?
Solved

New Build -- Win2003 STD

Posted on 2005-02-25
10
Medium Priority
?
221 Views
Last Modified: 2010-04-19
Good evening -- It seems that I'm re-thinking what I did when I first built my box.  Here is my situation .....After moving into our new building, we decided to get away from DSL and go bussiness cablemodem 4mb service.....my supv also decided to get rid of the Cisco 2600 router and put in place, a Linksys cablemodem router with NAT and just have everyone connect to the internet through the router as if they where home.. ( i know I know, dont ask why) .... :)  ..

but during the move, our primary server took a dive and was unusable and had to be rebuilt.....So i had the lovely pleasure of building this box this past week.....during that time, the requirment came to just have the users log into the server just to back up their software code and any working documents .. almost like a CM storage box... after confiring with some other techies, we all agreeded on this pholophosy (sp) .... seeing how our bussiness is growing fast and eventually the laptops will be phased out and desktops phased in, we decided to configure the server as the DC server with AD since we are the primary site for the bussiness and eventually users will use the server the proper way ......

After finishing the build today, I wanted to start using the AD potential and have the users share drives on the server be mapped automatically ..... so I did some research and found this great .vbs script .. after following the directions the script worked locally but not on the workstations... I of course posted a question here and was pleased to have Luv2Smile help me with my problem.... but it seems from talking to him that I may have DNS issues.......

After taking his advise and loading DNS i'm still not sure that I did it right... so .... how do I know if I loaded the DNS properly??   In my TCP/IP settings I set the DNS server to 127.0.0.1 and I can surf the web fine ... Luv2Smile thinks the DNS could be messing with my group policy problem.... any ideas guys???  let me know if you need more info .. or have any suggestions ... THanks ...
0
Comment
Question by:D00Dness
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 16

Expert Comment

by:mdiglio
ID: 13408559
Hello,
You should not use the loopback address for your primary DNS server.
Set it to the IP address of your Domain Controller

On your DC's tcp/ip properties do not put your isp's ip address.
This should be done through forwarders that you set up using th DNS management tool

Open DNS management by clicking start >> adminsitrative tools >> DNS
right click your server >> properties >> you'll see the forwarder tab there

While DNSmgmt is open expand your server >> expand forward lookup zones >>
does this name match your domain name ?
Right click your forward lookup zone >>  Properties >> make sure Dynamic Updates are enabled

How to configure DNS for Internet access in Windows Server 2003
http://support.microsoft.com/?kbid=323380

Run this command from the command prompt of your DC
dcdiag /v >> C:\dcdiag.txt
This will create a text file named dcdiag on the root of your C drive
open it and look for any failed tests.
If there are any failed tests post them here.

I won't be around much this weekend but I will try to look in and see how things are going

Also EE member oBdA has a great list of steps and links to ensure DNS is setup properly.
you can find that here:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21312905.html
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 13408561
Also it sounds like you only have one DC ??
0
 

Author Comment

by:D00Dness
ID: 13408573
THanks much for the help so far... i'll see if i can remote in soon and try out the above information .. as for the 1 DC .. yes.. I did that purposely cause of expansion ..... unless that was a mistake .. tks  ..
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 
LVL 16

Accepted Solution

by:
samccarthy earned 1000 total points
ID: 13408764
Keep it simple!  I feel you are ready to overcomplicate your configurations by delving into something that is probably not the problem.

DNS and Group policy.  While they can affect each other, they are not that closely related.  The local address 127.0.0.1 is perfectly fine for the primary DNS server.  Some installations I have seen will default to this and I have never had a problem with it or the actual IP Address.  The goal is to have the DNS box point to itself only.  That's it.

Your DNS on the Domain needs to point to that primary DNS server only.  That's it.  If you can logon and ping the boxes by name, hit the Internet, then your DNS server is probably just fine.  Look in your event logs.  You probably will not see yads of errors with DNS.  If DNS was hosed, you probably wouldn't be able to get to your internal boxes or the Internet.

Do not use forwarders unless absolutely necessary.  Let your server work as designed going out to the internet Root servers for resolution.

Now, getting back to the real problem.  As long as you put that logon script in the Group Policy that will affect the particular workstation, it should work without a problem.  If you log on to the local machine and it is getting policy, then it is working.

