Jason Murphy
asked on
DNS issue in child domain
Hi
I have a test setup which includes the following:
1 DC server 2012 in Parent domain - running DNS and DHCP - network 10.10.10.0/24
1 DC server 2012 in Child domain - running DNS and a separate DHCP scope 10.10.11.0/24
Parent domain is parent_test.local
Child domain is child_test.local
Clients on the child domain show the correct DNS suffix of child_test.local in IPCONFIG - however, if I hover over the network connection, or look in network and sharing centre, I see the connection listed as parent_test.local
Additionally, when I do a repadmin /syncall , I'm getting the error 'Replication error 8453 Replication access was denied' although if I go into AD sites and services and choose replicate from or to this DC, it doesn't give me any errors
Are the two related?
Thanks
Jason
I have a test setup which includes the following:
1 DC server 2012 in Parent domain - running DNS and DHCP - network 10.10.10.0/24
1 DC server 2012 in Child domain - running DNS and a separate DHCP scope 10.10.11.0/24
Parent domain is parent_test.local
Child domain is child_test.local
Clients on the child domain show the correct DNS suffix of child_test.local in IPCONFIG - however, if I hover over the network connection, or look in network and sharing centre, I see the connection listed as parent_test.local
Additionally, when I do a repadmin /syncall , I'm getting the error 'Replication error 8453 Replication access was denied' although if I go into AD sites and services and choose replicate from or to this DC, it doesn't give me any errors
Are the two related?
Thanks
Jason
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Actually I think this is expected behaviour - I just checked our Production environment and hopped onto our USA (child) domain VC to check some clients over there and I see the same - primary DNS is of the child domain, I see the client is authenticated to the DC in the child domain, yet the connection in network and sharing centre says its the parent domain
The only issue I now have to resolve is the security database trust relationship error with one of my child domain clients
Thanks
The only issue I now have to resolve is the security database trust relationship error with one of my child domain clients
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi
Thanks
I've tried rejoining machine to domain which hasn't worked
I deleted computer object in AD in both parent and child domain to see if that made a difference but I'm still not able to log in from my domain admin account to the client, still receiving the workstation trust error
Interestingly I also get the error 'Changing the Primary Domain DNS name of this computer to "" failed.' when adding the client to the child domain and have gone through the steps listed here with no change - although if I cancel the error message the client has actually joined the domain - https://support.microsoft.com/en-gb/help/2018583/windows-7-or-windows-server-2008-r2-domain-join-displays-error-changin
Jason
Thanks
I've tried rejoining machine to domain which hasn't worked
I deleted computer object in AD in both parent and child domain to see if that made a difference but I'm still not able to log in from my domain admin account to the client, still receiving the workstation trust error
Interestingly I also get the error 'Changing the Primary Domain DNS name of this computer to "" failed.' when adding the client to the child domain and have gone through the steps listed here with no change - although if I cancel the error message the client has actually joined the domain - https://support.microsoft.com/en-gb/help/2018583/windows-7-or-windows-server-2008-r2-domain-join-displays-error-changin
Jason
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
will continue to troubleshoot client/domain issue but main question regards DNS in child domain is answered
ASKER
I see Primary and connection specific is correct for the child domain
I realised that I didn't have my subnets in AD Sites and Services - I also had both Parent and Child DC in the same default site - so I added a new site and added my subnets to their respective sites (and added my parent and child DC's to their correct sites also)
I ran nltest /DSGETDC: on one of the clients on my child domain and I see now it is getting authenticated by the correct DC which I realised wasn't happening before
I now have "the security database on the server does not have a computer account for this workstation trust relationship" on one of my clients when I realised it was on the wrong domain and put in a workgroup and added it to the child domain
I noticed in the computer object attributes that DNS was missing which I've added but that hasn't fixed the security database issue, so things have moved away from my intial query!
Jason