Solved

Windows 2003 Active Directory and DNS

Posted on 2011-02-15
31
349 Views
Last Modified: 2012-05-11
We just installed Active Directory and during the install, forced to load DNS. Now when trying to join the server via name, we continue to get denied. Is there something at the server or workstation that has to be change to join the Domain now?

Domain controller could not be contacted ..........
0
Comment
Question by:Harold
  • 14
  • 9
  • 3
  • +3
31 Comments
 
LVL 2

Expert Comment

by:dattatraykadam
Comment Utility
Are you trying to join a workstation / server to the domain?
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
Is the domain controller pointing to itself for DNS. If this is your only DC there should be no other DNS servers used for resolution.
Are the clinets pointing to the DC for DNS resolution?
When trying to join, you are using the Domain name and not the server name correct?
0
 
LVL 1

Author Comment

by:Harold
Comment Utility
All my workstations back to the server(domain controller) yes.
0
 
LVL 1

Author Comment

by:Harold
Comment Utility
I have tried every variation of the name. Where do I find the exact name? Thought it would be Properties of the server.
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
if all your workstations are pointing to your Domain Controller for DNS and your DC is pointing to itself can you post the results of DCDIAG. Run this on the domain contoller.
0
 
LVL 1

Author Comment

by:Harold
Comment Utility
It is the only DC and how do I tell where it is pointing. If your referring to the IP configuration, 127.0.0.1
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
If you look on the "Computer Name" tab on system properties there is a Domain field. This is the value you should be using.
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
if you run "IPCONFIG /ALL" you should see either 127.0.0.1 or the servers IP. nothing else. Same on the clients.
0
 
LVL 8

Expert Comment

by:ryan_johnston
Comment Utility
Have you tried putting .local at the end of the domain name when you try to join it?
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
Just to verify, clients should only show the IP of the Domain Contoller.
0
 
LVL 2

Expert Comment

by:dattatraykadam
Comment Utility
If your domain name is domain.com and the computer name of the domain controller is DC01, are you typing DC01 or domain.com when trying to connect to the domain?
0
 
LVL 1

Author Comment

by:Harold
Comment Utility
Here  is the DCDIAG results......

D:\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\ICONSERVER
      Starting test: Connectivity
         ......................... ICONSERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\ICONSERVER
      Starting test: Replications
         ......................... ICONSERVER passed test Replications
      Starting test: NCSecDesc
         ......................... ICONSERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... ICONSERVER passed test NetLogons
      Starting test: Advertising
         ......................... ICONSERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ICONSERVER passed test KnowsOfRoleHolde
      Starting test: RidManager
         ......................... ICONSERVER passed test RidManager
      Starting test: MachineAccount
         ......................... ICONSERVER passed test MachineAccount
      Starting test: Services
            RPCLOCATOR Service is stopped on [ICONSERVER]
            TrkWks Service is stopped on [ICONSERVER]
            TrkSvr Service is stopped on [ICONSERVER]
         ......................... ICONSERVER failed test Services
      Starting test: ObjectsReplicated
         ......................... ICONSERVER passed test ObjectsReplicate
      Starting test: frssysvol
         ......................... ICONSERVER passed test frssysvol
      Starting test: kccevent
         ......................... ICONSERVER passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:12
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:16
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:17
            (Event String could not be retrieved)
         ......................... ICONSERVER failed test systemlog

   Running enterprise tests on : server.icon.com
      Starting test: Intersite
         ......................... server.icon.com passed test Intersite
      Starting test: FsmoCheck
         ......................... server.icon.com passed test FsmoCheck
0
 
LVL 2

Expert Comment

by:dattatraykadam
Comment Utility
so this means your DC is ICONSERVER and domain is icon.com

You need to type icon.com when joining a workstation to the domain. Is that what you are doing?
0
 
LVL 1

Author Comment

by:Harold
Comment Utility
The servers Primary DNS is 127.0.0.1 and all the WS are getting their IPs from the router, which is defaulting their DNS to it, 192.168.0.1.

0
 
LVL 8

Expert Comment

by:ryan_johnston
Comment Utility
Then set your DNS as static to the Ip of your server...
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 8

Expert Comment

by:ryan_johnston
Comment Utility
on the workstations.
0
 
LVL 1

Author Comment

by:Harold
Comment Utility
Yes I enter.....icon.com and get the same error. Domain controller could not be contacted icon.com........
0
 
LVL 27

Accepted Solution

by:
KenMcF earned 125 total points
Comment Utility
I would not set it to static on the workstations, I would change the DHCP options on the router or move DHCP to the server.
0
 
LVL 1

Author Comment

by:Harold
Comment Utility
I set the DNS on WS to IP of server and still got same error. I didn't reboot...figured I didn't need too.
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
Post DCDIAG from the DC.
0
 
LVL 1

Author Comment

by:Harold
Comment Utility
I really didn't want anything static out to workstations, just want the blasted thing to work. I haven't even started on permissions and login scripts yet..geeezzzz
0
 
LVL 1

Author Comment

by:Harold
Comment Utility
KenMcF:Post DCDIAG from the DC.

I did it's above.........
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
Sorry, missed that post somehow.

It looks like there are some serivces that are not started. Can you check your event log and see what errors are in there.
0
 
LVL 1

Author Comment

by:Harold
Comment Utility
This was the last DNS error but it eventually loaded ok....5.51pm   No more errors after

The DNS server encountered error 32 attempting to load zone server.icon.com from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.
0
 
LVL 5

Expert Comment

by:Honez
Comment Utility
make a host a record of the server in the DNS tool.  This will tell the DNS where the server is.  Also Ken is correct, use the Servers DHCP but make sure you configure the option to push out the DNS setting.
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
          RPCLOCATOR Service is stopped on [ICONSERVER]
            TrkWks Service is stopped on [ICONSERVER]
            TrkSvr Service is stopped on [ICONSERVER]

Try to set the Distributed Link Tracking Server, and RPC Locator serivce to Auto and start it. See if that fixes the problem.
0
 
LVL 1

Author Comment

by:Harold
Comment Utility
"make a host a record of the server in the DNS tool."? Sorry, what DNS tool?
0
 
LVL 1

Author Comment

by:Harold
Comment Utility
RPCLOCATOR Service is stopped on [ICONSERVER]      is set to Manual  (stopped)
            TrkWks Service is stopped on [ICONSERVER]    
            TrkSvr Service is stopped on [ICONSERVER]

Distributed Link Tracking Client   is set to Manual  (stopped)
Distributed Link Tracking Server  is set to Disabled (stopped)
0
 
LVL 1

Author Comment

by:Harold
Comment Utility
I started those services and it made no difference.
0
 
LVL 1

Author Closing Comment

by:Harold
Comment Utility
Moved DHCP to server from router.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
Just to (re)iterate, DNS is VITAL in an Active Directory domain.  The ONLY DNS server(s) your workstations should know about are the AD Domain Controllers with DNS installed.  In Active Directory, the servers register themselves and critical functions with the DNS servers installed on them.  When the workstations need to login (or even join the domain), they ask the DNS server where the DCs and other resources are.  Your ISPs DNS servers will REFUSE to acknowledge any attempted updates from your systems so if you have your ISPs DNS servers listed ANYWHERE, and they are referenced, your workstations (and other systems) may start showing lengthy delays in logging in and error messages as your ISPs servers don't answer any requests for this information.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now