?
Solved

Windows 2003 Servers visible on one side of the network but not on the other.

Posted on 2005-03-09
24
Medium Priority
?
160 Views
Last Modified: 2010-03-18
We have two buildings, each on it's own subnet. For example:

Building A = 280.251.0.XX, 280.251.1.XX

Building B = 280.251.2.XX, 280.251.3.XX

The Domain Controller is at Building A and running DND, the Backup Domain Controller is at BUilding B and running DNS.

From Building B, I can see all servers on the network. However, from Building A, I can only see servers at Building A. Nothing on Building B side except Netware Servers. I can ping by IP address from Building A to Building B, but not by Server Name. From Building B, I can do both. This is killing me, PLEASE HELP!
0
Comment
Question by:thinsley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 10
  • +1
24 Comments
 
LVL 6

Expert Comment

by:zkrieger
ID: 13499888
not familer with DND, did you mean to say that both A and B are both running DNS servers?  if so, one needs to be a secondary to the other, and not stand alone.

so A would be setup to point to your ISPs DNS servers, and B would be setup as a secondary of A, all computers in A would have a primary DNS of A and a secondary of B, all computers in B would have a primary DNS of B and a secondary of A.

here is a artical on the subject:
http://www.windowsitpro.com/Windows/Article/ArticleID/40049/40049.html
0
 

Author Comment

by:thinsley
ID: 13500558
That is how it is setup. Building A is the primary and Building B is the secondary. I've also updated the host files on ac ouple of the servers and they still do not "see" the other servers at Building B.
0
 
LVL 18

Expert Comment

by:crissand
ID: 13506277
There are two networks, I see. Are the networks configured in different sites? If yes, there is one Global Catalogs in every site? Every domain controller must also be browser master.

Veify if the replication between the two domain controllers is correct.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:thinsley
ID: 13506956
I forgot to mention earlier too that when I am in Active Directory on the PDC at Building A, I can see all of the computers, I can even move them into different Organizational Units, I can not see them in Network Neighborheeod, or Explorer or any other application for that matter. How would I verify that the replication is correct? Building B is simply a subnet of Building A.
0
 
LVL 18

Expert Comment

by:crissand
ID: 13507039
These two buildings are connected with routers?
0
 

Author Comment

by:thinsley
ID: 13507656
Yes, Cisco routers. Their IP Addresses are the XXX.XXX.0.70 and XXX.XXX.2.70
0
 
LVL 18

Expert Comment

by:crissand
ID: 13507834
Let's clarify. If both servers are Windows 2003 domain controllers they are equal (not PDC and BDC). Because there are two sites (I hope) there must be a Global Catalog in each site. You have two DNS

For browsing, the port used are 137 and 138 UDP, these must be opened in both routers.

1.Do you have Wins servers?
2.Use browstat status in network A to see a list of browsers.
0
 

Author Comment

by:thinsley
ID: 13507958
I will try this. Please give explicit instructions. Our AD Domain and Forest was all setup by a consulting firm. I am not an experienced AD expert. Thanks!
0
 
LVL 18

Expert Comment

by:crissand
ID: 13508123
Here are instructions on how to create a Global Catalog:
http://support.microsoft.com/?kbid=313994

How to install wins service:
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/wins_server_role.asp

Questions: If you create an object (user) in active directory users and computers being logged on server A, can you see it on server B after replication? Vice versa?

Verify if the clock is synchronized on both DC's. Install Support tools from server's cd, start commad prompt and type netdom query fsmo, on both servers.
0
 

Author Comment

by:thinsley
ID: 13508229
Yes I can create users at Building A. Building A (PDC) is the only building that we create users on. The Building B does not create anything in AD. Also, I mentioned this before, I can SEE everything in AD from Building A. However, if I try to use any other application than AD, I can't see the other servers or pc's on the network of Building B. I can ping by IP but not by Name.
0
 
LVL 18

Expert Comment

by:crissand
ID: 13508311
In building B is a domain controller equal to the one in buildin A. You should use Active directory there without problem.

When you join a computer to the domain in building B, do you see the AD object in Active Directory Users and Computers/Computers OU?

Can you see all computers (building A and building B) in Server A DNS forward lookup zone?
0
 

Author Comment

by:thinsley
ID: 13508737
When I join a computer to the domain, I do it from within the network setup of the computer. I don't do anything in AD, is there something in AD I need to do to join that computer to the domain? Also, In Building A, I do not see all of the Building B computers in the DNS forward lookup zone

I just looked at DNS Errors in the DNS Management and there are a couple that might help:

The DNS server was unable to complete directory service enumeration of zone corp.surepower.com.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error

The DNS server was unable to complete directory service enumeration of zone 0.168.192.in-addr.arpa.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
0
 
LVL 18

Expert Comment

by:crissand
ID: 13516301
Run dnsdiag on network 1 (server 1).
0
 

Author Comment

by:thinsley
ID: 13520219
Where do I find DNSDIAG?
0
 
LVL 18

Expert Comment

by:crissand
ID: 13533588
It's in Windows Resource Kit.
0
 

Author Comment

by:thinsley
ID: 13535948
Right, I donwloaded it and was unsuccessful in running it. I keep getting errors about missing DLL's. I'm searching now for a resolution on that. I'm pretty sure this is a DNS problem.
0
 
LVL 18

Expert Comment

by:crissand
ID: 13535998
Can you run dcdiag?
0
 

Author Comment

by:thinsley
ID: 13557328
I can not run dcdiag or netdiag, although I have downloaded and installed the tools from the resource kit. How else can I troubleshoot DNS. After pouring through the logs, etc. I am pretty sure that this is a DNS configuration issue. It's causing Ad to crap out as well.
0
 
LVL 18

Expert Comment

by:crissand
ID: 13557492
As I see the error is in Active Directory, where DNS is looking for data (it's a active directory integrated DNS). If you say some dll are missing, there are problems with the server  (the libraries dll used by dnsdiag, dcdiag and netdiag are part of the operating system).

Anyway, see if the DNS have a reverse lookup zone configured. Verify in the reverse lookup zone to have an entry for the dns server and create it if not exists.
0
 

Author Comment

by:thinsley
ID: 13567861
This issue has been resolved. I will email the Admins and ask them to close. Basically, the PDC's DNS server setup was wrong. There were no forward zones entered and the DNS entries in the NIC were wrong as well. This is how it was originally setup by the consultants. Thanks to all who helped.
0
 
LVL 18

Expert Comment

by:crissand
ID: 13574112
Will you request a refund? :-)
0
 

Author Comment

by:thinsley
ID: 13575328
Yes I think so.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 13595817
Closed, 250 points refunded.

modulo
Community Support Moderator
Experts Exchange
0

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Resolve DNS query failed errors for Exchange
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question