SBS2003 AD & DNS not working when attempting to co-exist on a network with another domain

I'm moving Server-B and it's clients to a new network.

On the new network there is already a Server-A with it's clients. Server-A runs the DHCP for the New Network already.

The new network only has one internet connection and one firewall that I want Server-B and Server-A to
share along with their clients.

I've done a similar thing before (ran two servers with different domain on the same network with two sets of clients). All I did was to make sure that the clients MANUALLY referred to their corresponding servers ip's in their manual settings for their DNS Server.

This time however, my Server-B can't even access the internet once plugged into the new network. I have set it's DNS to itself only, made sure to update it's DNS records to reflect it's new static IP on the new network. I've tried adding an external DNS server as ta secondary DNS server to no avail (cannot contact DNS Server).

Server-A and all it's clients still work fine. Server-B's clients can access the internet when referring to ---Server-A as their DNS Server but not when chooseing Server-B as thier DNS Server (obvoiusly).
------------------------------------------------------------
NetDiag Output:

    Computer Name: XXSERVER
    DNS Host Name: XXSERVER.xxdomain.net
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
    List of installed hotfixes :
        KB921503
        KB924667-v2
        KB925398_WMP64
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933360
        KB933729
        KB933854
        KB935839
        KB935840
        KB935966
        KB936021
        KB936357
        KB936782
        KB938127
        KB938127-IE7
        KB939653
        KB939653-IE7
        KB941202
        KB941568
        KB941569
        KB941672
        KB942615-IE7
        KB942763
        KB943460
        KB944653
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : XXSERVER
        IP Address . . . . . . . . : 192.168.60.160
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.60.1
        NetBIOS over Tcpip . . . . : Disabled
        Dns Servers. . . . . . . . : 192.168.60.160


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed


        WINS service test. . . . . : Skipped
            NetBT is disable on this interface. [Test skipped].


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Skipped
    There are no interfaces that have NetBT enabled. [Test skipped]


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Skipped
    There are no interfaces that have NetBT enabled. [Test skipped]


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.60.160'.


Redir and Browser test . . . . . . : Skipped
    There are no interfaces that have NetBT enabled. [Test skipped]


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
------------------------------------------------------------
DcDiag Output:


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\XXSERVER
      Starting test: Connectivity
         ......................... XXSERVER passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\XXSERVER
      Starting test: Replications
         ......................... XXSERVER passed test Replications
      Starting test: NCSecDesc
         ......................... XXSERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... XXSERVER passed test NetLogons
      Starting test: Advertising
         ......................... XXSERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... XXSERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... XXSERVER passed test RidManager
      Starting test: MachineAccount
         ......................... XXSERVER passed test MachineAccount
      Starting test: Services
         ......................... XXSERVER passed test Services
      Starting test: ObjectsReplicated
         ......................... XXSERVER passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... XXSERVER passed test frssysvol
      Starting test: frsevent
         ......................... XXSERVER passed test frsevent
      Starting test: kccevent
         ......................... XXSERVER passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/04/2008   22:47:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/04/2008   22:47:12
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/04/2008   22:47:12
            (Event String could not be retrieved)
         ......................... XXSERVER failed test systemlog
      Starting test: VerifyReferences
         ......................... XXSERVER passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : xxdomain
      Starting test: CrossRefValidation
         ......................... xxdomain passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... xxdomain passed test CheckSDRefDom
   
   Running enterprise tests on : xxdomain.net
      Starting test: Intersite
         ......................... xxdomain.net passed test Intersite
      Starting test: FsmoCheck
         ......................... xxdomain.net passed test FsmoCheck


kajbjoAsked:
Who is Participating?
 
Chris DentPowerShell DeveloperCommented:

Interesting...

Rather expected some Rx for Server-B, fancy seeing if it's Source IP Address specific? Temporarily change the IP to something else?

Chris
0
 
kajbjoAuthor Commented:
Oh I also get this error in my DNS log:

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4007
Date:            2/4/2008
Time:            4:22:02 PM
User:            N/A
Computer:      XXSERVER
Description:
The DNS server was unable to open zone _msdcs.xxdomain.net in the Active Directory from the application directory partition ForestDnsZones.preunderwrite.net. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0d 00 00 00               ....    
0
 
Chris DentPowerShell DeveloperCommented:

Well start with the basics...

TCP/IP first, 192.168.60.1 is a Firewall / Router? Can Server-B ping that? Can it Tracert to a Host beyond it (like www.google.com)?

If IP works, then we should look at DNS. Is that configured to use Forwarders? If so, a first step would be to remove them (which makes DNS use Root Hints). Does it work with that?

