Windows 2003 Active Directory and DNS

We just installed Active Directory and during the install, forced to load DNS. Now when trying to join the server via name, we continue to get denied. Is there something at the server or workstation that has to be change to join the Domain now?

Domain controller could not be contacted ..........
LVL 1
HaroldNetwork EngineerAsked:
Who is Participating?
 
KenMcFCommented:
I would not set it to static on the workstations, I would change the DHCP options on the router or move DHCP to the server.
0
 
dattatraykadamCommented:
Are you trying to join a workstation / server to the domain?
0
 
KenMcFCommented:
Is the domain controller pointing to itself for DNS. If this is your only DC there should be no other DNS servers used for resolution.
Are the clinets pointing to the DC for DNS resolution?
When trying to join, you are using the Domain name and not the server name correct?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
HaroldNetwork EngineerAuthor Commented:
All my workstations back to the server(domain controller) yes.
0
 
HaroldNetwork EngineerAuthor Commented:
I have tried every variation of the name. Where do I find the exact name? Thought it would be Properties of the server.
0
 
KenMcFCommented:
if all your workstations are pointing to your Domain Controller for DNS and your DC is pointing to itself can you post the results of DCDIAG. Run this on the domain contoller.
0
 
HaroldNetwork EngineerAuthor Commented:
It is the only DC and how do I tell where it is pointing. If your referring to the IP configuration, 127.0.0.1
0
 
KenMcFCommented:
If you look on the "Computer Name" tab on system properties there is a Domain field. This is the value you should be using.
0
 
KenMcFCommented:
if you run "IPCONFIG /ALL" you should see either 127.0.0.1 or the servers IP. nothing else. Same on the clients.
0
 
ryan_johnstonCommented:
Have you tried putting .local at the end of the domain name when you try to join it?
0
 
KenMcFCommented:
Just to verify, clients should only show the IP of the Domain Contoller.
0
 
dattatraykadamCommented:
If your domain name is domain.com and the computer name of the domain controller is DC01, are you typing DC01 or domain.com when trying to connect to the domain?
0
 
HaroldNetwork EngineerAuthor Commented:
Here  is the DCDIAG results......

D:\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\ICONSERVER
      Starting test: Connectivity
         ......................... ICONSERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\ICONSERVER
      Starting test: Replications
         ......................... ICONSERVER passed test Replications
      Starting test: NCSecDesc
         ......................... ICONSERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... ICONSERVER passed test NetLogons
      Starting test: Advertising
         ......................... ICONSERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ICONSERVER passed test KnowsOfRoleHolde
      Starting test: RidManager
         ......................... ICONSERVER passed test RidManager
      Starting test: MachineAccount
         ......................... ICONSERVER passed test MachineAccount
      Starting test: Services
            RPCLOCATOR Service is stopped on [ICONSERVER]
            TrkWks Service is stopped on [ICONSERVER]
            TrkSvr Service is stopped on [ICONSERVER]
         ......................... ICONSERVER failed test Services
      Starting test: ObjectsReplicated
         ......................... ICONSERVER passed test ObjectsReplicate
      Starting test: frssysvol
         ......................... ICONSERVER passed test frssysvol
      Starting test: kccevent
         ......................... ICONSERVER passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:12
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:16
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:17
            (Event String could not be retrieved)
         ......................... ICONSERVER failed test systemlog

   Running enterprise tests on : server.icon.com
      Starting test: Intersite
         ......................... server.icon.com passed test Intersite
      Starting test: FsmoCheck
         ......................... server.icon.com passed test FsmoCheck
0
 
dattatraykadamCommented:
so this means your DC is ICONSERVER and domain is icon.com

You need to type icon.com when joining a workstation to the domain. Is that what you are doing?
0
 
HaroldNetwork EngineerAuthor Commented:
The servers Primary DNS is 127.0.0.1 and all the WS are getting their IPs from the router, which is defaulting their DNS to it, 192.168.0.1.

0
 
ryan_johnstonCommented:
Then set your DNS as static to the Ip of your server...
0
 
ryan_johnstonCommented:
on the workstations.
0
 
HaroldNetwork EngineerAuthor Commented:
Yes I enter.....icon.com and get the same error. Domain controller could not be contacted icon.com........
0
 
HaroldNetwork EngineerAuthor Commented:
I set the DNS on WS to IP of server and still got same error. I didn't reboot...figured I didn't need too.
0
 
KenMcFCommented:
Post DCDIAG from the DC.
0
 
HaroldNetwork EngineerAuthor Commented:
I really didn't want anything static out to workstations, just want the blasted thing to work. I haven't even started on permissions and login scripts yet..geeezzzz
0
 
HaroldNetwork EngineerAuthor Commented:
KenMcF:Post DCDIAG from the DC.

I did it's above.........
0
 
KenMcFCommented:
Sorry, missed that post somehow.

It looks like there are some serivces that are not started. Can you check your event log and see what errors are in there.
0
 
HaroldNetwork EngineerAuthor Commented:
This was the last DNS error but it eventually loaded ok....5.51pm   No more errors after

The DNS server encountered error 32 attempting to load zone server.icon.com from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.
0
 
HonezCommented:
make a host a record of the server in the DNS tool.  This will tell the DNS where the server is.  Also Ken is correct, use the Servers DHCP but make sure you configure the option to push out the DNS setting.
0
 
KenMcFCommented:
          RPCLOCATOR Service is stopped on [ICONSERVER]
            TrkWks Service is stopped on [ICONSERVER]
            TrkSvr Service is stopped on [ICONSERVER]

Try to set the Distributed Link Tracking Server, and RPC Locator serivce to Auto and start it. See if that fixes the problem.
0
 
HaroldNetwork EngineerAuthor Commented:
"make a host a record of the server in the DNS tool."? Sorry, what DNS tool?
0
 
HaroldNetwork EngineerAuthor Commented:
RPCLOCATOR Service is stopped on [ICONSERVER]      is set to Manual  (stopped)
            TrkWks Service is stopped on [ICONSERVER]    
            TrkSvr Service is stopped on [ICONSERVER]

Distributed Link Tracking Client   is set to Manual  (stopped)
Distributed Link Tracking Server  is set to Disabled (stopped)
0
 
HaroldNetwork EngineerAuthor Commented:
I started those services and it made no difference.
0
 
HaroldNetwork EngineerAuthor Commented:
Moved DHCP to server from router.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Just to (re)iterate, DNS is VITAL in an Active Directory domain.  The ONLY DNS server(s) your workstations should know about are the AD Domain Controllers with DNS installed.  In Active Directory, the servers register themselves and critical functions with the DNS servers installed on them.  When the workstations need to login (or even join the domain), they ask the DNS server where the DCs and other resources are.  Your ISPs DNS servers will REFUSE to acknowledge any attempted updates from your systems so if you have your ISPs DNS servers listed ANYWHERE, and they are referenced, your workstations (and other systems) may start showing lengthy delays in logging in and error messages as your ISPs servers don't answer any requests for this information.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.