net stop netlogon
Net start netlogon
DCdiag /fix|DNS

=========================================================
C:\Documents and Settings\Administrator>Ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Administrator>Ipconfig /registerdns

Windows IP Configuration

Registration of the DNS resource records for all adapters of this computer has b
een initiated. Any errors will be reported in the Event Viewer in 15 minutes..

C:\Documents and Settings\Administrator>Net stop netlogon
The Net Logon service is stopping.
The Net Logon service was stopped successfully.


C:\Documents and Settings\Administrator>Net start netlogon
The Net Logon service is starting........
The Net Logon service was started successfully.

C:\Documents and Settings\Administrator>DCdiag /fix|DNS

C:\Documents and Settings\Administrator>
=================================================

Attached Forward Zone Image after the above.
Attached Forwarders Image

Ran: DCdiag /test:DNS
=================================================
output in code block
=================================================

Sorry If I cross post someone but it took several minutes to perform all of this.

Rod

C:\>DCdiag /test:DNS

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\OLYMPUS
      Starting test: Connectivity
         The host 8b536d33-c1c8-48c7-b204-c32d15e82824._msdcs.net.sb.local could
 not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (8b536d33-c1c8-48c7-b204-c32d15e82824._msdcs.net.sb.local) couldn't be
         resolved, the server name (olympus.net.sb.local) resolved to the IP
         address (192.168.1.10) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... OLYMPUS failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\OLYMPUS

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : net

   Running enterprise tests on : net.sb.local
      Starting test: DNS
         Test results for domain controllers:

            DC: olympus.net.sb.local
            Domain: net.sb.local


               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Warning: adapter [00000001] VIA Rhine II Compatible Fast Ether
net Adapter has invalid DNS server: 192.168.1.130 (<name unavailable>)
                  Warning: adapter [00000001] VIA Rhine II Compatible Fast Ether
net Adapter has invalid DNS server: 64.126.4.189 (<name unavailable>)
                  Warning: adapter [00000001] VIA Rhine II Compatible Fast Ether
net Adapter has invalid DNS server: 64.126.4.193 (<name unavailable>)
                  Error: all DNS servers are invalid
                  Error: The A record for this DC was not found

               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 4.4.4.2 (<name u
navailable>)
                  Error: Forwarders list has invalid forwarder: 64.126.4.189 (<n
ame unavailable>)
                  Error: Forwarders list has invalid forwarder: 64.126.4.193 (<n
ame unavailable>)

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network a
dapters

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 64.126.4.189 (<name unavailable>)
               2 test failures on this DNS server
               Name resolution is not functional. _ldap._tcp.net.sb.local. faile
d on the DNS server 64.126.4.189

            DNS server: 64.126.4.193 (<name unavailable>)
               2 test failures on this DNS server
               Name resolution is not functional. _ldap._tcp.net.sb.local. faile
d on the DNS server 64.126.4.193

            DNS server: 192.168.1.130 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.168.1.130
               Name resolution is not functional. _ldap._tcp.net.sb.local. faile
d on the DNS server 192.168.1.130

            DNS server: 4.4.4.2 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 4.4.4.2

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: net.sb.local
               olympus                      PASS FAIL FAIL PASS PASS FAIL n/a

         ......................... net.sb.local failed test DNS

C:\>

Select allOpen in new window

DNS-20100703-1409HRS.jpg
Forwarders.jpg

Well, you are still having problems with the DNS SRV records.

Let's look in the reverse lookup zone for your server. It appears you might have a problem with the reverse lookup.

Once done. Look at your IPconfig /all and make sure NO outside servers are providing DNS.

Then, go to the command prompt and type DCdiag /fix|DNS

Oh, and let me ask if this is a solo domain server or if you ever had a second server on this domain. It looks like metadata from an old server is still hanging around.

It is a solo and yes it also I also see old metadata hanging around.

Obviously the forwarders are providing DNS.

I have an idea. Wait one....

The best metadata cleanup article is this one:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

It tells you how to clean up DNS, AD, and FRS metadata.

Did'nt work. I removed outside DNS servers from the servers static IP configuration. Had to put them back.

