Clients can't find Domain Controller!

Discussion in 'DNS Server' started by Richth, Aug 16, 2006.

  1. Richth

    Richth Guest

    Believe DNS is not properly configured. Clients are not able to locate a
    domain controller when trying to access shared folders on the servers. Get
    following response from NSLOOKUP when checking to see if one of the DCs is
    listed:

    C:\Documents and Settings\user>nslookup server1.yuk-lan.local
    Server: server1.yuk-lan
    Address: 192.168.8.3

    *** server1.yuk-lan can't find server1.yuk-lan.local: Non-existent domain

    Would appreciate someone informing me of the proper entries in DNS to ensure
    clients can see my domain and domain controllers please. Thanks.

    Richard
     
    Richth, Aug 16, 2006
    #1
    1. Advertisements

  2. Richth

    Jorge Silva Guest

    Hi
    Make sure that the clients only use their local DNS server, and the DNS
    server points to itself under NIC properties, to resolve name on internet
    configure Forwarders.
    Here's more inf
    Best practices for DNS client settings in Windows 2000 Server and in Windows
    Server 2003
    http://support.microsoft.com/default.aspx?scid=kb;en-us;825036&sd=RMVP
    HOW TO: Configure DNS for Internet Access in Windows Server 2003
    http://support.microsoft.com/default.aspx?scid=kb;en-us;323380&sd=RMVP

    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Aug 16, 2006
    #2
    1. Advertisements

  3. Richth

    Richth Guest

    Thanks. I'm checking it over.
    Clients only use a local DNS ip. DNS server points to itself. Is a 2003
    Server. I have a 2000 Server domain controller, which used to be the primary
    (AD integrated) DNS server. Suspected problems with it, so followed article
    to remove it on the 2000 server, and created DNS server on the 2003 server.
    Then reinstalled DNS on the 2000 server. I just saw that I created it as a
    primary also (AD integrated), which likely caused problems. So set it to be
    a Secondary, and stopped and restarted the DNS service on the 2000 server.

    I still don't see any article stating precisely what items (hosts, CNAME,
    etc) are necessary in DNS for clients to locate a domain controller. If I
    knew this, I think I could straighten this problem out.
     
    Richth, Aug 16, 2006
    #3
  4. Richth

    Jorge Silva Guest

    Jorge Silva, Aug 16, 2006
    #4
  5. Richth

    Richth Guest

    Can you tell me if the 2000 server should have the Start of Authority
    pointing to itself (8.2)? It current does but is now configured as the
    Secondary DNS server. Or should it point to the Primary AD Integrated DNS
    server (8.3)?
     
    Richth, Aug 16, 2006
    #5
  6. Richth

    Jorge Silva Guest

    By General Definition DNS should always point to itself.
    You're not using AD Integrated Zones?
    Secondary Zones is read only copy you can't make changes in it.
    Also check:
    DNS Server becomes an island when a domain controller points to itself for
    the _msdcs.ForestDnsName domain

    http://support.microsoft.com/kb/275278/


    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Aug 19, 2006
    #6
  7. Richth

    Richth Guest

    All of these references you're pointing out are great. The problem is, they
    don't address the problem I'm having.

    I know there are missing settings in my DNS configuration. The problem
    is...I don't know what is missing because I am not sure what should be there.
    NETDIAG shows the following error for DNS:

    DNS test . . . . . . . . . . . . . : Failed
    [WARNING] Cannot find a primary authoritative DNS server for the
    name
    'dc1.schdomain.Local.'. [RCODE_SERVER_FAILURE]
    The name 'dc1.schdomain.Local.' may not be registered in DNS.
    [WARNING] The DNS entries for this DC are not registered correctly on
    DNS se
    rver '192.168.8.2'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

    What I would like to know is what entries MUST I have in DNS for clients to
    properly locate my domain controllers? If anyone can help with that, I would
    greatly appreciate it.

    Rich
     
    Richth, Aug 20, 2006
    #7
  8. Richth

    Richth Guest

    Here is the DNSLint output. Ran it from the 2000 srv against the ip addr of
    the 2003 server:

    DNS server: dc2.schdomain
    IP Address: 192.168.8.3
    UDP port 53 responding to queries: YES
    TCP port 53 responding to queries: Not tested
    Answering authoritatively for domain: NO

    SOA record data from server:
    Authoritative name server: Unknown
    Hostmaster: Unknown
    Zone serial number: Unknown
    Zone expires in: Unknown
    Refresh period: Unknown
    Retry delay: Unknown
    Default (minimum) TTL: Unknown


    Notes:
    One or more DNS servers is not authoritative for the domain
    One or more zone files may have expired
    SOA record data was unavailable and/or missing on one or more DNS servers
     
    Richth, Aug 20, 2006
    #8
  9. Richth

    Jorge Silva Guest

    Well sounds like you didn't read the links that I provided you and related
    links...

