Ravi Singh
asked on
Problem related to Domain controller 2008 in our local network
Hello Experts,
Sub:- Problem related to Domain controller 2008 in our local network
Currently I am using 10.30.30.0/23 that's means 510 cleint's are available in our network.
But in future, We will using around 200 client systems in our network.
So, I will decided to reconfigured our network to 10.30.30.0/22.
If I reconfigured my network my domain controller is not work properly.
What should I do.Please provide me the solution ASAP.
Kind Regards,
Ravi Pratap
Sub:- Problem related to Domain controller 2008 in our local network
Currently I am using 10.30.30.0/23 that's means 510 cleint's are available in our network.
But in future, We will using around 200 client systems in our network.
So, I will decided to reconfigured our network to 10.30.30.0/22.
If I reconfigured my network my domain controller is not work properly.
What should I do.Please provide me the solution ASAP.
Kind Regards,
Ravi Pratap
James
Your Domain Controller is doing DHCP. If you are reconfiguring your Network and you the deleting the DHCP Scope and creating a new one? This would be the best way of doing it. Then create the scope options and exclusions for the static systems such as your Domain Controller.
It would also be advisable to reboot your Domain Controller after such configurations are made.
You need to make changes to your Domain Controller's IP address as well. Once you have changed these settings you need to run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix
@dariusq rebooting the server will flush the dns cache. Also, in my comment I said to create exclusions.
JBond I wasn't talking about exclusions. What if the author never changed the IP address of the DC to the correct subnet or IP Scheme? Second you should NOT have to reboot a Domain Controller there are commands that should be run instead.
If he creates a new scope essentially he will be creating a new ip address schema for the Server. This why I suggested rebooting the Server.
@dariusq Rebooting the Server would be the easiest for the Author and he mightn't be familar with the commands.
I posted the commands rebooting a Domain Controller with improper IP Scheme could cause the DC not to be able to login in anymore. Again you should never reboot a DC unless you have tried all other solutions because there is a possibility it will not come backup properly.
If you he creates a new scope this will not automatically change the Domain Controller's IP Scheme within the TCP\IP properties. If the subnet and network has been changed for the clients and network then the Domain Controller's TCP\IP configuration should be changed as well.
If you he creates a new scope this will not automatically change the Domain Controller's IP Scheme within the TCP\IP properties. If the subnet and network has been changed for the clients and network then the Domain Controller's TCP\IP configuration should be changed as well.
@Dariusaq I think your confusing the senario here and you are not understanding of my comments.
ASKER
Hello Guru,
Currentlly I am using static tcp/ip pool in my network and no dhcp server is running in my domain controller with 10.30.30.0/23
And in future I want change my domain controller preferred IP address on 10.30.30.0/22
Is it possible to reconfigure domain controller 2008 IP address(in which DNS is configured).
Kind Regards,
Ravi Pratap
Currentlly I am using static tcp/ip pool in my network and no dhcp server is running in my domain controller with 10.30.30.0/23
And in future I want change my domain controller preferred IP address on 10.30.30.0/22
Is it possible to reconfigure domain controller 2008 IP address(in which DNS is configured).
Kind Regards,
Ravi Pratap
Yes, that is fine you would need to change the TCP\IP just make sure you change the DNS server IP address as well.
Run ipconfig /flushdns
ipconfig /registerdns
dcdiag /fix
You will be good to go after that.
Run ipconfig /flushdns
ipconfig /registerdns
dcdiag /fix
You will be good to go after that.
ASKER
Dear Genius,
Current TCP/IP configuration of Domain controller in which DNS is configured
IP :- 10.x.x.x with subnet 255.255.255.254(23 bit)
and two ADC is already exits in my network
with 510 client in our live production network.
Proposed TCP/IP configuration of Domain controller
IP :- 10.x.x.x with subnet 255.255.252.0( on 22 bit)
After reconfigured the proposed TCP/IP setting will nslookup and active directory works properly.
Waiting for your quick response.
Kind Regards,
Ravi Pratap
Current TCP/IP configuration of Domain controller in which DNS is configured
IP :- 10.x.x.x with subnet 255.255.255.254(23 bit)
and two ADC is already exits in my network
with 510 client in our live production network.
Proposed TCP/IP configuration of Domain controller
IP :- 10.x.x.x with subnet 255.255.252.0( on 22 bit)
After reconfigured the proposed TCP/IP setting will nslookup and active directory works properly.
Waiting for your quick response.
Kind Regards,
Ravi Pratap
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dear All,
I will going to to change our dc ip and subnet as well as our network from 10.x.x.x/23 to 10.x.x.x/22
And the process of changing IP and subnet of DC after the network upgradation of my firewall,pix and router.