Before anything else please post your IPCONFIG /ALL of this host.

The errors you are getting points towards not using the correct DNS server (deleting/recreating the zone should create all your SRV records when you stopped/started the netlogon service, however that did not happen and that makes me suspect that you are not using the correct DNS server address on the local host).

DCDIAG attempts to resolve through your forwarders, which is very strange unless you have those DNS servers added to your local IP configuration, as the domain controller itself wont go beyond your primary DNS server unless it fails to respond.

>DCDIAG attempts to resolve through your forwarders,
>which is very strange unless you have those DNS servers
>added to your local IP configuration, as the domain controller
>itself wont go beyond your primary DNS server unless it fails to respond.

I did remove the external (or ISPs DNS servers to local IP configuration.  After doing so, leaving the server's IP as to only DNS server, I lost Internet connectivity and put the ISP's DNS servers back into the local IP configuration.

IPCONFIG /ALL below.

C:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : olympus
   Primary Dns Suffix  . . . . . . . : net.sb.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : net.sb.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VIA Rhine II Compatible Fast Ethernet Ada
pter
   Physical Address. . . . . . . . . : 00-0B-6A-26-AC-F4
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.130
                                       64.126.4.189
                                       64.126.4.193

C:\>

Select allOpen in new window

There's the darn leftover .130 address. I will change local IP configuration to remove external DNS servers and add the correct address for the OLYMPUS server in DNS.

Ok - I can see the culprit.

When you make your first DC, that DC (preferably) should be hosting your DNS.

You need to make sure that DNS is hosted on your DC, and that your DC does ONLY use itself for name resolution! This is important.

So make sure DNS is running on 192.168.1.10 and change DNS servers to 192.168.1.10, the do :

net stop netlogon
net start netlogon

And see if your zone now has some SRV records (would be extra folders below the net.sb.local forward lookup zone. I do unfortunately not have a DC ready I can grab some screenshots off right now.

I see you have put 192.168.1.130 in as a DNS server?? Which server is that (what kind of server OS/DNS).

Let me explain the problem with your current config:

Your tcp/ip configuration wants to update DNS records with the correct IP addresses of your interfaces, but since the host "olympus" is not even using its very own DNS server, that wont ever happen, as I will guess the DNS servers deny registration (atleast the 64.126.x.x ones will for sure).

The screenshots you post show the configuration of the DNS server "olympus" which is located at 192.168.1.10. This means that you need to use this DNS as a domain dns zone MUST be active directory integrated, and for that to happen the DNS server must run off a DC, and as I understand it you have only one DC (olympus with IP 192.168.1.10).

Server Has Internet connectivity:


C:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : olympus
   Primary Dns Suffix  . . . . . . . : net.sb.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : net.sb.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VIA Rhine II Compatible Fast Ethernet Ada
pter
   Physical Address. . . . . . . . . : 00-0B-6A-26-AC-F4
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.10

C:\>

After you restarted the netlogon service, did your dns zone receive additional folders (SRV containers) ?

You can now btw run these commands as instructed earlier:

ipconfig /flushdns
ipconfig /registerdns

And that should fix your dcdiag resolution issues.

Removed Zones
Ipconfig /flushdns
Ipconfig /registerdns
Net stop netlogon
Net start netlogon

Zones not readded
Manually readded empty Forward and Reverse Zones

Ipconfig /flushdns
Ipconfig /registerdns
Net stop netlogon
Net start netlogon

Those commands added the DC's records to DNS

DCdiag /fix|DN

Below:


DCdiag /fix|DN

C:\>Ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\>Ipconfig /registerdns

Windows IP Configuration

Registration of the DNS resource records for all adapters of this computer has b
een initiated. Any errors will be reported in the Event Viewer in 15 minutes..

C:\>Net stop netlogon
The Net Logon service is stopping.
The Net Logon service was stopped successfully.


C:\>Net start netlogon
The Net Logon service is starting........
The Net Logon service was started successfully.


C:\>Ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\>ipconfig /registerdns

Windows IP Configuration

Registration of the DNS resource records for all adapters of this computer has b
een initiated. Any errors will be reported in the Event Viewer in 15 minutes..

