DNS issue. Can't add a server to a domain
I'm trying to add a server to my test and learning domain.
Current DC is running server 2008 R2, as is the new one I want add.
Comcast is ISP
Comcast router is the DHCP server. It is the default gateway with address 10.0.0.1
The DC is configured with DNS as a role.
The DC has a static IP address, 10.0.0.6, and has DNS servers specified in Adapter settings, using Comcast DSN servers 75.75.75.75 and 75.75.76.76.
A workstation on the domain uses DHCP and has 10.0.0.6 specified as the DNS server.
IPCONFIG reports its IP address as 10.0.09 and its DNS server as 10.0.0.6, the DC
The new server uses DHCP and has 10.0.0.6 specified as the DNS server.
IPCONFIG reports its IP address as 10.0.0.184 and its DNS server as 10.0.0.6, the DC
DNS server is not added as a role on new server.
When I try to add the new server to the domain I get the following message
***BEGIN QUOTE
The following error occurred attempting to join the domain "stw":
An attempt to resolve the DNS name of a domain controller in the domain being joined has failed. Please verify this client is configured to reach a DNS server that can resolve DNS names in the target domain. For information...
***END QUOTE
How is it that the workstation and and the new server have the same settings but the workstation joined the domain and the server won't. Is there something special about being a server? Also, it is possible that the current workstation settings are different from what they were months ago when the workstation was added to the domain. I don't think they have changed, but it is possible, and I don't know if changing to settings that would not enable it to join the domain would not kick it off once it was on, It might have been configured with the comcast DNS servers addresses specified. Anyway, i've tried that on the new server with the same resulting message.
I don't see any place in the DNS setup on the DC that would make it function as a DNS server, even though it has that role, and I don't know where to look and what to enter, so this is in large part a request for guidance in basic DNS. That is, I see no mention of the Comcast DNS server addresses anywhere in the DNS entries.
I seem to recall from another DNS issue on a client's network the use of DNS flushing and resetting. When is that appropriate and on what machine?
Thank you for any and all insights and suggestions, including pointing me to some basic how-to sites.
Ron Hicks
Current DC is running server 2008 R2, as is the new one I want add.
Comcast is ISP
Comcast router is the DHCP server. It is the default gateway with address 10.0.0.1
The DC is configured with DNS as a role.
The DC has a static IP address, 10.0.0.6, and has DNS servers specified in Adapter settings, using Comcast DSN servers 75.75.75.75 and 75.75.76.76.
A workstation on the domain uses DHCP and has 10.0.0.6 specified as the DNS server.
IPCONFIG reports its IP address as 10.0.09 and its DNS server as 10.0.0.6, the DC
The new server uses DHCP and has 10.0.0.6 specified as the DNS server.
IPCONFIG reports its IP address as 10.0.0.184 and its DNS server as 10.0.0.6, the DC
DNS server is not added as a role on new server.
When I try to add the new server to the domain I get the following message
***BEGIN QUOTE
The following error occurred attempting to join the domain "stw":
An attempt to resolve the DNS name of a domain controller in the domain being joined has failed. Please verify this client is configured to reach a DNS server that can resolve DNS names in the target domain. For information...
***END QUOTE
How is it that the workstation and and the new server have the same settings but the workstation joined the domain and the server won't. Is there something special about being a server? Also, it is possible that the current workstation settings are different from what they were months ago when the workstation was added to the domain. I don't think they have changed, but it is possible, and I don't know if changing to settings that would not enable it to join the domain would not kick it off once it was on, It might have been configured with the comcast DNS servers addresses specified. Anyway, i've tried that on the new server with the same resulting message.
I don't see any place in the DNS setup on the DC that would make it function as a DNS server, even though it has that role, and I don't know where to look and what to enter, so this is in large part a request for guidance in basic DNS. That is, I see no mention of the Comcast DNS server addresses anywhere in the DNS entries.
I seem to recall from another DNS issue on a client's network the use of DNS flushing and resetting. When is that appropriate and on what machine?
Thank you for any and all insights and suggestions, including pointing me to some basic how-to sites.
Ron Hicks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm still missing something somewhere.
I now have the DC with its IP address, 10.0.0.6, as the DNS server address.
And I tried using the DC's address as the DNS server address on the NewServer.
(did flushdns and registerdns after the change to the nic)
ipconfig /all reported the DNS server as 10.0.0.6
Same error message when adding NewServer to the domain.
Hmm, so I tried "Obtain DNS server address automatically"
flushed and registered again
ipconfig /all reported the DNS server to be 75.75.75.75 and 75.75.76.76
Again, same error message when trying to add NewServer to the domain.
I feel like I'm close to having it right. What am I missing?
Oh, followup question about moving DHCP from the Comcast modem to the DC. Would i use 192.168.0.xxx for my addresses?
I now have the DC with its IP address, 10.0.0.6, as the DNS server address.