I will forward the proposed solution of DC ip address and subnet mask to my Manager and once they approved.
I will go ahead with the proposed solution.So please threat this question as active basis.
Thanks for your great support.
Ravi Pratap
I will going to to change our dc ip and subnet as well as our network from 10.x.x.x/23 to 10.x.x.x/22
And the process of changing IP and subnet of DC after the network upgradation of my firewall,pix and router.
I will forward the proposed solution of DC ip address and subnet mask to my Manager and once they approved.
I will go ahead with the proposed solution.So please threat this question as active basis.
Thanks for your great support.
Ravi Pratap
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot Genius
Definately I have forward these document to my manager for approval.
Kind Regards,
Ravi Pratap
Definately I have forward these document to my manager for approval.
Kind Regards,
Ravi Pratap
ASKER
Hello Genius,
I have made all the changes as suggested by you but still nslookup is not working on DC and shows the messages
request time out:- 2 sec
Default server :- unknown
IP :- New with different subnet.
Kind Regards,
Ravi Pratap
I have made all the changes as suggested by you but still nslookup is not working on DC and shows the messages
request time out:- 2 sec
Default server :- unknown
IP :- New with different subnet.
Kind Regards,
Ravi Pratap
Do you have a reverse lookup zone configured for the new IP range in your internal DNS?
ASKER
Yes genius
I have a reverse lookup zone configured in internal DNS.
Kind Regards,
Ravi Pratap
I have a reverse lookup zone configured in internal DNS.
Kind Regards,
Ravi Pratap
Can you post NETDIAG results from your DC please?
ASKER
Dear Genius,
Please find the netdiag result of DC is below mentioned :-
C:\Users\Administrator>net
..........................
Computer Name: WIN-7CQ0IOPK93W
DNS Host Name: WIN-7CQ0IOPK93W.iservices.
System info : Windows Server (R) 2008 Standard (Build 6001)
Processor : x86 Family 6 Model 23 Stepping 10, GenuineIntel
Hotfixes : none detected
Netcard queries test . . . . . . . : Passed
GetStats failed for 'isatap.{92EC1AF0-1390-468
GEN_FAILURE]
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : WIN-7CQ0IOPK93W
IP Address . . . . . . . . : 10.30.180.22
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.30.180.1
Dns Servers. . . . . . . . : 10.30.180.22
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{92EC1AF0-1390
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Failed
[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '10.30.180.22
'.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{92EC1AF0-1390
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{92EC1AF0-1390
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_
FOUND]
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Users\Administrator>
Please find the netdiag result of DC is below mentioned :-
C:\Users\Administrator>net
..........................
Computer Name: WIN-7CQ0IOPK93W
DNS Host Name: WIN-7CQ0IOPK93W.iservices.
System info : Windows Server (R) 2008 Standard (Build 6001)
Processor : x86 Family 6 Model 23 Stepping 10, GenuineIntel
Hotfixes : none detected
Netcard queries test . . . . . . . : Passed
GetStats failed for 'isatap.{92EC1AF0-1390-468
GEN_FAILURE]
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : WIN-7CQ0IOPK93W
IP Address . . . . . . . . : 10.30.180.22
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.30.180.1
Dns Servers. . . . . . . . : 10.30.180.22
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{92EC1AF0-1390
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Failed
[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '10.30.180.22
'.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{92EC1AF0-1390
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{92EC1AF0-1390
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_
FOUND]
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Users\Administrator>
Have you changed the subnet on the gateway device?
ASKER
Genius,
Forward lookup host records of DC has been updated but reverse lookup zone records not updated .
Kind Regards.
Ravi Pratap
Forward lookup host records of DC has been updated but reverse lookup zone records not updated .
Kind Regards.
Ravi Pratap
My name is demazter, the Genius is simply my rank in this zone.
have you re-created the reverse lookup since your IP range change? As you are changing the mask the forward lookup zone will be different.
have you re-created the reverse lookup since your IP range change? As you are changing the mask the forward lookup zone will be different.