C:\>Net stop netlogon
The Net Logon service is stopping.
The Net Logon service was stopped successfully.


C:\>Net start netlogon
The Net Logon service is starting........
The Net Logon service was started successfully.


C:\>DCdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\OLYMPUS
      Starting test: Connectivity
         The host 8b536d33-c1c8-48c7-b204-c32d15e82824._msdcs.net.sb.local could
 not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (8b536d33-c1c8-48c7-b204-c32d15e82824._msdcs.net.sb.local) couldn't be
         resolved, the server name (olympus.net.sb.local) resolved to the IP
         address (192.168.1.10) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... OLYMPUS failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\OLYMPUS

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : net

   Running enterprise tests on : net.sb.local
      Starting test: DNS
         Test results for domain controllers:

            DC: olympus.net.sb.local
            Domain: net.sb.local


               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Warning: adapter [00000001] VIA Rhine II Compatible Fast Ether
net Adapter has invalid DNS server: 192.168.1.10 (<name unavailable>)
                  Error: all DNS servers are invalid

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network a
dapters

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 192.168.1.10 (<name unavailable>)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.net.sb.local. faile
d on the DNS server 192.168.1.10

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: net.sb.local
               olympus                      PASS FAIL PASS PASS PASS FAIL n/a

         ......................... net.sb.local failed test DNS

C:\>

Select allOpen in new window

Why am I getting:

The host 8b536d33-c1c8-48c7-b204-c32d15e82824._msdcs.net.sb.local could
 not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (8b536d33-c1c8-48c7-b204-c32d15e82824._msdcs.net.sb.local) couldn't be
         resolved, the server name (olympus.net.sb.local) resolved to the IP
         address (192.168.1.10) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... OLYMPUS failed test Connectivity

Tell me - out of curiousity - when you re-created the zone, you made it as an active directory integrated zone right?

At this point, my advice right now will be: demote your dc and destroy the domain, and then re-promote it. That will make the correct adjustments and ensure the zone is created correctly and the DNS setup is functioning.

Note that for registerdns to work, you will have to have a zone to register into, and as you've deleted the zones in your first attempt it failed (which is quite expected).

Now you SHOULD have got some SRV records (and again they will look like folders below your forword lookup zone). I can see from the dcdiag that this is not case. This make me suspect that you've created the zone incorrectly somehow or something else is very wrong at this time. (might be that you created a primary zone and did not let it be AD integrated?)

Ill be off to bed now - so wont be replying before tomorrow sometime. Until then play around with it.

Sorry I didn't see that last comment of yours, it was late yesterday. However it is because your servicerecords has not been correctly added to your zone.

Actually to distinguish microsoft LDAP services from others by use of DNS, there is created a form of a subdomain below your forward lookup zone, and what your see is an error attempting to identify a DC through looking it up by using the microsoft specific implementation. Without your SRV records created correctly, that will fail, and that is what happens for you.

I removed Active Directory, i.e. demoted the server from a DC to just another server.

Added 1 ISP DNS Server to the local IP configuration so I would have Internet connectivity when I rebooted.  Rebooted.

Ran the AD Wizard establishing a new AD.
Ran the DNS and DHCP configuration wizards doing which I found the defaults to already be correct. e.g. In DNS there were already forward zone records for the server, there was an _msdcs,net.sb.local forward zone and a  _msdcs subforlder under the net.sb.local forward zone.

In DHCP, it already had the proper scope and reservations for 192.168.1.1 - 192.168.1.10. I did have to add the forwarders to DNS. The local IP dropped the DNS server of the ISP without my intervention and kept the server's IP address as the DNS server.

The router is 192.168.1.1 and the server is 192.168.1.10.

I added my user id back to AD and it asked for my password, etc.

