mrroonie
asked on
Clients cannot connect to child domain
Hello all
I am trying to set up a child domain. Once this error (below) popped up first time i thought i'd made a mistake, un-dcpromo'd the child, wiped the server and started again using instructions from MS themselves and various other sites (which all basically say the same thing) word for word and set up everything as it should be. I have checked and double checked the forward and reverse lookup zones and all other DNS settings for both Parent and Child server and both look fine.
the child server is a brand new completely clean install of 2003 standard but i inherited the parent domain which is up and running nearly all day everyday, i probably have a 3 or 4 hour gap at night where testing / changing anything on the parent DC is possible.
The child domain itself is created with dcpromo without any problems or errors but whenever i try to join the domain with any client pc i get
'A domain controller for the domain XXX cannot be contacted. Ensure the domain name is typed correctly' (duh!) and in the details it says:
The domain name xxx might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS.
If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain xxx:
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.xxx
Common causes of this error include the following:
- The DNS SRV record is not registered in DNS. <<<<-this definitely is not the case, i can do a screen dump to prove!
- One or more of the following zones do not include delegation to its child zone:
xxx
. (the root zone)
I have tried joining by xxx and by xxx.yyy.co.uk but both bring up the same error. The client PC is configured to point at the child domain for primary dns and parent for secondary. I have swapped the primary and secondary but still get the same error above.
Both servers are running 2003 standard and are fully up-to-date as are the client PCs (running XP SP3)
Clients all have static IPs
please ask if you need any more details
PLEASE HELP!!! all i seem to be doing is going round in circles checking the DNS and WINS on both servers.
any suggestions would be greatly appreciated
I am trying to set up a child domain. Once this error (below) popped up first time i thought i'd made a mistake, un-dcpromo'd the child, wiped the server and started again using instructions from MS themselves and various other sites (which all basically say the same thing) word for word and set up everything as it should be. I have checked and double checked the forward and reverse lookup zones and all other DNS settings for both Parent and Child server and both look fine.
the child server is a brand new completely clean install of 2003 standard but i inherited the parent domain which is up and running nearly all day everyday, i probably have a 3 or 4 hour gap at night where testing / changing anything on the parent DC is possible.
The child domain itself is created with dcpromo without any problems or errors but whenever i try to join the domain with any client pc i get
'A domain controller for the domain XXX cannot be contacted. Ensure the domain name is typed correctly' (duh!) and in the details it says:
The domain name xxx might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS.
If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain xxx:
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.xxx
Common causes of this error include the following:
- The DNS SRV record is not registered in DNS. <<<<-this definitely is not the case, i can do a screen dump to prove!
- One or more of the following zones do not include delegation to its child zone:
xxx
. (the root zone)
I have tried joining by xxx and by xxx.yyy.co.uk but both bring up the same error. The client PC is configured to point at the child domain for primary dns and parent for secondary. I have swapped the primary and secondary but still get the same error above.
Both servers are running 2003 standard and are fully up-to-date as are the client PCs (running XP SP3)
Clients all have static IPs
please ask if you need any more details
PLEASE HELP!!! all i seem to be doing is going round in circles checking the DNS and WINS on both servers.
any suggestions would be greatly appreciated
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yah, Henjo is right. It looks like the SRV records are missing.
https://www.experts-exchange.com/questions/23356031/There-are-currently-no-logon-servers-available-to-service-the-logon-request.html
This should fix your issue.
https://www.experts-exchange.com/questions/23356031/There-are-currently-no-logon-servers-available-to-service-the-logon-request.html
This should fix your issue.
ASKER
thanks for the replies guys
henjoh - >>>Use AD-integrated zone for the parent domain and let the child's DNS-name be created as sub-domain instead of a separate zone <<<< so delete the delegation in the parents DNS and then add a new A record for the child DC?
The plot thickens when running a netdiag /fix - it shows there is remnants of another child domain, i think the setup here before was zzz.yyy.co.uk when it should have just been yyy.co.uk in the first place so, in effect, there was an 'orphan' domain.
.......................... .......... .
Computer Name: MAIN-DC
DNS Host Name: MAIN-DC.yyy.co.uk
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 3 Stepping 3, GenuineIntel
List of installed hotfixes :
KB924667-v2
KB925398_WMP64
KB925876
KB925902
KB927891
KB929123
KB930178
KB931784
KB932168
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB938127
KB938127-IE7
KB938464
KB941569
KB941693
KB943055
KB943460
KB943485
KB943729
KB944338-v2
KB944653
KB945553
KB946026
KB948496
KB948590
KB949014
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952954
KB953838
KB953838-IE7
KB953839
Q147222
Netcard queries test . . . . . . . : Passed
[WARNING] The net card '1394 Net Adapter' may not be working because it has not received any packets.