ASKER
dcdiag result
C:\Users\Administrator>dcd
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WI
Starting test: Connectivity
......................... WIN-7CQ0IOPK93W passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WI
Starting test: Replications
......................... WIN-7CQ0IOPK93W passed test Replications
Starting test: NCSecDesc
......................... WIN-7CQ0IOPK93W passed test NCSecDesc
Starting test: NetLogons
......................... WIN-7CQ0IOPK93W passed test NetLogons
Starting test: Advertising
......................... WIN-7CQ0IOPK93W passed test Advertising
Starting test: KnowsOfRoleHolders
......................... WIN-7CQ0IOPK93W passed test KnowsOfRoleHolder
s
Starting test: RidManager
......................... WIN-7CQ0IOPK93W passed test RidManager
Starting test: MachineAccount
......................... WIN-7CQ0IOPK93W passed test MachineAccount
Starting test: Services
......................... WIN-7CQ0IOPK93W passed test Services
Starting test: ObjectsReplicated
......................... WIN-7CQ0IOPK93W passed test ObjectsReplicated
Starting test: frssysvol
......................... WIN-7CQ0IOPK93W passed test frssysvol
Starting test: frsevent
......................... WIN-7CQ0IOPK93W passed test frsevent
Starting test: kccevent
......................... WIN-7CQ0IOPK93W passed test kccevent
Starting test: systemlog
......................... WIN-7CQ0IOPK93W passed test systemlog
Starting test: VerifyReferences
......................... WIN-7CQ0IOPK93W passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : iservices
Starting test: CrossRefValidation
......................... iservices passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... iservices passed test CheckSDRefDom
Running enterprise tests on : iservices.com
Starting test: Intersite
......................... iservices.com passed test Intersite
Starting test: FsmoCheck
......................... iservices.com passed test FsmoCheck
C:\Users\Administrator>
C:\Users\Administrator>dcd
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WI
Starting test: Connectivity
......................... WIN-7CQ0IOPK93W passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WI
Starting test: Replications
......................... WIN-7CQ0IOPK93W passed test Replications
Starting test: NCSecDesc
......................... WIN-7CQ0IOPK93W passed test NCSecDesc
Starting test: NetLogons
......................... WIN-7CQ0IOPK93W passed test NetLogons
Starting test: Advertising
......................... WIN-7CQ0IOPK93W passed test Advertising
Starting test: KnowsOfRoleHolders
......................... WIN-7CQ0IOPK93W passed test KnowsOfRoleHolder
s
Starting test: RidManager
......................... WIN-7CQ0IOPK93W passed test RidManager
Starting test: MachineAccount
......................... WIN-7CQ0IOPK93W passed test MachineAccount
Starting test: Services
......................... WIN-7CQ0IOPK93W passed test Services
Starting test: ObjectsReplicated
......................... WIN-7CQ0IOPK93W passed test ObjectsReplicated
Starting test: frssysvol
......................... WIN-7CQ0IOPK93W passed test frssysvol
Starting test: frsevent
......................... WIN-7CQ0IOPK93W passed test frsevent
Starting test: kccevent
......................... WIN-7CQ0IOPK93W passed test kccevent
Starting test: systemlog
......................... WIN-7CQ0IOPK93W passed test systemlog
Starting test: VerifyReferences
......................... WIN-7CQ0IOPK93W passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : iservices
Starting test: CrossRefValidation
......................... iservices passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... iservices passed test CheckSDRefDom
Running enterprise tests on : iservices.com
Starting test: Intersite
......................... iservices.com passed test Intersite
Starting test: FsmoCheck
......................... iservices.com passed test FsmoCheck
C:\Users\Administrator>
I don't need DCDIAG results, can you answer the above questions please?
ASKER
And nslookup results are :-
C:\Users\Administrator>nsl
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: 10.30.180.22
>
C:\Users\Administrator>nsl
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: 10.30.180.22
>
ASKER
ok you want to change the reverse zone manually on my DC as new IP
I would suggest you remove the reverse DNS zone and re-create it.
ASKER
OK demazter,
I do that on my DC and update you shortely.
Kind Regards,
Ravi Pratap
I do that on my DC and update you shortely.
Kind Regards,
Ravi Pratap
ASKER
Dear Demazter,
I have reconfigured the reverse lookup zone.
And after that nslookup is working fine on my DC.
Thanks a lot Genius
But one thing more what about my 512 cleints machine and two ADC they working fine with New DC IP or I need to rejoin to domain.
Kind Regards,
Ravi Pratap
I have reconfigured the reverse lookup zone.
And after that nslookup is working fine on my DC.
Thanks a lot Genius
But one thing more what about my 512 cleints machine and two ADC they working fine with New DC IP or I need to rejoin to domain.
Kind Regards,
Ravi Pratap
There should be absolutely no need to rejoin them to the domain.
ASKER
OK Demazter fine
IF i Need further more assistance how shall I contact you related to other problem.
Kind Regards,
Ravi Pratap
IF i Need further more assistance how shall I contact you related to other problem.
Kind Regards,
Ravi Pratap
ASKER
Execellent suggestion
I do this all steps on virtual machine same scenario.
And I will do all steps on my live network on coming next week.
Thanks a lot Expert/Genius
KInd Regards,
Ravi Pratap
I do this all steps on virtual machine same scenario.
And I will do all steps on my live network on coming next week.
Thanks a lot Expert/Genius
KInd Regards,
Ravi Pratap