Setting up a domain using server 2003 and vmware ESXi (or "What am I doing wrong?")

Hey, having some trouble getting started with this thing.

I'm using a server and two virtual machines both with server 2003 installed.

Server01 is configured as the DC, Domain is named "contoso.com". I went through the installing AD and configuration wizard, DNS role and DHCP role, then manually changed the static ip address in tcp/ip properties to 192.168.1.10

Server02 is a member server that I cannot get to join the domain "contoso.com".

Server01 - Static IP address assigned
Host name: Server01
Primary DNS Suffix: contoso.com
IP Address: 192.168.1.10
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
DNS Servers: 127.0.0.1

Server02 - Configured to obtain IP dynamically
IP Address: 192.168.1.106
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
DHCP Server: 192.168.1.1
DNS Server 192.168.1.10

192.168.1.1 is obviously the IP address of my router.
192.168.1.2 is the static assigned IP address of my desktop computer running VMware Infrastructure Client, xp pro and a member of workgroup: mshome.
All computers (virtual and physical) can ping each other.

Heres the error message I get when I go into the system properties > computer name changes properties on server02:

A domain controller for the domain contoso.com could not be contacted
ensure that the domain name is typed correctly

and in the details pane:

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain contoso.com:

The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)

The query was for the SRV record for _ldap._tcp.dc._msdcs.contoso.com

The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:

192.168.1.10

Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.

I have no idea what I'm doing wrong. Any help is appreciated, thanks.

Find more posts tagged with

Comments

Graham_84

Id check if you can ping from server2 to server1, if that replys then all is well. Try nslookup from server2, see if you can query the dns server. If it doesnt work look at firewall settings. If it does work, then srv records may be missing. On Server1, install support tools and run netdiag -fix. This will ensure all records are recreated if missing. Otherwise come back here and we can look into further

aquageek

Thanks mate.

Yup, Server02 can ping Server01 (and vice versa)

Ok, results of netdiag -fix are in. Everything except for that which I listed below passed:

DC List Test - Failed - Failed to enumerate the DCs by using the browser [Error No_browser_servers_found]

The DNS test passed - all the DNS entries for DC are registered on DNS Server 127.0.0.1

Tried to add Server02 to domain again and got the same error message as before.

aquageek

Hahahahahaha. Boy do I feel stupid.

Firewall.

Hahahaha.

Thanks mate. I even allowed ICMP on the firewall to enable ping! *slaps forehead*

aquageek

Enabling Windows Firewall on domain controllers

You can enable Windows Firewall on your domain controllers for enhanced security, but you need to do it right, otherwise problems can arise such as not being able to join client machines to your domain. Here's how you need to configure Windows Firewall on a domain controller:

Enable the File And Print Sharing exception.

Enable program exceptions for lsass.exe and ntfrs.exe.exe which are found under %windir%\system32.

Enable port exceptions for ports 53 (TCP and UDP), 88 (TCP and UDP), 123 (UDP), 135 (TCP), 137 (TCP), 389 (UDP), 464 (TCP and UDP) and 636 (TCP).

Squirrel23

hi guys - I'm getting exactly the same error message as you were. I am running three machines on virtual pc (two 2k3 (the first one which is the DC) and one XP) I can sucessfully join the domain from the 2nd 2k3, but I cannot join the XP machine. I've set the firewall on the DC as suggested, but I cannot ping either of the 2k3's from the XP machine. Have i missed something obvious?

Squirrel23

Well I'm not exactly sure why it worked, but I set up the Virtual PC on my other PC and did the same as before and it worked fine.... Oh well...!!!

undomiel

I would make sure that the XP machine is on the same network. Also recheck the firewall or just flat out disable it on both machines. Can it ping either of the servers?