• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 481
  • Last Modified:

When trying to add a second server to my Domain Controller I get a DNS Error.

I am trying to add my second Win 2008 R2 server, which hosts my SQL Server and my SharePoint Server to my domain "home" the full name being "home.vcfostering.com".

I have an external router provisioning IP Addresses, the DC Controller has two IP's 192.168.10.130 and 131.  The SQL Server's IP Address is 192.168.10.132.

The error reported is:

The following error occurred attempting to join the domain "home":

An attempt to resolve the DNS name of a domain controller in the domain being joined has failed. Please verify this client is configured to reach a DNS Server that con resolve DNS names in the target domain. For information about network troubleshooting, see Windows help.

The IP Configuration for the SQL Server is as follows:
IPv4 Address: 192.168.10.132
IPv4 Subnet Mask: 255.255.255.0
IPv4 Default Gateway: 192.168.10.1
IPv4 DNS Servers: 192.168.10.130
                               192.168.10.131

All IP Addresses are statically assigned and reserved on my router.

What other information do you need?  How do I resolve the issue?
0
OrderlyChoas
Asked:
OrderlyChoas
  • 9
  • 8
  • 3
  • +2
2 Solutions
 
mwiener1Commented:
You need to point the new servers DNS to the current DC or it will never be able to find it. DC's are dns servers by default and they should also be DHCP servers.  

Disable DHCP on the router - set a new DHCP scope on the DC - in scope options set the dns server to the DC's IP.

Since servers should all be staically assigned, set the new servers IP as you wish but make sure that DNS points to your DC. The DC should point to 127.0.0.1 as a dns server.
0
 
Michael OrtegaSales & Systems EngineerCommented:
I would make sure your DC/DNS server (presumably 192.168.10.130) is bound to both IP's (.130 & .131). If it's only bound to (.130) then I would make sure the SQL server has only .130 for DNS. I would then flushdns on the SQL server (or reboot) and then try again.

MO
0
 
Michael OrtegaSales & Systems EngineerCommented:
Of course make sure the simple tests all check out:

1. Can you ping .130/.131 from your SQL server by IP
2. Can you ping by name

MO
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
OrderlyChoasAuthor Commented:
Mgortega;

The DC/DNS machine are both statically assigned to 130/131 (130 is Cat-5 network, 130 is wireless).
I can ping 130/131 from the SQL Server by IP.  I can ping both by name, though it appears that it's using IPv6 rather than 4 in the routing.  

I would really like to avoid switching my DHCP server away from my router.  Strictly for hardware reasons,  My DC only has 100mb NIC in it, vs the rest of my network which is 1gb.  Eventually I'll upgrade to a 1gb nic, but not planning on it for a while.

I have also verified that the only DNS entry on the SQL in the NIC configuration is resolves to 130. With that configuration, I can access both internal and external network paths, I just can't get my SQL (132) server to join the domain.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
It looks like your DC is multihomed (uses more than 1 NIC). Check if it will help in your case
http://support.microsoft.com/kb/832478

and additionally, please check this MVP blog about that at
http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

Regards,
Krzysztof
0
 
DrDave242Commented:
Have you tried joining the domain using its FQDN instead of the NetBIOS name?
0
 
OrderlyChoasAuthor Commented:
So far none of these suggestions have fixed the problem.
0
 
mwiener1Commented:
Can you ping it? If so have yuou tried to join by giving it the IP as opposed the the FQDN?
0
 
Michael OrtegaSales & Systems EngineerCommented:
can you take any  other system, desktop or otherwise, and join it to your domain?

MO
0
 
Michael OrtegaSales & Systems EngineerCommented:
Can you run  a dcdiag from your existing DC and post the results?

MO
0
 
OrderlyChoasAuthor Commented:

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = WIN-0OILEM09VA7

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\WIN-0OILEM09VA7

      Starting test: Connectivity

         The host

         d03758d8-88be-4038-b5d7-13a27454a2fc._msdcs.home.vcfostering.com could

         not be resolved to an IP address. Check the DNS server, DHCP, server

         name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ......................... WIN-0OILEM09VA7 failed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\WIN-0OILEM09VA7

      Skipping all tests, because server WIN-0OILEM09VA7 is not responding to

      directory service requests.

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : home

      Starting test: CheckSDRefDom

         ......................... home passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... home passed test CrossRefValidation

   
   Running enterprise tests on : home.vcfostering.com

      Starting test: LocatorCheck

         ......................... home.vcfostering.com passed test

         LocatorCheck

      Starting test: Intersite

         ......................... home.vcfostering.com passed test Intersite
 dcdiag.txt
0
 
Michael OrtegaSales & Systems EngineerCommented:
run dcdiag /v /fix and post results please.

You can attempt to join the server the domain as well.

MO
0
 
DrDave242Commented:
This is definitely a problem:

The host d03758d8-88be-4038-b5d7-13a27454a2fc._msdcs.home.vcfostering.com could not be resolved to an IP address.

