[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Unable to configure DNS and dhcp on a new DC server 2008 R2

Posted on 2012-08-26
25
Medium Priority
?
978 Views
Last Modified: 2012-08-28
Hi guys,

I am setting up a new network and DNS must not be configured correctly. I keep getting an error message when i scan the role in server manager. Error: DNS: DNS Servers on local area connection 3 should include the loopback address, but not as the first entry.

when i go to ipv4 properties i have the ip address, subnet, gateway and the dns server as 192.168.1.10 which is the same ip address of the server.


I am also getting a no credentials configured for use with dynamic dns registration message.

Please help
0
Comment
Question by:vmagan
  • 10
  • 7
  • 3
  • +3
25 Comments
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38334654
Don't forget the ipv6 address!
0
 
LVL 7

Expert Comment

by:djStraTTos
ID: 38334655
DNS configuration is pretty straight forward. uninstall DNS role and reinstall it. Revert with outcome.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 38334778
run dcdiag /test:dns and post the results.

as well post the results of ipconfig /all
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 6

Author Comment

by:vmagan
ID: 38334786
this was a new install but i went ahead and reinstalled the os reinstalled the feautures and now dns is working. I still have a X when i go to roles for DHCP. But i do get an ip address and all the info needed so i dont get it. But i still cannot get online. Thought it was a dns issue but not sure anymore.

Let me explain what i have done. hopefully you guys can help. We have a sonicwall firewall here which was already here. We had an old 2k3 server that died, this is why i am installing the new one.

I cannot get online even though the network icon on the system tray states "connected interenet access" I cannot ping anything external but i can ping everything internal.

Not sure if the issue can be the firewall since i gave the new server the same ip address that the old one had. So firewall shouldnt be able to tell the difference (at least as far as access rules are concerned)

when i bypass the firewall and plug our dsl box directly to the switch (cisco small business managed switch) i still dont get online but when i give myself a static ip address provided by the ISP i get online.

Do you guys have any ideas on what can be the issue here?

Please help
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 38334800
I cannot get online even though the network icon on the system tray states "connected interenet access" I cannot ping anything external but i can ping everything internal.
This doesn't mean you can resolve internet addresses only that you have bandwidth.

do nslookup and see if you can resolve to ip

run a port scan to check the firewall from here click on proceed then all service ports. If you haven't done anything with the firewall after changing the server it's likely you need to change rules that no longer apply. I would start here.

Sounds like DHCP may be running on the Sonic Firewall, you need to check, if its the case turn it off and use DHCP on the 2008 server, you can't have two DHCP servers.
0
 
LVL 7

Accepted Solution

by:
djStraTTos earned 1600 total points
ID: 38334802
Go to your DNS server and add the ISP's DNS IP as forwarders. Thus all the unknown for your server requests will be handled by the external server.
0
 
LVL 6

Author Comment

by:vmagan
ID: 38334804
Here is the DCdiag test

C:\Users\Administrator>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DciDC
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DCIDC
      Starting test: Connectivity
         ......................... DCIDC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DCIDC

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... DCIDC passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : Deltronic

   Running enterprise tests on : Deltronic.local
      Starting test: DNS
         ......................... Deltronic.local passed test DNS

C:\Users\Administrator>
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 38334809
post the results of ipconfig /all
0
 
LVL 6

Author Comment

by:vmagan
ID: 38334813
DjstraTTos,

can you walk me through adding the external dns forwarders?

Works2011,

Thanks for the info on bandwith!

I did a nslookup and got a dns request time out.  See below.

C:\Users\Administrator>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
Address:  ::1

> google.com
Server:  UnKnown
Address:  ::1

Name:    google.com
Addresses:  2001:4860:800a::8a
          74.125.137.113
          74.125.137.101
          74.125.137.138
          74.125.137.139
          74.125.137.100
          74.125.137.102
0
 
LVL 6

Author Comment

by:vmagan
ID: 38334825
I added the ISP dns servers under the forwarders tab, They resolved.
0
 
LVL 20

Expert Comment

by:Svet Paperov
ID: 38334835
Your network addressing doesn't seem right.

Let me start from the perimeter firewall: its internal IP address must be the Default Gateway of all servers and workstations. For example, if its IP address is 192.168.1.1 this is the DG you need to configure on the server (with correct subnet mask).

Before going further, you should be able to ping the DG and external IP addresses.

Then, on the server that will host the DNS you set its local IP address (192.168.1.10) as Primary DNS and nothing as secondary. And, at that point ou can add DNS role and follow the instructions of the wizard.

