?
Solved

Issues with DNS, unable to join newly created domain.

Posted on 2010-01-03
20
Medium Priority
?
775 Views
Last Modified: 2012-05-08
I have a dl320g2 server that I have installed server 2003 r2 evaluation copy on for my mcsa. I ran dcpromo via the manages your server wizard, and named the domain ceinc.localdomain. This server is connected by both NICs (one is software disabled) to a Linksys 24-port 10/100 +2 port gigabit switch +2 miniGIBC (model sr2246), which is in turn connected to a Belkin N+ wireless router (model f5d8235-4 v2), then to my Motorola Surfboard cable modem. I do not want to publish my domain as of yet, I just want to get this running for studying purposes. I only want to install AD, but most sources say I need DNS. I am unable to join any pc to the domain, with or without DNS. I am able to ping the server (ceisrv01) by ip on a client pc, but not by host name. It looks like it is trying to go through the wireless router to do so... see attached #1 (router namespace can/has been renamed to CEI). I am able to ping by host name AND ip from the server, no issues. The IP address of the Belkin router is 192.168.2.1.

The DNS setup is as shown, attached #2.
The NIC in use is configured as shown in attached #3.
NSLookup is shown in attached #4.
An attempt to join the domain produces the attached #5


Im looking to have eveything on the internal network set as dynamic (except the server of course), I just want a pc to join the domain.

If you need any further specific info, please let me know and I will do my best.
ping.jpg
DNS.jpg
NIC.jpg
nslookup.jpg
domainjoin.jpg
0
Comment
Question by:neil1775
  • 9
  • 6
  • 4
  • +1
20 Comments
 
LVL 22

Expert Comment

by:senad
ID: 26167436
From your TCP-IP settings it seems to me you are connecting to your router as if it were a server.
Going to sleep....
0
 
LVL 1

Author Comment

by:neil1775
ID: 26167446
well that setup seems to be working as i am able to browse the internet just fine without issue from the server.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26167457
Instead of using NETBIOS name (ceinc), use the DNS-name (ceinc.localdomain) when joining the computer
For 'ping ceiserv01' issue resolving to external IP, check the DNS search suffix list. Use 'ping ceiserv01.ceinc.localdomain' instead of only servername.
nslookup root is normal result.
Check firewall on DC. It can be enabled if open port exceptions described in http://support.microsoft.com/kb/555381. If not open the necessary ports, disable firewall.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
LVL 1

Expert Comment

by:KeraDanNaga
ID: 26167484
I'll take a stab at it.  

Active directory wont really work without a dns server.

what is the dns server assigned to your client machine? Is the nic picture a picture of the server's nic properties or the client's.  What is the version of windows?

 If your trying to join the domain from a client the client needs to have the ip address of the AD server (or the dns server if it is a different server on the network) as it's primary dns server.  

You can shut dhcp off on your router, and make your AD server a DHCP server. Make sure the AD server is providing the right information through DHCP.  Make sure the server has the external DNS servers in it's nic properties.

If you don't want to make your AD server a DHCP server then you need to make sure that the router is serving the correct information, and your server has statically assigned IP information and your dns servers on the server are the external ones (or your router if thats the case).  The clients need to get ip information from your network but the dns server assigned to them needs to give them the DNS server as your AD server not the external dns servers.

If you can ping the ip but not the domain name its probably because your client's dns server doesn't know your domain name exists.  If your client is referencing an external dns server, then it makes sense because the external dns server has no idea that your internal domain name exists and can't provide information as to where it is.  The server can ping its domain because it understands that it is the domain itself..  
0
 
LVL 1

Author Comment

by:neil1775
ID: 26167492
Ping with FQDN produces attached cmd box.
Join domain with FQDN produces attached dialog box with expanded error.
The firewall is off.
domianjoinFQDN.jpg
pingFQDN.jpg
0
 
LVL 1

Author Comment

by:neil1775
ID: 26167501
The tcp/ip config on the client is dynamic,
the NIC is the server's NIC,
The client is windows 7 enterprise
I would like verymuch to not turn on DHCP, i dont want to have my server routing all traffic.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26167503
Ensure the client's DNS server is the DC instead of router.
0
 
