[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 536
  • Last Modified:

Cannot connect to DC Dns Server from other domain controllers

I have deployed a DC running Windows Server 2008 r2 and the DNS is working fine on it.
I also another DC that's running Windows Server 2003 r2 and a DNS server in another location that's running Windows Server 2000.
I would like to have the 2008 r2 DC replicate the dns to the other servers but when I go the other servers and go to DNS > Connect to computer, type in the name of the 2008 r2 DC I get the message " The Server is unavailable ... would you like to add it anyway?".
I click yes and the server shows up in the list but there is a red X with the message "cannot contact the dns server".
The other 2 servers show up in the list and everything is fine with then.
How can I resolve this problem? Any thoughts or suggestions would be appreaciated.
0
revellej
Asked:
revellej
  • 15
  • 8
  • 2
2 Solutions
 
Gerald26Commented:
You might want to think about configuring Zone transfer on 2008 R2

Microsoft link about Zone Transfer Setting
0
 
revellejAuthor Commented:
Everything appears to be configured correctly in Zone Transfer.
0
 
Darius GhassemCommented:
First thing when you connect to another computer that doesn't setup replication that only adds the server to the console that you are in.

Second Windows 2008 Server R2 can not be within the same console in Windows 2003 server this is why you are getting an error.

Is the server replicating AD DNS? Is the zone AD integrated?

If not you need to create a Secondary zone then setup zone transfers to replicate this information to the only DNS servers
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
revellejAuthor Commented:
Yes, it's replicating AD DNS and the zone is AD intergrated.

On the 2008 r2 server, all three are listed.
On the 2000 Server only the 2000 and 2003 r2 are listed
On the 2003 r2 only the 2000 and 2003 r2 are listed.

That's the way it should be?
0
 
Darius GhassemCommented:
Correct you will not be able to add the Windows 2008 Server R2 to the console of the other servers this is not an option.

Having the servers listed in the same console this has nothing to do with replication instead just allows you to view the servers on other servers. Nothing critical.
0
 
revellejAuthor Commented:
Thanks, Thats good to know.

Now onto the issue I'm having. We just got a new exchange server that is hosted offsite but it's part of the domain. We have a remote office that is also part of the domain thats running the 2000 dns server.
When we were running the old exchange 2003 server the remote location was getting their email with no problem. Now that we have the new exchange 2010 server, the users cannot get their email at all. They can't even get it through OWA. I was thinking this was a DNS issue.
Any thoughts on this??
0
 
revellejAuthor Commented:
One more note on this. I can't even ping the new exchange server from the remote location.
0
 
Gerald26Commented:
Is there a site-to-site VPN between the 2 locations ?
Can remote location open OWA using the new 2010 IP adress ?
It might just be an IP configuration problem and not a DNS problem. Double check your IP, mask and gateway first.
Is trafic filtered by a firewall/router between 2 sites or is everything allowed ? There can be some ACL set for old exchange server that have not been modified to apply on the new exchange server.

Can the new exchange server access the Internet ?
0
 
revellejAuthor Commented:
I'll check these and get back to you.
0
 
revellejAuthor Commented:
Answers to your questions:
Is there a site-to-site VPN between the 2 locations ? Yes
Can remote location open OWA using the new 2010 IP adress ?  No
It might just be an IP configuration problem and not a DNS problem. Double check your IP, mask and gateway first. IP and Mask OK
Is trafic filtered by a firewall/router between 2 sites or is everything allowed ? Yes
Can the new exchange server access the Internet ?  Yes

0
 
Gerald26Commented:
Thank you for your answer.
I've just read your problem desccription again and noticed
We just got a new exchange server that is hosted offsite

Is "Offsite" another site (like datacenter) or the remote site we're talking about ?
0
 
revellejAuthor Commented:
It's being hosted by an outside company at their location.
0
 
Gerald26Commented:
Then if remote office cant reach outside company but local network can, it's definitely an IP routing problem on your side or company side.
You must check routes in VPN and from hosted machine

Lets say a machine in remote office is 192.168.20.101, a good test would be to trace the route from Exchange 2010 to this address:

Tracert -d 192.168.20.101

What is the output ?
Where is packet blocked/lost ?
0
 
revellejAuthor Commented:
I think you may be right on this. I can't check it right now as they are working on the server and I'm leaving for a long weekend.
I'll check it Tuesday when I return. I'll get back to you then.
Have a good weekend.
0
 
revellejAuthor Commented:
I ran Tracert -d xx.xx.xx.x from the Exchange Server.
The request timed out from the beginning.


 
0
 
Gerald26Commented:
may you give us the result of Netstat -R on the exchange server ?
0
 
revellejAuthor Commented:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.COOPERDOMAIN>Netstat -R
===========================================================================
Interface List
 11...00 50 56 96 00 10 ......Intel(R) PRO/1000 MT Network Connection
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.16.54.1    172.16.54.137    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      172.16.54.0    255.255.255.0         On-link     172.16.54.137    266
    172.16.54.137  255.255.255.255         On-link     172.16.54.137    266
    172.16.54.255  255.255.255.255         On-link     172.16.54.137    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     172.16.54.137    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     172.16.54.137    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      172.16.54.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

0
 
Gerald26Commented:
Do you have access to 172.16.54.1 configuration or is it under company control ?
0
 
revellejAuthor Commented:
I don't have access. It's under company control. Why do you ask?
0
 
Gerald26Commented:
because it is the default gateway of your exchange. It must know how to reach the office site.
If it has a CLI or a ping tool, can you confirm that it can ping an office workstation ?
0
 
revellejAuthor Commented:
I'll see if I can find out and get back to you on this.
0
 
Gerald26Commented:
To sum it, it is not a windows problem, we will now try to find out if either the hosted router has knowledge of routes leading to office trhought the VPN or if the Office router is not loosing packets that must be sent back to exchange. I see this network in my head, tell me if i'm wrong:

Exchange(172.16.54.137)---[Router 172.16.54.1]--------(((Internet + VPN)))----------[Main company Router]---(Wan/VPN)----[Office router]

Open in new window



Thats what I think, there is a main VPN between Office and Company.   Hosted Site reaches office through company.

But maybe Hosted site, Company site and Office site are all linked using the same VPN through internet, in this case my topology is wrong. In any case, the routes in routers must be triple checked.
0
 
revellejAuthor Commented:
I think your right on this. We are checking into this now.

I'll let you know what we find.

(Were also looking into setting up a Hub and Spoke configuration on the VPN).
0
 
revellejAuthor Commented:
We are in the process of setting up the Hub and Spoke configuration on the firewall.
I'll let you know how it works out.
0
 
revellejAuthor Commented:
Thank you for all of your help... My questions about DNS were answered and the email problem has been resolved with the info provided.

Thank you again.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 15
  • 8
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now