Child domain DNS configuration

Good luck and good night :)

I hope Chris-Dent will pop into your question

On the child domain DNS you root hint should point to you parent domain dns server. In your case it should be something like
Root Hints:
Server Fully Qualified Domain Name             IP Address
DC01.florasul.lan                        192.168.1.101


Do this and then make a ping request to DC01.florasul.lan
Regards,
Shahid      

Don't work, still forward to public dns.
C:\Users\Administrator>ping DC01.florasul.lan

Pinging DC01.florasul.lan [67.215.65.132] with 32 bytes of data:
Reply from 67.215.65.132: bytes=32 time=43ms TTL=56
Reply from 67.215.65.132: bytes=32 time=44ms TTL=56
Reply from 67.215.65.132: bytes=32 time=44ms TTL=56

Ping statistics for 67.215.65.132:
    Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 43ms, Maximum = 44ms, Average = 43ms
Control-C
^C
C:\Users\Administrator>ping -a 67.215.65.132

Pinging hit-nxdomain.opendns.com [67.215.65.132] with 32 bytes of data:
Reply from 67.215.65.132: bytes=32 time=60ms TTL=56
Reply from 67.215.65.132: bytes=32 time=43ms TTL=56
Reply from 67.215.65.132: bytes=32 time=43ms TTL=56
Reply from 67.215.65.132: bytes=32 time=43ms TTL=56

Are you sure that is to point my parent domain on root hints ?
The query should not be resolved locally?

Regards

André Bolinhas

You need flush the cache by running
ipconfig/flushdns
on the machine ur running the ping from

Can you list the forwarder defined on the child domain DNS

The resolution order is
local copy of DNS
forwarders
Root hints

Regards,
Shahid

I already did
ipconfig /flushdns
ipconfig /registerdns
and restart netlogon service

But still don't work

Forwarders list:
208.67.222.222
208.67.220.220

From parent I can resolve names from child locally, without forwarders or root hints

On the Parent you must have delegation of the child domain configured thats why are resolving the addresses properly. No issues here.

But since you forwarders are pooled before root hints, I am assuming that the DNS servers in the forwarders are resolving the addresses.

If you can add a conditional forwarder for your florasul.lan domain and add DC01.florasul.lan (192.168.1.101).

See if that helps.

Regards,
Shahid

and If I create a delagation on child to parent?

Ok, I already add my parent ip on child forwards.

Now I can ping parent.

Check the result
C:\Users\Administrator>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = chld01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Connectivity
         ......................... CHLD01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\CHLD01

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... CHLD01 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : evora01

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running enterprise tests on : florasul.lan
      Starting test: DNS
         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 208.67.220.220 ()
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 208.67.220.220

            DNS server: 208.67.222.222 ()
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 208.67.222.222

         ......................... florasul.lan passed test DNS

you can not dear. It doesn't work that way.  Delegation works in tree structure. You can only use delegation to extend the tree, i.e. if you decide to add another child(corp) below your child(evora01.florasul.lan) domain, making the new child domain(corp.evora01.florasul.lan).
Parent to child name resolution can be done using delegation or forwarders
Child to parent name resolution can be done using forwarder or root hints.

Do you have any reservation creating the forwarder in the child domain to the parent domain?

Seems you can connect to the public DNS from your server, you might have to configure you external firewall to have access to them?

Out of curiousity, whats their use on this server?

I use windows server 2008 r2 in both server (parent and child).

See the result in enterprise mode:
C:\Users\Administrator>dcdiag /test:dns /e

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = chld01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Connectivity
         ......................... CHLD01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC01

   Testing server: Default-First-Site-Name\CHLD01

      Starting test: DNS

               Starting test: DNS

                  DNS Tests are running and not hung. Please wait a few
                  minutes...
                  ......................... DC01 failed test DNS
         ......................... CHLD01 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : florasul

   Running partition tests on : DomainDnsZones

   Running partition tests on : evora01

   Running enterprise tests on : florasul.lan
      Starting test: DNS
         Test results for domain controllers:

            DC: DC01.florasul.lan
            Domain: florasul.lan


               TEST: Basic (Basc)
                  Error: No WMI connectivity
                  No host records (A or AAAA) were found for this DC

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 208.67.220.220 ()
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 208.67.220.220

            DNS server: 208.67.222.222 ()
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 208.67.222.222

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: florasul.lan
               DC01                         PASS FAIL n/a  n/a  n/a  n/a  n/a

         ......................... florasul.lan failed test DNS

and in verbose mode to:
C:\Users\Administrator>dcdiag /test:dns /v

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine chld01, is a Directory Server.
   Home Server = chld01
   * Connecting to directory service on server chld01.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=florasul,DC=la
n,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=florasul,DC=lan
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=florasul,DC=la
n,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=DC01,CN=Servers,CN=Def
ault-First-Site-Name,CN=Sites,CN=Configuration,DC=florasul,DC=lan
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CHLD01,CN=Servers,CN=D
efault-First-Site-Name,CN=Sites,CN=Configuration,DC=florasul,DC=lan
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... CHLD01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\CHLD01
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas
      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         See DNS test in enterprise tests section for results
         ......................... CHLD01 passed test DNS

