[atari37]

Can someone let me know if I'm missing something in the following steps?

1. I did a complete install of Server 2003 and gave the server a static IP address (dns address was left blank)

2. I run dcpromo to install Active Directory, which also setup a DNS Server.

3. I went to active directory, added an admin account, created an Workstation OU and added a Windows XP PC to that OU.

4. I then went to the XP machine to join the Domain but I'm getting the following error...

What am I doing wrong? I just want to make sure I can join the domain before I create policies and such.


-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain mydns.local:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.mydns.local

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child zone:

mydns.local
local
. (the root zone)

[FAT64]

The XP machine needs to know where the DNS server is (if you're not using DHCP), so go to the TCP/IP settings and type in a valid IP address and the IP address of the DNS server.

[eyeball]

you should set the preferred dns server as 127.0.0.1 or the internal address (192.168.x.x)
then setup a dhcp scope and check the scope options, if the dhcp shows as the address of your server then when your client picks up an address it will get that dns server and be able to resolve the domain name, with no dns server it wont lol

[atari37]

FAT64, on May 27 2007, 05:08 PM, said:

The XP machine needs to know where the DNS server is (if you're not using DHCP), so go to the TCP/IP settings and type in a valid IP address and the IP address of the DNS server.

I did that already but it's not working. Perhaps i'm doing something wrong.

I named my dns "mydns.local" but i'm unable to ping it. Could that be a clue as to what's going on?

Before I run dcpromo, I went to the tcp/ip and added a static ip but didn't fill out the dns sesttings. After Active Directory and DNS were setup, I went ahead and added a DNS server 208.67.222.222 (which is from opendns). I then went to my xp pc, which already has a static IP and added the same DNS (208.67.222.222) as the server.

I have a feeling i'm missing something but i'm not sure what. Any help will be greatly appreciated.

[eyeball]

hi
you need to make sure both the server and xp pc have an internal address, either class A B or C.
if you dont know what these are i suggest you find out, otherwise you are trying to run before you can walk.
no offence meant
just it would benefit you greatly to at least know this first

[atari37]

eyeball, on May 27 2007, 06:09 PM, said:

hi
you need to make sure both the server and xp pc have an internal address, either class A B or C.
if you dont know what these are i suggest you find out, otherwise you are trying to run before you can walk.
no offence meant
just it would benefit you greatly to at least know this first

I am aware of the IP classes and both Server and XP have internal IP addresses. This issue seems to deal with the DNS setup...I'll troubleshoot some more.

[FAT64]

Does the "nslookup" function return correct results, to show that DNS is working OK?

[cluberti]

atari37, on May 27 2007, 07:13 PM, said:

I am aware of the IP classes and both Server and XP have internal IP addresses. This issue seems to deal with the DNS setup...I'll troubleshoot some more.

Your DC and your machines all need to use the internal DNS server ONLY. Do _NOT_ use public DNS servers in your AD setup, unless you want DNS lookup problems.

[atari37]

cluberti, on May 28 2007, 10:28 AM, said:

atari37, on May 27 2007, 07:13 PM, said:

I am aware of the IP classes and both Server and XP have internal IP addresses. This issue seems to deal with the DNS setup...I'll troubleshoot some more.

Your DC and your machines all need to use the internal DNS server ONLY. Do _NOT_ use public DNS servers in your AD setup, unless you want DNS lookup problems.

So, someone told me I needed an external DNS that's why I was using OpenDNS to configure my dns server. I have uninstalled both AD and DNS and re-installing with the following info. I will let you know if that works.

Both servers are on a router with an internal DNS of 192.168.0.50, Server has an IP of 192.168.0.135 and the client XP box has an IP of 192.168.0.131.

So, are you saying that I don't need an external DNS for the server to function properly?

