vmagan
asked on
Unable to configure DNS and dhcp on a new DC server 2008 R2
Hi guys,
I am setting up a new network and DNS must not be configured correctly. I keep getting an error message when i scan the role in server manager. Error: DNS: DNS Servers on local area connection 3 should include the loopback address, but not as the first entry.
when i go to ipv4 properties i have the ip address, subnet, gateway and the dns server as 192.168.1.10 which is the same ip address of the server.
I am also getting a no credentials configured for use with dynamic dns registration message.
Please help
I am setting up a new network and DNS must not be configured correctly. I keep getting an error message when i scan the role in server manager. Error: DNS: DNS Servers on local area connection 3 should include the loopback address, but not as the first entry.
when i go to ipv4 properties i have the ip address, subnet, gateway and the dns server as 192.168.1.10 which is the same ip address of the server.
I am also getting a no credentials configured for use with dynamic dns registration message.
Please help
Don't forget the ipv6 address!
DNS configuration is pretty straight forward. uninstall DNS role and reinstall it. Revert with outcome.
run dcdiag /test:dns and post the results.
as well post the results of ipconfig /all
as well post the results of ipconfig /all
ASKER
this was a new install but i went ahead and reinstalled the os reinstalled the feautures and now dns is working. I still have a X when i go to roles for DHCP. But i do get an ip address and all the info needed so i dont get it. But i still cannot get online. Thought it was a dns issue but not sure anymore.
Let me explain what i have done. hopefully you guys can help. We have a sonicwall firewall here which was already here. We had an old 2k3 server that died, this is why i am installing the new one.
I cannot get online even though the network icon on the system tray states "connected interenet access" I cannot ping anything external but i can ping everything internal.
Not sure if the issue can be the firewall since i gave the new server the same ip address that the old one had. So firewall shouldnt be able to tell the difference (at least as far as access rules are concerned)
when i bypass the firewall and plug our dsl box directly to the switch (cisco small business managed switch) i still dont get online but when i give myself a static ip address provided by the ISP i get online.
Do you guys have any ideas on what can be the issue here?
Please help
Let me explain what i have done. hopefully you guys can help. We have a sonicwall firewall here which was already here. We had an old 2k3 server that died, this is why i am installing the new one.
I cannot get online even though the network icon on the system tray states "connected interenet access" I cannot ping anything external but i can ping everything internal.
Not sure if the issue can be the firewall since i gave the new server the same ip address that the old one had. So firewall shouldnt be able to tell the difference (at least as far as access rules are concerned)
when i bypass the firewall and plug our dsl box directly to the switch (cisco small business managed switch) i still dont get online but when i give myself a static ip address provided by the ISP i get online.
Do you guys have any ideas on what can be the issue here?
Please help
I cannot get online even though the network icon on the system tray states "connected interenet access" I cannot ping anything external but i can ping everything internal.This doesn't mean you can resolve internet addresses only that you have bandwidth.
do nslookup and see if you can resolve to ip
run a port scan to check the firewall from here click on proceed then all service ports. If you haven't done anything with the firewall after changing the server it's likely you need to change rules that no longer apply. I would start here.
Sounds like DHCP may be running on the Sonic Firewall, you need to check, if its the case turn it off and use DHCP on the 2008 server, you can't have two DHCP servers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here is the DCdiag test
C:\Users\Administrator>dcd iag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DciDC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC IDC
Starting test: Connectivity
......................... DCIDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC IDC
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... DCIDC passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : Deltronic
Running enterprise tests on : Deltronic.local
Starting test: DNS
......................... Deltronic.local passed test DNS
C:\Users\Administrator>
C:\Users\Administrator>dcd
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DciDC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
......................... DCIDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... DCIDC passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : Deltronic
Running enterprise tests on : Deltronic.local
Starting test: DNS
......................... Deltronic.local passed test DNS
C:\Users\Administrator>
post the results of ipconfig /all
ASKER
DjstraTTos,
can you walk me through adding the external dns forwarders?
Works2011,
Thanks for the info on bandwith!
I did a nslookup and got a dns request time out. See below.
C:\Users\Administrator>nsl ookup
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: ::1
> google.com
Server: UnKnown
Address: ::1
Name: google.com
Addresses: 2001:4860:800a::8a
74.125.137.113
74.125.137.101
74.125.137.138
74.125.137.139
74.125.137.100
74.125.137.102
can you walk me through adding the external dns forwarders?
Works2011,
Thanks for the info on bandwith!
I did a nslookup and got a dns request time out. See below.
C:\Users\Administrator>nsl
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: ::1
> google.com
Server: UnKnown
Address: ::1
Name: google.com
Addresses: 2001:4860:800a::8a
74.125.137.113
74.125.137.101
74.125.137.138
74.125.137.139
74.125.137.100
74.125.137.102
ASKER
I added the ISP dns servers under the forwarders tab, They resolved.
Your network addressing doesn't seem right.
Let me start from the perimeter firewall: its internal IP address must be the Default Gateway of all servers and workstations. For example, if its IP address is 192.168.1.1 this is the DG you need to configure on the server (with correct subnet mask).
Before going further, you should be able to ping the DG and external IP addresses.
Then, on the server that will host the DNS you set its local IP address (192.168.1.10) as Primary DNS and nothing as secondary. And, at that point ou can add DNS role and follow the instructions of the wizard.
DHCP can also be configured on the same server (however there are some security considerations about having DNS and DHCP on the same server, please read the help when adding the DHCP role).
Let me start from the perimeter firewall: its internal IP address must be the Default Gateway of all servers and workstations. For example, if its IP address is 192.168.1.1 this is the DG you need to configure on the server (with correct subnet mask).
Before going further, you should be able to ping the DG and external IP addresses.
Then, on the server that will host the DNS you set its local IP address (192.168.1.10) as Primary DNS and nothing as secondary. And, at that point ou can add DNS role and follow the instructions of the wizard.
DHCP can also be configured on the same server (however there are some security considerations about having DNS and DHCP on the same server, please read the help when adding the DHCP role).
post the results of ipconfig /allas I mentioned before, posting the results will help troubleshooting.
ASKER
Spaperov,
firewall internal ip: 192.168.1.2
server: 192.168.1.10 (dns and dhcp also)
now we are getting online since adding the external dns server as the forwarders. But obviously when i try to ping anything external from a client machine or server i get "time out" which makes sense.
So its safe to say that it is a dns issue right? How do i get it so that i dont have to depend on forwarding to the ISP dns server?
firewall internal ip: 192.168.1.2
server: 192.168.1.10 (dns and dhcp also)
now we are getting online since adding the external dns server as the forwarders. But obviously when i try to ping anything external from a client machine or server i get "time out" which makes sense.
So its safe to say that it is a dns issue right? How do i get it so that i dont have to depend on forwarding to the ISP dns server?
ASKER
oh sorry man, here you go.
Server
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Gigabit 2P I350-t LOM
Physical Address. . . . . . . . . : D4-AE-52-A0-4F-EF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e9ea:b64f:f7d9:f4cf% 11(Preferr ed)
IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
DHCPv6 IAID . . . . . . . . . . . : 248819282
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-CC-5F-17-D4 -AE-52-A0- 4F-EF
DNS Servers . . . . . . . . . . . : ::1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Client machine
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Deltronic.local
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
Physical Address. . . . . . . . . : 00-16-76-02-4C-87
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
DHCP Server . . . . . . . . . . . : 192.168.1.10
DNS Servers . . . . . . . . . . . : 192.168.1.10
Lease Obtained. . . . . . . . . . : Sunday, August 26, 2012 8:23:27 PM
Lease Expires . . . . . . . . . . : Monday, September 03, 2012 8:23:27 P
M
Server
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Gigabit 2P I350-t LOM
Physical Address. . . . . . . . . : D4-AE-52-A0-4F-EF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e9ea:b64f:f7d9:f4cf%
IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
DHCPv6 IAID . . . . . . . . . . . : 248819282
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-CC-5F-17-D4
DNS Servers . . . . . . . . . . . : ::1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Client machine
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Deltronic.local
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
Physical Address. . . . . . . . . : 00-16-76-02-4C-87
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
DHCP Server . . . . . . . . . . . : 192.168.1.10
DNS Servers . . . . . . . . . . . : 192.168.1.10
Lease Obtained. . . . . . . . . . : Sunday, August 26, 2012 8:23:27 PM
Lease Expires . . . . . . . . . . : Monday, September 03, 2012 8:23:27 P
M
You cannot stop depending on external DNs.
