Major issues ** Now Resolved **

Essendon

Well, it's me again. I am the one who seems to have the most and the weirdest problems. It does give me valuable experience but I could really do without problems for some time now.

As before, I have 1 DC called server1 and a member server, server3 in the domain contoso.com

server1 config: !!!!! server3 config:
!!!!!
IP: 192.168.0.101 !!!!! IP : 192.168.2.129
Mask: 255.255.255.0 !!!!!! Mask : 255.255.255.0
Def gateway : NONE SET !!!!! Def gateway : 192.168.2.2
Preferred DNS : 192.168.0.101 !!!!!! Preferred DNS : 192.168.2.129

Both servers are DNS server with server1 being the primary DNS server. It was only last night that I gave the role of secondary DNS to server3. At first, the forward lookup zone contoso.com would not show up on server3, even after doing either Transfer from Master or Reload from Master. But a reboot of both servers helped and server3 was able to pull the DNS information from server1.

Now there are no errors on any of the event logs on server1, nothing serious except one saying that the browser forced an election....because a domain master was started. Unsure what that is about.

Errors on server3:
1.Windows cannot query for the list of GP objects. Check the event log for possible messages logged by the policy engine that describes the reason for this Event ID : 1030, Source : Userenv
(I havent found any other messages)

2. Windows cannot find the machine account. No authority could be contacted for authentication. Does this mean that this server was unable to contact the DC?

3. Just got another event log saying Security policy in the GP objects has been applied successfully.

4. Last night, I got this Windows cannot obtain the DC name for your computer. The specified domain either does not exist or could not be contacted. GP processing aborted.

There are A records for server1 and server3 in the DNS snap-in on both computers. Everything appearing on the DNS snap-in looks alright. BUT, should there be any A records for the VMWare network adapters in the DNS snap-in? They appeared by themselves when I first gave the DNS role to server1.

I did a netdiag and a dcdiag last night, and I am afraid that contents of the logs did not look good

Netdiag had a few particularly alarming messages:

1. Default gateway test failed : No gateways are reachable. You have no connectivity to other network segments. If you have a static IP address, you must have atleast one def gateway.(which is probably because there is no def gateway on server1)

2. DNS test : Passed
The Record is different on the DNS server : 192.168.0.101. DNS server has more than one entries for this name, usually this means that there are multiple DCs for this domain. Your DC entry is one of them on DNS server "192.168.0.101", no need to re-register. (Heaps and heaps of this one)

server1 passed most of the DCDIAG tests. Though at the very last line it said, contoso.com failed test DNS (this might be because I dont this server connected to the internet.

One more thing I should put in is nslookup. When I do an nslookup on either server ,say I am at server1 and type in nslookup server03.contoso.com., I get :

Server: server3.contoso.com
Address: 192.168.2.129

*** server3.contoso.com. cant find nslookup : Non-existent domain

Similar result when I do an nslook server1 while at server3.

Guys, really need help on this one. This time I am going to pester you till I stop getting all errors!

Mishra

server1 config: !!!!! server3 config:
!!!!!
IP: 192.168.0.101 !!!!! IP : 192.168.2.129
Mask: 255.255.255.0 !!!!!! Mask : 255.255.255.0
Def gateway : NONE SET !!!!! Def gateway : 192.168.2.2
Preferred DNS : 192.168.0.101 !!!!!! Preferred DNS : 192.168.2.129

Both servers are DNS server with server1 being the primary DNS server. It was only last night that I gave the role of secondary DNS to server2. At first, the forward lookup zone contoso.com would not show up on server2, even after doing either Transfer from Master or Reload from Master. But a reboot of both servers helped and server2 was able to pull the DNS information from server1.

You are saying server2 is your DNS server but server3 is using it's DNS server as itself although it's just a stand alone server? I think you may have typoed.

Essendon

Maybe I wasnt clear enough, pretty late in the night here. It's been a busy day!

server1 is the primary DNS server and server3 is the secondary server. server3 is pointing to itself just as was described in CBT Nuggets and in Mark Minasi's book. Hey wait a minute, I think in CBT Nuggets, James has both servers setup as DC's, right?

Mishra

That was my next question. That is do you have ADI zones setup and do you have them setup as domain controllers if so.

Essendon

But not in Mark Minasi's book. he has server1 as the DC and the other server as the member server (but a secondary DNS server)

Essendon

ADI on server1 as it is the only DC. The ADI option on server3 is grayed out obviously because it is not a DC.

Mishra

Have to go to a meeting. Be back later.

Essendon

Go for it, Mishra. Try not to fall asleep. I fell asleep twice today in a 3 hour meeting on Safety.

Too late in the night here, bed's waiting.

undomiel

Maybe I'm being brain dead here, but wouldn't server1 need a default gateway so that it would be able to talk to server3 which is on a different subnet?

Essendon

I have been thinking the same thing, undomiel. But how is everything else working. server3 is able to pull DNS information from server1 despite being a different subnet, or is that normal DNS behaviour?

