Windows 2003 Servers visible on one side of the network but not on the other.

We have two buildings, each on it's own subnet. For example:

Building A = 280.251.0.XX, 280.251.1.XX

Building B = 280.251.2.XX, 280.251.3.XX

The Domain Controller is at Building A and running DND, the Backup Domain Controller is at BUilding B and running DNS.

From Building B, I can see all servers on the network. However, from Building A, I can only see servers at Building A. Nothing on Building B side except Netware Servers. I can ping by IP address from Building A to Building B, but not by Server Name. From Building B, I can do both. This is killing me, PLEASE HELP!
thinsleyAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
moduloConnect With a Mentor Commented:
Closed, 250 points refunded.

modulo
Community Support Moderator
Experts Exchange
0
 
zkriegerCommented:
not familer with DND, did you mean to say that both A and B are both running DNS servers?  if so, one needs to be a secondary to the other, and not stand alone.

so A would be setup to point to your ISPs DNS servers, and B would be setup as a secondary of A, all computers in A would have a primary DNS of A and a secondary of B, all computers in B would have a primary DNS of B and a secondary of A.

here is a artical on the subject:
http://www.windowsitpro.com/Windows/Article/ArticleID/40049/40049.html
0
 
thinsleyAuthor Commented:
That is how it is setup. Building A is the primary and Building B is the secondary. I've also updated the host files on ac ouple of the servers and they still do not "see" the other servers at Building B.
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
crissandCommented:
There are two networks, I see. Are the networks configured in different sites? If yes, there is one Global Catalogs in every site? Every domain controller must also be browser master.

Veify if the replication between the two domain controllers is correct.
0
 
thinsleyAuthor Commented:
I forgot to mention earlier too that when I am in Active Directory on the PDC at Building A, I can see all of the computers, I can even move them into different Organizational Units, I can not see them in Network Neighborheeod, or Explorer or any other application for that matter. How would I verify that the replication is correct? Building B is simply a subnet of Building A.
0
 
crissandCommented:
These two buildings are connected with routers?
0
 
thinsleyAuthor Commented:
Yes, Cisco routers. Their IP Addresses are the XXX.XXX.0.70 and XXX.XXX.2.70
0
 
crissandCommented:
Let's clarify. If both servers are Windows 2003 domain controllers they are equal (not PDC and BDC). Because there are two sites (I hope) there must be a Global Catalog in each site. You have two DNS

For browsing, the port used are 137 and 138 UDP, these must be opened in both routers.

1.Do you have Wins servers?
2.Use browstat status in network A to see a list of browsers.
0
 
thinsleyAuthor Commented:
I will try this. Please give explicit instructions. Our AD Domain and Forest was all setup by a consulting firm. I am not an experienced AD expert. Thanks!
0
 
crissandCommented:
Here are instructions on how to create a Global Catalog:
http://support.microsoft.com/?kbid=313994

How to install wins service:
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/wins_server_role.asp

Questions: If you create an object (user) in active directory users and computers being logged on server A, can you see it on server B after replication? Vice versa?

Verify if the clock is synchronized on both DC's. Install Support tools from server's cd, start commad prompt and type netdom query fsmo, on both servers.
0
 
thinsleyAuthor Commented:
Yes I can create users at Building A. Building A (PDC) is the only building that we create users on. The Building B does not create anything in AD. Also, I mentioned this before, I can SEE everything in AD from Building A. However, if I try to use any other application than AD, I can't see the other servers or pc's on the network of Building B. I can ping by IP but not by Name.
0
 
crissandCommented:
In building B is a domain controller equal to the one in buildin A. You should use Active directory there without problem.

When you join a computer to the domain in building B, do you see the AD object in Active Directory Users and Computers/Computers OU?

Can you see all computers (building A and building B) in Server A DNS forward lookup zone?
0
 
thinsleyAuthor Commented:
When I join a computer to the domain, I do it from within the network setup of the computer. I don't do anything in AD, is there something in AD I need to do to join that computer to the domain? Also, In Building A, I do not see all of the Building B computers in the DNS forward lookup zone

I just looked at DNS Errors in the DNS Management and there are a couple that might help:

The DNS server was unable to complete directory service enumeration of zone corp.surepower.com.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error

The DNS server was unable to complete directory service enumeration of zone 0.168.192.in-addr.arpa.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
0
 
crissandCommented:
Run dnsdiag on network 1 (server 1).
0
 
thinsleyAuthor Commented:
Where do I find DNSDIAG?
0
 
crissandCommented:
It's in Windows Resource Kit.
0
 
thinsleyAuthor Commented:
Right, I donwloaded it and was unsuccessful in running it. I keep getting errors about missing DLL's. I'm searching now for a resolution on that. I'm pretty sure this is a DNS problem.
0
 
crissandCommented:
Can you run dcdiag?
0
 
thinsleyAuthor Commented:
I can not run dcdiag or netdiag, although I have downloaded and installed the tools from the resource kit. How else can I troubleshoot DNS. After pouring through the logs, etc. I am pretty sure that this is a DNS configuration issue. It's causing Ad to crap out as well.
0
 
crissandCommented:
As I see the error is in Active Directory, where DNS is looking for data (it's a active directory integrated DNS). If you say some dll are missing, there are problems with the server  (the libraries dll used by dnsdiag, dcdiag and netdiag are part of the operating system).

Anyway, see if the DNS have a reverse lookup zone configured. Verify in the reverse lookup zone to have an entry for the dns server and create it if not exists.
0
 
thinsleyAuthor Commented:
This issue has been resolved. I will email the Admins and ask them to close. Basically, the PDC's DNS server setup was wrong. There were no forward zones entered and the DNS entries in the NIC were wrong as well. This is how it was originally setup by the consultants. Thanks to all who helped.
0
 
crissandCommented:
Will you request a refund? :-)
0
 
thinsleyAuthor Commented:
Yes I think so.
0
All Courses

From novice to tech pro — start learning today.