Solved

Any videos or good document on adding DNS for the new forest.

Posted on 2008-06-22
36
402 Views
Last Modified: 2011-10-19
Hi,

Any videos or good document on adding DNS for the new forest.
I am stuck i install DNS as normally i do but the clients dont get the DNS and the client entries are not entered in the DNS.
When i ping the server ip with a -a i dont get the machine name?
What could the problem be?
Regards
Sharath
0
Comment
Question by:bsharath
  • 19
  • 14
  • 3
36 Comments
 
LVL 13

Expert Comment

by:nfmartins
Comment Utility
Hi,
First of all how did you create your dns?
Do you have a Windows Domain?

One simple way to put everything working.
When you are creating for the first time the domain "Creating domain controller"
On the windows machine run dcpromo follow the wizard it will ask you if you want to create automatically the DNS settings (If you have dns already installed please uninstall it)

It should do the trick.

NM
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
Yes i have a windows Domain
Yes i have installed DNS through DCPROMo but still no luck...
0
 
LVL 13

Expert Comment

by:martin_babarik
Comment Utility
Hi,
please check in the zone properties if you have Secure updates enabled. If you do and the clients still can't register, try to TEMPORARILY enable both unsecure and secure updates to see if something changed.
Also verify your DHCP server options - is it delivering the correct IP address of DNS server to clients? IS the DHCP server running correctly?
Check the system time on server and clients - are they the same?

Check the System event logs - I guess you will find some clues here. Also check DNS logs and Directory service logs.
Regards
Martin
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
Hi,

I have both secured and non secured selected.
When i ping from the client i just get the ipaddress and subnet. Nothing else
Time on bothe serv er and client are same.
When i ping the client from server or server from client they ping
Able to connect both through UNC path's

When i ping the client from server as
Ping -a ipaddress i get the client name
But when i ping the client like
Ping -1 serveripaddress
I just get the ipaddress...

0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
Sorry time on the server and client are not same...
The server ip details

Ip addresss :129.170.1.1
Subnet : 255.255.0.0
Gateway :129.170.1.1
DNS : 129.170.1.1

Here are the errors that i have in eventlog

Dynamic registration or deletion of one or more DNS records associated with DNS domain 'home.network.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

Possible causes of failure include:  
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

USER ACTION  


The DNS server encountered error 32 attempting to load zone Home.Network.com from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


DNS server has updated its own host (A) records.  In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update, the record data is the error code.
 
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
 
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
 
To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
I have the DHCp scope as
129.170.1.30
to
129.170.1.40
0
 
LVL 13

Expert Comment

by:martin_babarik
Comment Utility
Ok thanks, now: make sure that you have accurate time and time zone on the DNS server. Also check the clients.
Then restart the netlogon service on the DC and check the event logs, if there is some further error (it should create the missing resource records in the DNS zone).
0
 
LVL 13

Expert Comment

by:martin_babarik
Comment Utility
Regarding the DHCP: I was rather asking if your DHCP delivers the IP 129.170.1.1 as the IP of DNS server to client (run ipconfig /all on the client to verify).
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
Did as mentioned.
Now i get this error in the Event in System


Dynamic registration or deletion of one or more DNS records associated with DNS domain 'home.network.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

Possible causes of failure include:  
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

USER ACTION  
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
I get this from the client

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : dev-apc100
        Primary Dns Suffix  . . . . . . . : home.network
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Corporate Network:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
        Physical Address. . . . . . . . . : 00-11-11-BC-58-BE
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 129.170.1.31
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 129.170.1.1
        Lease Obtained. . . . . . . . . . : Sunday, June 22, 2008 6:41:50 AM
        Lease Expires . . . . . . . . . . : Monday, June 30, 2008 6:41:50 AM
0
 
