DNS - Why must I use the given DNS address? 1

[RobSimpson]

New Win2K Server Network. 16 Win2K workstations.

Server IP 192.168.20.2
Router configured at 192.168.20.1
Scope 192.168.20.0 to 192.168.20.254 no exceptions or reservations (not router nor print server).

DNS settings supplied by people who installed our ISDN router for connection to an education company called RM gave us DNS settings of 194.238.40.1 and 193.238.40.2. We have to set the proxy settings of IE5 to isdncache.rmplc.co.uk port 8080.

Why do these DNS settings have to be used. Why can't the server act as a DNS server? How do they do their job?

The network doesn't work properly - machines can't be joined to the network, can't be managed from the server, can't get GPO to be effective.

However, if I do use the IP of the server 192.168.20.2 as the DNS server, the network problems seem to vanish but we then cannot access the internet at all. Catch 22.

I can't ping 194.238.40.1 or 194.238.40.2 from any workstation (haven't tried it from the server). But still the computers will only access the internet when these are set as static on the workstations.

Why did they make these settings? Any ideas welcome on how to resolve the problem.

 

[MattWray]

You should set up your server as DNS for your network. In your DHCP scope, set you server for DNS. Then in the DNS console, delete the "." zone. Wait a minute, then refresh and go to properties-> forwarders. Add the address above as a forwarder. This will give you name resolution within your LAN from the server, and if the server doesn't know the name, it will forward to the ISP... Thanks,

Matt Wray

 

[RobSimpson]

Thanks Matt

It sounds great. I'll try it at work tomorrow and get back to you with the result.

Thanks for the idea.

Robert

 

[RobSimpson]

OK. It nearly worked. Certainly I got closer than I've been before.

DNS: Deleted "." refreshed. Couldn't find 'forwarder' had to set New Zone. Didn't know whether it should be Active Directory, Standard Primary or Standard Secondary. Does the name matter? What settings do I need in the resultant zone? Start of Authority, Name Server, WINS, Zone Transfer.

Where do I put the given DNS figures 194.238.48.1 and 194.238.48.2 ?

In DHCP do I need to put the DNS server as a 'configure option' change in Server options for the Domain or Scope options for the scope?

At the workstation, do I need to put in DNS automatic or put in static Server address for the DNS part?

How long does it take for the changes at the Server to affect the workstation?

When I tried your idea, I stopped getting the immediate IE5 error page. It tried to connect via the proxy settings, tried for ages and then gave up. Normally the error was instant. I'm hopeful we're nearly there.

 

[MattWray]

Sorry, left some of it out. You were correct in creating a new zone. If you have a Domain Controller (active directory), then you can use an Active Directory Integrated or go with Standard Primary. You should only need to supply the IP range or Domain, I can't remember off the top of my head without seeing it... Anyways, after it is running, right-click either the server name or the zone name and go to properties, there should be something on the second tab I believe that says to enable forwarders (that is where you will put the ISP DNS IPs). Sorry for being so vague, it's been a while and I am at home without a server to look at.
In DHCP, you want to configure options for router (gateway) and DNS. That should be enough to get you to the Internet. If you are still having trouble, post back and I can verify everything for sure on my DC at work... Thanks,

Matt Wray

 

[MattWray]

Sorry, forgot about your clients. Have them set to obtain IPs and DNS automatically. Then run IPCONFIG /RELEASE and IPCONFIG /RENEW and verify with IPCONFIG /ALL... Thanks,

Matt Wray

 

[RobSimpson]

Thanks again. Sorry to be a nuisance.

I'll try your ideas on Monday when I go back to work.

Robert

 

[RobSimpson]

Great - the DNS settings are transferring automatically to the clients. Internet works fine.

Now, there seems still to be a problem with the clients being recognised on the server. If I try to join the client to the domain using the properties page on My Computer, I cannot. The error message is "The network path cannot be found".

This doesn't happen if I manually enter the server's IP 192.168.20.2 into the DNS settings for the client. But then, of course, I cannot access the internet. Chasing my tail.....

I do feel I'm missing out on some of the functionality of the Server/Client setup, ie remote management.

It also seems to take forever for the computer and personal settings to apply themselves at startup and GPO doesn't work except when the DNS is the server IP.

 

[drphat]

i just got done patching this up...

if you don't have at least one root server for your domain, none of the machines know where the dc's are....so you must have at least one root server, from what i see you need to have 2 win2k server to get a domain running right....its extremely pathetic

 

[MattWray]

You don't need a root server for the Domain to work correctly. I have one DC here with forwarders enabled for Internet requests.
Try running IPCONFIG /FLUSHDNS from the clients and IPCONFIG /REGISTERDNS also. They may have bad DNS records from earlier..
Are you able to ping by hostname as well as IP, when they obtain DNS thru DHCP? Also check that they are receiving the correct DNS address with IPCONFIG /ALL. I think you are VERY close..
Let me know... Thanks,

Matt Wray

 

[RobSimpson]

I can ping 192.168.20.2 and the host name "elmstead" from the client.

DNS on client set up to automatic. Server set up to forward to 193.238.48.1 and 193.238.48.2. Still cannot register computers to the dc. The accounts do show up under ADU&C but I can't do anything with them.

These errors came up on the workstation

Event Viewer Error
Windows cannot determine the user or computer name. Return
value (1317).

The session setup to the Windows NT or Windows 2000 Domain Controller <Unknown> for the domain ITSUITE failed because the Domain Controller does not have an account for the computer ICT007.

I'll keep digging and get back.

 

[RobSimpson]

Does this help at all?