Per interface results:
Adapter : Local Area Connection 2
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : main-dc
IP Address . . . . . . . . : 111.111.111.111
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 111.111.111.100
Dns Servers. . . . . . . . : 111.111.111.111
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{F162D9F1-CF52 -44C8-B061 -B584A6448 31A}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.zzz.yyy.co.uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S ite-Name._ sites.zzz. yyy.cam.ac .uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.42d1d66e-791c-4 797-b702-0 6c46de43e4 0.domains. _msdcs.zzz .yyy.co.uk . re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry 467b01aa-31e8-4dc2-bf28-27 212de60cbc ._msdcs.zz z.yyy.co.u k. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.z zz.yyy.co. uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-Fir st-Site-Na me._sites. dc._msdcs. zzz.yyy.co .uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.zzz.y yy.co.uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S ite-Name._ sites.dc._ msdcs.zzz. yyy.co.uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.zzz.yyy.co. uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-Fir st-Site-Na me._sites. zzz.yyy.co .uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.zzz.yyy.co. uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.zzz.yyy.co.u k. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.zzz.yyy.co.u k. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.zzz.y yy.co.uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S ite-Name._ sites.gc._ msdcs.zzz. yyy.co.uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _gc._tcp.zzz.yyy.co.uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Sit e-Name._si tes.zzz.yy y.co.uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.zzz. yyy.co.uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for this DC on DNS server '111.111.111.111'.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{F162D9F1-CF52 -44C8-B061 -B584A6448 31A}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{F162D9F1-CF52 -44C8-B061 -B584A6448 31A}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
chiefIT - sorry i forgot to mention i had already flushed the DNS numerous times, i've been on this thing for a while now and i can't remember everything i've tried with it, but i'll let you know as i remember them
henjoh - >>>Use AD-integrated zone for the parent domain and let the child's DNS-name be created as sub-domain instead of a separate zone <<<< so delete the delegation in the parents DNS and then add a new A record for the child DC?
The plot thickens when running a netdiag /fix - it shows there is remnants of another child domain, i think the setup here before was zzz.yyy.co.uk when it should have just been yyy.co.uk in the first place so, in effect, there was an 'orphan' domain.
..........................
Computer Name: MAIN-DC
DNS Host Name: MAIN-DC.yyy.co.uk
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 3 Stepping 3, GenuineIntel
List of installed hotfixes :
KB924667-v2
KB925398_WMP64
KB925876
KB925902
KB927891
KB929123
KB930178
KB931784
KB932168
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB938127
KB938127-IE7
KB938464
KB941569
KB941693
KB943055
KB943460
KB943485
KB943729
KB944338-v2
KB944653
KB945553
KB946026
KB948496
KB948590
KB949014
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952954
KB953838
KB953838-IE7
KB953839
Q147222
Netcard queries test . . . . . . . : Passed
[WARNING] The net card '1394 Net Adapter' may not be working because it has not received any packets.
Per interface results:
Adapter : Local Area Connection 2
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : main-dc
IP Address . . . . . . . . : 111.111.111.111
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 111.111.111.100
Dns Servers. . . . . . . . : 111.111.111.111
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{F162D9F1-CF52
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.zzz.yyy.co.uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.42d1d66e-791c-4
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry 467b01aa-31e8-4dc2-bf28-27
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.z
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-Fir
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.zzz.y
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.zzz.yyy.co.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-Fir
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.zzz.yyy.co.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.zzz.yyy.co.u
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.zzz.yyy.co.u
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.zzz.y
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-S
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _gc._tcp.zzz.yyy.co.uk. re-registeration on DNS server '111.111.111.111' failed.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Sit
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.zzz.
DNS Error code: DNS_ERROR_RCODE_REFUSED
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for this DC on DNS server '111.111.111.111'.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{F162D9F1-CF52
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{F162D9F1-CF52
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
chiefIT - sorry i forgot to mention i had already flushed the DNS numerous times, i've been on this thing for a while now and i can't remember everything i've tried with it, but i'll let you know as i remember them
Delegation is as said not necessary in same AD-forest and can be deleted from yyy.co.uk.
Delete the zzz.yyy.co.uk zone from DCs. If having records in it that you want to keep, take a backup first by using command 'dnscmd /zoneexport zzz.yyy.co.uk filename.dns'
To create domain in parent DNS-zone, right-click on zone-name (yyy.co.uk) and choose 'New Domain'. As value enter the sub-domain name (zzz).
Configure DNS-zone yyy.co.uk to be stored in AD to get it replicated between DCs.
Also configure zone to allow dynamic updates. If setting dynamic updates to secure only, clients will be required to be AD-members.