Thanks

[atari37]

FAT64, on May 28 2007, 04:32 AM, said:

Does the "nslookup" function return correct results, to show that DNS is working OK?

nslookup returns: Default Server: localhost
Address: 127.0.0.1

[Stoic Joker]

atari37, on May 28 2007, 12:27 PM, said:

So, are you saying that I don't need an external DNS for the server to function properly?

Not exactly, but not the way you're thinking either.

An AD domain has basically two states of operation, DNS is working fine, and all hell just broke lose.

Hence the only DNS server the client machines are to use is the internal one running on your DC (192.168.0.135). Do Not configure a secondary DNS server on the client machined unless you happen to enjoy random connectivity and logon issues. Also do not configure a secondary DNS server on your DC as it will only cause the machine to loop through the DNS timeouts twice before failing anyway (if using the machine's IP), or worse fail to identify itself and refuse to authenticate anything including itself (if using an external DNS Server).

Your DC will also use only itself for internal DNS lookups, and the forward lookups for external domains (e.g. the internet) to the DNS servers listed in the DNS forwarders list.

Also Make sure if the DCPROMO wizzard configures your DNS server that you are not forwarding to yourself (at 192.168.0.135) if you use the loopback ip address (127.0.0.1) for the primary DNS server on your DC. <- This one drove me nuts for a week once trying to figure out why webrowsing was lagged badly on a T1) *Sigh*

By default if DNS forwarding is enabled, the DNS server will forward all external domain lookups to the internet root (backbone) DNS servers (Which is the configuration I usually use), or you can add your ISP DNS servers to the forwarders list ... that's personal choice.

[atari37]

Stoic Joker, on May 28 2007, 02:17 PM, said:

atari37, on May 28 2007, 12:27 PM, said:

So, are you saying that I don't need an external DNS for the server to function properly?

Not exactly, but not the way you're thinking either.

An AD domain has basically two states of operation, DNS is working fine, and all hell just broke lose.

Hence the only DNS server the client machines are to use is the internal one running on your DC (192.168.0.135). Do Not configure a secondary DNS server on the client machined unless you happen to enjoy random connectivity and logon issues. Also do not configure a secondary DNS server on your DC as it will only cause the machine to loop through the DNS timeouts twice before failing anyway (if using the machine's IP), or worse fail to identify itself and refuse to authenticate anything including itself (if using an external DNS Server).

Your DC will also use only itself for internal DNS lookups, and the forward lookups for external domains (e.g. the internet) to the DNS servers listed in the DNS forwarders list.

Also Make sure if the DCPROMO wizzard configures your DNS server that you are not forwarding to yourself (at 192.168.0.135) if you use the loopback ip address (127.0.0.1) for the primary DNS server on your DC. <- This one drove me nuts for a week once trying to figure out why webrowsing was lagged badly on a T1) *Sigh*

By default if DNS forwarding is enabled, the DNS server will forward all external domain lookups to the internet root (backbone) DNS servers (Which is the configuration I usually use), or you can add your ISP DNS servers to the forwarders list ... that's personal choice.

First of all, thanks to all the contributed. I finally got this thing working.

So, I was thinking about configuring a secondary DNS for the Server and configuring the client with a secondary/alternative DNS but you're saying not to. What happens when the primary DNS server fails? Also, I haven't listed any IP's in my DNS forwarders so how am I getting online without an external DNS?
My goal is to setup AD/DNS (which I have) on the same box without using my ISP's DNS servers. So, if I'll be able to get online (internet) without a secondary dns and without using my ISP's DNS then this will be golden.

[cluberti]

atari37, on May 28 2007, 02:56 PM, said:

So, I was thinking about configuring a secondary DNS for the Server and configuring the client with a secondary/alternative DNS but you're saying not to. What happens when the primary DNS server fails?

Since I _know_ you aren't configuring your domain with only one single DC, you can install AD integrated DNS on that second DC you just dcpromoed . Single points of failure are bad, especially in AD - never, ever have just one DC if you can avoid it.

atari37, on May 28 2007, 02:56 PM, said:

Also, I haven't listed any IP's in my DNS forwarders so how am I getting online without an external DNS?

