revellej
asked on
Cannot connect to DC Dns Server from other domain controllers
I have deployed a DC running Windows Server 2008 r2 and the DNS is working fine on it.
I also another DC that's running Windows Server 2003 r2 and a DNS server in another location that's running Windows Server 2000.
I would like to have the 2008 r2 DC replicate the dns to the other servers but when I go the other servers and go to DNS > Connect to computer, type in the name of the 2008 r2 DC I get the message " The Server is unavailable ... would you like to add it anyway?".
I click yes and the server shows up in the list but there is a red X with the message "cannot contact the dns server".
The other 2 servers show up in the list and everything is fine with then.
How can I resolve this problem? Any thoughts or suggestions would be appreaciated.
I also another DC that's running Windows Server 2003 r2 and a DNS server in another location that's running Windows Server 2000.
I would like to have the 2008 r2 DC replicate the dns to the other servers but when I go the other servers and go to DNS > Connect to computer, type in the name of the 2008 r2 DC I get the message " The Server is unavailable ... would you like to add it anyway?".
I click yes and the server shows up in the list but there is a red X with the message "cannot contact the dns server".
The other 2 servers show up in the list and everything is fine with then.
How can I resolve this problem? Any thoughts or suggestions would be appreaciated.
ASKER
Everything appears to be configured correctly in Zone Transfer.
First thing when you connect to another computer that doesn't setup replication that only adds the server to the console that you are in.
Second Windows 2008 Server R2 can not be within the same console in Windows 2003 server this is why you are getting an error.
Is the server replicating AD DNS? Is the zone AD integrated?
If not you need to create a Secondary zone then setup zone transfers to replicate this information to the only DNS servers
Second Windows 2008 Server R2 can not be within the same console in Windows 2003 server this is why you are getting an error.
Is the server replicating AD DNS? Is the zone AD integrated?
If not you need to create a Secondary zone then setup zone transfers to replicate this information to the only DNS servers
ASKER
Yes, it's replicating AD DNS and the zone is AD intergrated.
On the 2008 r2 server, all three are listed.
On the 2000 Server only the 2000 and 2003 r2 are listed
On the 2003 r2 only the 2000 and 2003 r2 are listed.
That's the way it should be?
On the 2008 r2 server, all three are listed.
On the 2000 Server only the 2000 and 2003 r2 are listed
On the 2003 r2 only the 2000 and 2003 r2 are listed.
That's the way it should be?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, Thats good to know.
Now onto the issue I'm having. We just got a new exchange server that is hosted offsite but it's part of the domain. We have a remote office that is also part of the domain thats running the 2000 dns server.
When we were running the old exchange 2003 server the remote location was getting their email with no problem. Now that we have the new exchange 2010 server, the users cannot get their email at all. They can't even get it through OWA. I was thinking this was a DNS issue.
Any thoughts on this??
Now onto the issue I'm having. We just got a new exchange server that is hosted offsite but it's part of the domain. We have a remote office that is also part of the domain thats running the 2000 dns server.
When we were running the old exchange 2003 server the remote location was getting their email with no problem. Now that we have the new exchange 2010 server, the users cannot get their email at all. They can't even get it through OWA. I was thinking this was a DNS issue.
Any thoughts on this??
ASKER
One more note on this. I can't even ping the new exchange server from the remote location.
Is there a site-to-site VPN between the 2 locations ?
Can remote location open OWA using the new 2010 IP adress ?
It might just be an IP configuration problem and not a DNS problem. Double check your IP, mask and gateway first.
Is trafic filtered by a firewall/router between 2 sites or is everything allowed ? There can be some ACL set for old exchange server that have not been modified to apply on the new exchange server.
Can the new exchange server access the Internet ?
Can remote location open OWA using the new 2010 IP adress ?
It might just be an IP configuration problem and not a DNS problem. Double check your IP, mask and gateway first.
Is trafic filtered by a firewall/router between 2 sites or is everything allowed ? There can be some ACL set for old exchange server that have not been modified to apply on the new exchange server.
Can the new exchange server access the Internet ?
ASKER
I'll check these and get back to you.
