Solved

Non existent domain when doing an nslookup to second domain

Posted on 2010-08-19
10
902 Views
Last Modified: 2012-05-10
I have recently build a new WIndows Forest/Domain with a single domain controller which is Windows Server 2003 SP2. I ran dcpromo to install AD on the box and allowed the wizard to create the DNS automatically.
When i look in DNS console i see under forward lookup zones - domain name, the _msdcs folder is greyed out, not sure why. Suppose this is the first issue.
 Everything else in DNS looks correct, dynamic updates are set to 'nonsecure and secure' and the name server is the name of my domain controller. The NS record for the domain controller is also present.
When i do an nslookup for the domain name, server or IP for the domain controller again it looks fine.

I have a second Windows Forest/Domain which has been establised for a few years now again all DCs in this domain are Windows server 2003. The purpose of building the new domain above is to establish a 2 way fully transitive forest trust between the two domains. Both forests exist on the same VLAN so there are no firewall rules in play here.
When i do an nslookup from the new domain to the old domain it all looks fine. It displays the IPs for all the DCs in the old domain and the fully qualified name of the old domain so again all looks good.
When i attempt an nslookup from the old domain to the new domain i get the error message 'cannot find the new domain: Non existent domain'. This is preventing me from establishing the trust.

Apologies if the above description is a little messy and all over the place. I don't know what else to try on this and would greatly appreciate any help.
0
Comment
Question by:NoelMCM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33478630
So, you msdcs folder is grayed out? Do you have a msdcs.domain.com zone? If not you need to delete the domain.com zone then recreate the zone.

0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33478698
Make sure there is a reverse lookup zone as well.
0
 

Author Comment

by:NoelMCM
ID: 33478989
Yes i do have the msdcs.domain.com zone. But didn't have the reverse lookup zone configured. I have configured that now, restarted the net logon service but doesn't seem to have made a difference. I have attached a screen shot of the DNS console.
dns.bmp
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 33479051
Make sure you are DNS Forwarding to the other domain or create a secondary zone for each domain on the other DNS server
0
 

Author Comment

by:NoelMCM
ID: 33479121
Apologies i should have mentioned that before. I have DNS forwarding configured in both Domains.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33479247
Can you ping the domain name?
0
 

Author Comment

by:NoelMCM
ID: 33479326
Just to help stop any confusion.
The old domain is called allianz.ie
The new domain is called allianzire.ie

When i ping allianzire.ie from a DC in the allianz.ie domain i get an error saying 'Ping could not find host allianzire.ie. Please check name and try again'.

When i ping allianz.ie from the DC in the Allianzire.ie domain i get a reply from one of the DCs in the allianz.ie domain which is what i would expect.
0
 
LVL 2

Expert Comment

by:cnemcse1
ID: 33479849
Create a the secondary zone for allianzire.ie in the SERVER004HO, and a secondary zone for allianz.ie in the other DNS Server, implement zone replication on each of the servers, and wait until the zones get fully replicated. Check with nslookup and then attempt to create the trusts. Make sure that your Domains are 2003 functional level and the forests are as well 2003 functional level. When creating the trust logon as a user that is member of the Enterprise Admins group in both forests (check the root Domain).
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33480270
One your DNS forwarders are not setup properly or you can setup Secondary zones like I said here http:#a33479051
0
 

Author Comment

by:NoelMCM
ID: 33482787
Firstly thank you both for your comments.

In the allianz.ie domain under the zone _msdcs.allianz.ie i have added the IP address of the DC in the allianzire.ie domain as a zone transfer server.

Likewise in the allianzire.ie domain under the zone _msdcs.allianzire.ie i have added the IP addresses of the DCs in the allianz.ie domain as a zone transfer servers.

The result of which means i can now do an nslookup from both domains and i get the expected response which is great. Is this normal practise? or have i done this wrong?

When i go to establish the Trust from the PDC server in allianz.ie to allianzire.ie i get an RPC server cannot be contacted in the allianzire.ie domain. But i have been able to get around this by creating both sides of the Trust from the allianzire.ie PDC server so the Trust has been established but i fear there is still an underline issue with this RPC error.

I will be adding an additional DC to the allianzire.ie domain at some stage today so hopefully the RPC error won't appear when i attempt to add the new DC to an existing domain but i suspect i will.

I will award points for your help later today.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question