   Running partition tests on : DomainDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : evora01
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : ForestDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : Schema
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : Configuration
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running enterprise tests on : florasul.lan
      Starting test: DNS
         Test results for domain controllers:

            DC: chld01.evora01.florasul.lan
            Domain: evora01.florasul.lan


               TEST: Authentication (Auth)
                  Authentication test: Successfully completed

               TEST: Basic (Basc)
                  The OS
                  Microsoft Windows Server 2008 R2 Standard  (Service Pack level
: 0.0)
                  is supported.
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter
                  [00000007] Intel(R) 82575EB Gigabit Network Connection:
                     MAC address is 00:30:48:D6:8C:5E
                     IP Address is static
                     IP address: 192.168.2.101, fe80::8537:7804:3ad6:c900
                     DNS servers:
                        192.168.2.101 (CHLD01) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found prim
ary
                  Root zone on this DC/DNS server was not found

               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     192.168.1.101 () [Valid]
                     208.67.220.220 () [Invalid]
                     208.67.222.222 () [Invalid]

               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server

               TEST: Dynamic update (Dyn)
                  Test record dcdiag-test-record added successfully in zone evor
a01.florasul.lan
                  Test record dcdiag-test-record deleted successfully in zone ev
ora01.florasul.lan

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000007] Intel(R) 82575EB Gigabit Network Connection:
                     Matching CNAME record found at DNS server 192.168.2.101:
                     93313e43-0c25-412f-8d4b-6a45ff2318f1._msdcs.florasul.lan

                     Matching A record found at DNS server 192.168.2.101:
                     chld01.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.66cd515e-8176-4bde-8f4d-236b50aad6ff.domains._ms
dcs.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._tcp.dc._msdcs.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.dc._msdcs.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._tcp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._udp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kpasswd._tcp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.Default-First-Site-Name._sites.evora01.florasul.
lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.evo
ra01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.evora01
.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.evora01.flora
sul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.gc._msdcs.florasul.lan

                     Matching A record found at DNS server 192.168.2.101:
                     gc._msdcs.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _gc._tcp.Default-First-Site-Name._sites.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.florasu
l.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.pdc._msdcs.evora01.florasul.lan


         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 208.67.220.220 ()
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 208.67.220.220
               [Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]

            DNS server: 208.67.222.222 ()
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 208.67.222.222
               [Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]

            DNS server: 192.168.1.101 ()
               All tests passed on this DNS server
               Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered

            DNS server: 192.168.2.101 (CHLD01)
               All tests passed on this DNS server
               Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: evora01.florasul.lan
               chld01                       PASS PASS PASS PASS PASS PASS n/a

         ......................... florasul.lan passed test DNS
      Test omitted by user request: LocatorCheck
      Test omitted by user request: Intersite

Made a mistake in my above post. I meant to say that it seems you cannot connect to the public DNS from your server, you might have to configure you external firewall to have access to them?

Whats their use on this server?

Regards,
Shahid

I use windows 2008 r2 and both server and server don't have firewall.

My external firewall don't have any restriction.

can you run the following command to see if you are able to access the DNS servers
telnet 208.67.220.220 53

and similarly:
telnet 208.67.222.222 53

If they are accessible on port 53(DNS) you will get a blank screen otherwise a request time out.

My problem is not the child can  not resolve the public dns, the dns are use to forward only to internet and is working.

My problem is a dns comunications between child and parent.

If that is the case then from above post ID:30839391 and ID:30839535 the issue seems to be resolved.

The same post also indicates that public DNS Servers  (208.67.220.220 and 208.67.222.222) are unreachable from the DNS server. Just thought you should know.

Regards,
Shahid

Note : Just like to inform you that I might not be available for the next hour, there is a schedule power outage thats gonna occur.

no, no resolve.

Check

         Starting test: DNS

               Starting test: DNS

                  DNS Tests are running and not hung. Please wait a few
                  minutes...
                  See DNS test in enterprise tests section for results
                  ......................... DC01 failed test DNS
         See DNS test in enterprise tests section for results
         ......................... CHLD01 passed test DNS

   Running partition tests on : ForestDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : DomainDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : Schema
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : Configuration
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : florasul
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : DomainDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : evora01
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running enterprise tests on : florasul.lan
      Starting test: DNS
         Test results for domain controllers:

            DC: DC01.florasul.lan
            Domain: florasul.lan


               TEST: Authentication (Auth)
                  Authentication test: Successfully completed