And I tried using the DC's address as the DNS server address on the NewServer.
(did flushdns and registerdns after the change to the nic)
ipconfig /all reported the DNS server as 10.0.0.6
Same error message when adding NewServer to the domain.
Hmm, so I tried "Obtain DNS server address automatically"
flushed and registered again
ipconfig /all reported the DNS server to be 75.75.75.75 and 75.75.76.76
Again, same error message when trying to add NewServer to the domain.
I feel like I'm close to having it right. What am I missing?
Oh, followup question about moving DHCP from the Comcast modem to the DC. Would i use 192.168.0.xxx for my addresses?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I revisited the settings and they were as most recently noted. I did see in Ipconfig though some lines with double colons and with or without a number as the first line of DNS server addresses. I changed the nic settings on the Server and the NewServer by unchecking IPv6. Then I was able to join NewServer to the domain. I could probably restore the checks to IPv6 on the nics.
More about IP addresses. Do you mean I could: (1) leave the modem at 10.0.0.1; (2) turn off DHCP on the modem; and (3) establish a DHCP range of 10.0.0.2 through 255 on the Server?
More about IP addresses. Do you mean I could: (1) leave the modem at 10.0.0.1; (2) turn off DHCP on the modem; and (3) establish a DHCP range of 10.0.0.2 through 255 on the Server?
I revisited the settings and they were as most recently noted. I did see in Ipconfig though some lines with double colons and with or without a number as the first line of DNS server addresses. I changed the nic settings on the Server and the NewServer by unchecking IPv6. Then I was able to join NewServer to the domain. I could probably restore the checks to IPv6 on the nics.Heh. IPv6 can be problematic at times. However, yes, you should be able to check IPv6 again.
More about IP addresses. Do you mean I could: (1) leave the modem at 10.0.0.1; (2) turn off DHCP on the modem; and (3) establish a DHCP range of 10.0.0.2 through 255 on the Server?Correct to #1. As for #2, I would use 10.0.0.50 - 10.0.0.254 (10.0.0.255 is the broadcast address, and I like to leave a number of addresses out of DHCP range for servers and other devices with static addresses)
ASKER
More re IP addressing. Would wireless devices not on the domain (like visiting friends) still connect to my wireless modem, just getting addresses from the server?
You DO NOT want to do that - each of your friends or your friend's devices would need a Client Access License. You don't want friends on a BUSINESS network. Create a private "guest" network for them.
Could we stick to the original problem - have you joined the computer to the domain and fixed DNS? (You can ask other questions on the site, but lets try to stay focused in this one).
@Lee - He fixed it by unbinding IPv6 from the NIC. #a42115496
To the question of wireless, Lee has stated that point perfectly. Business and guest networks should always be separate.
To the question of wireless, Lee has stated that point perfectly. Business and guest networks should always be separate.
"establish a DHCP range of 10.0.0.2 through 255 on the Server"
I agree with mansrock on leaving some IP addresses out of DHCP, but I would recommend another method. Include that range in the Scope, but add Exclusions to keep some addresses separate from DHCP. In his example, I'd have an exclusion of 10.0.0.1-10.0.0.49 and a range of 10.0.0.1-10.0.0.254. This will result in the same range available for DHCP, but is more flexible. You aren't allowed on Windows Servers to edit the scope at a later date. You'd have to recreate it from scratch if you wanted to change it. You ARE allowed to change Exclusions, though.
@Lee: Are you suggesting that any client that gets a DHCP address from a Windows Server, even if it is not joining the domain or access any other resources, requires a CAL?
I agree with mansrock on leaving some IP addresses out of DHCP, but I would recommend another method. Include that range in the Scope, but add Exclusions to keep some addresses separate from DHCP. In his example, I'd have an exclusion of 10.0.0.1-10.0.0.49 and a range of 10.0.0.1-10.0.0.254. This will result in the same range available for DHCP, but is more flexible. You aren't allowed on Windows Servers to edit the scope at a later date. You'd have to recreate it from scratch if you wanted to change it. You ARE allowed to change Exclusions, though.
@Lee: Are you suggesting that any client that gets a DHCP address from a Windows Server, even if it is not joining the domain or access any other resources, requires a CAL?
To be clear, I agree with the appropriateness of separating guest and business networks. My question was strictly about CALs.
any client that accesses or indirectly accesses a windows server requires a client CAL. So Lee is quite correct..
Shocking as it is to hear, I've heard numerous Microsoft people state that if the Windows Server is providing ANY services to the LAN - DNS, DHCP, File, Print, etc., ALL connecting devices or users must have CALs. It is a licensing point which SHOULD be verified in WRITING by Microsoft for whomever manages the network - but by separating Guest and company networks, you can use NON-Microsoft services for the guests without concern for licensing while COMPANY resources still get licensed.
I've always interpreted the MS licensing to only apply to such things as file and print services, not DNS or DHCP. Truth is, I don't know how I came to that conclusion.
