DNS not working properly
Forest scheme:
Windows server 2003
One forest with three domains (parent.local, child.parent.local, child2.parent.local)
All DCs are GC and DNS
NAT server (2k3) using RIP version 2
Replication is complete
Issue:
Parent CANNOT ping to any child domain by netbios name
Parent CAN ping by IP and by FQDN
**************************
Child 1CAN ping parent by Netbios name, and by IP, and CAN also NSLOOKUP parent
Child 1 CANNOT ping child 2 domain by Netbios name
Child 1 CAN ping child 2 domain by IP or FQDN
**************************
Child 2 CAN ping parent by Netbios name and by IP
Child 2 CANNOT ping Child 1 by Netbios name
Child 2 CAN ping Child 1 by IP
**************************
What I have done so far to fix issue
Change zones to Primary Zone (remove AD Integrated)
Delete zones
Flush DNS
Net Stop Netlogon
Net Start Netlogon
Re-Create zones
When I got fedup, dcpromo all DC to remove AD, dcpromo to promote to DC, same problem.
All zones are set to zone transfer, and all name servers are included in the name servers tab.
Windows server 2003
One forest with three domains (parent.local, child.parent.local, child2.parent.local)
All DCs are GC and DNS
NAT server (2k3) using RIP version 2
Replication is complete
Issue:
Parent CANNOT ping to any child domain by netbios name
Parent CAN ping by IP and by FQDN
**************************
Child 1CAN ping parent by Netbios name, and by IP, and CAN also NSLOOKUP parent
Child 1 CANNOT ping child 2 domain by Netbios name
Child 1 CAN ping child 2 domain by IP or FQDN
**************************
Child 2 CAN ping parent by Netbios name and by IP
Child 2 CANNOT ping Child 1 by Netbios name
Child 2 CAN ping Child 1 by IP
**************************
What I have done so far to fix issue
Change zones to Primary Zone (remove AD Integrated)
Delete zones
Flush DNS
Net Stop Netlogon
Net Start Netlogon
Re-Create zones
When I got fedup, dcpromo all DC to remove AD, dcpromo to promote to DC, same problem.
All zones are set to zone transfer, and all name servers are included in the name servers tab.
I forgot to mention that I also removed the DNS roles from all DC, put the roles back, same problem.
IF you can ping by FQDN and by IP then that is what I would expect. To be able to ping by netbios name in a different domain you will need to add DNS extensions to each PC's network config.
Netbios name is local to the domain and by default you would net expect to resolve MYHOST to MYHOST.DOMAIN2.LOCAL if you are in DOMAN1.LOCAL
Netbios name is local to the domain and by default you would net expect to resolve MYHOST to MYHOST.DOMAIN2.LOCAL if you are in DOMAN1.LOCAL
Have a GOOD read of this, explains all....
http://msmvps.com/blogs/acefekay/archive/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation.aspx
http://msmvps.com/blogs/acefekay/archive/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation.aspx
Thanks for the tip, but when I created the zones I created them to update all dns servers in the forest, not just their own domains. Each domain has a primary zone for their own domain, and a secondary zone for the other domains. Within any zone of any domain, I can click the container for the secondary zone for the other domain, and it shows all the objects that pertain to the domain the zone belongs to. Example. While in child domain 1, I can expand the secondary zone that belongs child 2, and it shows me all the objects that belong to child 2. Based on the article you pointed me to, the centralized option is the way I had already configured DNS. I
@Neilsr, in your first response, you mentioned that I should NOT be able to ping across domains, but yet I can ping by name from either child domain back to the parent domain. I just cannot ping by name from child to child or parent to child.
If you do an NSLOOKUP fomr a PC in child1 for a machine in domain2 it will fail, I would expect it to fail.
IF you only enter the machine name, how does it know what domain to look in? That would be like typing
PING Amazon
Is that Amazon.com, Amazon.local, Amazon.co.uk ?
Same goes. You need to tell your pc's to use domain suffix search order
IF you only enter the machine name, how does it know what domain to look in? That would be like typing
PING Amazon
Is that Amazon.com, Amazon.local, Amazon.co.uk ?
