Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problems Joining Existing Server 2003 Domain from Different Subnet 1

Status
Not open for further replies.
dougcoulter

dougcoulter

Programmer
Mar 16, 2001
112
0
0
US
Hello everyone - I have been struggling to join a new member server (Server 2003) on a different subnet to an existing Server 2003 Domain.

Here is the architecture:

Windows Server 2003 (Domain Controller, DHCP Server, DNS Server) with IP Address of 192.168.100.23

New Windows Server 2003 (Member Server) with IP address of 192.168.0.102 routed to 192.168.100.x subnet through a cheapo Netgear Router.

In the TCP/IP settings for the new Member Server, I have a static IP address of 192.168.0.102 assigned, subnet of 255.255.255.0 and a default gateway of 192.168.0.1 (router address). I have the Primary DNS Server set to 192.168.100.23.

In trying to join the domain, I receive an error message indicating that the domain could not be found. I can ping the domain controller by IP, but not by name. So that tells me I am having issues with the DNS Server. If that is so, I certainly can understand why I couldn't join the domain, since the domain name could not be resolved.

Through some research, I came across LMHOSTS as a possible solution, which I was working with this morning without any success. Throughout this, I wondered if LMHOSTS is even applicable in this scenario, since I am dealing with Server 2003 servers (no NetBIOS right?)

Is there something that I am missing here? I would think that if I can ping the domain controller (which is also the DNS Server), that it would be able to resolve names, even for boxes on a separate subnet, if it is routable....??
 
Sort by date Sort by votes
You are correct LMHOSTS is not needed here (eventually WINS but its better not to implement it unless you have 98 clients on your network). Can you ping the DC using the FQDN? (dcname.mydomain.com)

You could also try manually creating an A record in the DNS on the DNS server for the new host (right click domain in DNS management and pick new host, leave name blank and put in IP address of your new member server).

Also, check your IPSec on the DC. If a domain controller has an Internet Protocol security (IPSec) policy set at Secure Server, it denies transfer of IP packets to clients that do not have IPSec enabled by local or domain-based security policies In your case local since you are not yet on the domain).

You could also try temporarily setting your new server to DHCP to see if it contacts the DHCP server over the router.

Good luck.

Marty
Network Admin
Hilliard Schools
 
Upvote 0 Downvote
The problem might be that the netgear router is blocking port. So, even if you fake the system out with a HOST or LMHOST file, you still might not be able to join the domain.

You have to make sure that you are not blocking ports using a built in firewall on the NetGear.

To test ports you could use Telnet.

For example, (from a command prompt)

telnet 192.168.100.23 3398

3389 is the terminal service port (remote desktop port), so if you get a blank screen, this mean that the port is open and you have no firewall blocking. You just list the port number after the ip address.



Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
 
Upvote 0 Downvote
See if you can do an NSLOOKUP from the console of the new server. If it can't do an NSLOOKUP then something is blocking the connection to the DNS server.

Denny

--Anything is possible. All it takes is a little research. (Me)

[noevil]
(My very old site)
 
Upvote 0 Downvote
Thanks all for the replies!

martyh - I had not tried to ping the FQDN. On your recommendation I tried, and the domain controller responded. So it was able to resolve the FQDN, but not the NetBIOS name.

Joseph - makes sense - I tried to telnet to port 3398, and that worked as well, so the router does not appear to be blocking that port.

Denny - nslookup worked ok too.

I was trying to join the NetBIOS domain name (KRUSECONTROLS) initially, as opposed KruseControls.com. Seeing as though I could ping by FQDN, I tried to join the FQDN, and it worked!

I still cannot ping by NetBIOS name though (not that I care) - but it does have me puzzled. Also, I will eventually be moving this member server to an existing NT4 domain (as opposed to this Server 2003 domain), using the same cheapo router. I am assuming I will have similar trouble - will I then need to work with the LMHOSTS file in order for the member server to find the domain controller?

Thanks again for all the suggesstions!
 
Upvote 0 Downvote
You weren't able to resolve the netbios name because the domain name of the DC was not listed in the possible suffixes that the standalone server could use to resolve names. This is why the FQDN worked but the "netbios name" (which can really just be considered a hostname at this point) didn't work. Once you've added the right suffix, I don't think you will have trouble joining the domain.

ShackDaddy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Question
Server Remote Desktop License
Replies
0
Views
109
MaioMaio
MaioMaio
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
194
goombawaho
goombawaho
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
123
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
148
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
106
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top