               TEST: Basic (Basc)
                  Error: No WMI connectivity
                  [Error details: 0x80070005 (Type: HRESULT - Facility: Win32, D
escription: Access is denied.) - Connection to WMI server failed]
                  No host records (A or AAAA) were found for this DC


            DC: chld01.evora01.florasul.lan
            Domain: evora01.florasul.lan


               TEST: Authentication (Auth)
                  Authentication test: Successfully completed

               TEST: Basic (Basc)
                  The OS
                  Microsoft Windows Server 2008 R2 Standard  (Service Pack level
: 0.0)
                  is supported.
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter
                  [00000007] Intel(R) 82575EB Gigabit Network Connection:
                     MAC address is 00:30:48:D6:8C:5E
                     IP Address is static
                     IP address: 192.168.2.101, fe80::8537:7804:3ad6:c900
                     DNS servers:
                        192.168.2.101 (CHLD01) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found prim
ary
                  Root zone on this DC/DNS server was not found

               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     192.168.1.101 () [Valid]
                     208.67.220.220 () [Invalid]
                     208.67.222.222 () [Invalid]

               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server

               TEST: Dynamic update (Dyn)
                  Test record dcdiag-test-record added successfully in zone evor
a01.florasul.lan
                  Test record dcdiag-test-record deleted successfully in zone ev
ora01.florasul.lan

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000007] Intel(R) 82575EB Gigabit Network Connection:
                     Matching CNAME record found at DNS server 192.168.2.101:
                     93313e43-0c25-412f-8d4b-6a45ff2318f1._msdcs.florasul.lan

                     Matching A record found at DNS server 192.168.2.101:
                     chld01.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.66cd515e-8176-4bde-8f4d-236b50aad6ff.domains._ms
dcs.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._tcp.dc._msdcs.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.dc._msdcs.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._tcp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._udp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kpasswd._tcp.evora01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.Default-First-Site-Name._sites.evora01.florasul.
lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.evo
ra01.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.evora01
.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.evora01.flora
sul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.gc._msdcs.florasul.lan

                     Matching A record found at DNS server 192.168.2.101:
                     gc._msdcs.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _gc._tcp.Default-First-Site-Name._sites.florasul.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.florasu
l.lan

                     Matching  SRV record found at DNS server 192.168.2.101:
                     _ldap._tcp.pdc._msdcs.evora01.florasul.lan


         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 208.67.220.220 ()
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 208.67.220.220
               [Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]

            DNS server: 208.67.222.222 ()
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 208.67.222.222
               [Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]

            DNS server: 192.168.1.101 ()
               All tests passed on this DNS server
               Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered

            DNS server: 192.168.2.101 (CHLD01)
               All tests passed on this DNS server
               Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: florasul.lan
               DC01                         PASS FAIL n/a  n/a  n/a  n/a  n/a
            Domain: evora01.florasul.lan
               chld01                       PASS PASS PASS PASS PASS PASS n/a

         ......................... florasul.lan failed test DNS
      Test omitted by user request: LocatorCheck
      Test omitted by user request: Intersite

I forgot to say, the servers are connected trough a vpn

Can you cut and paste the part of the above result which you think needs resolving.

Starting test: DNS

                  DNS Tests are running and not hung. Please wait a few
                  minutes...
                  See DNS test in enterprise tests section for results
                  ......................... DC01 failed test DNS
         See DNS test in enterprise tests section for results
         ......................... CHLD01 passed test DNS

Running enterprise tests on : florasul.lan
      Starting test: DNS
         Test results for domain controllers:

            DC: DC01.florasul.lan
            Domain: florasul.lan


               TEST: Authentication (Auth)
                  Authentication test: Successfully completed

               TEST: Basic (Basc)
                  Error: No WMI connectivity
                  [Error details: 0x80070005 (Type: HRESULT - Facility: Win32, D
escription: Access is denied.) - Connection to WMI server failed]
                  No host records (A or AAAA) were found for this DC


            DC: chld01.evora01.florasul.lan
            Domain: evora01.florasul.lan


               TEST: Authentication (Auth)
                  Authentication test: Successfully completed

DNS server: 192.168.1.101 ()
               All tests passed on this DNS server
               Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered

Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: florasul.lan
               DC01                         PASS FAIL n/a  n/a  n/a  n/a  n/a
            Domain: evora01.florasul.lan
               chld01                       PASS PASS PASS PASS PASS PASS n/a

         ......................... florasul.lan failed test DNS
      Test omitted by user request: LocatorCheck
      Test omitted by user request: Intersite

can you test replication between the two forest DCs.

Once replication occurs between the DCs, try the DNS test once again.

Regards,
Shahid.

H

Please, ignore my last post.

How can i do to test replication?

Sorry for the late reply.
dcdiag /test:replications /v
do post the output.

