What type of dns zone do you have? Is it AD-integrated or standard
primary?
If you chose standard primary zone, right-click on the zone name (which
should match the domain name) under the Forward Lookup Zones in dns and
choose Properties. Change the setting "Allow Dynamic Updates" from No to
Yes.
Go back through kb 260371 and ensure you've followed those steps and the
information is correct as well as kb 310568 - check for incorrect entries.
If you still cannot determine the problem provide the following information:
1. Right-click My Computer, Properties, Network Identification:
What is the full computer name?
What is the domain name?
If these do not match, you have what we call a disjointed namespace and
need to fix that.
257623 Domain Controller's Domain Name System Suffix Does Not Match Domain
Name
http://support.microsoft.com/?id=257623
2. Right-click My Network Places, Properties.
How many network cards are installed? If only one, click on the Local Area
Connection for it, choose Properties and double-click TCPIP.
What is the static ip address of the DC?
What is the preferred dns server address?
Is there an alternate dns server address?
Click the Advanced button, DNS tab.
What ip addresses are listed here?
What is selected in the remaining boxes?
Both the preferred and alternate dns server addresses should be for
internal dns servers only, they should NOT point to external dns servers
like your ISP. There should also be a check mark in "Register this
connections addresses in dns".
3. Open DNS Manager and navigate to the forward lookup zone.
Is the name of the zone the same as the domain name?
Is Allow Dynamic Updates set to Yes or Only Secure Updates (if this is an
AD-integrated zone)?
Is there an A or Host record for the DC in dns with the correct ip address?
Is there a cname or alias record for the DC in dns in the _msdcs folder?
Is there a dot (.) zone within dns? If so, delete this as this tells the
machine it is the root of the Internet.
David Pharr, (e-mail address removed)
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Pete Letkeman" <
[email protected]>
| References: <
[email protected]>
<
[email protected]>
<
[email protected]>
<
[email protected]>
| Subject: Re: WinNT 4 upgrade to Windows 2000
| Date: Thu, 20 Nov 2003 08:54:40 -0500
| Lines: 191
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <
[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: nebula.ebtech.net 206.186.35.85
| Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
phx.gbl!TK2MSFTNGP12.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:56530
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| It appears that this is the problem:
| 310568 Domain Subfolders Missing from Forward Lookup Zone
|
http://support.microsoft.com/?id=310568
|
| But I have tried what is recommended in the article listed above and still
| have the same problem. I tried it on the system what was a WinNT PDC and
it
| now a Windows 2000 Server.
|
|
| | > In the dns manager (Start, Programs, Administrative Tools, DNS) if you
| > expand down to the Forward Lookup Zones you should see the dns zone name
| > (which should match the domain name) and beneath that is where you will
| see
| > the 4 subfolders.
| >
| > These two articles should prove useful to you on this issue:
| >
| > 237675 Setting Up the Domain Name System for Active Directory
| >
http://support.microsoft.com/?id=237675
| >
| > 310568 Domain Subfolders Missing from Forward Lookup Zone
| >
http://support.microsoft.com/?id=310568
| >
| > David Pharr, (e-mail address removed)
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| > --------------------
| > | From: "Pete Letkeman" <
[email protected]>
| > | References: <
[email protected]>
| > <
[email protected]>
| > | Subject: Re: WinNT 4 upgrade to Windows 2000
| > | Date: Tue, 18 Nov 2003 10:39:10 -0500
| > | Lines: 111
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | Message-ID: <
[email protected]>
| > | Newsgroups: microsoft.public.win2000.active_directory
| > | NNTP-Posting-Host: nebula.ebtech.net 206.186.35.85
| > | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
| > | Xref: cpmsftngxa06.phx.gbl
| microsoft.public.win2000.active_directory:56621
| > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > |
| > | I have tried all that you have suggested, but I do not know where I
| should
| > | find the four folders " then stop/re-start the netlogon service or
| reboot
| > | which will build the srv records (those 4 _ folders under your zone).
| > You
| > | should see those 4 folders under your domain if it is working right."