Same goes. You need to tell your pc's to use domain suffix search order
I am performing the ping operations from the domain controllers. DC in child.parent.local can ping parent.local, but CANNOT ping child2.parent.local. I am not trying to contradict or with you, I am just trying to learn, as well as get the issue fixed. But I see your reasoning, especially with the errors I am getting now when trying to configure a DAG. The error mentions about disjoint namespace, and if it is, then add DNS Suffixes to all the servers. I will research how to add the suffixes and see if that fixes my dilema(s). Thanks for your input.
I went into the properties of the NIC card on each of the child DC, and under the DNS tab, I checked the box to register their suffix, and also for them to use their connection suffix.....no luck.
You need to configure them to SEARCH each of the domains you want to resolve.
What OS is this on? Windowx 7, XP?
What OS is this on? Windowx 7, XP?
I think you misunderstood my issue: All I am trying to do is get the domain controllers in all the domains to be able to talk to each other. I have done this task a hundred times, not sure what happened this time, that none of my sites can ping each other. I know they see each other, because the domains show up in each others containers. I can expand the zones in DNS and see all of the children or parent zones. I can go the parent and add users from either child domain to a group. There are no client pc in this domain. This is just three domain controllers in three sites of the same forest, and each domain has exchange servers. All the exchange servers are communicating fine, the servers show up fine in EMC regardless of what exchange sever I use or whatever domain I am in. This is so weird. In the past all I did was setup the sites with the correct subnets, then install the dns role to the dc for all the sites, create primary and secondary forward and lookup zones as they apply, and all is gravy, this is driving me nuts. Now I am catching hell trying to add the exchange servers to the DAG. I am getting error that this might be a disjointed namespace. HELP PLEASE.....ANY BODY
I have done wwhat is the last article you sent me, and I am still unable to communicate from child to child or parent to children...rrrrrrgggg.
"This is just three domain controllers in three sites of the same forest, and each domain has exchange servers. "
Three "Sites" in the same forest? OR three DOMAINS in the same forest? They are VERY DIFFERENT things!
"One forest with three domains (parent.local, child.parent.local, child2.parent.local)"
Thats not 3 SITES thats 3 DIFFERENT DOMAINS
Can you explain EXACTLY what you have set up please.
Three "Sites" in the same forest? OR three DOMAINS in the same forest? They are VERY DIFFERENT things!
"One forest with three domains (parent.local, child.parent.local, child2.parent.local)"
Thats not 3 SITES thats 3 DIFFERENT DOMAINS
Can you explain EXACTLY what you have set up please.
Child.parent.local, child2.parent.local.......
Please check the below setting if you have not enabled it please enable it and then check.
Did you enabled the DHCP client service on both main DC and child DC?
Did you enabled the TCP/IP NetBios helper service on both main DC and child DC?
Have you enabled client for Microsoft Windows Networks on both main DC and child DC?
If nothing works please ran netdiag /fix
Waiting for your positive reply
Thanks for your response. Client for Microsoft Networks was enabled on all DC. The TCP/IP Netbios helper service was already set to automatic, and it was started. Since these are all DC, they all have static IP addresses, so Netbios over TCP/IP had been enabled. The check boxes for register this connection's address in DNS, and Use this connection's DNS suffix in DNS registration have been checked. I ran netdiag /fix, all passed, only warning was about not having WINS. This really stressing me out, I am past my deadline to have this working. I have done this task a hundred times without an issue. Build DC in parent domain, configure sites in sites and services with subnets for other domain. Join computer as member server to parent domain, after joined, change IP of member server to reflect IP for matching subnet of domain it will be DC for, dcpromo member server to become DC for child domain. Set forward and reverse lookup zones. Primary for the server hosting the zone, secondary for the server getting a copy of the zone. Set all zones for zone transfer. Mail is fowing fine between the domains, all exchange servers are showing in all EMC consoles from any domain, just can setup DAG.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial