Help setting up a lab (cannot join a domain)

roolee · June 2008

Hi there,

I've set up a lab using VMware, at the moment I have two servers configured, one is a DC the other a standard member server, both servers can see and ping each other but for some reason I can't get the member server to join the domain, I get the following error message:

"NS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain contoso.com:
The query was for the SRV record for _ldap._tcp.dc._msdcs.contoso.com

The following domain controllers were identified by the query:
server01.contoso.com

Common causes of this error include:
- Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or are not running"
The machine I'm running VMware on does not have a physical network connection but I've got the VM sessions configured as NAT which seemed to get the two servers talking to each other. Basically my company doesn't want me connecting the machine to our network in case it causes any problems.

The IP settings are as follows:

Server01 (DC)

IP address: 192.168.0.1
Subnet Mask: 255.255.255.0
Gateway:
DNS: 192.168.0.1

Server02

IP address: 192.168.0.2
Subnet Mask: 255.255.255.0
Gateway:
DNS: 192.168.0.1

Any ideas? I may be doing something really stupid but this is all new to me so go easy.

Posted this in the 70-290 forum as well but figured this might be a better place to post.

Thanks,

Rich

Mishra · June 2008

Did you setup the DNS server before you installed AD?

roolee · June 2008

Mishra wrote:

Did you setup the DNS server before you installed AD?

No I didn't! should I have? like I said, this is all new to me so kinda learning as I go along.

Mishra · June 2008

roolee wrote:

Mishra wrote:

Did you setup the DNS server before you installed AD?

No I didn't! should I have? like I said, this is all new to me so kinda learning as I go along.

No you should have setup DNS with AD to be safe.

Do you have A records created for both of your servers?
Can you query all A records when you do nslookups on each server?

roolee · June 2008

Mishra wrote:

roolee wrote:

Mishra wrote:

Did you setup the DNS server before you installed AD?

No I didn't! should I have? like I said, this is all new to me so kinda learning as I go along.

No you should have setup DNS with AD to be safe.

Do you have A records created for both of your servers?
Can you query all A records when you do nslookups on each server?

I'm not entirely sure, how would I create these?

The frustrating thing is you need to have this enviroment set up to do the 70-290 labs but the MS Press book doesn't hint at how to configure this, it just guides you through the DC server setup and assumes you know the rest, maybe I should have started studying for 70-291 before 290!

techster79 · June 2008

Use netdiag /fix, if you don't have netdiag loaded you can download it here:

http://support.microsoft.com/kb/892777

HeroPsycho · June 2008

Both your DC's should be DNS servers. Point DC2 to itself for DNS first, then DC1. Vice versa for DC1. That won't fix your problem though.

You should run DCDIAG /c /v >dcdiag.txt and examine the output. See if DNS records are missing. Open the txt file with notepad and use the find command to find "fail" and look around that to see what problems you have. If you notice DNS records are missing for a DC, restart the Netlogon service on the problem DC, and run dcdiag again to confirm the records are created successfully.

roolee · June 2008

HeroPsycho wrote:

Both your DC's should be DNS servers. Point DC2 to itself for DNS first, then DC1. Vice versa for DC1. That won't fix your problem though.

You should run DCDIAG /c /v >dcdiag.txt and examine the output. See if DNS records are missing. Open the txt file with notepad and use the find command to find "fail" and look around that to see what problems you have. If you notice DNS records are missing for a DC, restart the Netlogon service on the problem DC, and run dcdiag again to confirm the records are created successfully.

I only have one DC and one member server.

roolee · June 2008

Sorry, just realised I put in the original post that both servers are DC's, doh! sorry about that, amended.

bleScreened · June 2008

I would definitely get rid of the NAT adapters. In fact, if you are using the NAT adapters, your VMs are NOT isolated from your corporate network. Your VMs will share whatever physical connection you have installed on your PC and your host PC will perform NAT for them. Try pinging the IP of your local fileserver on the corporate network and see if it replies. The only way to isolate your VMs so that they can talk to each other and not be aware of the network that your corporate PC is connected to is to use host-only adapters.

If you open the settings for each VM, it should allow you to choose a host-only ethernet adapter. If you change all of your VMs to host-only it means that they are on their own separate network within your PC and the outside world is not aware of them, so they pose no threat to your corporate network. I have several VMs setup on my corporate laptop and they do not pass traffic with the network.

If you can't set it up in VMware, you can always try MS Virtual PC, which I think in many ways is better than VMware. I started on VMware but moved to virtual PC because of some of the better features.

bleScreened · June 2008

Usually DNS is installed along with dcpromo unless you check it NOT to install DNS. You can check it by just going to Administrative Tools and if there is a DNS icon, it is most likely installed.

jbaello · June 2008

Check DNS\Forward Lookup Zone and look for the domain name you configured eg: domain.com, if you don't see it then you didn't set it up correctly, like the guy above me mentioned when you run dcpromo, it gives you an option to install and automatically configure DNS for you.

You can also run nslookup if it gives you an error, then 1. it means that either you did not point your DC to itself, or 2. dns was not configured.

If this is the case, your best bet, is re-running dcpromo this will remove AD, the run it again and make sure you select the right option to setup DNS.

Goodluck

wedge1988 · June 2008

I actually had this exact problem a few weeks back, my problem was my firewall was blocking the necessary ports. i had ISA server installed which caused the problem.#

Maybe this will help in some odd way!

APA · June 2008

run dcdiag

also run netdiag /test:DNS (I think that's the command)

On your DC and examine the output

This should get you started..... Are you running A.D Integrated DNS zones or Standard Primary DNS zones?

roolee · June 2008

jbaello wrote:

Check DNS\Forward Lookup Zone and look for the domain name you configured eg: domain.com, if you don't see it then you didn't set it up correctly, like the guy above me mentioned when you run dcpromo, it gives you an option to install and automatically configure DNS for you.

You can also run nslookup if it gives you an error, then 1. it means that either you did not point your DC to itself, or 2. dns was not configured.

If this is the case, your best bet, is re-running dcpromo this will remove AD, the run it again and make sure you select the right option to setup DNS.

Goodluck

Apologies for the late reply on this, been mad busy with work!

The Forward Lookup Zone has the domain name in it.

Nslookup comes back with "Can't find server name for address 192.168.0.1"

I've re-run dcpromo but still coming up with the same error.

I've also changed the network settings on VMware to Host Only.

Just to clarify, I don't have a network connection on the host machine, it is not networked in any way, both servers are running purely on VMware. I can ping the servers/browse to them so they are definitely talking to each other.

Help!

roolee · June 2008

A.P.A wrote:

run dcdiag

also run netdiag /test:DNS (I think that's the command)

On your DC and examine the output This should get you started..... Are you running A.D Integrated DNS zones or Standard Primary DNS zones?

How do I run this command? it just comes back with "netdiag is not recognized as a command"

I'm not entirely sure if I'm running Intergrated or Standard Primary zones.

astorrs · June 2008

Just to clarify can you ping the FQDN "server01.contoso.com" from the member server?

RobertKaucher · June 2008

roolee wrote:

A.P.A wrote:

run dcdiag

also run netdiag /test:DNS (I think that's the command)

On your DC and examine the output This should get you started..... Are you running A.D Integrated DNS zones or Standard Primary DNS zones?

How do I run this command? it just comes back with "netdiag is not recognized as a command"

I'm not entirely sure if I'm running Intergrated or Standard Primary zones.

You need to install the support tools from the Server 2003 disc and the select the "command prompt" from the Support Tools folder in All Programs. Run netdiag /fix and this should correct the issue.

The 70-290 is the server 2003 version of the 70-270. Your books will not have information on DCPROMO/DNS because that is a 70-291 topic.

* Make sure you have DNS installed.
* Create a reverse lookup zone for the 192.168.0.0 network.
* Install support tools
* Run netdiag /fix
* ping contoso.com
* NEVER USE CONTOSO.COM AGAIN! This is a domain name registered by MS and may cause issues even in a test environment. Use contoso.local or some other made up domain name.

Mishra · June 2008

lol contoso is in ninja gaiden II
http://en.wikipedia.org/wiki/Contoso

dynamik · June 2008

Mishra wrote:

lol contoso is in ninja gaiden II
http://en.wikipedia.org/wiki/Contoso

No screen shot? I'm already passed that point. Lame

BTW. You can also have fun with your lab domain names. Mine was mcse08.fosho

bleScreened · June 2008

dynamik wrote:

Mishra wrote:

lol contoso is in ninja gaiden II
http://en.wikipedia.org/wiki/Contoso

No screen shot? I'm already passed that point. Lame

BTW. You can also have fun with your lab domain names. Mine was mcse08.fosho

lol, i'm prob gonna regret disclosing this but I have 3 domains:

Skywalker.net:
Servers = Luke, Solo, Yoda
XP = Rebel1, Rebel2

Emipre.net:
Servers = Vader, Fett
XP = Storm1

Halo.7thcolumn.net

Help setting up a lab (cannot join a domain)

Comments