Restoring Active Directory domain

  • Thread starter Thread starter Joe Befumo
  • Start date Start date
Yup -- everything's working! Thanks.

Joe

"Jorge de Almeida Pinto [MVP]"
are you saying it worked? great! congrats!

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
Joe Befumo said:
YES!
IPCONFIG /REGISTERDNS
NET STOP NETLOGON
NET START NETLOGON

did it. Thanks for ALL the patience and advice. This has definitely been
a learning experience.

Joe


"Jorge de Almeida Pinto [MVP]"
why not point your DNS server (in the forwarding TAB) to the ISP instead
of the firewall?

Can't find server for address 192.168.0.11: Non-existent domain
Address: 192.168.0.11

this error occurs because you do not have a reverse lookup zone. not
that important. you can ignore it or you can create a reverse lookup
zone if you want to.

Do you have a ._msdcs.befumo.com DNS ZONE or does a _MSDCS subdomain
exist within the befumo.com DNS ZONE???

Is dynamic DNS enabled on the zones? Make sure it is!

from the command prompt run:
IPCONFIG /REGISTERDNS
NET STOP NETLOGON
NET START NETLOGON



--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
Okay,

DC is a DNS server

I've confirmed that the DC is a global catalog server.

I seized all of the FSMO Roles

Dns forward-lookup zone is named exactly what my domain is named.

In my TCP/IP setup, the "Use the following IP address is checked, and
the static IP 192.168.0.11 is entered.

Default gateway points to my firewall/router

The "Use the following DNS server addresses" is checked

The Preferred DNS Server is pointed to 192.168.0.11 (the system's own
IP).

All of my workstations and the rebuilt/renamed server point to
192.168.0.11 as the Preferred DNS server.

In the "Administrative Tools | DNS" snap-in, I right-click on the
server's name, and select "Properties".

On the "Forwarders" tab, I have under DNS Domain: "All other DNS
Domains", and below that Under "Selected domain's forwarder IP_Address
List, I have the address of my firewall|Router (which, in turn, points
to my ISP's two DNS addresses.)

Now, my limited understanding of DNS is that the DNS server on my
machine (192.168.0.11) should first try to resolve any requests for
resources within its zones, and then, if it can't resolve a request,
forwards it to the machine(s) listed in the forwarders list

The "Do not use recursion for this domain" check box is unchecked.

nslookup still fails with the following error:

Can't find server for address 192.168.0.11: Non-existent domain
Address: 192.168.0.11

The following error occurred when DNS was queried for the service
location (SRV) resource record used to locate a domain controller for
domain befumo.com:

Now, back on the new server, I run the Active Directory Installation
wizard. For Domain Controller Type, I spelect "Additional domain
controller for an existing domain."

When the Network Credentials dialog comes up, it is already populated
with the domain name, so it would seem that SOME part of the system
knows about the server. (Also, I log into the domain on the new server,
and it recognizes all of the domain shares, etc.)

I enter user name "administrator" and the administrator's password.

When I press "Next," I get the following:

An active Directory Domain controller for the domain [mydomain].com
could not be contacted. Ensure that the DNS domain name is typed
correctly.

When I expand the Details, they contain the following:


The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.befumo.com

Common causes of this error include the following:

- The DNS SRV records required to locate a domain controller for the
domain are not registered in DNS. These records are registered with a
DNS server automatically when a domain controller is added to a domain.
They are updated by the domain controller at set intervals. This
computer is configured to use DNS servers with following IP addresses:

192.168.0.11

- One or more of the following zones do not include delegation to its
child zone:

befumo.com
com
. (the root zone)

For information about correcting this problem, click Help.

One thing that has changed at this point, however, is that now when I
ping the DNS server by name, I get a reply from it's internal IP -
before I was getting replies from my EXTERNAL ip address.

Have I done anything obviously amiss?

I'm surmising that the The DNS SRV records may be the key to my
problem.
 
Back
Top