Mishra

MobilOne wrote:

I have been thinking the same thing, undomiel. But how is everything else working. server3 is able to pull DNS information from server1 despite being a different subnet, or is that normal DNS behaviour?

With servers on different subnets they will not be able to communicate with each other at all. If there is no route then there is no traffic. DNS/DHCP/any application it doesn't matter.

Try to ping server3 from server1. If ping is OK then check out your 'route print' command in a CLI window and see if you can find a leftover route from testing. If so a reboot or a routing table flush will fix it to where they cannot communicate.

Mishra

MobilOne wrote:

Maybe I wasnt clear enough, pretty late in the night here. It's been a busy day!

server1 is the primary DNS server and server3 is the secondary server. server3 is pointing to itself just as was described in CBT Nuggets and in Mark Minasi's book. Hey wait a minute, I think in CBT Nuggets, James has both servers setup as DC's, right?

I'm still confused. What is server2's info and role?

undomiel

I think it was a typo. Server2 is actually server3. Am I right MobilOne?

Essendon

Of course are right, undomiel. There is NO server2 anymore. I used to have this machine but I killed it but I sometimes still mistakenly write/say server2 instead of server3.

So, server1 needs a default gateway. What should it be? The IP address of one of the VMWare network adapters? But the addresses of the network adapters also come up as A records...is that ok?

undomiel

You'd want the address of the adapter that fits server1's network which is the 192.168.0/24 network.

rjbarlow

MobilOne, the servers are in two different subnets.
So, because You are using VMWare, You can do two things:
- set a static route on both servers;
- place a Virtual machine between the two servers and set it up as a routing server; it need to have two interfaces, one on subnet of server1 and one in the subnet of server3. Then You have to enable the "Only LAN routing" (or something similar) in this server and You have Your DNS servers communicating.

The first option is much easier if You succed to write static routes. Type "route /?" in a prompt and try that before create a new machine.

Have You tried first putting both servers in the ssame subnet? I think this should work even in vmware.

Essendon

undomiel and rjbarlow, I'll try this when I get home from work (the day's just started!). Why did VMWare assign different subnets to the two machines? Is that default VMWare behaviour?

undomiel

Can't help you on that one as I use VirtualBox mostly. I thought VMWare assigned a different subnet for each type of interface though? Bridged/NAT/Host-only/Custom. I could be wrong about that. You might want to check and make sure they're all using the same network connection.

Essendon

I have tried to put them (server1 and server2) on the same subnet. But they seem to lose network connectivity when I do that.

TechJunky

Set the network adapter to "Bridged" That should change the IP address information so all machines are on the same subnet. I have a setup at home much like this and the bridged works great. If you use the NAT function it can become more work setting the routes than actually learning the microsoft stuff.

Essendon

TechJunky wrote:

Set the network adapter to "Bridged" That should change the IP address information so all machines are on the same subnet. I have a setup at home much like this and the bridged works great. If you use the NAT function it can become more work setting the routes than actually learning the microsoft stuff.

Now, that's what's been at the back of my mind for a while. I have them set to NAT, I'll try setting them to bridged today. So, I am sure I'll need to make some changes in DNS settings, like pointing to the DNS server and stuff, right?

Essendon

I have tried to set it to bridging and host-only. Neither works. Now server1 and server2 cannot even ping each other.

dynamik

Just manually configure their TCP/IP information and put them on their own virtual segment. Are you using VMWare Server or Workstation (can't remember)? Or, keep them as bridged and disable or edit your firewall on your host machine. It might be preventing them from obtaining DHCP information or communicating in other ways (since they have to go out and back in through your host machine). If you set them to bridged, do they obtain TCP/IP settings? Are you configuring them manually? Sorry if I missed any of that. I went through this rather quickly.

Essendon

dynamik wrote:

Just manually configure their TCP/IP information and put them on their own virtual segment. Are you using VMWare Server or Workstation (can't remember)? Or, keep them as bridged and disable or edit your firewall on your host machine. It might be preventing them from obtaining DHCP information or communicating in other ways (since they have to go out and back in through your host machine). If you set them to bridged, do they obtain TCP/IP settings? Are you configuring them manually? Sorry if I missed any of that. I went through this rather quickly.

I'll post exact configurations:

server1:

IP : 192.168.0.101
Mask: 255.255.255.0
Def gateway: none set
Pref DNS : 192.168.0.101

server3:

IP : 192.168.2.129
Mask: 255.255.255.0
Def gateway : 192.168.2.2
Pref DNS : 192.168.2.129

Now the host OS (server01) also has two VMware network adapters.

VMnet8:
IP : 192.168.2.1
Mask: 255.255.255.0
Def gateway : none set
Pref DNS: none set

VMnet1:

IP: 192.168.121.1
Mask: 255.255.255.0
Def gateway : none set
pref DNS : none set

In addition, VMnet0 is set to "Bridged to an automatically chosen adapter".

