DNS Help... newbie here 2

[cranebill]

I believe i am having DNS issues but am not for sure about this. So i tried to gather all the info i could to post this question.
I have a 2000 Advanced Server as a domain controller. This is set up as a new domain. I have 2 nic's installed. One for Interent... one for lan. ICS is enabled. I have set up OU's in the Active Directory and when i try to apply Group Policy settings to the OU i get this error:

Domain Controller not Found for Sample.com

The Domain Controller for Group Policy Operation is not available. You May cancel this operation for this session or retry using one of the following:

1. The one with the operations Master Token for the PDC emulator.

2. The one used by the active directory snap-ins

3. Use and available Domain Controller

(none of these work)

I have asked around these forums and everything seems to check out although it has been said i may have a DNS issue.

Right now i have one WorkStation (XP Pro) connected to the Domain . I have run nslookup and this WorkStation and this is what i recieve:


*** Can't find server name for address 192.168.0.1: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.0.1

This really doesnt make alot of sense to me since i am connected to the domain.

I also ran ipconfig on the server to determine ip configuration and this is what i have:
Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server
Primary DNS Suffix . . . . . . . : Sample.COM
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Sample.COM

Ethernet adapter Internet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : D-Link DFE-530TX+ PCI Adapter
Physical Address. . . . . . . . . : 00-50-BA-B5-99-71
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : X.X.X.X(These Values Provided by Internet Provider)
Subnet Mask . . . . . . . . . . . : X.X.X.X
Default Gateway . . . . . . . . . : X.X.X.X
DNS Servers . . . . . . . . . . . : X.X.X.X
X.X.X.X

Ethernet adapter Local Area Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NetServer 10/100TX PCI LAN Adapte
r
Physical Address. . . . . . . . . : 00-90-27-C3-F3-11
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : Same as DNS Above

Does this all seem right... or no?

Bill

 

[wbg34]

On the lan adapter ip config you need to make sure that the domain controllers ip address is listed as the primary dns server. To take care of the ns lookup problem you need to add a host entry (with your servers name and ip addy) to the reverse lookup folder for your domain. After doing this please post any results from the procedures that you did above.

 

[cranebill]

So i dont mess anything up....

On the lan adapter ip config you need to make sure that the domain controllers ip address is listed as the primary dns server.

Would this be 192.168.0.1 ( the Lan adapter ip)

and as far as the reverse lookup what is the proper way to enter this.. either by network ID or Reverse Lookup Zone name...

Like i said prior.. sorry i am a newbie at this and people are connected to this server as a file share temporarily and if they get disconnected so does my head lol

 

[cranebill]

Well i got the reverse lookup to work now the question is what about the rest......

This is what i changed...

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-1999.

C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server
Primary DNS Suffix . . . . . . . : SAMPLE.COM
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : SAMPLE.COM

Ethernet adapter Internet:

Connection-specific DNS Suffix . : SAMPLE.COM
Description . . . . . . . . . . . : D-Link DFE-530TX+ PCI Adapter
Physical Address. . . . . . . . . : 00-50-BA-B5-99-71
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : (Supplied by ISP)
Subnet Mask . . . . . . . . . . . : (Supplied by ISP)
Default Gateway . . . . . . . . . : (Supplied by ISP)
DNS Servers . . . . . . . . . . . : (Supplied by ISP)

Ethernet adapter Local Area Network:

Connection-specific DNS Suffix . : SAMPLE.COM
Description . . . . . . . . . . . : HP NetServer 10/100TX PCI LAN Adapte
r
Physical Address. . . . . . . . . : 00-90-27-C3-F3-11
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : (Ip of Internet Card)

Any Help appreciated

Bill

 

[MSMVP]

Bill,

Let me see if I have this straight - you are using the DNS of your ISP for your AD DNS? If not, where is your DNS for Active Directory? I don't see it listed above, and you'll need to point this at the server that has DNS - the DNS that has the records that were created when you promoted this server to a DC. These records are foundational and essential for the proper operation of AD. The GP, GUI tools, clients, will not be able to find AD.

Let's lay this out. If what I'm seeing is true, I'm not wild about it, but it's your server.

