Issues with DNS, unable to join newly created domain.
I have a dl320g2 server that I have installed server 2003 r2 evaluation copy on for my mcsa. I ran dcpromo via the manages your server wizard, and named the domain ceinc.localdomain. This server is connected by both NICs (one is software disabled) to a Linksys 24-port 10/100 +2 port gigabit switch +2 miniGIBC (model sr2246), which is in turn connected to a Belkin N+ wireless router (model f5d8235-4 v2), then to my Motorola Surfboard cable modem. I do not want to publish my domain as of yet, I just want to get this running for studying purposes. I only want to install AD, but most sources say I need DNS. I am unable to join any pc to the domain, with or without DNS. I am able to ping the server (ceisrv01) by ip on a client pc, but not by host name. It looks like it is trying to go through the wireless router to do so... see attached #1 (router namespace can/has been renamed to CEI). I am able to ping by host name AND ip from the server, no issues. The IP address of the Belkin router is 192.168.2.1.
The DNS setup is as shown, attached #2.
The NIC in use is configured as shown in attached #3.
NSLookup is shown in attached #4.
An attempt to join the domain produces the attached #5
Im looking to have eveything on the internal network set as dynamic (except the server of course), I just want a pc to join the domain.
If you need any further specific info, please let me know and I will do my best.
ping.jpg
DNS.jpg
NIC.jpg
nslookup.jpg
domainjoin.jpg
The DNS setup is as shown, attached #2.
The NIC in use is configured as shown in attached #3.
NSLookup is shown in attached #4.
An attempt to join the domain produces the attached #5
Im looking to have eveything on the internal network set as dynamic (except the server of course), I just want a pc to join the domain.
If you need any further specific info, please let me know and I will do my best.
ping.jpg
DNS.jpg
NIC.jpg
nslookup.jpg
domainjoin.jpg
ASKER
well that setup seems to be working as i am able to browse the internet just fine without issue from the server.
Instead of using NETBIOS name (ceinc), use the DNS-name (ceinc.localdomain) when joining the computer
For 'ping ceiserv01' issue resolving to external IP, check the DNS search suffix list. Use 'ping ceiserv01.ceinc.localdomai
nslookup root is normal result.
Check firewall on DC. It can be enabled if open port exceptions described in http://support.microsoft.com/kb/555381. If not open the necessary ports, disable firewall.
For 'ping ceiserv01' issue resolving to external IP, check the DNS search suffix list. Use 'ping ceiserv01.ceinc.localdomai
nslookup root is normal result.
Check firewall on DC. It can be enabled if open port exceptions described in http://support.microsoft.com/kb/555381. If not open the necessary ports, disable firewall.
I'll take a stab at it.
Active directory wont really work without a dns server.
what is the dns server assigned to your client machine? Is the nic picture a picture of the server's nic properties or the client's. What is the version of windows?
If your trying to join the domain from a client the client needs to have the ip address of the AD server (or the dns server if it is a different server on the network) as it's primary dns server.
You can shut dhcp off on your router, and make your AD server a DHCP server. Make sure the AD server is providing the right information through DHCP. Make sure the server has the external DNS servers in it's nic properties.
If you don't want to make your AD server a DHCP server then you need to make sure that the router is serving the correct information, and your server has statically assigned IP information and your dns servers on the server are the external ones (or your router if thats the case). The clients need to get ip information from your network but the dns server assigned to them needs to give them the DNS server as your AD server not the external dns servers.
If you can ping the ip but not the domain name its probably because your client's dns server doesn't know your domain name exists. If your client is referencing an external dns server, then it makes sense because the external dns server has no idea that your internal domain name exists and can't provide information as to where it is. The server can ping its domain because it understands that it is the domain itself..
Active directory wont really work without a dns server.
what is the dns server assigned to your client machine? Is the nic picture a picture of the server's nic properties or the client's. What is the version of windows?
If your trying to join the domain from a client the client needs to have the ip address of the AD server (or the dns server if it is a different server on the network) as it's primary dns server.
You can shut dhcp off on your router, and make your AD server a DHCP server. Make sure the AD server is providing the right information through DHCP. Make sure the server has the external DNS servers in it's nic properties.
If you don't want to make your AD server a DHCP server then you need to make sure that the router is serving the correct information, and your server has statically assigned IP information and your dns servers on the server are the external ones (or your router if thats the case). The clients need to get ip information from your network but the dns server assigned to them needs to give them the DNS server as your AD server not the external dns servers.