LVL 13

Expert Comment

by:martin_babarik
Comment Utility
If you go to TCP/IP properties, what do you see there?
Also: does this server have multiple NICs?
When you go to your zone in DNS console, do you see there the SOA, NS and host record for your DNS server? If you do, does the host record contain the servers FQDN or just a netbios name? (like just server. or server.home.network).
When you type in ipconfig /all on the server, do you see the Primary DNS suffix? What it says?
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
TCP/IP properties
Ip addresss :129.170.1.1
Subnet : 255.255.0.0
Gateway :129.170.1.1
DNS : 129.170.1.1
No there is only 1 NIC card

Attached is the DNS View ip in the conversation 1s 129 and in server screen shot is 159. I wantedly changed the ip
11.bmp
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
The Host record A for the client machine Pc100 was added by me manually
0
 
LVL 13

Expert Comment

by:martin_babarik
Comment Utility
Thanks, now I think it's quite clear:
1) you're missing the host record for your DNS server (you have only NS record). So please create new host record to that zone which will contain the IP 129.170.1.1 and the dns servers fully qualified domain name web-server.home.network.com.
2) Also there is some inconsistency in your namespace - somewhere you have the records with home.network, but the zone name is home.network.com - they must be the same!
3) you are totally missing the active directory records in the zone.
From my point of view there are many different errors - I'd suggest to uninstall AD, then uninstall DNS, decide what domain name you want to use and then install AD again with the correct name - and please respect the name, you can't mix different DNS suffixes within one zone this way.
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
Previously i had home.network but removed DNS and installed it a Home.network.com

I have created the host record.
0
 
LVL 13

Expert Comment

by:martin_babarik
Comment Utility
ok but now probably your machines remember the old DNS suffix, which might be incorrect. Just check on them ipconfig /all the line saying Primary DNS suffix, it should state home.network.com.
Anyway you should try to restart the netlogon service on the DC again and check, if it will create some new records in the zone (SRV records of AD), otherwise it's not going to work.
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
I restarted the netlogon service and checked but it shows
Home.network as the primary DNS suffix.
So does that mean i need to reinstall the OS?
Or reinstall ADS and DNS?
Is there any other way of doing this....

0
 
LVL 13

Expert Comment

by:martin_babarik
Comment Utility
no, you just need to change the primary dns suffix. Go to my computer properties -> name -> change -> more -> type in "home.network.com"
Or simply delete the zone and create a new one with correct DNS name (home.network).
When done, restart netlogon again.
Anyway - it it's just about few computers I'd suggest to reinstall AD in case of failure with the steps above.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 11

Author Comment

by:bsharath
Comment Utility
Now i dont get any errors in the Event log but still not able to get the mac hine name when pinging from the client machine like

Ping -a ipaddress of the server
0
 
LVL 13

Expert Comment

by:martin_babarik
Comment Utility
Now it's a different problem. If you want to be able to get the name, you need to create a reverse lookup zone. It's simple, just right click on reverse lookup zone and create a new one. When created, don't forget to create the PTR record in the zone (this time it will be the IP address and the FQDN of the computer).
0
 
LVL 13

Expert Comment

by:nfmartins
Comment Utility
Are the machines inserted on the domain?
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
Yes the machines are added to the Domain
0
 
LVL 13

Expert Comment

by:nfmartins
Comment Utility
ok so tell me one thing how can you insert the machines in the domain if your dns is not working correctly?
You cant resolve ping -a ipserver correct? can you?

NM
0
 
LVL 13

Expert Comment

by:martin_babarik
Comment Utility
Bsharhath: I repeat - you need to have the reverse lookup zone containing the correct entries, that's all.
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
When i ping the machine with -a i dont get the machine name.
But the machine is added to the Domain....
I dont know how that is possible....