What you could do is to use your router's IP as a forwarder instead since this the device that actually forwards your requests to the internet via its wan interface.
What you could do is to use your router's IP as a forwarder instead since this the device that actually forwards your requests to the internet via its wan interface.
can you verify if DHCP is running on the Sonic Firewall? You can't have two DHCP servers with 2008 Server and it's why you get the error during installation. Turn it off and reinstall DHCP services on the server and setup the following scope options.
003 Router: ip address
006 DNS Servers: ip address
015 DNS Domain Name: domain.local
003 Router: ip address
006 DNS Servers: ip address
015 DNS Domain Name: domain.local
ASKER
I do not have dhcp enabled on the firewall. I tripled check that. I have the scope any everything configured on the dhcp. I am getting ip's from the correct scope. When i do go to roles DHCP has an x but it is working and i see leases in it.
What test can i run from dhcp?
What test can i run from dhcp?
Forget my last post I didn't see that you confirmed DHCP wasn't running on the server however please check the scope options in DHCP.
From what I see everything is actually correct. The client is getting the correct information from the DHCP server which is also the DNS. You said the clients are able to connect to the internet now. What's the problem?
For DNS resolution of external addresses, all your clients should only point to your internal DNS (which is what you have from the one sample we've seen), your DNS server will either use forwarders (pointing at your ISP's DNS or other public DNS servers) or root hint servers. You asked about how to not "depend on forwarding to the ISP dns server" - your only options are to use a different public DNS server(s) as a forwarder(s) or to use root hint servers. Which one do you want to do? Is your root hint list populated? By running "dcdiag /test:dns /v" you can verify if any of the root hints need to be updated, and they can be updated individually through the DNS Management console.
Finally for your DHCP, have you authorized the server yet?
http://technet.microsoft.com/en-us/library/dd145306%28v=ws.10%29.aspx
For DNS resolution of external addresses, all your clients should only point to your internal DNS (which is what you have from the one sample we've seen), your DNS server will either use forwarders (pointing at your ISP's DNS or other public DNS servers) or root hint servers. You asked about how to not "depend on forwarding to the ISP dns server" - your only options are to use a different public DNS server(s) as a forwarder(s) or to use root hint servers. Which one do you want to do? Is your root hint list populated? By running "dcdiag /test:dns /v" you can verify if any of the root hints need to be updated, and they can be updated individually through the DNS Management console.
Finally for your DHCP, have you authorized the server yet?
http://technet.microsoft.com/en-us/library/dd145306%28v=ws.10%29.aspx
ASKER
Ok I see what you mean about the forwarders but I don't understand why I cannot ping anything external from any machine?
I should be able to ping anything external.
I'll look at dhcp article now and yes it is authorized.
I should be able to ping anything external.
I'll look at dhcp article now and yes it is authorized.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Agreed regarding the ping. It's most likely that your SonicWall is blocking the traffic. Do you allow all outbound traffic or do you have a specific rule to allow ICMP Echo Requests?
ASKER
I will check the firewall and let you guys know today.
ASKER
That got me online. And thanks for clarification on the pinging issue.