    1- Is the 192.168.8.2 an existent DNS server, is this server online??
    If yes go to the 192.168.8.2 DNS server, make sure that the server has
    static IPAddress and that points to itself under NIC Preferred DNS server
    then run ipconfig /registerdns, restart netlogon service and run netdiag
    /fix. Do the tests again on that server.

    DNS Support for Active Directory (Check Domain Controller SRV Resource
    Records section)

    http://technet2.microsoft.com/Windo...75c3-4a77-ae93-a8804e9ff2a11033.mspx?mfr=true

    How to Verify the Creation of SRV Records for a Domain Controller

    http://support.microsoft.com/kb/241515/EN-US/

    How to verify that SRV DNS records have been created for a domain controller

    http://support.microsoft.com/kb/816587/en-us

    --
    I hope that the information above helps you


    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator

     
    Jorge Silva, Aug 20, 2006
    #9
  10. Richth

    Jorge Silva Guest

    1- The Solution that I provided you was in consideration that you used DNS
    on Windows 2003 DCs and Not Windows 2000.

    Now:

    In your first post you said that the server FQDN was = server1.yuk-lan.local
    then you wrote that the server = server1.yuk-lan
    Now you wrote thet the server = dc2.schdomain

    Now my question is are you running single-label DNS name? (= domain instead
    of = domain.tld)
    If yes then take a look at:
    Information about configuring Windows for domains with single-label DNS
    names

    http://support.microsoft.com/kb/300684/

    Clients cannot dynamically register DNS records in a single-label forward
    lookup zone:
    http://support.microsoft.com/?id=826743&sd=RMVP


    --
    I hope that the information above helps you


    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Aug 20, 2006
    #10
  11. Richth

    Jorge Silva Guest

    1- The Solution that I provided you was in consideration that you used DNS
    Correction to this statement, ignore this part, was not for you. Sorry

    The rest is valid.

    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Aug 20, 2006
    #11
  12. Richth

    Richth Guest

    Actually, I read each top to bottom. And I was able to do precisely what the
    article was designed to do, help me verify the SRV record WAS NOT there.
    Problem is...it didn't tell me how to create it if it wasn't there.

    192.168.8.2 is my original Win2000 Srvr which was the DNS server. I added a
    new Win2003 Srvr (192.168.8.3) 6 months ago, and a few days ago decided to
    make it the new primary DNS server, integrated with AD. I manually
    uninstalled DNS from the 2000 Srvr following steps in a KB article.
    Installed DNS on the 2003 Srvr as integrated with AD. For some reason it
    didn't install the appropriate entries for itself. I then created a
    secondary DNS server on 8.2. I pointed the 8.3 server to itself as the
    primary DNS server, and the 8.2 server to point to the 8.3 server as it's
    primary.

    So taking into account what you posted below, I should be doing that on the
    8.3 server which is my new DNS server, right? Thanks for your help so far.
    I certainly appreciate it as my client computers can't get any work done
    through the network currently.

    Rich

     
    Richth, Aug 21, 2006
    #12
  13. Richth

    Richth Guest

    Posting different names for security reasons. We have a single-label DNS
    name in the format of <servername>.<domainname>.<local> I'll call the 2003
    server DC1 and the 2000 Server DC2 from now on.

    I have yet to review article 826743, though have seen it. Right now I need
    to figure out precisely how to get the appropriate entries for the 2003 DNS
    Srvr and the 2000 DNS Srvr, starting with the 2003 Srvr since it's the
    primary.

    Based on what I've shared, do you agree?
     
    Richth, Aug 21, 2006
    #13
  14. Richth

    Jorge Silva Guest

    This is starting to get confused...
    Can you post here the results for both DCs (you can change their names, but
    PLEASE be careful don't change the structure).

    For the Srv records, you can check:
    c:\windows\system32\config\netlogon.dns (Srv records configuration are
    stored here based on your configuration)
    also check:
    http://www.petri.co.il/active_directory_srv_records.htm

    If you want to rebuild everything from start:
    Assuming AD Integrated Zones. Point all existent DCs to the Main DC
    (Wuindows 2003), Point the Main DC to itself, then:
    *Delete the forward zone and the reverse lookup zone.
    *Wait for replication and make sure that the zones are automatically removed
    from the other servers.

    *You can also force replication using Active Directory Sites and Services or
    any other Tool.