Have a look at this article if you need to fix replications.
http://blogs.technet.com/brad_rutkowski/archive/2007/04/20/sync-a-partition-from-one-dc-to-another-dc-when-they-don-t-have-a-direct-replication-link-and-other-repadmin-fun.aspx

Regards,
Shahid

C:\Users\Administrator>dcdiag /test:replications /v

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine chld01, is a Directory Server.
   Home Server = chld01
   * Connecting to directory service on server chld01.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=florasul,DC=la
n,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=florasul,DC=lan
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=florasul,DC=la
n,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=DC01,CN=Servers,CN=Def
ault-First-Site-Name,CN=Sites,CN=Configuration,DC=florasul,DC=lan
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CHLD01,CN=Servers,CN=D
efault-First-Site-Name,CN=Sites,CN=Configuration,DC=florasul,DC=lan
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... CHLD01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\CHLD01
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
         ......................... CHLD01 passed test Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas

      Test omitted by user request: DNS
      Test omitted by user request: DNS

   Running partition tests on : DomainDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : evora01
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : ForestDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : Schema
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : Configuration
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running enterprise tests on : florasul.lan
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Test omitted by user request: LocatorCheck
      Test omitted by user request: IntersiteC:\Users\Administrator>dcdiag /test:replications /v

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine chld01, is a Directory Server.
   Home Server = chld01
   * Connecting to directory service on server chld01.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=florasul,DC=la
n,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=florasul,DC=lan
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=florasul,DC=la
n,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=DC01,CN=Servers,CN=Def
ault-First-Site-Name,CN=Sites,CN=Configuration,DC=florasul,DC=lan
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CHLD01,CN=Servers,CN=D
efault-First-Site-Name,CN=Sites,CN=Configuration,DC=florasul,DC=lan
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... CHLD01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\CHLD01
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
         ......................... CHLD01 passed test Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas

      Test omitted by user request: DNS
      Test omitted by user request: DNS

   Running partition tests on : DomainDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : evora01
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : ForestDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : Schema
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : Configuration
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running enterprise tests on : florasul.lan
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Test omitted by user request: LocatorCheck
      Test omitted by user request: Intersite

can you run only
dcdiag
and post the result

Regards,
Shahid

C:\Users\Administrator>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = chld01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Connectivity
         ......................... CHLD01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Advertising
         Warning: CHLD01 is not advertising as a time server.
         ......................... CHLD01 failed test Advertising
      Starting test: FrsEvent
         ......................... CHLD01 passed test FrsEvent
      Starting test: DFSREvent
         ......................... CHLD01 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... CHLD01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... CHLD01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... CHLD01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... CHLD01 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... CHLD01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... CHLD01 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... CHLD01 passed test ObjectsReplicated
      Starting test: Replications
         ......................... CHLD01 passed test Replications
      Starting test: RidManager
         ......................... CHLD01 passed test RidManager
      Starting test: Services
         ......................... CHLD01 passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000457
            Time Generated: 04/16/2010   16:37:50
            Event String:
            Driver RICOH Aficio SP C222SF PCL 6 required for printer RICOH Afici
o SP C222SF PCL 6 is unknown. Contact the administrator to install the driver be
fore you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 04/16/2010   16:37:51
            Event String:
            Driver PDF995 Printer Driver required for printer PDF995 is unknown.
 Contact the administrator to install the driver before you log in again.
         ......................... CHLD01 failed test SystemLog
      Starting test: VerifyReferences
         ......................... CHLD01 passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : evora01
      Starting test: CheckSDRefDom
         ......................... evora01 passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... evora01 passed test CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running enterprise tests on : florasul.lan
      Starting test: LocatorCheck
C:\Users\Administrator>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = chld01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Connectivity
         ......................... CHLD01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Advertising
         Warning: CHLD01 is not advertising as a time server.
         ......................... CHLD01 failed test Advertising
      Starting test: FrsEvent
         ......................... CHLD01 passed test FrsEvent
      Starting test: DFSREvent
         ......................... CHLD01 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... CHLD01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... CHLD01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... CHLD01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... CHLD01 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... CHLD01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... CHLD01 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... CHLD01 passed test ObjectsReplicated
      Starting test: Replications
         ......................... CHLD01 passed test Replications
      Starting test: RidManager
         ......................... CHLD01 passed test RidManager
      Starting test: Services
         ......................... CHLD01 passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000457
            Time Generated: 04/16/2010   16:37:50
            Event String:
            Driver RICOH Aficio SP C222SF PCL 6 required for printer RICOH Afici
o SP C222SF PCL 6 is unknown. Contact the administrator to install the driver be
fore you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 04/16/2010   16:37:51
            Event String:
            Driver PDF995 Printer Driver required for printer PDF995 is unknown.
 Contact the administrator to install the driver before you log in again.
         ......................... CHLD01 failed test SystemLog
      Starting test: VerifyReferences
         ......................... CHLD01 passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : evora01
      Starting test: CheckSDRefDom
         ......................... evora01 passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... evora01 passed test CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

     Running enterprise tests on : florasul.lan
     Starting test: LocatorCheck
        Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
        A Time Server could not be located.
        The server holding the PDC role is down.
        Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
        1355
        A Good Time Server could not be located.
        ......................... florasul.lan failed test LocatorCheck
     Starting test: Intersite
        ......................... florasul.lan passed test Intersite

Good morning André,

I've read the above a few times and I feel it may be best to simply start again at the beginning. I apologise for any repetition, but I'm troubled by some of the tests suggested above, a clean slate would be easier.