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : ICT007
Primary DNS Suffix . . . . . . . : ITSUITE
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ITSUITE

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-07-95-F9-B5-8B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.20.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
DHCP Server . . . . . . . . . . . : 192.168.20.2
DNS Servers . . . . . . . . . . . : 194.238.48.1
194.238.48.2
Lease Obtained. . . . . . . . . . : 23 September 2002 16:12:21
Lease Expires . . . . . . . . . . : 01 October 2002 16:12:21

 

[mightyscotchpine]

This site has a couple of pages that seem helpful:

http://www.activewin.com/win2000/step_by_step/infrastructure/serversteps1.shtml

Look under the headings:
&quot;Populating Active Directory&quot;
&quot;To create User Accounts&quot;
&quot;To add Users to Security Groups&quot;

and

http://www.activewin.com/win2000/step_by_step/infrastructure/serversteps2.shtml

Look under and headings:
&quot;Adding The Workstation to The Domain&quot;

Is this how you set up everything?
Please don't be offended if this is kiddy stuff to you. For all I know, you probably know far more about this than I do. I just excel in pointing out the obvious.

Scott

 

[RobSimpson]

Thanks for the info. All ideas gratefully received.

 

[MattWray]

Your DNS is not correct in the DHCP scope. In your IPCONFIG /ALL, DNS should show up as the address of the DNS server on the local network... Have you joined these workstations to the domain? Check out this link to a thread I started a while ago, maybe it can help you see something you're not... thread96-201340 Thanks,

Matt Wray

 

[RobSimpson]

Aaaargh, even deeper in doo-doo now.

I disconnected two workstations from the network. Now cannot get them joined back up.

When you say the DNS is incorrect, what were you expecting it to say? the server address 192.168.20.2? If I set this manually I still cannot join the workstation to the network.

I'm sorry you've taken so much time over this.

In DHCP, scope of IPs plus DNS as a 'configure option' ?
In DNS, which IP? Server or external 194.238.48.1 etc ?

Our router is connected directly to the LAN at the hub with IP 192.168.20.1. I don't know how the 194.238.48.1 or 2 works in the scheme of things.

 

[claytony]

Rob,
To start at the beginning

Server Setup:
What is the IP address of your server? It appears from your original post that it is at 192.168.20.2, your range is 192.168.20.255; I'm assuming that it has a single NIC.

You need to initiate/install DNS and DHCP services on this server (I'm assuming you already have). You should setup your DHCP range to exclude the bottom section of the range (I normally start at x.x.x.11, reserving 10 IP addresses for static IPs for servers, routers, printers, etc. or more as needed). So your DHCP range in your server configuration would start at 192.168.20.11.

In your IP configuration on your workstations you need to indicate that the IP is assigned auto and the DNS server resides on 192.168.20.2. You are currently showing the router ports as DNS servers which will not work.
You will need to change the internal (to your network)port on the router to the 192.168.20.1 IP address. In your DNS configuration this will be your gateway. Your outbound range/IP address on your router would remain the 194.238.40.x range you were given. I'am assuming from your earlier statements that you have access to the router configuration and have changed the LAN side port to the 192.168.20.1 address.

I'm guessing at this point that the original 194.238.40.1/2 addresses given you were with one of two intentions: you would move your network to the given range (seems unlikely but not impossible) or you would enable routing in your server and use it as the gateway to this router (it would mean assigning two addresses to your server NIC). Again, not knowing more of the specifics of your situation with this service, I'm just making some broad guesses.

 

[RobSimpson]

I don't have access to the router setup as far as I know. This was set up by an outside agency.

SETUP: 16 Win2K workstations, 1 Win2K Server, 1 Cisco Router - all connected via a hub. The Server and each workstation have 10/100 network cards installed.

We were given the 194.238.48.1 and 194.238.48.2 DNS settings by the people who installed the router. (The NT + Win95 network never worked as well as it might and these latest problems suggest that it was their setup at fault).

Router 192.168.20.1
Server 192.168.20.2
Scope 192.168.20.11 to 192.168.20.254

Server Network settings: Static IP 192.168.20.2
Subnet 255.255.255.0
Gateway 192.168.20.1
DNS 194.238.48.1 and 194.238.48.2

Server DHCP Settings:
Scope 192.168.20.11 to 192.168.20.254
Gateway 192.168.20.1
DNS 194.238.48.1 and 194.238.48.2

The main problem (to recap) seems to be I cannot have network connectivity and Internet access at the same time. In fact, I've lost network connectivity completely at this time.

 

[MattWray]

In your DHCP snap-in, expand the scope till you see Scope Options. Right click this, configure options. Check the box for DNS and type in the name of your server, click resolve. If this resolves your DNS should be set up correctly. When you do IPCONFIG /ALL you should see you server for DNS. Your LAN will then look to the Server for name resolution, if the name is outside your LAN, the server uses Forwarders to forward the request to your ISP DNS servers. You are unable to rejoin the Domain due to the host DNS is looking to the ISP DNS, which does not know who your domain is...
Try reconfiguring the DHCP, /RELEASE, /RENEW the clients and see what happens. Thanks,

Matt Wray

 

[RobSimpson]

Well, I tried but still have some problems. Here's what I did.

1. Set DNS zone RM WINS forward to 194.238.48.1 and 194.238.48.2

2. Set DHCP Scope DNS to 192.168.20.2 (server)

3. Set clients as auto DHCP auto DNS

4. ipconfig/flushdns and ipconfig/registerdns (server)

5. ipconfig/release and ipconfig/renew (clients)

I've managed to connect all but one workstation to the server using network identity wizard. One still will not go despite having all the same tcp/ip settings via network and dialup properties. Still get &quot;the network path was not found&quot; - but don't get this on any other workstation now.

Internet doesn't work on workstations at all now.