ASKER
Answers to your questions:
Is there a site-to-site VPN between the 2 locations ? Yes
Can remote location open OWA using the new 2010 IP adress ? No
It might just be an IP configuration problem and not a DNS problem. Double check your IP, mask and gateway first. IP and Mask OK
Is trafic filtered by a firewall/router between 2 sites or is everything allowed ? Yes
Can the new exchange server access the Internet ? Yes
Is there a site-to-site VPN between the 2 locations ? Yes
Can remote location open OWA using the new 2010 IP adress ? No
It might just be an IP configuration problem and not a DNS problem. Double check your IP, mask and gateway first. IP and Mask OK
Is trafic filtered by a firewall/router between 2 sites or is everything allowed ? Yes
Can the new exchange server access the Internet ? Yes
Thank you for your answer.
I've just read your problem desccription again and noticed
Is "Offsite" another site (like datacenter) or the remote site we're talking about ?
I've just read your problem desccription again and noticed
We just got a new exchange server that is hosted offsite
Is "Offsite" another site (like datacenter) or the remote site we're talking about ?
ASKER
It's being hosted by an outside company at their location.
Then if remote office cant reach outside company but local network can, it's definitely an IP routing problem on your side or company side.
You must check routes in VPN and from hosted machine
Lets say a machine in remote office is 192.168.20.101, a good test would be to trace the route from Exchange 2010 to this address:
Tracert -d 192.168.20.101
What is the output ?
Where is packet blocked/lost ?
You must check routes in VPN and from hosted machine
Lets say a machine in remote office is 192.168.20.101, a good test would be to trace the route from Exchange 2010 to this address:
Tracert -d 192.168.20.101
What is the output ?
Where is packet blocked/lost ?
ASKER
I think you may be right on this. I can't check it right now as they are working on the server and I'm leaving for a long weekend.
I'll check it Tuesday when I return. I'll get back to you then.
Have a good weekend.
I'll check it Tuesday when I return. I'll get back to you then.
Have a good weekend.
ASKER
I ran Tracert -d xx.xx.xx.x from the Exchange Server.
The request timed out from the beginning.
The request timed out from the beginning.
may you give us the result of Netstat -R on the exchange server ?
ASKER
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\administrator.COO PERDOMAIN> Netstat -R
========================== ========== ========== ========== ========== =========
Interface List
11...00 50 56 96 00 10 ......Intel(R) PRO/1000 MT Network Connection
1......................... ..Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
========================== ========== ========== ========== ========== =========
IPv4 Route Table
========================== ========== ========== ========== ========== =========
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.54.1 172.16.54.137 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.54.0 255.255.255.0 On-link 172.16.54.137 266
172.16.54.137 255.255.255.255 On-link 172.16.54.137 266
172.16.54.255 255.255.255.255 On-link 172.16.54.137 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.54.137 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.54.137 266
========================== ========== ========== ========== ========== =========
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.16.54.1 Default
========================== ========== ========== ========== ========== =========
IPv6 Route Table
========================== ========== ========== ========== ========== =========
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
========================== ========== ========== ========== ========== =========
Persistent Routes:
None
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\administrator.COO
==========================
Interface List
11...00 50 56 96 00 10 ......Intel(R) PRO/1000 MT Network Connection
1.........................
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
==========================
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.54.1 172.16.54.137 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.54.0 255.255.255.0 On-link 172.16.54.137 266
172.16.54.137 255.255.255.255 On-link 172.16.54.137 266
172.16.54.255 255.255.255.255 On-link 172.16.54.137 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.54.137 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.54.137 266
==========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.16.54.1 Default
==========================
IPv6 Route Table
==========================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
==========================
Persistent Routes:
None
Do you have access to 172.16.54.1 configuration or is it under company control ?
ASKER
I don't have access. It's under company control. Why do you ask?
because it is the default gateway of your exchange. It must know how to reach the office site.
If it has a CLI or a ping tool, can you confirm that it can ping an office workstation ?
If it has a CLI or a ping tool, can you confirm that it can ping an office workstation ?
ASKER
I'll see if I can find out and get back to you on this.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think your right on this. We are checking into this now.
I'll let you know what we find.
(Were also looking into setting up a Hub and Spoke configuration on the VPN).
I'll let you know what we find.
(Were also looking into setting up a Hub and Spoke configuration on the VPN).
ASKER
We are in the process of setting up the Hub and Spoke configuration on the firewall.
I'll let you know how it works out.
I'll let you know how it works out.
ASKER
Thank you for all of your help... My questions about DNS were answered and the email problem has been resolved with the info provided.
Thank you again.
Thank you again.
Microsoft link about Zone Transfer Setting