As far as I understand you're in this situation at the moment:

1. Name resolution on the parent domain is working.
2. Public name resolution on the child domain is working.
3. Name resolution from the child back up to the parent is failing.

Is that correct?

And if so, would you mind showing me "ipconfig /all" from the child domain in the first instance?

Thank you.

Chris

Hi Chris-Dent good morning,

I'm glad to hear you :)

1 - Name resolution on the parent domain is working. I think so, but I'm not sure
2. Public name resolution on the child domain is working. I think so, but I'm not sure
3. Name resolution from the child back up to the parent is failing. yes.

Ipconfig /all output
C:\Users\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : chld01
   Primary Dns Suffix  . . . . . . . : evora01.florasul.lan
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : evora01.florasul.lan
                                       florasul.lan

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82575EB Gigabit Network Connecti
on #2
   Physical Address. . . . . . . . . : 00-30-48-D6-8C-5F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82575EB Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : 00-30-48-D6-8C-5E
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8537:7804:3ad6:c900%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.101(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.254
   DHCPv6 IAID . . . . . . . . . . . : 234893384
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-53-C4-F5-00-30-48-D6-8C-5E

   DNS Servers . . . . . . . . . . . : ::1
                                       192.168.2.101
                                       192.168.1.101
   NetBIOS over Tcpip. . . . . . . . : Enabled

Best Regards

André Bolinhas

Yes, it's correct.
192.168.2.101:evora01.florasul.lan
and
192.168.1.101:florasul.lan

On parent domain (192.168.1.101) I change the replication to "To all DNS servers in the Active Directory Forest florasul.lan" and in child domain (192.168.2.101) the folder florasul.lan appeared automatically inside forward lookup zone.

I need to do the same in child domain? or leave the replication with "To all DNS servers in the Active Directory domaint" ?

I need to do the steps B and C to?

On 192.168.2.101 I remove 192.168.1.101 from the main Forwarders list.

On 192.168.1.101 I run the command  nslookup florasul.lan 192.168.2.101, check the output.
C:\Users\Administrator>nslookup florasul.lan 192.168.2.101
Server:  UnKnown
Address:  192.168.2.101

Non-authoritative answer:
Name:    florasul.lan
Address:  192.168.1.101

> I need to do the steps B and C to?

No. you only needed one of them :)

> I need to do the same in child domain?

Are you able to resolve names in the child domain from the parent at the moment?

If not you can consider doing the same thing. Whether you should depends how large your forest is.

Otherwise you should check the Delegation for evora01 from florasul.lan (if it exists evora01 will appear as a greyed out folder in florasul.lan).

> On 192.168.2.101 I remove 192.168.1.101 from the main Forwarders list.

Good, thank you.

> nslookup ...

The output looks pretty good. The only part that's failing is the check NsLookup likes to run.

Do you have any Reverse Lookup Zones configured at the moment?

Chris

>Otherwise you should check the Delegation for evora01 from florasul.lan (if it exists evora01 will appear as a greyed out folder in florasul.lan).
Yes I a grey folder called evora01 inside florasul.lan folder in parent dns.
Check the screenshot http://share.arqui300.com/storage/arqui300/ftp/parent_dns.PNG

>Do you have any Reverse Lookup Zones configured at the moment?
How can I check this?

On child domain (192.168.2) it is a primary or secundary zone ? and tick the option "To all DNS servers in the Active Directory Forest florasul.lan" or "To all DNS servers in the Active Directory Domain" ?

> On child domain (192.168.2) it is a primary or secundary zone ?

Primary (with AD Integrated Ticked)

> and tick the option "To all DNS servers in the Active Directory Forest florasul.lan" or
> "To all DNS servers in the Active Directory Domain" ?

And forest replication will do for that one: To all DNS servers in the Active Directory Forest florasul.lan

That should finish it off. It would be good to run your DCDiag tests again and see if it's happier.

Chris

Check the output now, from parent.
C:\Users\Administrator>nslookup florasul.lan 192.168.2.101
Server:  chld01.evora01.florasul.lan
Address:  192.168.2.101

Name:    florasul.lan
Address:  192.168.1.101

where I run dcdiag? On parent or in child? Dcdig only or with options, like test:dns /e ?

Both parent and child. And with the basic options will be fine for now (dcdiag on its own).

