Solved

Windows 2003 Active Directory and DNS

Posted on 2011-02-15
31
351 Views
Last Modified: 2012-05-11
We just installed Active Directory and during the install, forced to load DNS. Now when trying to join the server via name, we continue to get denied. Is there something at the server or workstation that has to be change to join the Domain now?

Domain controller could not be contacted ..........
0
Comment
Question by:Harold
  • 14
  • 9
  • 3
  • +3
31 Comments
 
LVL 2

Expert Comment

by:dattatraykadam
ID: 34902191
Are you trying to join a workstation / server to the domain?
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902203
Is the domain controller pointing to itself for DNS. If this is your only DC there should be no other DNS servers used for resolution.
Are the clinets pointing to the DC for DNS resolution?
When trying to join, you are using the Domain name and not the server name correct?
0
 
LVL 1

Author Comment

by:Harold
ID: 34902207
All my workstations back to the server(domain controller) yes.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 1

Author Comment

by:Harold
ID: 34902219
I have tried every variation of the name. Where do I find the exact name? Thought it would be Properties of the server.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902227
if all your workstations are pointing to your Domain Controller for DNS and your DC is pointing to itself can you post the results of DCDIAG. Run this on the domain contoller.
0
 
LVL 1

Author Comment

by:Harold
ID: 34902239
It is the only DC and how do I tell where it is pointing. If your referring to the IP configuration, 127.0.0.1
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902240
If you look on the "Computer Name" tab on system properties there is a Domain field. This is the value you should be using.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902248
if you run "IPCONFIG /ALL" you should see either 127.0.0.1 or the servers IP. nothing else. Same on the clients.
0
 
LVL 8

Expert Comment

by:ryan_johnston
ID: 34902250
Have you tried putting .local at the end of the domain name when you try to join it?
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902257
Just to verify, clients should only show the IP of the Domain Contoller.
0
 
LVL 2

Expert Comment

by:dattatraykadam
ID: 34902261
If your domain name is domain.com and the computer name of the domain controller is DC01, are you typing DC01 or domain.com when trying to connect to the domain?
0
 
LVL 1

Author Comment

by:Harold
ID: 34902277
Here  is the DCDIAG results......

D:\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\ICONSERVER
      Starting test: Connectivity
         ......................... ICONSERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\ICONSERVER
      Starting test: Replications
         ......................... ICONSERVER passed test Replications
      Starting test: NCSecDesc
         ......................... ICONSERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... ICONSERVER passed test NetLogons
      Starting test: Advertising
         ......................... ICONSERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ICONSERVER passed test KnowsOfRoleHolde
      Starting test: RidManager
         ......................... ICONSERVER passed test RidManager
      Starting test: MachineAccount
         ......................... ICONSERVER passed test MachineAccount
      Starting test: Services
            RPCLOCATOR Service is stopped on [ICONSERVER]
            TrkWks Service is stopped on [ICONSERVER]
            TrkSvr Service is stopped on [ICONSERVER]
         ......................... ICONSERVER failed test Services
      Starting test: ObjectsReplicated
         ......................... ICONSERVER passed test ObjectsReplicate
      Starting test: frssysvol
         ......................... ICONSERVER passed test frssysvol
      Starting test: kccevent
         ......................... ICONSERVER passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:12
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:16
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:17
            (Event String could not be retrieved)
         ......................... ICONSERVER failed test systemlog

   Running enterprise tests on : server.icon.com
      Starting test: Intersite
         ......................... server.icon.com passed test Intersite
      Starting test: FsmoCheck
         ......................... server.icon.com passed test FsmoCheck
0
 
LVL 2

Expert Comment

by:dattatraykadam
ID: 34902291
so this means your DC is ICONSERVER and domain is icon.com

You need to type icon.com when joining a workstation to the domain. Is that what you are doing?
0
 
LVL 1

Author Comment

by:Harold
ID: 34902303
The servers Primary DNS is 127.0.0.1 and all the WS are getting their IPs from the router, which is defaulting their DNS to it, 192.168.0.1.

0
 
LVL 8

Expert Comment

by:ryan_johnston
ID: 34902310
Then set your DNS as static to the Ip of your server...
0
 
LVL 8

Expert Comment

by:ryan_johnston
ID: 34902311
on the workstations.
0
 
LVL 1

Author Comment

by:Harold
ID: 34902316
Yes I enter.....icon.com and get the same error. Domain controller could not be contacted icon.com........
0
 
LVL 27

Accepted Solution

by:
KenMcF earned 125 total points
ID: 34902322
I would not set it to static on the workstations, I would change the DHCP options on the router or move DHCP to the server.
0
 
LVL 1

Author Comment

by:Harold
ID: 34902337
I set the DNS on WS to IP of server and still got same error. I didn't reboot...figured I didn't need too.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902345
Post DCDIAG from the DC.
0
 
LVL 1

Author Comment

by:Harold
ID: 34902354
I really didn't want anything static out to workstations, just want the blasted thing to work. I haven't even started on permissions and login scripts yet..geeezzzz
0
 
LVL 1

Author Comment

by:Harold
ID: 34902361
KenMcF:Post DCDIAG from the DC.

I did it's above.........
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902383
Sorry, missed that post somehow.

It looks like there are some serivces that are not started. Can you check your event log and see what errors are in there.
0
 
LVL 1

Author Comment

by:Harold
ID: 34902416
This was the last DNS error but it eventually loaded ok....5.51pm   No more errors after

The DNS server encountered error 32 attempting to load zone server.icon.com from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.
0
 
LVL 5

Expert Comment

by:Honez
ID: 34902448
make a host a record of the server in the DNS tool.  This will tell the DNS where the server is.  Also Ken is correct, use the Servers DHCP but make sure you configure the option to push out the DNS setting.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902452
          RPCLOCATOR Service is stopped on [ICONSERVER]
            TrkWks Service is stopped on [ICONSERVER]
            TrkSvr Service is stopped on [ICONSERVER]

Try to set the Distributed Link Tracking Server, and RPC Locator serivce to Auto and start it. See if that fixes the problem.
0
 
LVL 1

Author Comment

by:Harold
ID: 34902461
"make a host a record of the server in the DNS tool."? Sorry, what DNS tool?
0
 
LVL 1

Author Comment

by:Harold
ID: 34902551
RPCLOCATOR Service is stopped on [ICONSERVER]      is set to Manual  (stopped)
            TrkWks Service is stopped on [ICONSERVER]    
            TrkSvr Service is stopped on [ICONSERVER]

Distributed Link Tracking Client   is set to Manual  (stopped)
Distributed Link Tracking Server  is set to Disabled (stopped)
0
 
LVL 1

Author Comment

by:Harold
ID: 34902587
I started those services and it made no difference.
0
 
LVL 1

Author Closing Comment

by:Harold
ID: 34902804
Moved DHCP to server from router.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34903599
Just to (re)iterate, DNS is VITAL in an Active Directory domain.  The ONLY DNS server(s) your workstations should know about are the AD Domain Controllers with DNS installed.  In Active Directory, the servers register themselves and critical functions with the DNS servers installed on them.  When the workstations need to login (or even join the domain), they ask the DNS server where the DCs and other resources are.  Your ISPs DNS servers will REFUSE to acknowledge any attempted updates from your systems so if you have your ISPs DNS servers listed ANYWHERE, and they are referenced, your workstations (and other systems) may start showing lengthy delays in logging in and error messages as your ISPs servers don't answer any requests for this information.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question