DNS Domain Controller Unable to Find/Join

[shade73]

Hey all, I'm in desperate need of help.
Here is the scenario, I go to DCPromo and create a new forest (example: blah.yep.org). Let's say the FQDN is SERV1.blah.yep.org. It says that it finds a DNS server running on my computer (correct) and installs.

Afterwards I go to server2 and goto network ID and change it to join the domain blah.yep.org. It then tells me that it can't find that domain. The same thing it tells me when I try to supply network credentials in dcpromo.

The DNS on SERV1 is pointing to itself and nothing for alt. the 3 boxes are checked on the 2nd tab (per MS Support website). the DNS forward lookup zone was created blah.yep.org.

The DNS on SERV2 is pointing to itself and nothing for ALT. 3 Boxes r also checked. No forward lookup zone was created.
I tried creating the forward look of blah.yep.org and forward it to SERV1's IP (that didn't work either, it prompted me for login and then immediately said it was unavailable).

I'm trying to setup
SERV1 = PDC (DNS Active Dir Replication)
SERV2 = DC (DNS Active Directory Replication)
SERV3 = member server (no DNS or AD)
SERV4 = member server (no DNS or AD)

if anyone can point me at some sites or tell me the answer to this it would be great! I suspect I have a problem with DNS, but I can't figure out what the problem is.

Thanks!

 

[PScottC]

All DC's after the first should point at the first for Primary DNS, even if you are going to install DNS locally on the box. This prevents the "DNS Island" issue discussed in MS KB article 275278

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[shade73]

Ok, I Did that (I actually had it like that and I was told that it was wrong). Still when I try to join the domain with "yep.blah.org" as the domain name & the login credentials I get "The server cannot perform the requested operation." The computer isn't in AD as of yet.

If i change the name of the computer when trying to join the domain it will allow me to join, but then error out on the name change and say The server cannot perform the requested operation. However, then when I try to run DCPROMO I get an error when starting LDAP, and it won't let me log on to the domain on that computer "As the BLAH domain cannot be located

 

[PScottC]

Are all the DCs the the same basic version of the OS (2000 or 2003)?

Is there a firewall or packet filter between the first DC and the new DCs?

If you're running 2003, is SP1 installed? If yes, is the Firewall enabled?

If you look in ADUC are there any other computers that have the same name as the new DCs?

Does the DC that you're connecting to point to itself for DNS resolution?

Does the DNS contain an AD Integrated zone that is the name of your domain? Does that zone have the _msdcs folder in it?

Does your first DC have multiple NICs? If yes, did you disable all the NICs that are not connected to your production network? If no to the second, disable all other NICs and run a "ipconfig /registerdns" command.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[shade73]

Are all the DCs the the same basic version of the OS (2000 or 2003)?
--Yes

Is there a firewall or packet filter between the first DC and the new DCs?
--No

If you're running 2003, is SP1 installed? If yes, is the
Firewall enabled?
--Yes, No

If you look in ADUC are there any other computers that have the same name as the new DCs?
--There was, but I deleted it (it had an X by it) and it still gives me the same error.

Does the DC that you're connecting to point to itself for DNS resolution?
--Yes

Does the DNS contain an AD Integrated zone that is the name of your domain? Does that zone have the _msdcs folder in it?
--Yes it's integrated & contains the name of the domain I'm attempting to connect to (blah.yep.org) .. there however is no entry for (yep.org). Yes it has a folder in it called _msdcs

Does your first DC have multiple NICs? If yes, did you disable all the NICs that are not connected to your production network? If no to the second, disable all other NICs and run a "ipconfig /registerdns" command.
-- Both servers have multiple NIC's plus a Loopback adapter with each server having the same IP (for load balancing). The Primary NIC is showing up while the secondary NIC on both servers is showing a status of Unplugged. I disabled & ran ipconfig /registerdns. I received the when trying to join through network ID "Target Account name is incorrect" and when running DCpromo & supplying network credentials I received "Unable to locate RPC server." So I enabled the 2nd NIC back and did another ipconfig /registerdns


thanks for responding so quickly!

 

[PScottC]

Check the "A" and "NS" records in the AD integrated zone. I have seen problems when secondary NICs register thier IP addresses in DNS. When other systems attempt to connect, they try to attach to non-existent IP's, especially 169.254.x.y addresses (these are MS automatic IP's).

You mentioned something about load balancing. How does that relate to your DC?

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[shade73]

You're right, one of the A Records is registered as the AP ip of 169.254.x.y. The NS Records however show let's say 10.10.10.192, 10.10.10.184, 10.10.10.183. So what's the easiest way to fix that?

Well, The server company set up load balancing (which is out of the scope of what I know at this point). Both SERV1 & SERV2 Have a Local Area Connection with an ip of 10.10.10.192.

On SERV1(PDC) the other active connection is called "Primary NIC" and contains the IP's 10.10.10.183 & 10.10.10.184. When I look at the NS Records it shows them in this order, 10.10.10.192, 10.10.10.183, 10.10.184.

SERV2(DC) has LAC of 10.10.10.192, and the Primary NIC on that one shows 10.10.10.185 and 10.10.10.186. Note that this part was not set up by me, so I can't verify if it's right.

thanks for sticking with me on this, because there is no way I would be able to figure this out without some help

 

[PScottC]

Just shut down the NIC that is reporting the 169.254 address and manually delete the defective A record. Check the gc._msdcs.yourdomain.tld folder to make sure no defective addresses are listed as a GC. Manually delete any bad records.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers