still cannot find domain

[bill s via WinServerKB.com]

you guys gave me some clues for DNS troubleshoot. however my server crashed
before I could try anything. Luckily I was configuring a backup because the
old one showed me the "blue screen" a few days ago.
I set up another DC on a 4 port router beforehand. I had no problem joining
its domain. I then swapped the DC's, went to the computer(s) that i had joind
to it on the 4 port router but when on the network switches the SAME DC and
the SAME PC would not join. I still get "cannot find domain controller.'
Switches giving me a problem??
I can ping IP Ok.
I can ping server by name Ok.
I ended up putting all in workgroups with default DNS server so we can have
functionality.
What's driving me nuts here....any ideas??/
Does anyone else find that AD, when implementing, seems to configure DNS no
two same ways each time??? The first time I has the "." file in my forward
zone...the second shot did not have the "." zone but did not load the other 4
files and there was no A file pointing to the server. I'll let ya know how AD
loads it next time. I am going to keep all in a workgroup and do this 100
times if I have too.
Cheers

 

[Kevin D. Goodknecht Sr. [MVP]]

In

you guys gave me some clues for DNS troubleshoot. however my server
crashed before I could try anything. Luckily I was configuring a
backup because the old one showed me the "blue screen" a few days ago.
I set up another DC on a 4 port router beforehand. I had no problem
joining its domain. I then swapped the DC's, went to the computer(s)
that i had joind to it on the 4 port router but when on the network
switches the SAME DC and the SAME PC would not join. I still get
"cannot find domain controller.' Switches giving me a problem??
I can ping IP Ok.
I can ping server by name Ok.
I ended up putting all in workgroups with default DNS server so we
can have functionality.
What's driving me nuts here....any ideas??/
Does anyone else find that AD, when implementing, seems to configure
DNS no two same ways each time??? The first time I has the "." file
in my forward zone...the second shot did not have the "." zone but
did not load the other 4 files and there was no A file pointing to
the server. I'll let ya know how AD loads it next time. I am going to
keep all in a workgroup and do this 100 times if I have too.
Cheers

When you run DCPROMO, if DNS cannot contact the Root Servers it will create
a Root "." zone. If it can contact the Root Servers it will not create the
root zone.

That said, when you created the second DC did you promote it as a replica of
the first DC?
-or-
Did you run DCPromo using the same domain name?
If you answer yes to the second question you just created to different
domains with the same name and there will be no relationship between the two
domains. The members of one domain won't recognize the other domain even
though the name is the same.

 

[bill s via WinServerKB.com]

you guys gave me some clues for DNS troubleshoot. however my server
crashed before I could try anything. Luckily I was configuring a

[quoted text clipped - 16 lines]

keep all in a workgroup and do this 100 times if I have too.
Cheers

When you run DCPROMO, if DNS cannot contact the Root Servers it will create
a Root "." zone. If it can contact the Root Servers it will not create the
root zone.

That said, when you created the second DC did you promote it as a replica of
the first DC?
-or-
Did you run DCPromo using the same domain name?
If you answer yes to the second question you just created to different
domains with the same name and there will be no relationship between the two
domains. The members of one domain won't recognize the other domain even
though the name is the same.

Kevin............I first put all the PC's into a workgroup, then demoted the
DC and swapped out with another AND with a different domain name. Then when
I went to join the PCs to the domain they could not find the DC

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Kevin............I first put all the PC's into a workgroup, then
demoted the DC and swapped out with another AND with a different
domain name. Then when I went to join the PCs to the domain they
could not find the DC

OK, is the DC using its own address for DNS?
Is the Domain a multi-label name such as domain.com?
Is there a zone with dynamic updates allowed in the local DNS for this
domain name?
Does the Primary DNS suffix on the DC match exactly the domain name?

If all the answers above are true, restart the netlogon service, run netdiag
/fix and dcdiag /fix.

Then post the results from netdiag /test:dns /v

 

[bill s via WinServerKB.com]

OK, is the DC using its own address for DNS?
Is the Domain a multi-label name such as domain.com?
Is there a zone with dynamic updates allowed in the local DNS for this
domain name?
Does the Primary DNS suffix on the DC match exactly the domain name?