The clients pull (or are given) correct information:

Client
=======================================
C:\>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : divilbiss
        Primary Dns Suffix  . . . . . . . : net.sb.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : net.sb.local
                                            net.sb.local
                                            sb.local

Ethernet adapter Local Area Connection:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
        Physical Address. . . . . . . . . : 00-15-C5-1D-AD-82

Ethernet adapter Wireless Network Connection 3:

        Connection-specific DNS Suffix  . : net.sb.local
        Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection
        Physical Address. . . . . . . . . : 00-13-02-A0-78-97
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.136
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.10
        DNS Servers . . . . . . . . . . . : 192.168.1.10
        Lease Obtained. . . . . . . . . . : Saturday, July 03, 2010 3:00:43 PM
        Lease Expires . . . . . . . . . . : Sunday, July 11, 2010 3:00:43 PM

C:\>
=========================================================


SERVER
=========================================================
C:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : olympus
   Primary Dns Suffix  . . . . . . . : net.sb.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : net.sb.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VIA Rhine II Compatible Fast Ethernet Adapter
   Physical Address. . . . . . . . . : 00-0B-6A-26-AC-F4
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 127.0.0.1           <--Different from before but I think fine.

C:\>
=========================================================

Ran dcdiag /test:DNS

Got the attached: (Still errors)

Still do not understand
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Testing server: Default-First-Site-Name\OLYMPUS
      Starting test: Connectivity
         The host 5b763eb9-49aa-4924-af3b-d4b2dfc92347._msdcs.net.sb.local could
 not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (5b763eb9-49aa-4924-af3b-d4b2dfc92347._msdcs.net.sb.local) couldn't be
         resolved, the server name (olympus.net.sb.local) resolved to the IP
         address (192.168.1.10) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... OLYMPUS failed test Connectivity
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

C:\>DCdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\OLYMPUS
      Starting test: Connectivity
         The host 5b763eb9-49aa-4924-af3b-d4b2dfc92347._msdcs.net.sb.local could
 not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (5b763eb9-49aa-4924-af3b-d4b2dfc92347._msdcs.net.sb.local) couldn't be
         resolved, the server name (olympus.net.sb.local) resolved to the IP
         address (192.168.1.10) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... OLYMPUS failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\OLYMPUS

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : net

   Running enterprise tests on : net.sb.local
      Starting test: DNS
         Test results for domain controllers:

            DC: olympus.net.sb.local
            Domain: net.sb.local


               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Warning: adapter [00000001] VIA Rhine II Compatible Fast Ether
net Adapter has invalid DNS server: 127.0.0.1 (olympus.net.sb.local.)
                  Error: all DNS servers are invalid

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network a
dapters

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 192.168.1.10 (olympus.net.sb.local.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.net.sb.local. faile
d on the DNS server 192.168.1.10

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: net.sb.local
               olympus                      PASS FAIL PASS PASS PASS FAIL n/a

         ......................... net.sb.local failed test DNS

C:\>

Select allOpen in new window

Yes 127.0.0.1 is fine allright on the DC hosting the DNS server. That address will usually be set by the promotion wizard.

I do not quite understand why you get that particular error. Do you have register this connections addresses in DNS ticked in tcp/ip settings under advanced (DNS tab) ?? (for your network connection) ?

I would change the 127 address to the IP of the server.

After that, I would consider checking into AD and FRS metadata cleanup. I see no DNS metadata.

If there is no AD and FRS metadata of the old server, then you might consider uninstalling the DNS application and re-installing it. Upon reinstalling it, you should restart the netlogon service. That will re-register the SRV records within DNS.

For some reason, your SRV records are NOT registering in DNS. I think this stems from seeing an old AD server that no longer exists. Hence the FRS and AD cleanup should resolve the issue. The inability to see the SRV records is causing your problems.

Another thing you should make sure of, is that this server holds the five FSMO roles, including the Schema role. Since this is a solo server and it can't see the old server, then you will probably have to SEIZE the five FSMO roles.

http://support.microsoft.com/kb/255504

He has demoted/promoted the server. There is no way in a single DC setup any roles could be left out and the promo wizard still complete. It is also very strange that the promo wizard DID complete in the first place taking into consideration the SRV records are wrong/not there.

We'll look into that in another Q

Everyone deserved more points. This is my fault for polluting the Q with other questions, when at some point I should have stopped and begun new questions....which I will do with the remaining DCDIAG problem.  Which I have done here: https://www.experts-exchange.com/questions/26306349/DCDiag-test-DNS-failure.html

The original Q was answered in the first post.