Solved

Windows 2003 Active Directory and DNS

Posted on 2011-02-15
31
355 Views
Last Modified: 2012-05-11
We just installed Active Directory and during the install, forced to load DNS. Now when trying to join the server via name, we continue to get denied. Is there something at the server or workstation that has to be change to join the Domain now?

Domain controller could not be contacted ..........
0
Comment
Question by:Harold
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 9
  • 3
  • +3
31 Comments
 
LVL 2

Expert Comment

by:dattatraykadam
ID: 34902191
Are you trying to join a workstation / server to the domain?
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902203
Is the domain controller pointing to itself for DNS. If this is your only DC there should be no other DNS servers used for resolution.
Are the clinets pointing to the DC for DNS resolution?
When trying to join, you are using the Domain name and not the server name correct?
0
 
LVL 1

Author Comment

by:Harold
ID: 34902207
All my workstations back to the server(domain controller) yes.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 1

Author Comment

by:Harold
ID: 34902219
I have tried every variation of the name. Where do I find the exact name? Thought it would be Properties of the server.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902227
if all your workstations are pointing to your Domain Controller for DNS and your DC is pointing to itself can you post the results of DCDIAG. Run this on the domain contoller.
0
 
LVL 1

Author Comment

by:Harold
ID: 34902239
It is the only DC and how do I tell where it is pointing. If your referring to the IP configuration, 127.0.0.1
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902240
If you look on the "Computer Name" tab on system properties there is a Domain field. This is the value you should be using.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902248
if you run "IPCONFIG /ALL" you should see either 127.0.0.1 or the servers IP. nothing else. Same on the clients.
0
 
LVL 8

Expert Comment

by:ryan_johnston
ID: 34902250
Have you tried putting .local at the end of the domain name when you try to join it?
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902257
Just to verify, clients should only show the IP of the Domain Contoller.
0
 
LVL 2

Expert Comment

by:dattatraykadam
ID: 34902261
If your domain name is domain.com and the computer name of the domain controller is DC01, are you typing DC01 or domain.com when trying to connect to the domain?
0
 
LVL 1

Author Comment

by:Harold
ID: 34902277
Here  is the DCDIAG results......

D:\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\ICONSERVER
      Starting test: Connectivity
         ......................... ICONSERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\ICONSERVER
      Starting test: Replications
         ......................... ICONSERVER passed test Replications
      Starting test: NCSecDesc
         ......................... ICONSERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... ICONSERVER passed test NetLogons
      Starting test: Advertising
         ......................... ICONSERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ICONSERVER passed test KnowsOfRoleHolde
      Starting test: RidManager
         ......................... ICONSERVER passed test RidManager
      Starting test: MachineAccount
         ......................... ICONSERVER passed test MachineAccount
      Starting test: Services
            RPCLOCATOR Service is stopped on [ICONSERVER]
            TrkWks Service is stopped on [ICONSERVER]
            TrkSvr Service is stopped on [ICONSERVER]
         ......................... ICONSERVER failed test Services
      Starting test: ObjectsReplicated
         ......................... ICONSERVER passed test ObjectsReplicate
      Starting test: frssysvol
         ......................... ICONSERVER passed test frssysvol
      Starting test: kccevent
         ......................... ICONSERVER passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:12
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:16
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/15/2011   18:05:17
            (Event String could not be retrieved)
         ......................... ICONSERVER failed test systemlog

   Running enterprise tests on : server.icon.com
      Starting test: Intersite
         ......................... server.icon.com passed test Intersite
      Starting test: FsmoCheck
         ......................... server.icon.com passed test FsmoCheck
0
 
LVL 2

Expert Comment

by:dattatraykadam
ID: 34902291
so this means your DC is ICONSERVER and domain is icon.com

You need to type icon.com when joining a workstation to the domain. Is that what you are doing?
0
 
LVL 1

Author Comment

by:Harold
ID: 34902303
The servers Primary DNS is 127.0.0.1 and all the WS are getting their IPs from the router, which is defaulting their DNS to it, 192.168.0.1.

0
 
LVL 8

Expert Comment

by:ryan_johnston
ID: 34902310
Then set your DNS as static to the Ip of your server...
0
 
LVL 8

Expert Comment

by:ryan_johnston
ID: 34902311
on the workstations.
0
 
LVL 1

Author Comment

by:Harold
ID: 34902316
Yes I enter.....icon.com and get the same error. Domain controller could not be contacted icon.com........
0
 
LVL 27

Accepted Solution

by:
KenMcF earned 125 total points
ID: 34902322
I would not set it to static on the workstations, I would change the DHCP options on the router or move DHCP to the server.
0
 
LVL 1

Author Comment

by:Harold
ID: 34902337
I set the DNS on WS to IP of server and still got same error. I didn't reboot...figured I didn't need too.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902345
Post DCDIAG from the DC.
0
 
LVL 1

Author Comment

by:Harold
ID: 34902354
I really didn't want anything static out to workstations, just want the blasted thing to work. I haven't even started on permissions and login scripts yet..geeezzzz
0
 
LVL 1

Author Comment

by:Harold
ID: 34902361
KenMcF:Post DCDIAG from the DC.

I did it's above.........
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902383
Sorry, missed that post somehow.

It looks like there are some serivces that are not started. Can you check your event log and see what errors are in there.
0
 
LVL 1

Author Comment

by:Harold
ID: 34902416
This was the last DNS error but it eventually loaded ok....5.51pm   No more errors after

The DNS server encountered error 32 attempting to load zone server.icon.com from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.
0
 
LVL 5

Expert Comment

by:Honez
ID: 34902448
make a host a record of the server in the DNS tool.  This will tell the DNS where the server is.  Also Ken is correct, use the Servers DHCP but make sure you configure the option to push out the DNS setting.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34902452
          RPCLOCATOR Service is stopped on [ICONSERVER]
            TrkWks Service is stopped on [ICONSERVER]
            TrkSvr Service is stopped on [ICONSERVER]

Try to set the Distributed Link Tracking Server, and RPC Locator serivce to Auto and start it. See if that fixes the problem.
0
 
LVL 1

Author Comment

by:Harold
ID: 34902461
"make a host a record of the server in the DNS tool."? Sorry, what DNS tool?
0
 
LVL 1

Author Comment

by:Harold
ID: 34902551
RPCLOCATOR Service is stopped on [ICONSERVER]      is set to Manual  (stopped)
            TrkWks Service is stopped on [ICONSERVER]    
            TrkSvr Service is stopped on [ICONSERVER]

Distributed Link Tracking Client   is set to Manual  (stopped)
Distributed Link Tracking Server  is set to Disabled (stopped)
0
 
LVL 1

Author Comment

by:Harold
ID: 34902587
I started those services and it made no difference.
0
 
LVL 1

Author Closing Comment

by:Harold
ID: 34902804
Moved DHCP to server from router.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 34903599
Just to (re)iterate, DNS is VITAL in an Active Directory domain.  The ONLY DNS server(s) your workstations should know about are the AD Domain Controllers with DNS installed.  In Active Directory, the servers register themselves and critical functions with the DNS servers installed on them.  When the workstations need to login (or even join the domain), they ask the DNS server where the DCs and other resources are.  Your ISPs DNS servers will REFUSE to acknowledge any attempted updates from your systems so if you have your ISPs DNS servers listed ANYWHERE, and they are referenced, your workstations (and other systems) may start showing lengthy delays in logging in and error messages as your ISPs servers don't answer any requests for this information.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Let's recap what we learned from yesterday's Skyport Systems webinar.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question