Chris

From parent:
C:\Users\Administrator>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Advertising
         ......................... DC01 passed test Advertising
      Starting test: FrsEvent
         ......................... DC01 passed test FrsEvent
      Starting test: DFSREvent
         ......................... DC01 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC01 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... DC01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... DC01 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC01 passed test ObjectsReplicated
      Starting test: Replications
         ......................... DC01 passed test Replications
      Starting test: RidManager
         ......................... DC01 passed test RidManager
      Starting test: Services
         ......................... DC01 passed test Services
      Starting test: SystemLog
         A warning event occurred.  EventID: 0x8000001D
            Time Generated: 04/21/2010   13:22:31
            Event String:
            The Key Distribution Center (KDC) cannot find a suitable certificate
 to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
 or enroll for a new KDC certificate.
         ......................... DC01 passed test SystemLog
      Starting test: VerifyReferences
         ......................... DC01 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : florasul
      Starting test: CheckSDRefDom
         ......................... florasul passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... florasul passed test CrossRefValidation

   Running enterprise tests on : florasul.lan
      Starting test: LocatorCheck
         ......................... florasul.lan passed test LocatorCheck
      Starting test: Intersite
         ......................... florasul.lan passed test Intersite



From child:
C:\Users\Administrator>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = chld01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Connectivity
         ......................... CHLD01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Advertising
         ......................... CHLD01 passed test Advertising
      Starting test: FrsEvent
         ......................... CHLD01 passed test FrsEvent
      Starting test: DFSREvent
         ......................... CHLD01 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... CHLD01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... CHLD01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... CHLD01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... CHLD01 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... CHLD01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... CHLD01 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... CHLD01 passed test ObjectsReplicated
      Starting test: Replications
         ......................... CHLD01 passed test Replications
      Starting test: RidManager
         ......................... CHLD01 passed test RidManager
      Starting test: Services
         ......................... CHLD01 passed test Services
      Starting test: SystemLog
         ......................... CHLD01 passed test SystemLog
      Starting test: VerifyReferences
         ......................... CHLD01 passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : evora01
      Starting test: CheckSDRefDom
         ......................... evora01 passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... evora01 passed test CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running enterprise tests on : florasul.lan
      Starting test: LocatorCheck
         ......................... florasul.lan passed test LocatorCheck
      Starting test: Intersite
         ......................... florasul.lan passed test Intersite

That looks fine. You can ignore the certificate error if you do not use Smart Cards to logon.

Anything else you'd like to look at? Otherwise it's all done :)

Chris

Just more one observation.

I run dcdig /test:dns /e from child and check the output.
C:\Users\Administrator>dcdiag /test:dns /e

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = chld01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

   Testing server: Default-First-Site-Name\CHLD01
      Starting test: Connectivity
         ......................... CHLD01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC01

   Testing server: Default-First-Site-Name\CHLD01

         Starting test: DNS

               Starting test: DNS

                  DNS Tests are running and not hung. Please wait a few
                  minutes...
                  ......................... DC01 failed test DNS
         ......................... CHLD01 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : florasul

   Running partition tests on : DomainDnsZones

   Running partition tests on : evora01

   Running enterprise tests on : florasul.lan
      Starting test: DNS
         Test results for domain controllers:

            DC: DC01.florasul.lan
            Domain: florasul.lan


               TEST: Basic (Basc)
                  Error: No WMI connectivity
                  No host records (A or AAAA) were found for this DC


            DC: chld01.evora01.florasul.lan
            Domain: evora01.florasul.lan


               TEST: Forwarders/Root hints (Forw)
                  Error: All forwarders in the forwarder list are invalid.
                  Error: Both root hints and forwarders are not configured or
                  broken. Please make sure at least one of them works.

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 128.8.10.90

            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 192.5.5.241

            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 198.41.0.4

            DNS server: 208.67.220.220 ()
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 208.67.220.220

            DNS server: 208.67.222.222 ()
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.florasul.lan. faile
d on the DNS server 208.67.222.222

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: florasul.lan
               DC01                         PASS FAIL n/a  n/a  n/a  n/a  n/a
            Domain: evora01.florasul.lan
               chld01                       PASS PASS FAIL PASS PASS PASS n/a

         ......................... florasul.lan failed test DNS

If I ping chld01 from parent, check the result:
C:\Users\Administrator>ping chld01

Pinging chld01 [169.254.66.135] with 32 bytes of data:
Reply from 169.254.169.148: Destination host unreachable.
Reply from 169.254.169.148: Destination host unreachable.

But if I ping with fqdn name, works fine:
C:\Users\Administrator>ping chld01.evora01.florasul.lan

Pinging chld01.evora01.florasul.lan [192.168.2.101] with 32 bytes of data:
Reply from 192.168.2.101: bytes=32 time=23ms TTL=126
Reply from 192.168.2.101: bytes=32 time=23ms TTL=126
Reply from 192.168.2.101: bytes=32 time=25ms TTL=126
Reply from 192.168.2.101: bytes=32 time=28ms TTL=126


It is normal ?