Check the DNS console on your existing DC.  In the _msdcs.home.vcfostering.com zone (or in the _msdcs folder beneath the home.vcfostering.com zone), there should be an alias (CNAME) record with the name d03758d8-88be-4038-b5d7-13a27454a2fc that points to the FQDN of your DC.  Please verify that this record exists.
0
 
Michael OrtegaSales & Systems EngineerCommented:
As DrDave242 mentioned the record should be present. Running dcdiag /v /fix and a netdiag /fix should resolve any issues related to SPN issues and missing SRV records.

MO
0
 
OrderlyChoasAuthor Commented:
Fix Results.  I also created A record and CNAME --- still no luck.  Win Server 2008 R2 doesn't seem to have NetDiag

 dcdiagfixresults2.txt



Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine WIN-0OILEM09VA7, is a Directory Server.
   Home Server = WIN-0OILEM09VA7

   * Connecting to directory service on server WIN-0OILEM09VA7.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=home,DC=vcfostering,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=home,DC=vcfostering,DC=com
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=home,DC=vcfostering,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=WIN-0OILEM09VA7,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=home,DC=vcfostering,DC=com
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\WIN-0OILEM09VA7

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         The host

         d03758d8-88be-4038-b5d7-13a27454a2fc._msdcs.home.vcfostering.com could

         not be resolved to an IP address. Check the DNS server, DHCP, server

         name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ......................... WIN-0OILEM09VA7 failed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\WIN-0OILEM09VA7

      Skipping all tests, because server WIN-0OILEM09VA7 is not responding to

      directory service requests.

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : home

      Starting test: CheckSDRefDom

         ......................... home passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... home passed test CrossRefValidation

   
   Running enterprise tests on : home.vcfostering.com

      Test omitted by user request: DNS

      Test omitted by user request: DNS

      Starting test: LocatorCheck

         GC Name: \\WIN-0OILEM09VA7.home.vcfostering.com

         Locator Flags: 0xe00033fd
         PDC Name: \\WIN-0OILEM09VA7.home.vcfostering.com
         Locator Flags: 0xe00033fd
         Time Server Name: \\WIN-0OILEM09VA7.home.vcfostering.com
         Locator Flags: 0xe00033fd
         Preferred Time Server Name: \\WIN-0OILEM09VA7.home.vcfostering.com
         Locator Flags: 0xe00033fd
         KDC Name: \\WIN-0OILEM09VA7.home.vcfostering.com
         Locator Flags: 0xe00033fd
         ......................... home.vcfostering.com passed test

         LocatorCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... home.vcfostering.com passed test Intersite
0
 
OrderlyChoasAuthor Commented:
DNS Screencast
OrderlyChoas-512349.flv
0
 
OrderlyChoasAuthor Commented:
Results of trying to join the server via IP Address

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "192.168.10.130".

The error was: "The filename, directory name, or volume label syntax is incorrect."
(error code 0x0000007B ERROR_INVALID_NAME)

The query was for the SRV record for _ldap._tcp.dc._msdcs.192.168.10.130
0
 
Michael OrtegaSales & Systems EngineerCommented:
What OS is your AD Server running? I keep seeing references to "Home Server". If it's a Home Server then Active Directory is not a supported deployment for that kind of server. In fact, I think it goes against Microsoft's EULA.

MO
0
 
OrderlyChoasAuthor Commented:
As mentioned in my first post, I'm Running Win 2008 R2 on both machines.  The reason keep seeing "home" is because the full domain name in AD is home.vcfostering.com.
0
 
Michael OrtegaSales & Systems EngineerCommented:
In DNS, what is the "home" forward lookup zone? Did you manually create that? It should be home.vcfostering.com. Also I see a host record in the _msdcs.... zone that points to 192.168.10.133. I thought your IP's were .130 & .131?

At the root of _msdcs you should only have the SOA record, NS record, and a CNAME record that points the GUID to WIN-0OILEM09VA7.home.vcfostering.com.

The other zone, home.vcfostering.com, should have SOA and NS that points to WIN-0OILEM09VA7.home.vcfostering.com. It should also have an A record that points to 192.168.10.130.

MO
0
 
DrDave242Commented:
So here's what you need to do:

Delete that "home" zone.  Get rid of it and don't look back.
Delete that host record from the _msdcs.home.vcfostering.com zone.  It's serving no purpose that I can see.
Create a new forward lookup zone named home.vcfostering.com.
Inside the new zone, create a delegation for the _msdcs subdomain.  In the delegation wizard, specify your current DC as the host of that subdomain.
On your DC, open an admin command prompt and run the "ipconfig /flushdns" and "ipconfig /registerdns" commands.  Then restart the Netlogon service.

After a few seconds (or maybe a bit longer), you should see a lot more inside the forward lookup zones than you've got in there now.  Each of them will have several layers of subfolders, and the deepest layers should contain one or more SRV records.
0
 
Michael OrtegaSales & Systems EngineerCommented:
Thanks, DrDave242, for agreeing with my line of questioning and recommendations.

OrderlyChaos, you should not have to do anything with the SRV records. They all should point to the server alias - WIN-0OILEM09VA7.home.vcfostering.com. You just have to fix the host record that points to your server IP in the appropriate zone - home.vcfostering.com.

MO
0
 
OrderlyChoasAuthor Commented:
DrDave242 Thanks! my second server joined right up! The step by step instructions where most helpful.


mgortega Thanks for asking questions that helped clarify the problem!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 9
  • 8
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now