    *Clear the DNS cache

    - rightclick the DNS server and clear the cache.
    - run from cmd: ipconfig /flushdns
    *Go to the %systemroot%\system32\dns - delete any old zone that you might
    have there.
    *delete the files netlogon.dnb and netlogon.dns from
    %systemroot%\system32\config
    *create the forward lookup zone and the reverse lookup zone make them AD
    integrated, for security purposes make sure that the zones only accept
    secure only - updates.

    *IN YOUR CASE MAKE SURE THAT YOUR replication scope under Zone properties IS
    SET = TO All DCs in AD Domain (Because You're running Windows 2000 DC)
    *run ipconfig /registerdns
    *restart the netlogon service, confirm the creation of the files
    netlogon.dnb and netlogon.dns on %systemroot%\system32\config

    *run netdiag /fix
    *run REPADMIN /SYNCALL and wait a little bit, then go to the others servers
    and if the zone was already transferred, then point these servers to itself
    again.
    *run dcdiag and netdiag and make sure that everything is ok.



    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Aug 21, 2006
    #14
  15. Richth

    Jorge Silva Guest

    Also make sure that you have sites and related subnets properly configured,
    this is important because allows windows clients and servers to reach and
    authenticate with the correct DC and for GC contact, DFS, etc.


    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Aug 21, 2006
    #15
  16. Richth

    Richth Guest

    Ah...thank you Jorge. Now this is information I can use and put into
    practice. I will perform these steps tomorrow during the day and post the
    results here.

    One question I need clarified is this...Should I be doing all of this on the
    2003 server which is the current primary AD integrated DNS server? If so, do
    I need to do the same thing on the 2000 server as well, or will it pick up
    the changes? Zone xfers are working ok at this point, just doesn't have the
    right stuff in them.
     
    Richth, Aug 21, 2006
    #16
  17. Richth

    Richth Guest

    Jorge,
    I performed the steps to completely rebuild DNS. My problem continues in
    that this domain controller (the 2003 Srvr) is not creating the SRV records:

    From an article>
    Each of the following "subfolders" must be present in the DNS zone. There
    will be DNS Service (SRV) records in these "subfolders".
    _MSDCS
    _SITES
    _TCP
    _UDP

    When I reinstalled the DNS server, it did not create the above entries.
    Only the start of authority and the NS entry.

    I think I'm going to remove DNS from the 2003 server and recreate the DNS
    server on the 2000 server. I appreciate your help so far, and if you have
    other ideas, I'll be listening. Thanks.
     
    Richth, Aug 22, 2006
    #17
  18. The DNS server does not create these subfolders and records that is up to
    the Domain Controller to create the records.
    An ipconfig /all from the server, the name of the AD domain from ADU&C, and
    the name of the zone in DNS would be very beneficial for diagnosing this
    problem and resolving your issue. Also, make sure the DHCP client service is
    running and set to automatic startup.


    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 22, 2006
    #18
  19. Richth

    Richth Guest

    Ok. Thx.

    DNS Zone: MCE-LAN
    ADU&C domain name: MCE-LAN.LOCAL

    2000 Server IPCONFIG /ALL (Primary DNS server AD Integrated)
    Windows 2000 IP Configuration

    Host Name . . . . . . . . . . . . : mceserver1
    Primary DNS Suffix . . . . . . . : MCE-LAN.Local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : MCE-LAN.Local

    Ethernet adapter Local Area Connection 2:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : D-Link DFE-530TX PCI Fast
    Ethernet A
    dapter
    Physical Address. . . . . . . . . : 00-80-C8-E8-C8-92
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.8.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.8.1
    DNS Servers . . . . . . . . . . . : 192.168.8.2
    Primary WINS Server . . . . . . . : 192.168.8.2

    2003 Server IPCONFIG /ALL: (DNS is running.)
    Windows IP Configuration

    Host Name . . . . . . . . . . . . : MCERACK1
    Primary Dns Suffix . . . . . . . : MCE-LAN.Local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : MCE-LAN.Local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
    Physical Address. . . . . . . . . : 00-11-43-E9-6D-66
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.8.3
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.8.1
    DNS Servers . . . . . . . . . . . : 192.168.8.2
    Primary WINS Server . . . . . . . : 192.168.8.2

    Let me know if you need anything else.
    Rich
     
    Richth, Aug 22, 2006
    #19
  20. Richth

    Richth Guest

    That was indeed it. Thank you so much for noticing it. All this time I was
    entering just the domain name expecting it added the .local itself as it
    seemed to have done for the others. Thanks a million!

    Rich
     
    Richth, Aug 29, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.