What is probably happening is that your group policy has not updated on the workstation.  I believe the default is about 90 minutes.  On the workstation give it a gpupdate /force command.  It will probably want you to reboot.  When you log back in, as long as that machine falls under the Group Policy you setup, it will work.

0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13409387
>>>After taking his advise and loading DNS i'm still not sure that I did it right... so .... how do I know if I loaded the DNS properly??   In my TCP/IP settings I set the DNS server to 127.0.0.1 and I can surf the web fine ... Luv2Smile thinks the DNS could be messing with my group policy problem.... any ideas guys???  let me know if you need more info .. or have any suggestions ... THanks ...

Yes....there is a problem with your DNS Server now...because when you installed Active Directory on your computer at that time DNS was pointing to 127.0.0.1 (so its a loopback IP Addresss) and DC SRVs registered with this address. Now you point your DNS server to use your Local IP Address assigned to this server and then follow the steps to re-register the DC SRVs. DC SRVs are used by all services in your network....for example :- Winlogon.exe sends a DNS query to DNS Server to find Domain Controller. This query is not send as Host Query but SRV Query (Service Location) for LDAP and KEREBEROS protocol. Winlogon needs to retreive a list of Group Policy applied to the user or computer...and obviously with the help of SRVs registered in DNS.

To verify DNS registration for domain controllers using the nslookup command

1. Open Command Prompt.
2. Type:
nslookup
3. After the previous command completes, at the nslookup (">") prompt type:
set q=rr_type
4. After the previous command completes, type:
_ldap._tcp.dc._msdcs.Active_Directory_domain_name
5. Review the output of the previous SRV query and determine if further action is needed based on whether the previous query succeeded or failed:

Ref: -
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_tro_VerifyDomainSrvLocRRs.asp

Please follow the steps. Everything should work fine: -

1. Stop Netlogon service.
2. Open DNS Console.
3. Delete Active Directory Integrated Zone.
4. Stop and Start DNS Service.
5. Close and Re-open DNS Console.
6. Re-create DNS Zone (domain_name)
7. Start Netlogon service.
8. issue ipconfig /registerdns.

Let me know.

Thanks
0
 

Author Comment

by:D00Dness
ID: 13416979
Tks guys!!! Well here is the odd thing... I did what you suggested  SystmProg but the " set q=rr_type is not requinzed (sp) as a command.... totally weird.... I've also opened up my cmd window, and typed in the NSLOOKUP google.com and it comes up fine... even resolves my server name.... also i looked in the DNS manager window and there are no errors showing up there...... now im courious, am i setup for a domain controller or not?  Ideas???  How can i verify my server is setup for DNS properly for AD to work .. tks again... .

0
 
LVL 16

Expert Comment

by:samccarthy
ID: 13417006
Here is the proper DNS setup as I mentioned above.  The goal is to have the DNS box point to itself only.   Your DNS on the Domain, all workstations and servers need to point to that primary DNS server only.  If you can logon and ping the boxes by name, hit the Internet, then your DNS server is probably just fine.  Look in your event logs.  You probably will not see yads of errors with DNS.  If DNS was hosed, you probably wouldn't be able to get to your internal boxes or the Internet.

Do not use forwarders unless absolutely necessary.  Let your server work as designed going out to the internet Root servers for resolution.
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 13417067
Hello,
I like Sam's ideas ( approach )  the best so far.
Is there anything not working ?
When you perform a gpresult on the client machines do you still get that error message?
(from command line type gpresult)
Remember to point the clients DNS to only your DNS

Earlier I mentioned to run a utility called dcdiag... anything come from that ?
0
 

Author Comment

by:D00Dness
ID: 13431399
Guys --- Thanks much ... all your hard work and efforts paied off ... I followed everyone suggestions/inputs and the DNS server is up and running just fine.. the reason the group policy's where not working is because the workstations where not pointing to the DNS server .. DOAH! but after making that change on the workstaitons, they are now getting the group policy's .. thanks to all !!!! I wish there was a way to evenly distribute the points though .. sorry ... on the flip side, another problem has arisen but thats a different question ... thanks ..

Mdiglio -- The dcdiag utility did not work on the server for some reason .....

0
 
LVL 16

Expert Comment

by:samccarthy
ID: 13432218
Glad to be of help!
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question