NSlookup and other issues...

kj0

Hey all.

I'm following CBT Nuggets for my MCITP but I keep hitting some snags which don't seem to happen for James Conrad. The current one that I am having issues with is NSlookup. I can run it and get all 8 google IPs when it is just a server, but as soon as I promote to a DC it stops working. I was really trying to get this to work because it would just be following every step.

I am also getting a lot of errors for DNS and AD when I start up my Vms, however, it is all set up the same way as shown in the videos.

I am running Enterprise. Is this just something that's going to occur? I figured it shouldn't, if it works for an identical set up of the VMs.


On the Nslookup, could this be something that isn't allowed when it is a DC?


Cheers

afcyung

Something that it could be is the setup of the VMs themselves within the network configuration. I know when I set up my VMs in VMware I can select stuff like bridged network connection. You may need to go over the actual config of the VM itself to make sure that certain functionality is available in the VM itself. If that makes any sense.

kj0

Cheers for the reply. Unfortunately, I don't think that is the issue as the same settings are there from when it works as a Non-Domain server to when I join it on the Domain as Domain Controller.

I wonder if it is as though if it is a Domain Controller that it does not allow nslookups but it is ok if it is just a Non-Domain Server.

Like 2008 Standard does not have CA but Enterprise and Datacenter does, If you know what I mean.

ptilsen

After you promote the first DC, it will, by necessity, become a DNS server. It will need to point to itself for DNS. Since it doesn't come configured with forwarders out of the box, it will be unable to resolve DNS requests for records not in its zone. After promoting the first DC, you will need to configure it to use forwarders.

MentholMoose

You can configure the DNS server to us a forwarder but it should not be required. It should be able to resolve DNS queries without a forwarder. If it works after configuring a forwarder I'd guess there is a problem on the network.

KenC

What is the output when you just type nslookup at the command prompt on the DC?
Does nslookup work as expected for local domain machines?

kj0

IT works fine for Local domain Machines, just not DC's. It only doesn't resolve once it is is a domain Controller, but if it is just connected to the domain via adding manually, it still works.

It had the Forwarder as my Router/Gateway and I changed that to my ISPs DNS server, however, I still receive the same output.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>nslookup
Default Server:  localhost
Address:  ::1

> set type=ns
> google.com
Server:  localhost
Address:  ::1

com.com.au
        primary name server = ns1255.websitewelcome.com
        responsible mail addr = contact.develop.com.au
        serial  = 2012042800
        refresh = 86400 (1 day)
        retry   = 7200 (2 hours)
        expire  = 3600000 (41 days 16 hours)
        default TTL = 86400 (1 day)
>

no matter what site, or even if I leave out the "Set Type=ns" it still comes back with the same result.


[edit] I have cleared the Cache and flushed DNS

MentholMoose

kj0 wrote: »

It had the Forwarder as my Router/Gateway and I changed that to my ISPs DNS server, however, I still receive the same output.

Your router is probably using the ISP's DNS servers so getting the same result for both is not surprising. From the output I think your ISP may be doing something non-standard with DNS queries. They may be doing this on their DNS server or by intercepting all DNS queries. Many ISPs do this to make money (e.g. selling statistics of DNS queries) and/or to be helpful (e.g. by giving you a "friendly" error page if you put in a non-existent URL), though some let you opt out of this.

Try configuring the DNS server's forwarders to known good DNS servers like Google (8.8.8.8 / 8.8.4.4) or OpenDNS (208.67.222.222 / 208.67.220.220). If it is still not working, paste the output of a few debug-enabled nslookup queries ("set debug") to a few servers (the DC, 8.8.8.8, etc.). You can tell nslookup to query a particular server with "server serverip".

kj0

it works for any computer, it only doesn't work when it is a Domain Controller.

MentholMoose

Post some debug nslookup queries from a working and a non-working machine.

kj0

Same response from the Host computer and the VMs when are not a Domain Controller. Works fine. I'll grab some more reports as soon as I can.

