?
Solved

New Build -- Win2003 STD

Posted on 2005-02-25
10
Medium Priority
?
225 Views
Last Modified: 2010-04-19
Good evening -- It seems that I'm re-thinking what I did when I first built my box.  Here is my situation .....After moving into our new building, we decided to get away from DSL and go bussiness cablemodem 4mb service.....my supv also decided to get rid of the Cisco 2600 router and put in place, a Linksys cablemodem router with NAT and just have everyone connect to the internet through the router as if they where home.. ( i know I know, dont ask why) .... :)  ..

but during the move, our primary server took a dive and was unusable and had to be rebuilt.....So i had the lovely pleasure of building this box this past week.....during that time, the requirment came to just have the users log into the server just to back up their software code and any working documents .. almost like a CM storage box... after confiring with some other techies, we all agreeded on this pholophosy (sp) .... seeing how our bussiness is growing fast and eventually the laptops will be phased out and desktops phased in, we decided to configure the server as the DC server with AD since we are the primary site for the bussiness and eventually users will use the server the proper way ......

After finishing the build today, I wanted to start using the AD potential and have the users share drives on the server be mapped automatically ..... so I did some research and found this great .vbs script .. after following the directions the script worked locally but not on the workstations... I of course posted a question here and was pleased to have Luv2Smile help me with my problem.... but it seems from talking to him that I may have DNS issues.......

After taking his advise and loading DNS i'm still not sure that I did it right... so .... how do I know if I loaded the DNS properly??   In my TCP/IP settings I set the DNS server to 127.0.0.1 and I can surf the web fine ... Luv2Smile thinks the DNS could be messing with my group policy problem.... any ideas guys???  let me know if you need more info .. or have any suggestions ... THanks ...
0
Comment
Question by:D00Dness
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 16

Expert Comment

by:mdiglio
ID: 13408559
Hello,
You should not use the loopback address for your primary DNS server.
Set it to the IP address of your Domain Controller

On your DC's tcp/ip properties do not put your isp's ip address.
This should be done through forwarders that you set up using th DNS management tool

Open DNS management by clicking start >> adminsitrative tools >> DNS
right click your server >> properties >> you'll see the forwarder tab there

While DNSmgmt is open expand your server >> expand forward lookup zones >>
does this name match your domain name ?
Right click your forward lookup zone >>  Properties >> make sure Dynamic Updates are enabled

How to configure DNS for Internet access in Windows Server 2003
http://support.microsoft.com/?kbid=323380

Run this command from the command prompt of your DC
dcdiag /v >> C:\dcdiag.txt
This will create a text file named dcdiag on the root of your C drive
open it and look for any failed tests.
If there are any failed tests post them here.

I won't be around much this weekend but I will try to look in and see how things are going

Also EE member oBdA has a great list of steps and links to ensure DNS is setup properly.
you can find that here:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21312905.html
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 13408561
Also it sounds like you only have one DC ??
0
 

Author Comment

by:D00Dness
ID: 13408573
THanks much for the help so far... i'll see if i can remote in soon and try out the above information .. as for the 1 DC .. yes.. I did that purposely cause of expansion ..... unless that was a mistake .. tks  ..
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 18

Accepted Solution

by:
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security Officer earned 1000 total points
ID: 13408764
Keep it simple!  I feel you are ready to overcomplicate your configurations by delving into something that is probably not the problem.

DNS and Group policy.  While they can affect each other, they are not that closely related.  The local address 127.0.0.1 is perfectly fine for the primary DNS server.  Some installations I have seen will default to this and I have never had a problem with it or the actual IP Address.  The goal is to have the DNS box point to itself only.  That's it.

Your DNS on the Domain needs to point to that primary DNS server only.  That's it.  If you can logon and ping the boxes by name, hit the Internet, then your DNS server is probably just fine.  Look in your event logs.  You probably will not see yads of errors with DNS.  If DNS was hosed, you probably wouldn't be able to get to your internal boxes or the Internet.

Do not use forwarders unless absolutely necessary.  Let your server work as designed going out to the internet Root servers for resolution.

Now, getting back to the real problem.  As long as you put that logon script in the Group Policy that will affect the particular workstation, it should work without a problem.  If you log on to the local machine and it is getting policy, then it is working.