If you can ping the ip but not the domain name its probably because your client's dns server doesn't know your domain name exists. If your client is referencing an external dns server, then it makes sense because the external dns server has no idea that your internal domain name exists and can't provide information as to where it is. The server can ping its domain because it understands that it is the domain itself..
ASKER
Ping with FQDN produces attached cmd box.
Join domain with FQDN produces attached dialog box with expanded error.
The firewall is off.
domianjoinFQDN.jpg
pingFQDN.jpg
Join domain with FQDN produces attached dialog box with expanded error.
The firewall is off.
domianjoinFQDN.jpg
pingFQDN.jpg
ASKER
The tcp/ip config on the client is dynamic,
the NIC is the server's NIC,
The client is windows 7 enterprise
I would like verymuch to not turn on DHCP, i dont want to have my server routing all traffic.
the NIC is the server's NIC,
The client is windows 7 enterprise
I would like verymuch to not turn on DHCP, i dont want to have my server routing all traffic.
Ensure the client's DNS server is the DC instead of router.
ASKER
so i would need to set up a forwarder? i can edit the hosts file on the client to point to my server, would that possibly work?
Remember also that even if your router is acting as a proxy dns server, it is still an external dns server in regards to the actived directory domain. Only the AD DNS server is the main one the clients want to use. (You would give them an external secondary in case the server ever went down so they could access the internet even if they couldnt use AD).
ASKER
if i point my client to the server for DNS, which is fine, i would essentially need to have the server on 24/7. i just want to join the client to the domain, have it cache credentials, and re-sync when i turn it back on. I was just able to join the domain by manually creating the primary DNS in tcp/ip. how would i do it dynamicly?
ASKER
ahh so point to the router's ip for alternat DNS?
In order for the client to access AD it needs to use the AD DNS server. That DNS server(s) is/are the only one(s) who understand your domain. Because the server is using the external dns servers provided by your provider (or your routers ip if your router is acting as a proxy) the server knows how to get the information requested by the clients. There is really no way around that. Active directory uses the DNS to determine who's who and can't without it.
ASKER
i just added the router's ip as an alternate DNS, and it is back to the same old stuff... cant ping via host name...
Yep you would need to have the server on 24/7 if you wanted to access your active directory domain 24/7. You could just use the local account on the computer though to do your non domain related work. Have a local account on the clients that you use normally. The domain account that you use to log in to the active directory could just be used for active directory stuff.
If the router is acting as a proxy and everything works the way it should when the server tries to contact the primary dns server (the AD server), but doesn't find it (because the server is off), it will look at the secondary dns server. When the client machine comes to a login prompt log on as the local user. You could even log on as a domain user, though you would be using cached information and that might entail problems.
If the router is acting as a proxy and everything works the way it should when the server tries to contact the primary dns server (the AD server), but doesn't find it (because the server is off), it will look at the secondary dns server. When the client machine comes to a login prompt log on as the local user. You could even log on as a domain user, though you would be using cached information and that might entail problems.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
when i added the alternate, the server was the main. the server was on.i was logged on as the local admin. i am now typing this as a domain user. as a domain user, i am able to ping via host name to the server. no change in primary alternat dns's. so im guessing the alternate is only used when primary is dc/dns server, and then only if you arent logged in as a domain user?
If primary DNS server isn't responding enough quick, the client will failover and try to use the alternate DNS.
I could be wrong on this but I am pretty sure that if the primary dns server is down, the alternative should be used.
Try this test, give the client a static ip, and make the primary dns the server, and the secondary dns server the router. Shut the server down, restart the client and log on as a local user and see if you can get out to the internet. This will mean that when the client starts, it wont be on the domain, and it wont be able to contact the primary DNS, this should force it to use the Secondary.
If that doesnt work.
Then change the secondary DNS to a known dns server IP on the internet preferably your provider's dns servers. And rerun the test.
Try this test, give the client a static ip, and make the primary dns the server, and the secondary dns server the router. Shut the server down, restart the client and log on as a local user and see if you can get out to the internet. This will mean that when the client starts, it wont be on the domain, and it wont be able to contact the primary DNS, this should force it to use the Secondary.
If that doesnt work.
Then change the secondary DNS to a known dns server IP on the internet preferably your provider's dns servers. And rerun the test.
ASKER
im gonna pass on the test as it works when i am logged in as a domain user, im able to ping via host and ip, and fqdn. its all good.
Going to sleep....