Accessing domains in the LAN

  • Thread starter Thread starter Fran
  • Start date Start date
F

Fran

I'm sure this is simple but I'm stumped

I have 3 subnets
DomainA on 192.168.20.xx
DomainB on 192.168.30.xx
DomainC on 192.168.50.xx

DomainA is a Windows 2003 AD domain
Domains B and C are Windows 2000 AD domains

I have RRAS installed on all 3 servers and I can ping addresses
between the servers so I know that routing is working.

I cannot find by name, though (DNS is not resolving across the
domains.) e.g. I can ping 192.168.20.10 (the server) and .105 (a
workstation) from 192.168.30.xx and vice versa.

How can I share resources between the domains and access them?
 
Name Resolution. How is your network resolving Names?
Where are your Local AD aware DNS servers? Do you use WINS, HOSTS, LMHOSTS?
Do all the WSs use the same internal/local Name Resolution method (i.e.
DNS)?
If you're using your ISPs DNS then this is your problem. Your ISP does not
know your network setup.
 
These are all Active Directory servers (and all 3 use their own DNS
services.)

They are all on internal networking hardware and are in the same
building.

-Fran-
 
Then set each DNS Server as a secondary for the other DNS Servers. So that
each DNS server has a Primary Zone (for own subnet) and Two Secondary Zones
(one for each of the other subnets).
Then each subnet will have a list of resources on the other subnets. And you
will also have backup copies of all your DNS Zones should something fail.
 
Each server has as its primary DNS server, itself. Secondary servers
are both of the other DC's addresses.

I still cannot access the resources of the other domains

(e.g. if, on Domain b I can ping an address on DomainA but if I try to
ping the server by name I get an "Unknown Host" error message.)

I'm sure it's a DNS issue but I don't know how to resolve it :(

<Fran>
 
Try using "nslookup" by IP and Name (full network name, such as
"server34.myinternal.domain.com" and NetBIOS Name, such as "server34"). Note
which DNS server you Query and also try to connect to the other two and
Query them.
Also check the Secondary Zones on the Primary DNS servers, do they list all
the data from their primary, i.e. has the Zone actually replicated to the
other DNS servers.
Basically you want to test each DNS server and compare responses and try to
track down where things hang.

Oh wait I just re-read your response. I am not talking about which DNS
server your machines Query (TCP properties). I am talking about the DNS
SERVERs that are responsible for your Domain Name Resolution. Do not confuse
this with your ISPs DNS servers.
NOT THE SAME.
For AD to Work You Must have Your OWN Windows DNS SERVERs.
You said/suggested that each Subnet had it's own Authorities DNS server.
These are what you need to check.

Each Windows AD domain will/should have a Primary DNS Server that holds a
Master Copy of all the Zone Info, this will be one of Your Machines on the
same piece of wire as your other machines. Meaning your TCP settings should
list a DNS server on Your Network with a Private IP not a Public IP
(Internet DNS).

Again use "nslookup" which DNS server do you connect too. One inside your
office or one outside? If outside your Office, how is it supposes to know
which resources you have and what they 're named?
 
AD requires DNS to work. That's why each domain has its own DNS server
and yes, I have the other DNS servers set up as secondary DNS servers
in the TCP/IP settings on the LAN (not internet)

I'll try the NSLookup thing and see where that gets me.

Thanks for taking the time to assist!

<Fran>
 
We have our wires crossed.
When I say Secondary DNS I do NOT mean the TCP settings.
I mean on the DNS Servers, in DNS Manager (Start/Programs/Administrative
Tools/DNS).
Create NEW Secondary Forward Lookup DNS Zones. So that Each DNS Server has
copies of All your DNS Zones Files.
If you can not replicate the Zones from the master, then you have to track
down why your DNS Servers will not talk to each other. Such as Firewalls or
Routers between the Subnets.
 
I have DNS zones set up on all the DNS servers for each domain. I can
connect to resources on Domain B from Domain A but when I try to
connect to Domain A from Domain B (reverse) I get a "Unable to
connect. No Logon Servers Available."

I think I'm getting closer but I'm lost here.

Thanks for any insight

-Fran-
 
I would then check the DNS Zones on Domain B to see that there is a current
copy of the Zone files from Domain A.
in particular "_msdcs/pdc/_tcp" as this is where the PDC for the domain will
be listed.
Also do you have routers between the Subnets that might be blocking certain
ports?
 
Back
Top