Cannot Join Domain from sites 2 or 3, even with DC on site.

[HopnDude]

Site 1
10.10.10.X > everythings fine
10.10.10.X > backup server for site one, everythings fine

Site 2
10.20.20.X > no DC on location yet

Site 3
10.30.30.X > currently at location with DC setup

I get an error when trying to run nslookup and this is what I get;
can't find server name for address 10.30.30.X non-existant domain
can't find server name for address 10.10.10.X non-existant domain
default server blah.blah.more.net
address X.X.X.X (for ^)

I get the following error for sites 2 and 3.
_____________________________________________________________________________________
The domain name JEFFCOLIB might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain JEFFCOLIB:

The query was for the SRV record for _ldap._tcp.dc._msdcs.(mydomain)

The following domain controllers were identified by the query:

adsvr00.(mydomain)
adsvr01.(mydomain)
adsvr03.(mydomain)

Common causes of this error include:

- Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.
____________________________________________________________________________________

Now a few quick side notes. I haven't been able to mess with the switches/routers yet to see what ports have been enabled or disabled, forwards, etc.

Any help would be greatly appreciated!

 

[ShackDaddy]

In Site 3, what is DHCP providing for DNS servers? It should be providing the IP for the Site 3 DC and then the IP for the Site 1 DC. When you go to the cmd-line on the Site 3 DC and run "repadmin /showreps" what do you get? I would want to verify that you have good replication between Site 1 and Site 3. If you don't, then the DC at Site 3 won't have the DNS zone for the domain loaded, and that would explain what you are seeing.

Dave Shackelford
ThirdTier.net
TrainSignal.com

 

[HopnDude]

Sorry.

I'm way past this issue. I fixed it. I created a Domain Tree Root (X.10.10.10)/Domain Tree (X.10.10.11)/Location 2 Domain Tree (X.20.20.12)/Location 3 Domain Tree (X.30.30.13).

The firewall didn't have entries to allow a Domain to be on a another IP range.

I made 1 main and 3 tree servers for each location. Fixed the firewall, and set the DNS's accordingly.

Problem solved!

Now I have to see why my Mandatory profile isn't working right. I set all .DAT to .MAN on the NTuser profiles for all the local machines for the public access machines. For some reason, they aren't taking.

I went into AD, and to the 3 user profiles (used for a group of PC's per location). I copied a newly created/changed NTuser.MAN profile to a folder on the server, and had all 3 profiles look to that folder for it's mandatory profile.
\\SERVER\Public Profile\NTuser.MAN

Should fix that issue. But I'm actually almost done with the domain migration to the new servers I setup.

Sorry for the long time between post, I've been dorking with the Debian Firewall settings. And this 3rd party software we have. I'm kind of a one man show right now working on about 140 computers. My boss knows maybe a hand full of what I do, and I don't have a part timer. I'm also still working on my AS degree doing the job of a seasoned BS degree Net Admin. So I'm holding my own! Aside from what I'm learning in school at Vatterott, I'm doing studies for other stuff that I have going on at work outside of school.

Thanks for the reply though!