Chapter 5 help

baconfacebaconface Member Posts: 24 ■□□□□□□□□□
I'm currently working my way through Chapter 5, I'm stuck on Exercise 3: Joining a computer to the domain.


Computer1 is now a DC and DNS has all the AD entries that the wizard has put in.

IP: 192.168.0.1/24



Computer2 which I'm trying to add, just won't connect to the domain, I keep receiving the following:
DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain domain1.local:

The query was for the SRV record for _ldap._tcp.dc._msdcs.domain1.local

The following domain controllers were identified by the query:

computer1.domain1.local

Common causes of this error include:

- Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.

For information about correcting this problem, click Help.

It is currently assigned a static IP of 192.168.0.2/24. Its DNS is set to point to 192.168.0.1.
When adding it, I enter "domain1.local" as the domain

I can see Computer1 fine:

Pinging computer1 [192.168.0.1] with 32 bytes of data:

Reply from 192.168.0.1: bytes=32 time=4ms TTL=128
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128

and vice versa.

I have prestaged the Computer2 account in AD
I have added an A record for computer1 & 2 in DNS under domain1.local
I thought it could be something to do with VMWare, so I've disabled the virtual NIC aswell as DHCP and NAT, so essentially Computer1 and Computer2 are isolated.


Any help is greatly appreciated as I'm at my wits end on trying to get it on the domain

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    It looks like the A record was setup incorrectly, and it was cached that way in your local dns cache on computer2. Try an ipconfig /flushdns and try pinging it again. Your ping should contain a FQDN and look like this:
    Pinging computer1.domain.local [192.168.0.1] with 32 bytes of data:
    

    if it's resolving the name through DNS. It looks like it's just relying on a NetBIOS broadcast. You definitely have/had a DNS problem. Double-check all your settings, try flushing the cache, and we'll go from there.
  • baconfacebaconface Member Posts: 24 ■□□□□□□□□□
    Thanks for the quick reply dynamik.

    Recreated the A record.
    Flushed dns on computer2:
    Pinging computer1.domain1.local [192.168.0.1] with 32 bytes of data:

    Reply from 192.168.0.1: bytes=32 time<1ms TTL=128



    ....and still getting the same icon_sad.gif


    I had initial problems at the DNS stage of the AD install.

    I'm considering running dcpromo to remove the forest and DNS and start all over.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Double check your DNS setup:
    http://technet2.microsoft.com/windowsserver/en/library/81a63dd1-1509-4e8c-8f70-8cc61e09bf661033.mspx?mfr=true

    You might want to try running these as well:
    dcdiag /fix
    netdiag /fix

    You need to download the support tools: http://support.microsoft.com/kb/892777 to get those though.

    edit: You need to run those on your DC. It's easy to just demote/promote. Use this opportunity to do some troubleshooting ;)
  • baconfacebaconface Member Posts: 24 ■□□□□□□□□□
    dynamik wrote:
    edit: You need to run those on your DC. It's easy to just demote/promote. Use this opportunity to do some troubleshooting ;)


    lol yeah, i've been doing that for the past hour!. I've even checked my old server setup for 70-270. Exactly the same DNS details.

    I'm going to dcpromo it later on.
  • cacharocacharo Member Posts: 361
    Couple quick questions for you;

    1. Does NSLookup work?
    2 Is the DHCP service running?
    Treat people as if they were what they ought to be, and you help them become what they are capable of being.
  • baconfacebaconface Member Posts: 24 ■□□□□□□□□□
    I've put the server back onto a WG, I'll get around to promoting it later.

    I never thought to try nslookup
    DHCP was not installed as Vmware was handling it, would that have an influence on an AD install?
  • Dracula28Dracula28 Member Posts: 232
    I've noticed that when you follow the guidelines in the book, the forward lookup zone does not contain an SRV Resource record for the domain. As a matter of fact, the domain1.local node does not contain any of the subdomains it should either. And the domain1.local zone is not AD integrated either.

    To get around this, I've had to remove the dns service, demote the DC, and then run a DC install from manage your server, which will install DNS and a forward lookup zone for you.

    I don't know why its like that. Maybe it has to do with adding the DNS service through add/remove windows components before installing AD? I have no idea.

    Did the domain1.local zone contain an SRV resource record for the domain?
    dynamik wrote:
    You need to run those on your DC. It's easy to just demote/promote. Use this opportunity to do some troubleshooting ;)

    Excellent suggestion. I should do that myself, the next time.
    Current certs: MCP (210) MCSA (270, 290, 291 and 680) MCTS (680, 640)
  • baconfacebaconface Member Posts: 24 ■□□□□□□□□□
    Dracula28 wrote:
    I've noticed that when you follow the guidelines in the book, the forward lookup zone does not contain an SRV Resource record for the domain. As a matter of fact, the domain1.local node does not contain any of the subdomains it should either. And the domain1.local zone is not AD integrated either.

    To get around this, I've had to remove the dns service, demote the DC, and then run a DC install from manage your server, which will install DNS and a forward lookup zone for you.

    I don't know why its like that. Maybe it has to do with adding the DNS service through add/remove windows components before installing AD? I have no idea.

    Did the domain1.local zone contain an SRV resource record for the domain?


    Thats what I found too. The steps you took I done the exact same.

    The domain1.local domain does contain the _ldap SRV record. And now I can't seem to ping computer1.domain1.local. Computer2 has a DNS suffix of domain1.local
  • Dracula28Dracula28 Member Posts: 232
    Found out the reason for this. The reason why its fails to create those service records, is because dynamic updates are not configured. The practice in the book where you create the zones, tells you to set dynamic updates as none.

    Later on you are told to run a command, which does not succeed for some reason, this command is supposed to set dynamic updates on the zones to nonsecure and secure.

    And when you then install AD, it fails when testing DNS, because of this. And thats why (I think) it does not create the service records. I set the dynamic updates to secure and non secure manually, and then it passed the DNS registration diagnostics, while installing AD, and the service resource records were there.
    Current certs: MCP (210) MCSA (270, 290, 291 and 680) MCTS (680, 640)
  • Jack BauerJack Bauer Member Posts: 8 ■□□□□□□□□□
    Dracula28,

    Thank you very much for your help.
    I was facing the same problem with my 2 virtual machines. After I set the dynamics updates, like described for you, the SRV recrod appeared in my domain tree and I could add the second VM on the domain.
    Regards,
    Alexandre Lopes Fragoso
    MCP, MCDST WINDOWS XP
    MCP WINDOWS 2003 SERVER
    alexandrefragoso@hotmail.com
    Twitter: alefragoso
Sign In or Register to comment.