LVL 1

Author Comment

by:neil1775
ID: 26167509
so i would need to set up a forwarder? i can edit the hosts file on the client to point to my server, would that possibly work?
0
 
LVL 1

Expert Comment

by:KeraDanNaga
ID: 26167515
Remember also that even if your router is acting as a proxy dns server, it is still an external dns server in regards to the actived directory domain.  Only the AD DNS server is the main one the clients want to use. (You would give them an external secondary in case the server ever went down so they could access the internet even if they couldnt use AD).
0
 
LVL 1

Author Comment

by:neil1775
ID: 26167523
if i point my client to the server for DNS, which is fine, i would essentially need to have the server on 24/7. i just want to join the client to the domain, have it cache credentials, and re-sync when i turn it back on. I was just able to join the domain by manually creating the primary DNS in tcp/ip. how would i do it dynamicly?
0
 
LVL 1

Author Comment

by:neil1775
ID: 26167525
ahh so point to the router's ip for alternat DNS?
0
 
LVL 1

Expert Comment

by:KeraDanNaga
ID: 26167529
In order for the client to access AD it needs to use the AD DNS server.  That DNS server(s) is/are the only one(s) who understand your domain.  Because the server is using the external dns servers provided by your provider (or your routers ip if your router is acting as a proxy) the server knows how to get the information requested by the clients.  There is really no way around that.  Active directory uses the DNS to determine who's who and can't without it.    
0
 
LVL 1

Author Comment

by:neil1775
ID: 26167534
i just added the router's ip as an alternate DNS, and it is back to the same old stuff... cant ping via host name...
0
 
LVL 1

Expert Comment

by:KeraDanNaga
ID: 26167537
Yep you would need to have the server on 24/7 if you wanted to access your active directory domain 24/7.  You could just use the local account on the computer though to do your non domain related work.  Have a local account on the clients that you use normally.  The domain account that you use to log in to the active directory could just be used for active directory stuff.

If the router is acting as a proxy and everything works the way it should when the server tries to contact the primary dns server (the AD server), but doesn't find it (because the server is off), it will look at the secondary dns server.  When the client machine comes to a login prompt log on as the local user.  You could even log on as a domain user, though you would be using cached information and that might entail problems.
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 1000 total points
ID: 26167540
Instead of using router (or ISP) as alternate DNS, it's better to have additional internal DC/DNS to give redundancy for logon and internal resolving.
If using router, it will as said forward the queries external making them not resolvable. If DC isn't reachable, the clients will not be able to logon (if not using cached credentials).
0
 
LVL 1

Assisted Solution

by:KeraDanNaga
KeraDanNaga earned 1000 total points
ID: 26167550
dynamically you would need to set up whatever your dhcp server on the network was, to provide the DNS information to the clients.  If it's your router, then usually in the router administration pages you can set that up, just make sure the server has the correct external information in its properties.

When you added the router as a alternate, the primary was the AD server right?  Was the AD server on?  Where you logged into the AD domain or as a local user?
0
 
LVL 1

Author Comment

by:neil1775
ID: 26167570
when i added the alternate, the server was the main. the server was on.i was logged on as the local admin. i am now typing this as a domain user. as a domain user, i am able to ping via host name to the server. no change in primary alternat dns's. so im guessing the alternate is only used when primary is dc/dns server, and then only if you arent logged in as a domain user?
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26167591
If primary DNS server isn't responding enough quick, the client will failover and try to use the alternate DNS.
0
 
LVL 1

Expert Comment

by:KeraDanNaga
ID: 26167599
I could be wrong on this but I am pretty sure that if the primary dns server is down, the alternative should be used.  

Try this test, give the client a static ip, and make the primary dns the server, and the secondary dns server the router.  Shut the server down, restart the client and log on as a local user and see if you can get out to the internet.  This will mean that when the client starts, it wont be on the domain, and it wont be able to contact the primary DNS, this should force it to use the Secondary.  

If that doesnt work.

Then change the secondary DNS to a known dns server IP on the internet preferably your provider's dns servers.  And rerun the test.
0
 
LVL 1

Author Comment

by:neil1775
ID: 26167638
im gonna pass on the test as it works when i am logged in as a domain user, im able to ping via host and ip, and fqdn. its all good.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their VPS hosting experience that much smoother.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question