Your DNS server is using the root hints to look up any unresolvable DNS names - this will work by default, but if your ISP provides you with a caching DNS server you can use as a forwarder, this will likely be a better option long-term.

atari37, on May 28 2007, 02:56 PM, said:

My goal is to setup AD/DNS (which I have) on the same box without using my ISP's DNS servers. So, if I'll be able to get online (internet) without a secondary dns and without using my ISP's DNS then this will be golden.

And you can do this with your current setup, but I strongly suggest another DC/DNS server.

[atari37]

cluberti, on May 28 2007, 11:25 PM, said:

atari37, on May 28 2007, 02:56 PM, said:

So, I was thinking about configuring a secondary DNS for the Server and configuring the client with a secondary/alternative DNS but you're saying not to. What happens when the primary DNS server fails?

Since I _know_ you aren't configuring your domain with only one single DC, you can install AD integrated DNS on that second DC you just dcpromoed . Single points of failure are bad, especially in AD - never, ever have just one DC if you can avoid it.

atari37, on May 28 2007, 02:56 PM, said:

Also, I haven't listed any IP's in my DNS forwarders so how am I getting online without an external DNS?

Your DNS server is using the root hints to look up any unresolvable DNS names - this will work by default, but if your ISP provides you with a caching DNS server you can use as a forwarder, this will likely be a better option long-term.

atari37, on May 28 2007, 02:56 PM, said:

My goal is to setup AD/DNS (which I have) on the same box without using my ISP's DNS servers. So, if I'll be able to get online (internet) without a secondary dns and without using my ISP's DNS then this will be golden.

And you can do this with your current setup, but I strongly suggest another DC/DNS server.

Thank you...good stuff.

I currently have one DC for my domain and one DNS Server. I don't have another box to run dcpromo on.

[cluberti]

atari37, on May 29 2007, 07:27 AM, said:

Thank you...good stuff.

I currently have one DC for my domain and one DNS Server. I don't have another box to run dcpromo on.

If that is the case, then make sure you take VERY frequent backups of the system state on that DC, and keep them somewhere safe in the event you need to do a restore of your AD. Also, if you only have one single DNS server, a failure there means a complete failure for lookups everywhere (but since it's also the only DC, you probably have bigger problems if that server fails anyway - and you'd need your system state backup to restore in this scenario).

[atari37]

cluberti, on May 29 2007, 10:51 AM, said:

atari37, on May 29 2007, 07:27 AM, said:

Thank you...good stuff.

I currently have one DC for my domain and one DNS Server. I don't have another box to run dcpromo on.

If that is the case, then make sure you take VERY frequent backups of the system state on that DC, and keep them somewhere safe in the event you need to do a restore of your AD. Also, if you only have one single DNS server, a failure there means a complete failure for lookups everywhere (but since it's also the only DC, you probably have bigger problems if that server fails anyway - and you'd need your system state backup to restore in this scenario).

I am presented with a minor but annoying issue.

1. AD runs very slow on the server (I click on an OU and it take about 10-15 to open)


Any Ideas?

This post has been edited by atari37: 29 May 2007 - 10:48 AM

[cluberti]

atari37, on May 29 2007, 12:41 PM, said:

I am presented with a minor but annoying issue.

1. AD runs very slow on the server (I click on an OU and it take about 10-15 to open)

Any Ideas?

Does this server point to itself (and itself only) for DNS and/or WINS?

[atari37]

cluberti, on May 29 2007, 04:47 PM, said:

atari37, on May 29 2007, 12:41 PM, said:

I am presented with a minor but annoying issue.

1. AD runs very slow on the server (I click on an OU and it take about 10-15 to open)

Any Ideas?

Does this server point to itself (and itself only) for DNS and/or WINS?

Yes...

[cluberti]

The only thing I can think of then is to check the event logs - any warnings or errors relating to LSASRV, USER32, SRV, Winlogon, LSASS, etc?