DHCP can also be configured on the same server (however there are some security considerations about having DNS and DHCP on the same server, please read the help when adding the DHCP role).
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 38334851
post the results of ipconfig /all
as I mentioned before, posting the results will help troubleshooting.
0
 
LVL 6

Author Comment

by:vmagan
ID: 38334854
Spaperov,

firewall internal ip: 192.168.1.2
server: 192.168.1.10 (dns and dhcp also)

now we are getting online since adding the external dns server as the forwarders. But obviously when i try to ping anything external from a client machine or server i get "time out" which makes sense.

So its safe to say that it is a dns issue right? How do i get it so that i dont have to depend on forwarding to the ISP dns server?
0
 
LVL 6

Author Comment

by:vmagan
ID: 38334863
oh sorry man, here you go.

Server

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Gigabit 2P I350-t LOM
   Physical Address. . . . . . . . . : D4-AE-52-A0-4F-EF
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e9ea:b64f:f7d9:f4cf%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.2
   DHCPv6 IAID . . . . . . . . . . . : 248819282
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-CC-5F-17-D4-AE-52-A0-4F-EF

   DNS Servers . . . . . . . . . . . : ::1
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


Client machine

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : Deltronic.local
        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
        Physical Address. . . . . . . . . : 00-16-76-02-4C-87
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.2
        DHCP Server . . . . . . . . . . . : 192.168.1.10
        DNS Servers . . . . . . . . . . . : 192.168.1.10
        Lease Obtained. . . . . . . . . . : Sunday, August 26, 2012 8:23:27 PM
        Lease Expires . . . . . . . . . . : Monday, September 03, 2012 8:23:27 P
M
0
 
LVL 7

Expert Comment

by:djStraTTos
ID: 38334882
You cannot stop depending on external DNs.
What you could do is to use your router's IP as a forwarder instead since this the device that actually forwards your requests to the internet via its wan interface.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 38334883
looks like you have DHCP enabled on the firewall, I would turn this off and use DHCP on the server. Then on the servers DHCP configure scope options for DNS and router and I expect everything will work.

dhcp
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 38334892
can you verify if DHCP is running on the Sonic Firewall? You can't have two DHCP servers with 2008 Server and it's why you get the error during installation. Turn it off and reinstall DHCP services on the server and setup the following scope options.

003 Router: ip address
006 DNS Servers: ip address
015 DNS Domain Name: domain.local
0
 
LVL 6

Author Comment

by:vmagan
ID: 38334893
I do not have dhcp enabled on the firewall. I tripled check that. I have the scope any everything configured on the dhcp. I am getting ip's from the correct scope. When i do go to roles DHCP has an x but it is working and i see leases in it.

What test can i run from dhcp?
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 38334897
Forget my last post I didn't see that you confirmed DHCP wasn't running on the server however please check the scope options in DHCP.
0
 
LVL 41

Expert Comment

by:footech
ID: 38335075
From what I see everything is actually correct.  The client is getting the correct information from the DHCP server which is also the DNS.  You said the clients are able to connect to the internet now.  What's the problem?

For DNS resolution of external addresses, all your clients should only point to your internal DNS (which is what you have from the one sample we've seen), your DNS server will either use forwarders (pointing at your ISP's DNS or other public DNS servers) or root hint servers.  You asked about how to not "depend on forwarding to the ISP dns server" - your only options are to use a different public DNS server(s) as a forwarder(s) or to use root hint servers.  Which one do you want to do?  Is your root hint list populated?  By running "dcdiag /test:dns /v" you can verify if any of the root hints need to be updated, and they can be updated individually through the DNS Management console.

Finally for your DHCP, have you authorized the server yet?
http://technet.microsoft.com/en-us/library/dd145306%28v=ws.10%29.aspx
0
 
LVL 6

Author Comment

by:vmagan
ID: 38335185
Ok I see what you mean about the forwarders but I don't understand why I cannot ping anything external from any machine?

I should be able to ping anything external.

I'll look at dhcp article now and yes it is authorized.
0
 
LVL 20

Assisted Solution

by:Svet Paperov
Svet Paperov earned 400 total points
ID: 38335233
About the ping: if you can browse external sites but cannot ping that may be because some firewalls block ICMP Reply - could be a Windows 7/Vista firewall or the perimeter firewall.

About the DNS: instead of using forwarders, verify if the root DNS sites (root hints) are configured and accessible. Root DNS are much more reliable than forwarders. http://technet.microsoft.com/en-us/library/ff807382(v=ws.10).aspx
0
 
LVL 41

Expert Comment

by:footech
ID: 38337073
Agreed regarding the ping.  It's most likely that your SonicWall is blocking the traffic.  Do you allow all outbound traffic or do you have a specific rule to allow ICMP Echo Requests?
0
 
LVL 6

Author Comment

by:vmagan
ID: 38337181
I will check the firewall and let you guys know today.
0
 
LVL 6

Author Closing Comment

by:vmagan
ID: 38344233
That got me online. And thanks for clarification on the pinging issue.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question