> Pinging chld01 [169.254.66.135] with 32 bytes of data

This suggests you have a network interface with no static IP Address assigned which is enabled on chld01. I suggest you disable it if that is the case.

The IP address the interface has a the moment is an auto-configuration address. Something you'd get if the network interface is enabled, connected and set to obtain an address from DHCP but when no DHCP server is available.

Once you've done that, run "nslookup chld01" and make sure it only comes back with 192.168.2.101.

>  1 test failure on this DNS server

Is normal if you have an older version of DCDiag. It's testing things that it should not test, more recent versions of DCDiag will avoid that.

Either way, it's an error in the test DCDiag runs, not an error in your domain.

> Error: No WMI connectivity

Fix the network interface above then retry this one if you could.

Chris

I have static ip in both nic's.

and I have the same dcdiag version in both server.

and check the output
C:\Users\Administrator>nslookup chld01
Server:  UnKnown
Address:  ::1

*** UnKnown can't find chld01: Non-existent domain

C:\Users\Administrator>

> I have static ip in both nic's.

I can't tell you exactly where it gets that answer, only my theories, it's certainly not coming from DNS. Perhaps run "ipconfig /all" and verify that no interfaces have the address you found assigned.

Otherwise run:

nbtstat -a chld01

Do you have a WINS server at all?

> C:\Users\Administrator>nslookup chld01

Where are you running this from?

If you run it from the parent you won't get an answer because it would need a DNS Suffix Search List to include the child domain name.

> and I have the same dcdiag version in both server.

As I said, the error you had is because DCDiag is testing things that you cannot possibly fix. You can avoid the error with more recent versions of DCDiag or you can ignore it, it honestly doesn't matter which.

Chris

ipconfig /all output
C:\Users\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DC01
   Primary Dns Suffix  . . . . . . . : florasul.lan
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : florasul.lan

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network Connection w
ith I/O Acceleration #2
   Physical Address. . . . . . . . . : 00-30-48-CE-7E-B1
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c166:5cba:d8de:ad93%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 302002248
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-39-82-A6-00-30-48-CE-7E-B0

   DNS Servers . . . . . . . . . . . : ::1
                                       192.168.1.101
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network Connection w
ith I/O Acceleration
   Physical Address. . . . . . . . . : 00-30-48-CE-7E-B0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{77BAE662-4EE0-4ECE-99B0-9BED3644EDEE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C023C3BE-5D5F-48C1-BEAC-53B06BE978B2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

nbtstat -a chld01 output
C:\Users\Administrator>nbtstat -a chld01

Local Area Connection:
Node IpAddress: [169.254.169.148] Scope Id: []

    Host not found.

Local Area Connection 2:
Node IpAddress: [192.168.1.101] Scope Id: []

    Host not found.


Do you have a WINS server at all? No, is necessary?
Where are you running this from? From parent

But, if i ping dc01 (without fqdn name) from parente, works fine:
C:\Users\Administrator>ping dc01

Pinging dc01.florasul.lan [192.168.1.101] with 32 bytes of data:
Reply from 192.168.1.101: bytes=32 time=24ms TTL=126
Reply from 192.168.1.101: bytes=32 time=24ms TTL=126
Reply from 192.168.1.101: bytes=32 time=24ms TTL=126

> But, if i ping dc01 (without fqdn name) from parente, works fine:

Yes, but dc01 exists within florasul.lan.

When you run that command your system automatically appends florasul.lan onto the name (from its Primary DNS Suffix) then tries to find that full name via DNS.

When you lookup hosts in the child domain you want it to get to chld01.evora01.florasul.lan, and it will only do that if evora01.florasul.lan exists in a DNS Suffix Search List. As it is, it will try to resolve chld01.florasul.lan, fail, and show you the NXDOMAIN message.

> No, is necessary?

No, not really. I was just trying to find out where the IP you got came from. If you don't have WINS it's either local or the result of a network broadcast.

> Node IpAddress: [169.254.169.148] Scope Id: []

NbtStat is fairly convinced that it can find an interface with that IP address, very strange. Can you run:

nbtstat -c

And if you see the address listed can you run:

nbtstat -R

And finally, run nbtstat -c again?

Chris

C:\Users\Administrator>nbtstat -c

Local Area Connection:
Node IpAddress: [169.254.169.148] Scope Id: []

    No names in cache

Local Area Connection 2:
Node IpAddress: [192.168.1.101] Scope Id: []

    No names in cache


C:\Users\Administrator>nbtstat -R
    Successful purge and preload of the NBT Remote Cache Name Table.


