Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows Active Directory questions

Status
Not open for further replies.
womp

womp

Technical User
Apr 6, 2001
105
US
We are running dns on a Redhat machine.
But, we are also running a primary dns on a Win2K machine but,
this machine only points to my primary Redhat machine.
In the syslog file, on the Linux Server, I receive messages like:

Error - should be sent to WINS server

Is there a way to get rid of these messages, filter them out
or "redesign" the windows machine to end receiving these errors?
 
Sort by date Sort by votes
do not point your DC to the redhat server for DNS..especially if you have more than 1 DC

PDC should point to himself and himself only, with forwarders to other DNS servers

not sure about your redhat side, but guarantee youll end up with a supprot call where the fix is to use only the MS DNS and then forward requests

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there :)
 
Upvote 0 Downvote
Brandon,

On a similar tran of thought. Would misconfigurtion of the DNS/WINS cause random "trust-relationship" issues with workstations. Back in NT Domains, I experienced all sorts of workstations problems with a misconfigured DNS/WINS, I am not that experienced in AD.
Any info would be great!
Thanks!
Salvador Ruiz
NS Senior - University of Wisconsin
 
Upvote 0 Downvote
Yes it most certainly would.

for the secure channel (the workstation trust relationship) to remain valid, it must be able to contact the machines using DNS (this is of course looking from AD perspective)

records both and DNS and WINS may change/differ from server to server in between replication cycles, which of course can result in a machine not being able to find the DC it has its secure channel held with, thereby breaking the secure channel.

with the following settings, that should be a pretty much null and void issue:
1. PDCe faces himself and himself only for DNS (with all default on advanced tcp/ip DNS tab), with forwarders to Linux and ISP sides
2. Replica DCs, and workstations should point to PDCe as preferred, and replica DCs as alternates (in the case of replica DCs, this means themself as alternates)(with defaults on advanced tcp/ip properties DNS tab)
3. replica DCs should then too be configured to forward to ISP and Linux DNS servers

unless you have communications or otehr issue, this should eliminate secure channel issues

other causes are kerberos, bringing in machines that have been unable to communicate with teh domain in the last 60 days (120 days for 2003 SP1 domains), and network communications (among a few others, but these are most common)

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Wibble2004
  • Locked
  • Question
Bind9.11.20: nslookup shows different MX information on Windows and Linux workstation
Replies
0
Views
5K
Wibble2004
Wibble2004
Kevinillingw
  • Locked
  • Question
Active Directory & Virtulisation
Replies
0
Views
43
Kevinillingw
Kevinillingw
splat_123456
  • Locked
  • Question
Windows 2016 Server Adding Domain Controller to Existing Domain Failure
Replies
0
Views
72
splat_123456
splat_123456
Armand G.
  • Locked
  • Question
Need to Go from a Class B to a Class C network Windows Server 2003
Replies
0
Views
56
Armand G.
Armand G.
EagleLink
  • Locked
  • Question
Secure Dynamic Update: Windows to BIND
Replies
1
Views
71
Noway2
Noway2

Part and Inventory Search

Sponsor

Back
Top