Plaice
asked on
Domain Not Available
We have two sites connected via VPN.
Site 1: Existing 2003 domain controller
Site 2: New 2008 R2 server joined to the domain and dcpromo to new domain controller.
Connections are showing in Sites and Services for each domain controller. DNS is replicating between the two servers.
We have another server at site 2 with ip settings (DNS) configured for the new 2008 domain controller. However, when trying to login to the server we get a message stating: "The specified domain either does not exist or could not be contacted."
Trying to manage the server to add user permissions also does not allow us to specify domain users.
Site 1: Existing 2003 domain controller
Site 2: New 2008 R2 server joined to the domain and dcpromo to new domain controller.
Connections are showing in Sites and Services for each domain controller. DNS is replicating between the two servers.
We have another server at site 2 with ip settings (DNS) configured for the new 2008 domain controller. However, when trying to login to the server we get a message stating: "The specified domain either does not exist or could not be contacted."
Trying to manage the server to add user permissions also does not allow us to specify domain users.
If you have two sites as in Active Directory Sites and not just two physically seperate sites, than you require a Global Catalog server on both sites. Make the second DC a GC server and you should be fine if AD is replicating properly as you say.
ASKER
We only have one site in Sites and Services, the two domain controllers are just two physically separate sites.
On the effected server.. Ensure only Domain DNS servers are listed on the nic card settings. No ISP DNS servers.
If that is all good... Isolate your DNS issue with NSLOOKUP from cmd prompt:
Assuming:
domain name is domain.local
serverA at site1 is named DC1 with IP address of 192.168.100.10
serverB at site2 is named DC2 with IP address of 10.10.10.10
and the problem server is Member1 at site2 with IP of 10.10.10.20
Try these commands from CMD Prompt
PING DC1 (to confirm connectivity)
if not pinging PING 192.168.100.10
PING DC2 (to confirm connectivity)
if not pinging PING 10.10.10.10
If you can ping domain controllers / DNS servers confirm DNS works:
NSLOOKUP
SERVER 10.10.10.10
domain.local
this should output the IP Addresses of your domain controllers 10.10.10.10, 192.168.100.10
SERVER 192.168.100.10
domain.local
this should output the IP Addresses of your domain controllers 10.10.10.10, 192.168.100.10
If all of this produces the expected results then we can move forward but if you don't have connectivity to your desired DNS server from Member1 then there is a larger issue.
If that is all good... Isolate your DNS issue with NSLOOKUP from cmd prompt:
Assuming:
domain name is domain.local
serverA at site1 is named DC1 with IP address of 192.168.100.10
serverB at site2 is named DC2 with IP address of 10.10.10.10
and the problem server is Member1 at site2 with IP of 10.10.10.20
Try these commands from CMD Prompt
PING DC1 (to confirm connectivity)
if not pinging PING 192.168.100.10
PING DC2 (to confirm connectivity)
if not pinging PING 10.10.10.10
If you can ping domain controllers / DNS servers confirm DNS works:
NSLOOKUP
SERVER 10.10.10.10
domain.local
this should output the IP Addresses of your domain controllers 10.10.10.10, 192.168.100.10
SERVER 192.168.100.10
domain.local
this should output the IP Addresses of your domain controllers 10.10.10.10, 192.168.100.10
If all of this produces the expected results then we can move forward but if you don't have connectivity to your desired DNS server from Member1 then there is a larger issue.
ASKER
Member1 has connectivity to ServerB.
It can't ping or perform an nslookup on ServerA.
It can't ping or perform an nslookup on ServerA.
ASKER
And, just to clarify, Member1 can perform an nslookup on ServerB.
set server b as the primary and only dns on member1. this will ensure it is talking to a domain dns server that we know it can reach.
If it still bawks when logging in, then the dns zone file in DC2 should be examined.
Is the VPN 'site to site' as in the firewalls handle the vpn or is it server to server and only DC1 & DC2 can talk to each other?
If it still bawks when logging in, then the dns zone file in DC2 should be examined.
Is the VPN 'site to site' as in the firewalls handle the vpn or is it server to server and only DC1 & DC2 can talk to each other?
As a side note.. check the Active Directory event logs on DC2 to ensure AD has started.
ASKER
ServerB is the only DNS on Member1. Same error when trying to login.
AD event logs on ServerB show AD has started.
AD event logs on ServerB show AD has started.
Can you elaborate on the VPN connectivity between DC1 & DC2?
If you are running the VPN directly from DC2, then disconnect the vpn and attempt to login from member1 again. I would like to rule out the VPN connection.
If you are running the VPN directly from DC2, then disconnect the vpn and attempt to login from member1 again. I would like to rule out the VPN connection.
ASKER
VPN is direct from DC2. I've disconnected this, retested, and received the same error.
On DC2 (2008R2) server-
Does the network location awareness service report you are on a domain network? (should say domain network in network center) If it says public your DC may not accept incoming requests of any kind?
Is the firewall turned off or disabled on DC2 as this plays havoc in 2008r2 servers as well?
Does the network location awareness service report you are on a domain network? (should say domain network in network center) If it says public your DC may not accept incoming requests of any kind?
Is the firewall turned off or disabled on DC2 as this plays havoc in 2008r2 servers as well?
ASKER
DC2 says domain network for local area connection.
Firewall is on.
Firewall is on.
ASKER
Looking at DC2 Sysvol and Netlogon are not available, think this might be the cause of the issue.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Issue was resolved in house.