I
| > have
| > | restarted the server which should create the needed folders
| > |
| > |
| > | | > | > My guess would be that it is not getting the proper dns records
| > indicating
| > | > that we have an AD domain (ie, it can't find the SRV records it
needs
| > for
| > | > Phoenix)
| > | > Try this - install dns on Phoenix and point it to Only itself for
dns
| > (you
| > | > can do properties on Phoenix and go to the Forwarders tab to set up
| > | > forwarders to go to both of your Linus dns servers). Create a new
| > Forward
| > | > lookup zone with your dns domain name (you can look in system
| > | > properties\network ID on the domain name line to be sure what it
is),
| > and
| > | if
| > | > using standard primary set the "allow dynamic updates" to Yes (AD
| > | > intergrated will auto use allow secure only which is ok), then
| > | stop/re-start
| > | > the netlogon service or reboot which will build the srv records
(those
| > 4 _
| > | > folders under your zone). You should see those 4 folders under your
| > | domain
| > | > if it is working right.
| > | > point the NT4 box to only it for dns (if no dns be sure that it has
| good
| > | > netbios resolution for the 1B record with wins, lmhosts, etc)
| > | >
| > | > If you want to use the Linux boxes for dns that's fine, but would
| > | recommend
| > | > that you use the win2k DC for domain dns registration and let it
| forward
| > | > anything it doesn't know about to the Linux boxes etc. This type of
| > | > situation is not uncommon, and usually seen when servers are unable
to
| > | > promote, browse, join domain, etc because they can't find the proper
| dns
| > | > records for whatever reason. It would alos be recommended not to
have
| > | them
| > | > point to both the win2k dns and Linux as alternate if they are
having
| > | > problems, but only to the 2k server. Let it do the domain
resolution
| > and
| > | > forward to Linux anything it doesn't know about (ie, anything
outside
| of
| > | the
| > | > dns domain name).
| > | > If dns is working right, you should be able to ping your domain name
| > | > (mydomainname.<com, local, net, etc>)and get a reply along with
| > | > <machinename>.<domainname>.
| > | >
| > | > I don't know what, or what not, the Linux dns servers have
registered
| > etc,
| > | > but if you let the 2k box run dns for the domain, and point all
| clients
| > at
| > | > it, I believe you'll see things start working.
| > | >
| > | > --
| > | > David Brandt
| > | > Microsoft Corporation
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | rights.
| > | > Please do not send e-mail directly to this alias. This alias is for
| > | > newsgroup purposes only.
| > | > | > | > > Earlier this year I upgraded my Windows NT 4 PDC to Windows 2000
| with
| > | > Active
| > | > > Directory. I am trying once again to setup an other Windows 2000
| > system
| > | > with
| > | > > Active Directory. In my latest attempt I upgraded a Windows NT 4
BDC
| > to
| > | > > Windows 2000 hoping that Windows 2000 would upgrade the BDC and it
| > would
| > | > > have the correct Active Directory settings. This did not work, and
| the
| > | new
| > | > > Windows 2000 server is now has a dialog stating
| > | > > "Specify wheather this server will be a domain controller or a
| member
| > | > server
| > | > > in the domain."
| > | > >
| > | > > With the following options:
| > | > > "Leave as a member server"
| > | > > "Make a domain controller"
| > | > >
| > | > > When I choose "Make a domain controller" I get a dialog saying
| > | > > "The primary domain controller of the domain to which the computer
| > | belongs
| > | > > has not been converted to an Active Directory domain controller.
You
| > | must
| > | > > conver the primary domain controller before you can install
| additional
| > | > > domain controllers for that domain."
| > | > >
| > | > > Here is my setup:
| > | > > One Windows 2000 Active Domain Controller (an upgraded system from
| > WinNT
| > | 4
| > | > > PDC Server) with DNS (named PHOENIX)
| > | > > Two Windows 2000 Member servers (named MARS and APOLLO)
| > | > > Two Linux DNS servers (named ZEKE and SLEEPY)
| > | > > One Windows 2000 serever with the setup incomplete. (named TRITON)
| > | > >
| > | > > I have tried many times to make one of the Windows 2000 member
| servers
| > | use
| > | > > Active Directory but that does not seem to work either.
| > | > >
| > | > > What do I have to do to get MARS and APOLLO to handle the Active
| > | Directory
| > | > > tasks so I can remove PHONEIX and TRITON?
| > | > >
| > | > > Thanks for your help,
| > | > > Pete
| > | > >
| > | > > This message was orginally posted to
| > | > > microsoft.public.active.directory.interfaces
| > | > >
| > | > >
| > | >
| > | >
| > |
| > |
| > |
| >
| >
|
|
|
