• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 263
  • Last Modified:

Domain Users losing AD Authetication - DNS Issue?

I have a Single Domain AD server (windows 2000), and about two weeks ago I started adding a VOIP phone system on the network.  For the phones on the system to work they need the Phone Server to be the primary DNS server.  So I simply went to my DHCP server and changed the DNS Servers to serve out.  Before I had my local DNS server, which is my PDC and an external DNS server listed.  Now I just added the Phone System Server to the DNS list, and put it on top.  Now since I have  done this I have been having issues with domain users losing authetication to the domain.  When they try to access the network it will ask for a user name and password.  I am not sure if this is a DNS issue, but I am interested in what you have to say.  At first I thought maybe my AD was going corrupt.

Thanks for the help....any help would be great!
0
redekopmfg
Asked:
redekopmfg
  • 8
  • 6
1 Solution
 
bhnmiCommented:
You shouldn't need to have the phones use the PBX as the primary DNS server. You should be able to create an a record for what ever hostname the phones are looking for in you forward lookup zone.

What kind of PBX are you running?
0
 
bhnmiCommented:
And yes it is directly related to DNS, your issue is. If you do not have a record for the domain pointing to the DC you will experience allot of issues.
0
 
redekopmfgAuthor Commented:
Okay...so I am thinking that I can tackle this in two manors:
1.  Leave the DNS servers the way they are and add a forward lookup to the PBX.
2.  Do not use the PBX as a DNS server and place a forwarder for the phones to the PBX.

I believe that you are suggesting the later of the two.  

I am going to have to brush up on my skills of forward lookup zones.  Any help comments for this?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
bhnmiCommented:
Just create an A record for the PBX host on your current DNS server.
0
 
redekopmfgAuthor Commented:
I should also say that the temporary fix that seems to renew the authentication is to log off and log back on with the problem computer.  Can you shed some more light on why this affects the AD authetication?
0
 
bhnmiCommented:
as in current I mean the AD DNS server. Your AD DNS server needs to be the primary or else AD will not work correctly.

So if the phones are looking for pbxserver, create and A record for pbxserver in the DNS server on your DC and point it to the IP of the pBX.
0
 
bhnmiCommented:
Because AD depends fully on DNS to know where everything is.
0
 
redekopmfgAuthor Commented:
So the phones are looking for s3856.pbxtra.fonality.com and I have created a forward lookup zone with a host pointing to the PBXtra Server at 192.168.2.20.  Have I done something wrong here, because it is not working for me.
0
 
bhnmiCommented:
Sure are.

Are you using a hosted service? Because they phones are looking for a server at pbxtra.fonality.com. This is a live domain on the internet.

Can you give a little more info on the pBX you are using?
0
 
redekopmfgAuthor Commented:
It is not a hosted service, but there is some linking through their servers for certain things like remote sets and software updates.  I do not know know what else to say.  The system is from www.fonality.com and is called the PBXtra Call Center Edition.

If I set the primary DNS to the local address of 192.168.2.20, then everything work fine, except for the AD.

Let me know specific question if you have them!
0
 
bhnmiCommented:
What is the hostname of the PBX server that lives on your network.
0
 
redekopmfgAuthor Commented:
I do not know.  All I know is the IP address of 192.168.2.20.  I am waiting for a reply from Support on this.
0
 
bhnmiCommented:
What happened?
0
 
redekopmfgAuthor Commented:
Sorry!  I thought I had posted this.

I changed my primary back to my domain controller, and added a forward lookup zone to the PBXtra.  Once the phones renewed there IP's and booted we had not more issues with the DNS lookup on the Domain.

Thank You for your Help!
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now