If all the answers above are true, restart the netlogon service, run netdiag
/fix and dcdiag /fix.

Kevin.......the DC crashed by the time I could get back to it. I am now
setting up a DC on a practice domain through a 4 port router. In the mean
time I set all PC's in a workgroup just to have functionality.
My first shot today and I still could not join the domain. I got the window
that requests authorized user to join the domain but it comes back and says
"domain name not found".
It has got to be the way AD is setting up DNS. I understand there are certain
files needed in the the forward zone and it appeared I had all but an "A"
file. Is this not the address file the DC refers to? Also...if clients are to
have a DNS IP in their tcp/ip listed should it not always be the DC IP? I am
not looking to host DNS for web use, I want to rely on an external DNS for
outside resolution. Should this be set up in the forward zone on the DC too?

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Kevin.......the DC crashed by the time I could get back to it. I am
now setting up a DC on a practice domain through a 4 port router. In
the mean time I set all PC's in a workgroup just to have
functionality.
My first shot today and I still could not join the domain. I got the
window that requests authorized user to join the domain but it comes
back and says "domain name not found".
It has got to be the way AD is setting up DNS. I understand there are
certain files needed in the the forward zone and it appeared I had
all but an "A" file. Is this not the address file the DC refers to?
Also...if clients are to have a DNS IP in their tcp/ip listed should
it not always be the DC IP? I am not looking to host DNS for web use,
I want to rely on an external DNS for outside resolution. Should this
be set up in the forward zone on the DC too?

Can you post the ipconfig /all (unedited) from the DC?

The DC should use only its own address for the DNS server's address in all
NICs. No ISP or external DNS allowed on any interface of any member of an AD
domain, period.

 

[bill s via WinServerKB.com]

Kevin.......the DC crashed by the time I could get back to it. I am
now setting up a DC on a practice domain through a 4 port router. In

[quoted text clipped - 10 lines]

I want to rely on an external DNS for outside resolution. Should this
be set up in the forward zone on the DC too?

Can you post the ipconfig /all (unedited) from the DC?

The DC should use only its own address for the DNS server's address in all
NICs. No ISP or external DNS allowed on any interface of any member of an AD
domain, period.

kevin....I now understand that golden rule. I tried setting a clinet or two
to an external DNS and that's what crashed AD. However...should I not have an
external DNS added to the forwarder??? I understand the server will then
forward any unresolved requests to the external DNS. I didn't do this before
and we were having problems findind MSN.com. It was intermittent and ALL
other sites could be found.
Thanks

 

[Kevin D. Goodknecht Sr. [MVP]]

In

kevin....I now understand that golden rule. I tried setting a clinet
or two to an external DNS and that's what crashed AD.
However...should I not have an external DNS added to the forwarder???
I understand the server will then forward any unresolved requests to
the external DNS. I didn't do this before and we were having problems
findind MSN.com. It was intermittent and ALL other sites could be
found.

Yes, you probably should enable a forwarder.

One more thing I should point out, if this is Win2k3 and you are behind a
Pix or similar firewall that blocks UDP packets over 512 bytes, you will
need to change the firewall rules to allow these packets or disable EDNS on
the DNS server.

Frequently asked questions about Windows 2000 DNS and Windows Server 2003
DNS
http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202&sd=RMVP

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036&sd=RMVP

323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;323380&sd=RMVP

828263 - DNS query responses do not travel through a firewall in Windows
Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;828263&sd=RMVP

 

[bill s via WinServerKB.com]

kevin....I now understand that golden rule. I tried setting a clinet
or two to an external DNS and that's what crashed AD.

[quoted text clipped - 3 lines]

findind MSN.com. It was intermittent and ALL other sites could be
found.

Yes, you probably should enable a forwarder.

One more thing I should point out, if this is Win2k3 and you are behind a
Pix or similar firewall that blocks UDP packets over 512 bytes, you will
need to change the firewall rules to allow these packets or disable EDNS on
the DNS server.
Kevin

Hope you read this. The computer I was trying to join to the domain had an
EXPIRED copy of NORTON Internet security on it. Someone suggested removing
the program completely. I did and the PC happily joined the domain. Well, I
have to say I learned a hell of a lot trying to solve this. Unreal.
Cheers.....and thanks
Bill