For domain functionality... If Server-A is providing DHCP information to clients on Domain-B, is it also providing the DNS Server? If so, which one? And if Server-A, does it host a zone for Domain-B?

Chris

0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
kajbjoAuthor Commented:
192.168.60.1 is a sonicwall firewall. I  can ping it successfully (I can connect to it through the web browser to configure it as well).

Tracert www.google.com gives me:  Unable to resolve target system name www.google.com.

Im not using forwarders - trying to rely on Root Hints.

Server-A is providing DHCP with these Scope Options:

003 Router: 192.168.60.1 (the Sonciwall Firewall)
006 DNS Server: 192.168.60.10 (Server-A)

The plan is to manually configure Server-B's clients to use Server-B as DNS Server (instead of obtain automatically).

Not sure what you mean if Server-A hosts a Zone for Domain-B (haven't made any changes to Server A or Domain A).

Thanks,

/K

0
 
Chris DentPowerShell DeveloperCommented:

Okay, that makes sense, as long as everyone gets the right DNS Server :)

If you could try:

tracert 216.239.59.104

That's the IP for google above, we need to know if it can route to that before we head into DNS again.

Chris
0
 
kajbjoAuthor Commented:
Tracing route to 216.239.59.104 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21
0
 
Chris DentPowerShell DeveloperCommented:

You don't even get a reply from the Default Gateway, does your gateway drop ICMP? ping 192.168.60.1, if it Replies then it doesn't.

On the server, can you do:

route print

We're especially interested in any entry with the destination set to 0.0.0.0. That should list 192.168.0.1 as the Gateway.

Chris
0
 
kajbjoAuthor Commented:
Pinging 192.168.60.1 with 32 bytes of data:

Reply from 192.168.60.1: bytes=32 time=35ms TTL=64
Reply from 192.168.60.1: bytes=32 time<1ms TTL=64
Reply from 192.168.60.1: bytes=32 time<1ms TTL=64
Reply from 192.168.60.1: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.60.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 35ms, Average = 8ms
-------------------------------------------------------------------------------------
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 12 79 d2 0d 7e ...... Broadcom NetXtreme Gigabit Ethernet
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.60.1   192.168.60.160     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
     192.168.60.0    255.255.255.0   192.168.60.160   192.168.60.160     20
   192.168.60.160  255.255.255.255        127.0.0.1        127.0.0.1     20
   192.168.60.255  255.255.255.255   192.168.60.160   192.168.60.160     20
        224.0.0.0        240.0.0.0   192.168.60.160   192.168.60.160     20
  255.255.255.255  255.255.255.255   192.168.60.160   192.168.60.160      1
Default Gateway:      192.168.60.1
===========================================================================
Persistent Routes:
  None
0
 
Chris DentPowerShell DeveloperCommented:

Okay, so your Default Gateway is set correctly, and you have a route:

          0.0.0.0          0.0.0.0     192.168.60.1   192.168.60.160     20

Tracert should return your Default Gateway as the first in the set of responses before heading out of the network.

What's the Subnet Mask on the Server set to? 255.255.255.0?

You might consider re-installing the Network Card Drivers completely.

Chris
0
 
kajbjoAuthor Commented:
Yes 255.255.255.0

Ok. Reinstall NIC driver? Will try that then (crap can't do that remote!)

0
 
Chris DentPowerShell DeveloperCommented:

If it manages to start getting traffic out beyond it's Gateway it should start working. Just need to get it behaving itself on that level first.

Chris
0
 
kajbjoAuthor Commented:
Well actually I can...
0
 
kajbjoAuthor Commented:
I downloaded and installed from this page

http://www.broadcom.com/support/ethernet_nic/netxtreme_server.php

No difference. Tracert www.google.com still doesn't resolve
0
 
Chris DentPowerShell DeveloperCommented:

I take it Tracert to the IP still fails? Wanted to get it to pass network traffic beyond the gateway first.

Any other network adapters in the machine?

Chris
0
 
Chris DentPowerShell DeveloperCommented:

Oh yes, and we should check for a local Firewall on the system as well.

Chris
0
 
kajbjoAuthor Commented:
The firewall is not running locally and yes I cannot tracert the google ip address still...

No there are no other NICs in this little server.

Bad cable? Geez.. running out of options...
0
 
Chris DentPowerShell DeveloperCommented:

Cabling is always worth a try :)

Bit odd, it can ping everything else on the same site? You've checked the router and such?

Chris
0
 
kajbjoAuthor Commented:
I can ping and connect using UNC to other machines...(\\192.168.60.10 etc)  I'm RDP'ing to the server right now (through SERVER-A) I can ping everything locally, I can connect to the SonicWall Firewall and configure it using the webbrowser for example.

