D
davewall
Hello again and thanks for the reply-
To clarify, the "swing" server is a temporary server that was added to
the domain to facilitate the upgrading from NT4 to W2k3 Server. The
"swing" method involves adding an NT4 BDC, upgrading it to W2k3, then
removing it once the other servers have been upgraded. In my case ,
the "swing" server was the DNS as I was installing AD on the domain,
but now DNS is running on another server and the "swing" server is no
longer needed.
Anyway, I have followed your advice, and there is still a problem with
client workstations resolving internet names using the forwarders when
the old DNS (swing) is taken offline. All clients are pointing only to
the internal DNS, as assigned by the DHCP server. They can resolve
internally, but once the old DNS server is taken offline all external
resolution stops. The new DNS which is active can resolve externally
without problems when I ping from the server machine itself.
As a test, I also added a workstation to the network without joining it
to the domain, and it was able to use the new DNS correctly and resolve
external names.
This leads me to think that somewhere in the AD setup something is
still referring to the old DNS server, and when clients log on to the
domain they are still looking for that DNS because of Active Directory.
I have run DCDiag and Netdiag /fix successfully but I'm still having
the issue.
Where else can I look for settings that would correct this?
------------------------------------------------------------------------
Herb Martin Jan 28, 12:22 pm show options
Newsgroups: microsoft.public.win2000.dns
From: "Herb Martin" <[email protected]> - Find messages by this
author
Date: Fri, 28 Jan 2005 14:22:14 -0600
Local: Fri, Jan 28 2005 12:22 pm
Subject: Re: Remove DNS Server
Remove the "swing server" (whatever that means) address
from the CLIENTS, and add the ISP or other appropriate
DNS server(s) as the FORWARDER on your working DNS
servers (forwarders tab in server properties) as you seem to
have done....
Clients must point to the INTERNAL DNS server(s) only,
and the intneral DNS server should normally forward to
a DNS server (ISP or firewall/gateway) that can resolve
the Internet.
DNS for AD domains:
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domain (either directly or
indirectly)
Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:
nltest /dsregdns /server
C-ServerNameGoesHere
Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.
Single Lable domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
--
Herb Martin
- Hide quoted text -
- Show quoted text -
Reply
End of messages
watch this topic
To clarify, the "swing" server is a temporary server that was added to
the domain to facilitate the upgrading from NT4 to W2k3 Server. The
"swing" method involves adding an NT4 BDC, upgrading it to W2k3, then
removing it once the other servers have been upgraded. In my case ,
the "swing" server was the DNS as I was installing AD on the domain,
but now DNS is running on another server and the "swing" server is no
longer needed.
Anyway, I have followed your advice, and there is still a problem with
client workstations resolving internet names using the forwarders when
the old DNS (swing) is taken offline. All clients are pointing only to
the internal DNS, as assigned by the DHCP server. They can resolve
internally, but once the old DNS server is taken offline all external
resolution stops. The new DNS which is active can resolve externally
without problems when I ping from the server machine itself.
As a test, I also added a workstation to the network without joining it
to the domain, and it was able to use the new DNS correctly and resolve
external names.
This leads me to think that somewhere in the AD setup something is
still referring to the old DNS server, and when clients log on to the
domain they are still looking for that DNS because of Active Directory.
I have run DCDiag and Netdiag /fix successfully but I'm still having
the issue.
Where else can I look for settings that would correct this?
------------------------------------------------------------------------
Herb Martin Jan 28, 12:22 pm show options
Newsgroups: microsoft.public.win2000.dns
From: "Herb Martin" <[email protected]> - Find messages by this
author
Date: Fri, 28 Jan 2005 14:22:14 -0600
Local: Fri, Jan 28 2005 12:22 pm
Subject: Re: Remove DNS Server
Remove the "swing server" (whatever that means) address
from the CLIENTS, and add the ISP or other appropriate
DNS server(s) as the FORWARDER on your working DNS
servers (forwarders tab in server properties) as you seem to
have done....
Clients must point to the INTERNAL DNS server(s) only,
and the intneral DNS server should normally forward to
a DNS server (ISP or firewall/gateway) that can resolve
the Internet.
DNS for AD domains:
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domain (either directly or
indirectly)
Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:
nltest /dsregdns /server
C-ServerNameGoesHereEnsure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.
Single Lable domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
--
Herb Martin
- Hide quoted text -
- Show quoted text -
Reply
End of messages
watch this topic