What is probably happening is that your group policy has not updated on the workstation.  I believe the default is about 90 minutes.  On the workstation give it a gpupdate /force command.  It will probably want you to reboot.  When you log back in, as long as that machine falls under the Group Policy you setup, it will work.

0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13409387
>>>After taking his advise and loading DNS i'm still not sure that I did it right... so .... how do I know if I loaded the DNS properly??   In my TCP/IP settings I set the DNS server to 127.0.0.1 and I can surf the web fine ... Luv2Smile thinks the DNS could be messing with my group policy problem.... any ideas guys???  let me know if you need more info .. or have any suggestions ... THanks ...

Yes....there is a problem with your DNS Server now...because when you installed Active Directory on your computer at that time DNS was pointing to 127.0.0.1 (so its a loopback IP Addresss) and DC SRVs registered with this address. Now you point your DNS server to use your Local IP Address assigned to this server and then follow the steps to re-register the DC SRVs. DC SRVs are used by all services in your network....for example :- Winlogon.exe sends a DNS query to DNS Server to find Domain Controller. This query is not send as Host Query but SRV Query (Service Location) for LDAP and KEREBEROS protocol. Winlogon needs to retreive a list of Group Policy applied to the user or computer...and obviously with the help of SRVs registered in DNS.

To verify DNS registration for domain controllers using the nslookup command

1. Open Command Prompt.
2. Type:
nslookup
3. After the previous command completes, at the nslookup (">") prompt type:
set q=rr_type
4. After the previous command completes, type:
_ldap._tcp.dc._msdcs.Active_Directory_domain_name
5. Review the output of the previous SRV query and determine if further action is needed based on whether the previous query succeeded or failed:

Ref: -
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_tro_VerifyDomainSrvLocRRs.asp

Please follow the steps. Everything should work fine: -

1. Stop Netlogon service.
2. Open DNS Console.
3. Delete Active Directory Integrated Zone.
4. Stop and Start DNS Service.
5. Close and Re-open DNS Console.
6. Re-create DNS Zone (domain_name)
7. Start Netlogon service.
8. issue ipconfig /registerdns.

Let me know.

Thanks
0
 

Author Comment

by:D00Dness
ID: 13416979
Tks guys!!! Well here is the odd thing... I did what you suggested  SystmProg but the " set q=rr_type is not requinzed (sp) as a command.... totally weird.... I've also opened up my cmd window, and typed in the NSLOOKUP google.com and it comes up fine... even resolves my server name.... also i looked in the DNS manager window and there are no errors showing up there...... now im courious, am i setup for a domain controller or not?  Ideas???  How can i verify my server is setup for DNS properly for AD to work .. tks again... .

0
 
LVL 18
ID: 13417006
Here is the proper DNS setup as I mentioned above.  The goal is to have the DNS box point to itself only.   Your DNS on the Domain, all workstations and servers need to point to that primary DNS server only.  If you can logon and ping the boxes by name, hit the Internet, then your DNS server is probably just fine.  Look in your event logs.  You probably will not see yads of errors with DNS.  If DNS was hosed, you probably wouldn't be able to get to your internal boxes or the Internet.

Do not use forwarders unless absolutely necessary.  Let your server work as designed going out to the internet Root servers for resolution.
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 13417067
Hello,
I like Sam's ideas ( approach )  the best so far.
Is there anything not working ?
When you perform a gpresult on the client machines do you still get that error message?
(from command line type gpresult)
Remember to point the clients DNS to only your DNS

Earlier I mentioned to run a utility called dcdiag... anything come from that ?
0
 

Author Comment

by:D00Dness
ID: 13431399
Guys --- Thanks much ... all your hard work and efforts paied off ... I followed everyone suggestions/inputs and the DNS server is up and running just fine.. the reason the group policy's where not working is because the workstations where not pointing to the DNS server .. DOAH! but after making that change on the workstaitons, they are now getting the group policy's .. thanks to all !!!! I wish there was a way to evenly distribute the points though .. sorry ... on the flip side, another problem has arisen but thats a different question ... thanks ..

Mdiglio -- The dcdiag utility did not work on the server for some reason .....

0
 
LVL 18
ID: 13432218
Glad to be of help!
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Loops Section Overview
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question