SERVER-A is on the same network, using the same firewall and connection and it has no issues. If I connect MY CLIENTS to Server-A (using it as DNS Server) they can surf no problems...

:(
0
 
Chris DentPowerShell DeveloperCommented:

Local stuff is all easy, no routing involved at all. It doesn't have ISA or anything like that installed?

Chris
0
 
kajbjoAuthor Commented:
Nope. It's a clean, up-to-date SBS2003 Server that's used for Exchange, File shares and Print Server - that's it. It was working fine two days ago on it's own old network that I also setup from scratch. Similar configuration as the one we are on now (except no other server/domain to share it with).
0
 
kajbjoAuthor Commented:
Well I had someone at the site MOVE the server to a different cable/network connection in the wall. Same thing. Can't tracert 64.233.187.99, can't surf .. can't.. can't.. can't...

Tracing route to 64.233.187.99 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *


0
 
kajbjoAuthor Commented:
Several of the clients are now connected on the SAME cables/connections as Server-B was and are surfing without issues using Server-A's DHCP assigned DNS (itself)...
0
 
kajbjoAuthor Commented:
Im having someone pickup a  USB nic to try to install instead of the internal Broadcomm just to test. I dunno what else we could check atm...
0
 
Chris DentPowerShell DeveloperCommented:

Okay, that would be good if it'll take it.

Chris
0
 
kajbjoAuthor Commented:
I'm speech-less.

They installed a brand-new USB-nic card and plugged it in. It has 192.168.60119 as it's address.

Same thing - NO INTERNET!  Cannot tracert www.google.com nor it's IP!

I mean next step COULD be to switch the firewall but it works fine with Server-A and all the clients!

0
 
Chris DentPowerShell DeveloperCommented:

What about the Wizards for SBS, did you run through the internet connection wizard (if that's it)?

Chris
0
 
kajbjoAuthor Commented:
Hmm nevermind. I tried pinging the GATE and some of the CLIENTS etc from the server after installing the new USB adapter. They weren't even pingable... however I was able to RDP to the new IP of the USB adapter (192.168.60.119).

I need fresh eyes to look into this. I feel blind right now.
0
 
kajbjoAuthor Commented:
WOW! I just noticed something wierd. The customer just "activated" their SBS2003 the other day (they ran 2 months trial, then finally bought a CD with a KEY that they entered to "Activate" the server).

They did this when I was not around. What I noticed now when I go into properties on the Server it shows it as a Windows Server 2003 not SBS! The wizards / servermanagement console is missing as well. I look for updates and it has "Server 2003 SP2" installed... O.o

Could it be that they bought the WRONG key and it turned the SBS2K3 into a 2K3 Server instead????

It should still work however I'm guessing...
0
 
kajbjoAuthor Commented:
Never mind I'm stressed out now. It says :

Microsoft Windows Server 2003
for Small Business Server

But still I am missing SBS stuff... like the wizards...
0
 
Chris DentPowerShell DeveloperCommented:

The installation can't be complete then? Been a long time since I've done an SBS installation, Exchange is installed though isn't it?

Chris
0
 
kajbjoAuthor Commented:
Yes it's installed and working
0
 
Chris DentPowerShell DeveloperCommented:

Hmm odd... going to see if Jeff will take a look. Hesitant to say what's wrong without fully understanding SBS, too much of a possibility there's configuration missing there.

Chris
0
 
kajbjoAuthor Commented:
err I mean it WAS working on it's previous network.. now nothing is seemingly working that has to do with getting routed out onto the internet...
0
 
Chris DentPowerShell DeveloperCommented:

Yeah, it's very odd. I do only worry that I've missed something because it's SBS.

Going back to the Firewall, there are no rules enforced on there for outbound traffic?

Chris
0
 
kajbjoAuthor Commented:
Here is the Firewall > Access Rules from the SonicWall
sonicwall.bmp
0
 
kajbjoAuthor Commented:
Connections Monitor on the SonicWall
sonicwall-2.bmp
0
 
kajbjoAuthor Commented:
Wow! Guess what? That fixed it. The previous IT guy had told me to use .160 .. .dunno why. Then I noticed a NAT setting on the firewall "begin public" was pointing to .160??? I removed that (but that was AFTER I switched to .2 already that worked). Super easy. Can't believe I didnt try this earlier!! I'm now realizing that the 2nd NIC that was installed wasnt working correctly since it had .119 as it's address...
0
 
kajbjoAuthor Commented:
Crazy stuff. Can't believe I hadn't tried changing the IP earlier.. .LOL!

Thanks,

Kaj
0
 
Chris DentPowerShell DeveloperCommented:

Fantastic :-D Glad you got to the bottom of it in the end :)

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.