Server: 2 NICs, 1 internal at 192.168.0.1, 1 external on Internet with ISP provided addressing and DNS for external resolution.

DNS (we really only care about internal right now) is MIA. Assuming it's at 192.168.0.1, but this is not currently apparent.

Client DNS must point to the internal DNS. To resolve outside addresses, you should delete the '.' zone on the MIA DNS. Stop the DNS service, restart it and wait for the 'Forwarders' tab to show up under properties of the DNS server. On the forwarders, enter the addresses of the DNS servers provided by your ISP. Anything that cannot be resolved by your DNS will be shoved out to the forwarders and on to their configured DNS servers.

Go Start -> Settings -> Network and Dialup Connections, then highlight the external NIC. Select 'Advanced' from the menu at top of this window and satisfy yourself that NetBIOS and NetBEUI are shut off by unchecking both File and Print Sharing and the Microsoft Client from the external interface. Close that down and save it. If you've got a firewall, I'll let you determine if you want to do that last step or not.

I'll also assume that you have the internal DNS domain named the same as the external. It can be this way, and that's fine. It's known as a spli-brain DNS, but it needs to be isolated so that internal records hit the internal DNS and external records hit the external.

Look here for more (getting tired....)Great article by Mark Minasi:

http://msdn.microsoft.com/library/d...-us/dnw2kmag01/html/DNSandActiveDirectory.asp

Good luck! I'll flag this for notification and follow-up.




Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone -

http://www.microsoft.com/windowsxp/expertzone

 

[cranebill]

Believe me im not wild about it either and it is my server, well so to speak. Anyway let me ask this so as i may have a little more understanding. My server was supposedly set up as a DNS server when i made it into a domain controller. The clients, and even the server itself could not find sample.com when i was trying to apply a group policy to an OU. Here is ipconfig / all from a client that is actually connected to the domain.

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\BSCHUL~1.CRA>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Computer-14
Primary Dns Suffix . . . . . . . : SAMPLE.COM
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : SAMPLE.COM

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : SAMPLE.COM
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethe
rnet NIC
Physical Address. . . . . . . . . : 00-E0-18-D0-FE-91
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.135
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Lease Obtained. . . . . . . . . . : Monday, June 02, 2003 12:35:36 PM
Lease Expires . . . . . . . . . . : Monday, June 09, 2003 12:35:36 PM



Ok now if i understand correctly , which to be honest i probably dont, this line:

DNS Servers . . . . . . . . . . . : 192.168.0.1

shows that it is hitting my servers LAN nic as the DNS server. Is this what it should be.. or what should the DNS server address be? Im not sure.

Oh and Rick... i really appreciate you helping with this... you have no idea.

Thanx
Bill

 

[wbg34]

Bill,
Lets verify that dns is working properly on your DC. Go to a client and run nslookup. Use the following queries:
a client's name other than the one your using (computer-15).
your DC's name (servername1).

http://www.tucows.com.

please post the results of each of those.

 

[cranebill]

Ok im feeling pretty uneducated at this point... whats the proper syntax for these once im in nslookup?

Bill

 

[wbg34]

ok open a command prompt
type nslookup and hit return.
type

http://www.tucows.com

hit return
copy and paste results.
rinse and repeat using your servers name and do it one more time with a clients name.
edit any ip's for security's sake.

 

[cranebill]

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:>nslookup
Default Server: server.sample.com
Address: 192.168.0.1

>

http://www.tucows.com

Server: server.sample.com
Address: 192.168.0.1

Name:

http://www.tucows.com

Address: 216.40.32.30

> computer-7
Server: server.sample.com
Address: 192.168.0.1

*** server.sample.com can't find computer-7: Non-existent domain

> sample.com
Server: server.sample.com
Address: 192.168.0.1

Name: sample.com
Addresses: 192.168.0.1, x.x.x.x (Internet NIC IP)

> username(modified)
Server: server.sample.com
Address: 192.168.0.1

*** server.sample.com can't find username: Non-existent domain
> username.sample.com
Server: server.sample.com
Address: 192.168.0.1

*** server.sample.com can't find username.sample.com: Non-existent domain
> compueter-7.sample.com
Server: server.sample.com
Address: 192.168.0.1

*** server.sample.com can't find computer-7.sample.com: Non-existent domain
> computer-7.sample.com
Server: server.sample.com
Address: 192.168.0.1

*** server.sample.com can't find computer-7.sample.com: Non-existent domain
>

I made sure computer-7 and a valid user was logged into the domain.

