Need Help Labbing (creating new domain tree)

jahaziel · June 2013

Hey TE,
Got issues with creating new domain tree. Can't seem to figure it out.. I'll lay out the IP configuration and everything.

Main Domain Controller and DNS Server
Name:Hyper-DC
Domain Name: L2G.Local
Link-local IPv6 Address . . . . . : fe80::5c4f:3664:17e7:a337%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.95(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.95
127.0.0.1

Child Domain DC2
Name:DC2
Domain Name: Geek1.L2G.local
IPv4 Address: 192.168.1.96
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
DNS Servers: 192.168.1.95
192.168.1.96
127.0.0.1

I want to create a new domain tree under name Learn2Geek.local
I point DNS servers to 192.168.1.95 and 192.168.1.96 and set the static ip to 192.168.1.97.

When I DCPromo I always get DNS errors. Should I be creating stub or a dns zone before i create it on my main dns server?

Essendon · June 2013

This should sort this problem out > DNS Design Options in a Multi-Domain Forest - How to create a Parent-Child DNS Delegation, and How to Configure DNS to create a new Tree in the Forest - AD and Exchange Quantum Singularity

And read this > How To Create a Child Domain in Active Directory and Delegate the DNS Namespace to the Child Domain

jahaziel · June 2013

Essendon,
Your becoming my go to guy almost for certs and questions lol.
I'll have to read this tomorrow tho. I will let you know if I'm confused about it still.
Thanks!

jahaziel · June 2013

Trying those steps right now but got a rpc server unavailable. Looked up information about it but I clicked next and the server rebooted waiting 30 mins now just like the site you sent me told me to..

Update:
Everything went wrong... It keeps telling me that it can't find the main DC and DNS server even though its set to 192.168.1.95. Not sure if this is caused by the RPC Server being Down?? Not even sure how its down.

help please lol

Update 2:
Well, Some how I turned my Main DNS server primary zone into a stub.. Not sure how. Good thing this is a lab. Starting over again

jahaziel · June 2013

Wow, I must be stupid... but what password am suppose to be using here. I tired using the my enterprise username and password from my original domain and its not working at all.
.

jahaziel · June 2013

uh... I was finally able to do it. It gave me a error while I was dcpromo it but everything replicated after 30 or so mins.. going to try it one more time.

I had to turn off firewall not really happy with that. Can someone give their input?

Essendon · June 2013

Assuming your talking about the Windows Firewall, it's best to have it off in a lab environment. More often than not, it's the culprit (after DNS, of course). Glad you worked it out!

How did you turn your primary DNS zone into a stub? Mis-clicked? (is that a word?!!)

jahaziel · June 2013

Yeah most likely misclicked. Need to be more careful. Is there anyway to keep the firewall on?

Essendon · June 2013

Keep it off I recommend, otherwise you'll keep wrestling with it. Look at here on how to add exceptions > Windows 7 Firewall

undomiel · June 2013

For once I'll have to disagree with Essendon on this one. You'll need to know what exceptions to create in the firewall at some point in your career as an admin so keeping the firewall on and having to troubleshoot those darn firewall related errors that crop up keeps you in the healthy habit of always checking your firewall exceptions. I receive way too many escalations that were as simple as the firewall not being open i.e. the tech couldn't figure out why nobody could connect to the terminal server, so I go in and open up RDP on the firewall.

In this particular instance I would advise checking the Active Directory Domain Controller LDAP/GC rules and File and Print Sharing rules. Another good reference would be How to configure a firewall for domains and trusts

Essendon · June 2013

Darn firewalls!

I concur with you Jeff about having a healthy firewall, I was only trying to make things easier for him. Never turn off in prod environment, that's for sure!

jahaziel · June 2013

Thanks. I do have other issue. Every time I create the new domain tree (I must of done this lab 30 times already no real success yet..) I try to make the DNS to replicate to all of my forest and receive "the replication scope could not be set...... There is a server failure"

Update: Why cant I figure this out... Been playing with this forever... I just wish I can find a CBTnugget or something explaining this... LOL just want it to magically be pushed in my end. So far I hate replication and dns so much.

I'm actually going to give myself a congrats for not giving up yet.