ATM, the networking is set to host-only.

dynamik

Do you have DHCP setup on those VMNETs, is that why they have IP/Subnet information? You don't need any of that. Just put them all on VMNet 7 and manually configure them to be on the same subnet, such as

Server 1:
192.168.0.1
255.255.255.0

Server 2 (or is it 3?):
192.168.0.2
255.255.255.0

You don't even need a default gateway on either of them if they're just talking to each other on the same subnet. Later, you can install a second NIC, figure out how to get your bridged connection to work (I'm thinking it's a firewall or TCP/IP config issue), and install RRAS to route traffic through that NIC. It'll be a blast

Just do what I said for the time being though.

Essendon

dynamik, I did what you said.

server3 (there ISNT any server2 anymore ) is now on 192.168.100.130.
server1 is now on 192.168.100.129.
So it's the same subnet now.

Connection between the two machines seems to be intermittent. I just rebooted both computers, and I was able to ping either machines by IP/FQDN/Unqualified Domain Name. But then something goes wrong and they cannot contact each other by hostnames any more. Pinging the IP addresses still works though.

No alarming errors on server1, but there are a few on server3.

Windows cannot obtain the DC name for your network. Domain does not exist or could not be contacted.

Hey, wait a minute. Now server1 can ping server3 by hostname...but not the other way around. Dont really know what's happening here.

There is an A record for the new IP address of server3 on server1. Zone transfer hasnt yet gone through.

undomiel

Well it sounds like at this point you have worked out the communication by ip issue. Now it is just down to DNS. Check that you have the correct A records for these servers and the correct NS records. For zone transfers make sure that they are allowed between the two servers. Check things out with nslookup as well. Don't forget to clear DNS cache as well

dynamik

Make sure you're registering your connections in DNS.

Do both machines have the correct information in the DNS console? What IP are you using for the primary DNS on both machines? Are you allowing dynamic updates? Are you using ADIZ? Will this list of questions ever end!?

Essendon

dynamik wrote:

Make sure you're registering your connections in DNS.

Do both machines have the correct information in the DNS console? What IP are you using for the primary DNS on both machines? Are you allowing dynamic updates? Are you using ADIZ? Will this list of questions ever end!?

IP for primary DNS is 192.168.100.129 (that of server1).
Dynamic updates are allowed.
ADIZ on server1 as it's the only DC.
I had a look at the DNS console for any obvious errors before coming into work this morning, but was in a hurry and would have missed the met if I stayed on any longer! I will have a look at DNS thoroughly when I get home tonight.

One more thing, now that the servers are communicating via VMNet 7, should i disable the other virtual adapters. I would think that's a good idea, not that they are communicating anymore, but so that the DNS console is less cluttered (it's got A records for all 3 virtual network adapters).

Essendon

So now I have the two servers on the same subnet (apparently) 192.168.100.0

What I want to know is how to configure the virtual network adapters which I think are preventing communication between server1 and server3. DNS information on server1 reflects the current configuration. (Hey shouldnt this have updated this information itself?)

Here goes:

When I do an ipconfig on server1, I get:

VMnet7 network adapter:

IP: 192.168.100.1
Mask: 255.255.255.0
Default gateway: NONE
Preferred DNS: NONE

Ethernet adapter LAN:

IP: 192.168.100.129
Mask: 255.255.255.0
Default gateway: 192.168.100.1
Preferred DNS: 192.168.100.129

(As I have disabled the other virtual network adapters, they dont appear anymore here)

When do an ipconfig on server3, I get:

Ethernet LAN:

IP: 192.168.100.130
Mask: 255.255.255.0
Default gateway: 192.168.100.1
IP: 192.168.100.130 (doesnt matter whether I change this to 192.168.100.129, hasnt made a difference)

Now the problem is that server3 CANNOT ping server1 by IP/FQDN. But server1 can ping server3 any way it wants. I have cleared the DNS cache on both servers. But still the same result. Also since there server3 cannot contact server1, the DNS information is not updated. I cannot simply change the DNS config on server3 since it's a secondary server and has only a read-only copy of the zone.

I suspect that the network adapters are not correctly configured (gateway and preferred DNS). Please help!

P.S. I am beginning to lose respect for VMware now, too much configuration and it tends to make some bad assumptions. This has made me do more VMware than MS. I feel I should have done the VCP before 291. Might give VirtualPC a shot after the 291.

P.P.S. VMnet7 is now doing HOST-ONLY networking.

dynamik

I'd set both preferred DNS servers to your primary DNS server.

That wouldn't explain why you couldn't ping by IP though. Does the other machine have a firewall running?

Can you ping 192.168.100.1 from both machines?

The default gateway is only used for connecting to other networks, so that has absolutely no affect on the ability of machines on the same subnet to communicate with each other.

Host-only networking should be fine. That'll put the host machine along with any other VMs configured that way on the same network.

Powerful tools can take a bit to configure. Once you get acclimated to it, it'll be a great tool for your studies. No need to rag on VMware