Bill

 

[cranebill]

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\>nslookup
Default Server: hudson.concentric.net
Address: 207.155.183.72
>

this is what i got when i ran nslookup from computer-7

Bill

 

[zoeythecat]

Can I ask what is the exact problem are you having? Is it clients connecting to your network? Can you list how you have your DCHP server options configured? I assume you have a DHCP server and your clients are connecting via DHCP? If so, do you have options 006 and 015 I believe are your DNS options. When your client hits these options they get registered in DNS. Maybe i'm not understanding your situation?

Zoey

 

[wbg34]

Go to start --> program files --> administrative tools --> DNS.
Click on the plus next to your server name. Click on the plus next to the forward lookup zones. Click on the plus next to sample.com. Is the a host entry for Computer-7 there. If there isn't then you will need to change some stuff in DHCP see below for instructions.

Go to start --> program files --> administrative tools --> dhcp.
Right click on server.sample.com and select properties.
Click on the dns tab and verify that Automatically update DHCP information in DNS and Always update DNS are checked. Also I have the discard foward lokkups when lease expired checked.

 

[cranebill]

Zoey the problem is the server itself cant find itself per say... in active directory i have tried to apply group policies to OU's it wont find the domain controller.

And to both as far as DHCP is concerned... server.sample.com is not an option... it is rather an option for my internet nic ip and isp im pressuming but i did look at the properties for the existing dhcp server and they are like you have said. I may have to get rid of ICS ( which is what set up this dhcp server ) and apply NAT so i can manually configure it. I tried to add server.sample.com and it said it is already listed as a server....

Bill

 

[zoeythecat]

I guess i'm still not understanding your situation. What type of environment is this? Is this a home network? How are you connecting to the Internet? How many workstations do you have? What OS are they? How many servers do you have? You mention your DHCP is not setup via your server but through Internet Connection Sharing? That may be the problem. You can't have 2 DHCP servers I do not believe but not being too familar with ICS maybe someone else can offer something.

 

[cranebill]

Business Environment
(1)2000 Advanced Server (Domain Controller)
20 XP Pro Workstations

2 NIC one for internet one for Lan

Internet Connection sharing enabled

The problem is in the active directory i have created OU's. Upon trying to apply Group Policies to OU's it cannot find the domain controller (which is itself)

Domain Controller not Found for Sample.com

The Domain Controller for Group Policy Operation is not available. You May cancel this operation for this session or retry using one of the following:

1. The one with the operations Master Token for the PDC emulator.

2. The one used by the active directory snap-ins

3. Use and available Domain Controller

(none of these work)

Now this server was a file server prior to this and we upgraded to DC for more control. BUt we cant control policies and other things if the computer will not find itself as the domain controller. One other person and myself are the only people using the domain... the rest are still just using shares till i can get this configured properly.

Bill

 

[wbg34]

Bill,
Ok it sounds like we are narrowing it down. When you first open the DHCP program from administrative tools. Is there an object that you can expand by clicking on the plus? If there isn't you need to find out what is sreving dhcp for you network. If there is an entry, expand it and then click on the plus next to the scope folder. Click on the folder scope options. Verify that there is an entry marked 006. Make sure that your DC's internal ip is listed first. If not then right click and select properties. Remove the IP addresses that are listed below and then Enter your DC's internal IP address and then add your ISP's dns server next.

 

[zoeythecat]

Can you enlighten me on the Internet Connectin Sharing (ICS). Why does this need to be setup?

 

[cranebill]

It was enabled to share the internet connection of the server to the workstations...

wbg...
going to do that now... sorry had to eat luch with the bossman

Bill

 

[wbg34]

What they let you out of the server room there. Man must be a nice place to work.