Link to home
Start Free TrialLog in
Avatar of revellej
revellejFlag for United States of America

asked on

Cannot connect to DC Dns Server from other domain controllers

I have deployed a DC running Windows Server 2008 r2 and the DNS is working fine on it.
I also another DC that's running Windows Server 2003 r2 and a DNS server in another location that's running Windows Server 2000.
I would like to have the 2008 r2 DC replicate the dns to the other servers but when I go the other servers and go to DNS > Connect to computer, type in the name of the 2008 r2 DC I get the message " The Server is unavailable ... would you like to add it anyway?".
I click yes and the server shows up in the list but there is a red X with the message "cannot contact the dns server".
The other 2 servers show up in the list and everything is fine with then.
How can I resolve this problem? Any thoughts or suggestions would be appreaciated.
Avatar of Gerald26
Gerald26
Flag of France image

You might want to think about configuring Zone transfer on 2008 R2

Microsoft link about Zone Transfer Setting
Avatar of revellej

ASKER

Everything appears to be configured correctly in Zone Transfer.
Avatar of Darius Ghassem
First thing when you connect to another computer that doesn't setup replication that only adds the server to the console that you are in.

Second Windows 2008 Server R2 can not be within the same console in Windows 2003 server this is why you are getting an error.

Is the server replicating AD DNS? Is the zone AD integrated?

If not you need to create a Secondary zone then setup zone transfers to replicate this information to the only DNS servers
Yes, it's replicating AD DNS and the zone is AD intergrated.

On the 2008 r2 server, all three are listed.
On the 2000 Server only the 2000 and 2003 r2 are listed
On the 2003 r2 only the 2000 and 2003 r2 are listed.

That's the way it should be?
ASKER CERTIFIED SOLUTION
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks, Thats good to know.

Now onto the issue I'm having. We just got a new exchange server that is hosted offsite but it's part of the domain. We have a remote office that is also part of the domain thats running the 2000 dns server.
When we were running the old exchange 2003 server the remote location was getting their email with no problem. Now that we have the new exchange 2010 server, the users cannot get their email at all. They can't even get it through OWA. I was thinking this was a DNS issue.
Any thoughts on this??
One more note on this. I can't even ping the new exchange server from the remote location.
Is there a site-to-site VPN between the 2 locations ?
Can remote location open OWA using the new 2010 IP adress ?
It might just be an IP configuration problem and not a DNS problem. Double check your IP, mask and gateway first.
Is trafic filtered by a firewall/router between 2 sites or is everything allowed ? There can be some ACL set for old exchange server that have not been modified to apply on the new exchange server.

Can the new exchange server access the Internet ?
I'll check these and get back to you.
Answers to your questions:
Is there a site-to-site VPN between the 2 locations ? Yes
Can remote location open OWA using the new 2010 IP adress ?  No
It might just be an IP configuration problem and not a DNS problem. Double check your IP, mask and gateway first. IP and Mask OK
Is trafic filtered by a firewall/router between 2 sites or is everything allowed ? Yes
Can the new exchange server access the Internet ?  Yes

Thank you for your answer.
I've just read your problem desccription again and noticed
We just got a new exchange server that is hosted offsite

Is "Offsite" another site (like datacenter) or the remote site we're talking about ?
It's being hosted by an outside company at their location.
Then if remote office cant reach outside company but local network can, it's definitely an IP routing problem on your side or company side.
You must check routes in VPN and from hosted machine

Lets say a machine in remote office is 192.168.20.101, a good test would be to trace the route from Exchange 2010 to this address:

Tracert -d 192.168.20.101

What is the output ?
Where is packet blocked/lost ?
I think you may be right on this. I can't check it right now as they are working on the server and I'm leaving for a long weekend.
I'll check it Tuesday when I return. I'll get back to you then.
Have a good weekend.
I ran Tracert -d xx.xx.xx.x from the Exchange Server.
The request timed out from the beginning.


 
may you give us the result of Netstat -R on the exchange server ?
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.COOPERDOMAIN>Netstat -R
===========================================================================
Interface List
 11...00 50 56 96 00 10 ......Intel(R) PRO/1000 MT Network Connection
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.16.54.1    172.16.54.137    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      172.16.54.0    255.255.255.0         On-link     172.16.54.137    266
    172.16.54.137  255.255.255.255         On-link     172.16.54.137    266
    172.16.54.255  255.255.255.255         On-link     172.16.54.137    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     172.16.54.137    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     172.16.54.137    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      172.16.54.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

Do you have access to 172.16.54.1 configuration or is it under company control ?
I don't have access. It's under company control. Why do you ask?
because it is the default gateway of your exchange. It must know how to reach the office site.
If it has a CLI or a ping tool, can you confirm that it can ping an office workstation ?
I'll see if I can find out and get back to you on this.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I think your right on this. We are checking into this now.

I'll let you know what we find.

(Were also looking into setting up a Hub and Spoke configuration on the VPN).
We are in the process of setting up the Hub and Spoke configuration on the firewall.
I'll let you know how it works out.
Thank you for all of your help... My questions about DNS were answered and the email problem has been resolved with the info provided.

Thank you again.