Update 2: It seems like my firewall has all the incoming and outgoing ports allow connection on my main dc.

jahaziel · June 2013

I started reading over the article essendon gave me. I have question about step number 2:
"2. Point DNS on the new machine prior to promoting it, to the existing forest root DNS server that you just created the zone on in step# 1."

Does this mean the IP Address of the root dns server

cruwl · June 2013

So server 1 should be your first DC and DNS server right? server 2 is the new DC in the new domain tree.

Server 2 should be using Server 1 as its DNS server until everything is working ect then set it to server 2s ip

jahaziel · June 2013

cruwl wrote: »

So server 1 should be your first DC and DNS server right? server 2 is the new DC in the new domain tree.

Server 2 should be using Server 1 as its DNS server until everything is working ect then set it to server 2s ip

Thanks. Exactly what I been doing. So its not the issue.

Now step on says "1. Create the zone for the new tree, on the forest root's DNS server. Configure the zone's replication scope Forest Wide."

Just to make sure I'm doing this right. I go into DNS Management Console. Click on the dns server to expand and under forward lookup zones click "new zone" correct?

Also, can someone clarify on post 5 of this thread? I seem to run into this issue more then once when i'm doing this lab. I'm using my main domain enterprise admin account and still get denied.

This might seem silly but I am getting annoyed because I have been able to do this correctly without dns or replication issues.

cruwl · June 2013

From the practice:
"3. Right-click Forward Lookup Zones and click New Zone.
This launches the New Zone Wizard.
4. Click Next.
5. On the Zone Type page, select Primary Zone and make sure that the Store The Zone In
Active Directory check box is selected. Click Next.
You must create a new zone to host the delegation because if you tried to store the
delegation in an existing zone, it would automatically add the name suffix for the
existing zone. Because a domain tree is distinguished from the forest namespace by its
name suffix, you must create a new zone to host it.
6. On the Active Directory Zone Replication Scope page, select To All DNS Servers
In This Domain: Treyresearch.net and click Next. This places the DNS data in the
DomainDnsZones application directory partition for the treyresearch.net domain."

jahaziel · June 2013

Im using sybex book and instead of entering a delegation manually it says to let dcpromo do it. But when I do this I then get dns replication errors.

No on regards to what wrote. Why should I do step 6. On the Active Directory Zone Replication Scope page, select To All DNS Servers
In This Domain: Treyresearch.net and click Next. This places the DNS data in the
DomainDnsZones application directory partition for the treyresearch.net domain."?

Shouldn't it be forest since my new domain won't be a child domain but a new domain?

jahaziel · June 2013

Decided to add it without the zone adding on the main root forest and everything went fine... Not sure why its not letting me the other way. But now doesn't let me make it into a active directory dns server

ahphoto · June 2013

Essendon wrote: »

Darn firewalls!

I concur with you Jeff about having a healthy firewall, I was only trying to make things easier for him. Never turn off in prod environment, that's for sure!

I agree with Jeff. Keeping the firewall on in the lab environment will only help to solidify your learning. Sure, it might slow the student down a bit, but in the real world (where it counts) you will know how to troubleshoot basic firewall issues instead of simply turning it off. Some tech's I work with (who labbed with it off) don't know how to troubleshoot the firewall and end up turning it off on a users system. Doh!

jahaziel · June 2013

When I run NSLookup my dns server resolves them as computer-4.home when name is tototally different and never was that before. Any reason why this is happening?

undomiel · June 2013

Check and see what is registered in the DNS server being referenced. Something at one point registered an A record or PTR record (you didn't specify which) with that name. Records on DNS servers don't magically appear without cause. Either they are manually created or dynamically created and for dynamic creation to happen something would have to initiate the creation. Look over what DNS is being handed out by DHCP and what the permissions are on your DNS zones.

jahaziel · June 2013

I decided to create a child domain using the same setting on the server and everything went well..

Not sure what is going wrong.

jahaziel · June 2013

Finnaly worked!!!!!

I added the second domain def.com ip address as a dns server to my other domain abc.com... then created a secondary zone of the def.com and it seems to work..

Need Help Labbing (creating new domain tree)

Comments