I tried to look this up today but wasn't very successful. MS will mention "such as file and print services" but that doesn't say what else would require a CAL.
@Lee: these "Microsoft people" would say that if I have a LAN with a Microsoft server running DNS and DHCP and I connect a device with a static IP (pointing at the non-Microsoft router) and DNS pointing to an external server, I'd still need a CAL because we share switches and a router? Or are you just restating that using the server for DNS or for DHCP is enough to require a CAL?
And... yes... I realize that I should get the answer from Microsoft. I've learned the hard way that it often isn't very easy. I got different answers from them about how many Server 2008R2 VMs I could run with one license.
I tried to look this up today but wasn't very successful. MS will mention "such as file and print services" but that doesn't say what else would require a CAL.
@Lee: these "Microsoft people" would say that if I have a LAN with a Microsoft server running DNS and DHCP and I connect a device with a static IP (pointing at the non-Microsoft router) and DNS pointing to an external server, I'd still need a CAL because we share switches and a router? Or are you just restating that using the server for DNS or for DHCP is enough to require a CAL?
And... yes... I realize that I should get the answer from Microsoft. I've learned the hard way that it often isn't very easy. I got different answers from them about how many Server 2008R2 VMs I could run with one license.
@CompProbSolv - I've heard varying interpretations over the years myself, but here is an article that cites that needs even for DHCP or DNS: https://blogs.technet.micr
from Masnrocks' link
Q2 – If I have guests that come into my office an temporarily use a Windows DHCP server to grab an IP address to access the Internet, do they need CALs? I guess the takeaway is to never use a Windows DHCP server?
A2 – Yes, they are using a Windows Server service and would need a CAL.
Q2 – If I have guests that come into my office an temporarily use a Windows DHCP server to grab an IP address to access the Internet, do they need CALs? I guess the takeaway is to never use a Windows DHCP server?
A2 – Yes, they are using a Windows Server service and would need a CAL.
ASKER
Thank you all. I understand a lot more now. Sorry I took us beyond the original question, but it was a valuable side discussion about CALs, so I hope others happen on it in the future.
@mansrock:
Thank you for the link. I had found the original article somewhere, but not the Q&A that followed.
Some "interesting" observations from that link:
Q3 seems to be the most inclusive:
(for any reason – to get an IP address, to access a file, to authenticate to AD, to access an application of any type on the Windows Server, etc.)
Q1 doesn't seem consistent:
Q1 – If I have a printer that uses an IP address assigned by a router, but the drivers are deployed via a GPO…does that need a CAL?
A1 – Yes, any Windows Server access requires a Windows Server CAL. In this scenario, the printers are connecting to, and receiving benefit of, Windows Server. However, if all users who access or use that printer already have a user CAL – then you’re covered and will not need additional device CALs for the printer.
The printer needs a CAL, so there must be some specific access it is doing with the Server to require that. But.... if all the users who access the printer have CALs, then it doesn't?
Here's why it is confusing to me: if I have a server, printer, and workstations with CALs, whatever access the printer does to the Server is somehow covered by the CALs on the workstations. But if I add a workstation with a static IP and external DNS that has nothing to do with the server (other than sharing the same switches and router) and have it print directly to the printer by IP address with drivers downloaded and installed from the internet, now I need to add a CAL for the printer?
I could make it even more confusing by asking what happens if I add a peer-to-peer WiFi connection from the isolated workstation to the printer.........
Thank you for the link. I had found the original article somewhere, but not the Q&A that followed.
Some "interesting" observations from that link:
Q3 seems to be the most inclusive:
(for any reason – to get an IP address, to access a file, to authenticate to AD, to access an application of any type on the Windows Server, etc.)
Q1 doesn't seem consistent:
Q1 – If I have a printer that uses an IP address assigned by a router, but the drivers are deployed via a GPO…does that need a CAL?
A1 – Yes, any Windows Server access requires a Windows Server CAL. In this scenario, the printers are connecting to, and receiving benefit of, Windows Server. However, if all users who access or use that printer already have a user CAL – then you’re covered and will not need additional device CALs for the printer.
The printer needs a CAL, so there must be some specific access it is doing with the Server to require that. But.... if all the users who access the printer have CALs, then it doesn't?
Here's why it is confusing to me: if I have a server, printer, and workstations with CALs, whatever access the printer does to the Server is somehow covered by the CALs on the workstations. But if I add a workstation with a static IP and external DNS that has nothing to do with the server (other than sharing the same switches and router) and have it print directly to the printer by IP address with drivers downloaded and installed from the internet, now I need to add a CAL for the printer?
I could make it even more confusing by asking what happens if I add a peer-to-peer WiFi connection from the isolated workstation to the printer.........
ASKER
It seems from some of the comments that this is even optional. Is it? How so? How do the DNS server addresses get factored in for use by domain clients?