C:\Users\Administrator>nbtstat -c

Local Area Connection:
Node IpAddress: [169.254.169.148] Scope Id: []

    No names in cache

Local Area Connection 2:
Node IpAddress: [192.168.1.101] Scope Id: []

    No names in cache

It still finds it as an interface on your system.

Can you run regedit and search for 169.254.169.148? We need to find the interface using that address.

Does the system have multiple physical network adapters? And if so, I assume they're teamed? I wonder if one of those has the address listed even if it's not visible.

Chris

yes, server have two nics, but not in team. One nic have a cable pluged and the other not.

regedit found 169.254.169.148 in two folders (IP4 and IP7)
http://share.arqui300.com/storage/arqui300/ftp/reg.PNG

Can you completely disable the unplugged interface just to be sure?

I'd be surprised if it were there because of SQL server, although you may check the IP bindings for SQL server perhaps?

Chris

Ok, I disable this nic, check the output now
C:\Users\Administrator>nbtstat -R
    Successful purge and preload of the NBT Remote Cache Name Table.

C:\Users\Administrator>nbtstat -c

Local Area Connection 2:
Node IpAddress: [192.168.1.101] Scope Id: []

    No names in cache

C:\Users\Administrator>ping child01
Ping request could not find host child01. Please check the name and try again.

C:\Users\Administrator>ping chld01

Pinging chld01 [192.168.2.101] with 32 bytes of data:
Reply from 192.168.2.101: bytes=32 time=23ms TTL=126
Reply from 192.168.2.101: bytes=32 time=25ms TTL=126
Reply from 192.168.2.101: bytes=32 time=24ms TTL=126
Reply from 192.168.2.101: bytes=32 time=23ms TTL=126

Ping statistics for 192.168.2.101:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 25ms, Average = 23ms


How can I check IP bindings for sql?

That looks much better. I would ignore the SQL part for now then.

The two ping commands above, one after the other? And does it work consistently now?

Chris

I think now it work perfectly,

C:\Users\Administrator>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Administrator>ipconfig /registerdns

Windows IP Configuration

Registration of the DNS resource records for all adapters of this computer has b
een initiated. Any errors will be reported in the Event Viewer in 15 minutes.

C:\Users\Administrator>ping chld01

Pinging chld01 [192.168.2.101] with 32 bytes of data:
Reply from 192.168.2.101: bytes=32 time=27ms TTL=126
Reply from 192.168.2.101: bytes=32 time=23ms TTL=126
Reply from 192.168.2.101: bytes=32 time=23ms TTL=126
Reply from 192.168.2.101: bytes=32 time=24ms TTL=126

Ping statistics for 192.168.2.101:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 27ms, Average = 24ms

C:\Users\Administrator>ping lavandula

Pinging lavandula [192.168.2.19] with 32 bytes of data:
Reply from 192.168.2.19: bytes=32 time=23ms TTL=126
Reply from 192.168.2.19: bytes=32 time=23ms TTL=126
Reply from 192.168.2.19: bytes=32 time=23ms TTL=126
Reply from 192.168.2.19: bytes=32 time=23ms TTL=126

Ping statistics for 192.168.2.19:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 23ms, Average = 23ms

C:\Users\Administrator>ping chld01

Pinging CHLD01 [192.168.2.101] with 32 bytes of data:
Reply from 192.168.2.101: bytes=32 time=23ms TTL=126
Reply from 192.168.2.101: bytes=32 time=23ms TTL=126

Ping statistics for 192.168.2.101:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 23ms, Average = 23ms
Control-C


C:\Users\Administrator>ping chld01.evora01.florasul.lan

Pinging chld01.evora01.florasul.lan [192.168.2.101] with 32 bytes of data:
Reply from 192.168.2.101: bytes=32 time=23ms TTL=126
Reply from 192.168.2.101: bytes=32 time=24ms TTL=126
Reply from 192.168.2.101: bytes=32 time=25ms TTL=126
Reply from 192.168.2.101: bytes=32 time=23ms TTL=126

Ping statistics for 192.168.2.101:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 25ms, Average = 23ms

C:\Users\Administrator>ping -a 192.168.2.101

Pinging chld01.evora01.florasul.lan [192.168.2.101] with 32 bytes of data:
Reply from 192.168.2.101: bytes=32 time=24ms TTL=126
Reply from 192.168.2.101: bytes=32 time=25ms TTL=126
Reply from 192.168.2.101: bytes=32 time=23ms TTL=126
Reply from 192.168.2.101: bytes=32 time=23ms TTL=126

Ping statistics for 192.168.2.101:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 25ms, Average = 23ms

Much better :)

Chris

Chris, how can I say,  you came, saw and solved my problem.

You don't have dns skills, you are a dns bible :)

Many thanks for your help.

Special thanks to:
Netminder by listening my requests for help.
snusgubben to advise me to talk to you.
msmamji to trying help me to but unfortunately without success. But You have a good dns skills to.