Martin,

Any link that shows the right way of installing?
0
 
LVL 13

Accepted Solution

by:
martin_babarik earned 500 total points
Comment Utility
Friend,
I will try to save your time refering you to a long articles and will try to provide brief step-by-step:
1. DNS is the service which provides the resolution of Hostname -> IP and IP -> Hostname
2. Forward lookup zone containts the mapping between the hostname and IP (e.g. server.domain.com -> 10.0.0.1)
2. Reverse lookup zone containts the mapping between the IP and hostname (e.g. 10.0.0.1 -> server.domain.com)
3. From the points above it should be obvious, that when using "ping -a" command, which is supposed to provide the information "what is the hostname of computer with IP address x.y.z.a?") - this information has to be stored somewhere - and this "Somewhere" is exactly the reverse lookup zone. Well, end of introduction, now the "how-to":

1. Open the DNS console and expand the server name. You will see Forward Lookup Zone (FLZ) and Reverse Lookup Zone (RLZ).
2. Select RLZ, right click on it and choose "new zone".
3. In the wizard just type in the IP of your subnet, like 129.170.0.0 - note that it will automatically generate special zone name which will be like 0.0.170.129.in-addr.arpa.
4. That's it, now you have the RLZ.
5. Now select that zone, right click on it's name and choose New PTR (Pointer) record. In the dialog box type in the IP of your server and it's full DNS name.
6. You're finished, now it should work the way you need.
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
3. In the wizard just type in the IP of your subnet, like 129.170.0.0 - note that it will automatically generate special zone name which will be like 0.0.170.129.in-addr.arpa.

My ip now is 192.168.1.1 of the server.
So should the ip be as 191.168.1?

After i select the primary zone i get " Active directory zone replication scope"

It has 3 options which should i select

0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
3. In the wizard just type in the IP of your subnet, like 129.170.0.0 - note that it will automatically generate special zone name which will be like 0.0.170.129.in-addr.arpa.

My ip now is 192.168.1.1 of the server.
So should the ip be as 191.168.1?

After i select the primary zone i get " Active directory zone replication scope"

It has 3 options which should i select

0
 
LVL 13

Expert Comment

by:martin_babarik
Comment Utility
Of course please type in the subnet ID of your network, as you say.
Rgarding the replication keep the default settings, not so important in your case (or maybe "To all dns servers in the domain" or something like that.
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
Martin

5. Now select that zone, right click on it's name and choose New PTR (Pointer) record. In the dialog box type in the IP of your server and it's full DNS name.

Should it be like
192.168.1.1.home.network.com
0
 
LVL 13

Expert Comment

by:martin_babarik
Comment Utility
Nono, there are two fields to enter text in. One of them is for the IP - use this one and type the IP of your network (I assume 192.168.1). Down in the box you will see the name of that zone being generated, at the end it will be 1.168.192.in-addr.arpa.
The "in-addr.arpa" is a standard name, don't change it, it will be always the same regardless your FLZ.
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
I did all as you said...
now below the reverselookup zone i have
192.168.1.x.subnet
Restarted the machine and still no luck...Now i am not able to add a new client to the Domain...

I get this from the client when i try to add the machine to the Domain...

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.

An error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain home.network.

The error was: "No DNS servers configured for local system."
(error code 0x0000267C DNS_ERROR_NO_DNS_SERVERS)

The query was for the SRV record for _ldap._tcp.dc._msdcs.home.network

For more information, click Help.

0
 
LVL 13

Expert Comment

by:martin_babarik
Comment Utility
yes, that's another problem...I think we just solved the IP to hostname resolution (pls verify by pinging) and now for the other one.
In your DNS zone are no AD records (one of them is the SRV _ldap._tcp...etc).
1. Please paste here what you found in C:\WINDOWS\debug\dcdiag.txt.
2. The SRV records will be created automatically, when you restart the netlogon service on domain controller. Is your DNS server also DC? Of course it will happen assuming there is no additional problem.

sorry gotta leave for few hours, I'll get back to you then.
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
Thanks Martin and all... :-))
0
 
LVL 13

Expert Comment

by:martin_babarik
Comment Utility
You are welcome, but I don't know if you made it working?:-)
0
 
LVL 11

Author Comment

by:bsharath
Comment Utility
Yes it worked Martin...
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now