Server 2003 Domain Problem

billybob01

Hi, I have installed 3 Servers ( 2003 ) of which one is a Domain Controller and 2 workstations ( XP Pro ) using VMWare. I also have a Linksys Router of which has been picked up as the Default Gateway by the Servers and Workstations. I can ping between computers, so i know the connections are ok but when i try to join any of them to the Domain i get a error message like the one below:

" None of the DNS Servers used by this computer responded within the timeout interval".

Details:
The SOA query for _ldap_tcp.dc_msdcs.contoso.com to find the primary DNS server returned:

Error Code 0x000005B4 " ERROR_TIMEOUT"

I have checked for any firewalls and also checked the Netlogon service was running. Any ideas of a fix???????

RussS

Where is your DNS coming from? To me it sounds like you have a few issues that will need to be sorted and first up will be how you have TCP/IP set up.

Are the machine static or dynamic addresses?
If dynamic ...
Where is the DHCP server? Do you have DHCP coming from both your domain controller and the router? Do you have DNS relay coming from the domain controller and the router?
If static ...
If you are pointing to an outside DNS source it will no know about the machines on your local network. That being the case you will be able to ping locally wasy enough by IP address but will have issues pinging to the machine name.

billybob01

Thankyou for the reply RussS. DNS is not my strong point i`m afraid ( lesson learnt and studying the topic again)


Well i have had a look at the router and yes DHCP is coming from the router and also the DC. All machines are using Dynamic addresses. DNS relay is coming from both the router and DC.

eurotrash

how can DHCP be coming from both the router and the server? the machine will be assigned an ip from one or the other. same with dns, if your router is handing out the IPs, then i believe it will list itself as the sole dns server.

RussS

yes and no _omni_ The router can be very unintelligent and not know that the server is the sole DHCP and DNS server - this will cause serious issues.

billybob01 - I suggest that you turn off DHCP on your router and also DNS relay. Point your server to your ISPs DNS servers and set the scope for the DHCP to be as small as possible. I suggest maybe 10-20 more than you have clients as this will allow some room to grow without needing to adjust all the time.

billybob01

I am now totally confused as i have just noticed that i can ping the server from a workstation but cannot ping the workstation from the server. I have checked using ipconfig /all and both machines are using the same subnet mask and default gateway!! I have also noticed that the DHCP and Default Gateway addresses are the same!

Before installing my Wireless Router, setting up a Domain was a breeze, but i have upgraded my VMWare and started fresh and now finding problems. Very interesting though, i`m loving it!!!

eurotrash

RussS wrote:

yes and no _omni_ The router can be very unintelligent and not know that the server is the sole DHCP and DNS server - this will cause serious issues.

what i meant was that the machine will get an ip from either the router or the server - not both. so the question was: does it get it from the router or the server? (though they are both potential candidates. i.e. my router hands out IPs but when i configure my server to do so also, all the comps on the network start using my server. i figured that it because my server responded first.)

Judd

Turn DHCP from the router off.
Statically assign the DC an address. (192.168.0.2)
DNS uses the same static IP address on the DC. (192.168.0.2)
Use the routers address as the gateway on the DC. (192.168.0.1)
Use the loopback address in TCP/IP config as the primary DNS server on the DC. (127.0.0.1)
Set up a DHCP scope within the same schema as the router, using addresses before or after your static reserve. (192.168.0.10 - 192.168.0.20)
Activate and authorize the scope.
Add a client to the domain.
The client should get an IP from the scope range (192.168.0.10), routers’ IP for the gateway (192.168.0.1), and DCs’ IP for the DNS server. (192.168.0.2)

Once you get all of that working, then you can consider getting to the public network by assigning a forwarder with the ISP's DNS servers. You could also at that point change the DC's primary DNS address from the loopback address to the ISP's DNS server addresses.

This will work as I’ve done it countless times.

billybob01

Thanx, will try those suggestions. If they work i`ll buy you a beer!!!!

billybob01

Well i tried that and below is the error i get when joining the workstation to the domain.

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.contoso.com

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child zone:

contoso.com
com
. (the root zone)

Judd

Are you able to join the domain after trying those steps or did you try to authenticate the same client after implementing the steps?

I would remove the client from the old domain completely, then try and logon. If that doesn't work, then it sounds like during the DCPromo your DNS config got messed up somehow. I always select "Install and configure the DNS server on this computer", if not, you have to go and set up the zones manually.

Perhaps if this is a test enviroment you could simply redo the setup?

Good luck.

billybob01

I am using a test enviroment as its all on VMWare. I had no problems before, but since using a wireless router i have had this problem with DNS for some reason. Using the Configure your wizard should set everything up automatically when you choose Domain Controller but it keeps asking me to configure it manually half way through the setup. I think it`s due to my router. Anyway i `ll keep plugging away.

Thankyou for your help by the way.

xigxag

I am having a hard time wrapping my head around this conceptually. This thread was found via google search.

What I have a hard time understanding is the topology of having a 2003 DC, wired and wireless clients, and internet all connected to a standard consumer type wireless router.

the DHCP part makes sense, disable it on the router and let the DC do its thing. The DNS makes sense also, I think the workstations would have the DC's IP as the Primary DNS server (secondary also?) and the DC would have loopback as primary, and ISP DNS server as secondary. If that is true, I understand all that.

However, it seems as if the default gateway on the clients will be the IP of the router. It seems logical to me that the gateway for the clients would be the DC/server.

I need to be able to restrict internet access to the users from the DC, and it seems like that wouldn't work if the client's gateway was the router. I mean I guess I understand that if they are on the logged into the domain instead of locally the permissions apply, but something just doesn't seem right.

Would I better off adding a second NIC to the server, one connected to internet and the other to the router?

If anyone can even understand what I am trying to get across here, I applaud you! heh, if you have any insight please let me hear all about DC and clients and internet on the same router