Picks up my ISPs DNS fine.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Keiran>nslookup
Default Server:  dns1.tpgi.com.au
Address:  203.12.160.35

> google.com
Server:  dns1.tpgi.com.au
Address:  203.12.160.35

Non-authoritative answer:
Name:    google.com
Addresses:  2404:6800:4006:804::1009
          74.125.237.142
          74.125.237.133
          74.125.237.130
          74.125.237.136
          74.125.237.134
          74.125.237.128
          74.125.237.129
          74.125.237.137
          74.125.237.131
          74.125.237.135
          74.125.237.132

>

Everlife

Are you using VMWare Workstation? If so, how many NICs have you assigned to the VM? Under the hardware tab in the VM settings window, what does the summary column say for each of your NICs? I think afcyung may be on to something.

I had a similar setup for my 70-640 lab. I used two NICs on the VM, one with a bridged connection, and one connected to a LAN segment.

For example:

VM Name: DC
Network Adapter - Bridged

Network Adapter 2 - LAN Segment (70-640)

Assume that "Network Adapter" maps to "Local Area Connection" and "Network Adapter 2" maps to "Local Area Connection 2" and your physical network is running in the 10.0.0.0/24 subnet while the LAN Segment network you've configured in VMWare will run on the 192.168.0.0/24 subnet.

On Local Area Connection (your bridged adapter) you would have it set in Windows (in VM) to automatically obtain an IP, but manually set the DNS server address to the static IP address you have chosen for your domain controller (this would be something like 192.168.0.1). On Local Area Connection 2 (your LAN segment adapter) you would statically configure the IP address with a 192.168.0.1 IP, 255.255.255.0 subnet mask, leave the default gateway blank, and assign the DNS server to be 192.168.0.1.

I may be way off on your setup, but that is how I would set something up with VMWare Workstation.

Optionally, you can set the DNS server on Local Area Connection to manual but leave the servers blank. I don't think it matters, as long as you have DNS servers provided in one of the two network connections.

I apologize if the above info isn't useful I'm misinterpreting what your problem is.

kj0

Cheers mate, I understand where you are coming from, I've had a similar setup previously, but had other issues, so I now just a single Bridged connection for all my VMs through my physical network. so only 1 nic is enabled.

I was having the same issue using Virtualbox as well.

MentholMoose

I'm not clear on what is and what is not working. You said after promoting the server to a DC, nslookup fails for the server, but clients still work. I assumed that the clients were configured to use the DC for DNS, which is the normal configuration in an AD domain, but your latest pasted nslookup shows nslookup using the ISP DNS. So, are the clients configured to use the DC for DNS? If not, try configuring them to use the DC for DNS and check if nslookup works. If it doesn't work, check the DNS server configuration on the DC. It may not be configured correctly, may not be running, or may not even be installed. When running dcpromo, by default it will install and configure the DNS server. Are you using the default options, or does your lab guide instruct you to use some different options? They might want you to explicitly configure DNS yourself instead of letting dcpromo do it for you.

kj0

DNS is setup and running and is set up as followed through the CBT nugget videos that work for him. However, the only difference is that one of thesystems I tried it on is a DC. In the video he has it running on a Non-DC which i can do as well. But as soon as I promote to DC it doesn't work. DNS is still configured the same, which is why I'm wondering if that is something that gets disabled when the server is promoted.

Clients that connect to the DC are still able to get through. I actually took that nsloopup pointing to ISP was my host machine, but the VMs give the same response with just my DC DNS in place of the ISP.

MentholMoose

Try dcpromo on a freshly installed server with no DNS installed beforehand, and let dcpromo install and configure DNS.

blargoe

Look at your DNS server on the DC and check for a "." zone. This happened to me one time. Somehow, "." (root) got created on my server, which made my DC think it was the root DNS server for the internet.

kj0

MentholMoose wrote: »

Try dcpromo on a freshly installed server with no DNS installed beforehand, and let dcpromo install and configure DNS.

Have done that before I posted here. I thought it was VBox, so I went through and started rebuilding my lab, and I've always created it with a clean build for DCPromo.


I don't want to be the root.. Yeah, there is no "." zone.

Might give it a try here at work with a different network set up. Can only try I guess.

rsutton

Can you post the following info:
A NSLookup before you promote the server to a DC
A NSLookup after you promote the server to DC

Please make sure each Nslookup you post is clearly labeled, I had a hard time figuring what state the server/computer was in in your earlier posts.