Configure DC in child domain to use parent DC as primary DNS and itself as secondary DNS to get redundancy and avoid errors when restarting DC.
When that is done, re-run netdiag/fix
Just a thaught: Is it necessary to create child domain, or can you instead create OU-structure in parent domain?
Only requirement for having multiple domains is the nead of having multiple password policies in AD 2000/2003. AD 2008, that isn't necessary anymore as multiple password policies can be used in same domain.
Delete the zzz.yyy.co.uk zone from DCs. If having records in it that you want to keep, take a backup first by using command 'dnscmd /zoneexport zzz.yyy.co.uk filename.dns'
To create domain in parent DNS-zone, right-click on zone-name (yyy.co.uk) and choose 'New Domain'. As value enter the sub-domain name (zzz).
Configure DNS-zone yyy.co.uk to be stored in AD to get it replicated between DCs.
Also configure zone to allow dynamic updates. If setting dynamic updates to secure only, clients will be required to be AD-members.
Configure DC in child domain to use parent DC as primary DNS and itself as secondary DNS to get redundancy and avoid errors when restarting DC.
When that is done, re-run netdiag/fix
Just a thaught: Is it necessary to create child domain, or can you instead create OU-structure in parent domain?
Only requirement for having multiple domains is the nead of having multiple password policies in AD 2000/2003. AD 2008, that isn't necessary anymore as multiple password policies can be used in same domain.
ASKER
hi henjoh, i think we're getting somewhere now, i deleted zzz.yyy... and created the new sub domain in the yyy zone
all zones were already configured to allow dynamic updates from both secure and unsecure.
running a netdiag /fix after that gives exactly the same failures as my previous post but now when i try to join a client to the domain it sees the srv record but still doesn't join -
DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain xxx.yyy.uk:
The query was for the SRV record for _ldap._tcp.dc._msdcs.xxx.y yy.uk
The following domain controllers were identified by the query:
sub-dc.xxx.yyy.uk
Common causes of this error include:
- Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or are not running.
the A record is present though! and is the correct address!
i've tried joining the domain with the primary dns pointing to the main dc and the child dc, both bring up the above error
Sadly we do need the child domain for p/w policies as we are running 2003 otherwise i wouldn't have even bothered trying to fix this.
i think its the previous 'orphan' domain thats causing the issues but i've cleared everything i can find on it out of DNS
when i create new users in AD some of them are created as user@yyy.co.uk and some of them are still created as user@zzz.yyy.co.uk - zzz is the 'orphan' i'm trying to get rid of. it is completely random whether a user is @yyy.co.uk or @zzz.yyy.co.uk
all zones were already configured to allow dynamic updates from both secure and unsecure.
running a netdiag /fix after that gives exactly the same failures as my previous post but now when i try to join a client to the domain it sees the srv record but still doesn't join -
DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain xxx.yyy.uk:
The query was for the SRV record for _ldap._tcp.dc._msdcs.xxx.y
The following domain controllers were identified by the query:
sub-dc.xxx.yyy.uk
Common causes of this error include:
- Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or are not running.
the A record is present though! and is the correct address!
i've tried joining the domain with the primary dns pointing to the main dc and the child dc, both bring up the above error
Sadly we do need the child domain for p/w policies as we are running 2003 otherwise i wouldn't have even bothered trying to fix this.
i think its the previous 'orphan' domain thats causing the issues but i've cleared everything i can find on it out of DNS
when i create new users in AD some of them are created as user@yyy.co.uk and some of them are still created as user@zzz.yyy.co.uk - zzz is the 'orphan' i'm trying to get rid of. it is completely random whether a user is @yyy.co.uk or @zzz.yyy.co.uk
ASKER
just to add - clients can ping the child server by IP, not by FQDN of the new sub domain. but if i ping using the old orphaned FQDN i get a reply. i think i need to get the pointer out of the reverse lookup zone but it will not let me delete the record
ASKER
i have tried the dnscmd /RecordDelete to delete the pointer but i get DNS_ERROR_ZONE_DOES_NOT_EX IST
Is firewall enabled on DC preventing clients from joining domain?
It can be turned on, but nead to have the necessary ports opened. Try to turn it off temporary to see if it helps.
It can be turned on, but nead to have the necessary ports opened. Try to turn it off temporary to see if it helps.
ASKER
Firewall was on but hasn't made a difference turning it off. i have just found there was an xxx folder under the main (yyy) domain as well as an integrated primary. Think i just needed a fresh pair of eyes on it after being bogged down with it for so long. i deleted the xxx folder and the clients could join. henjoh gets the points for the pointer to create it as AD-integrated primary
ASKER
thanks for racking your brain on this one, i was stumped
ASKER
i have also made the child a GC