W2k3 server and DNS

Discussion in 'DNS Server' started by Duane, Aug 4, 2005.

  1. Duane

    Duane Guest

    I have a new W2k3 server and I have setup a DNS, DHCP, and WINS on this
    server. I can ping my W/XP workstations but I can not join the domain. I have
    been looking through all the notes and all the threads at the same problem
    I'm having but I can not get it. I have the IP of the server as the DNS. This
    is a stanalone domain and the .root has localhost = 127.0.0.1, but the net
    folder and the root-servers folder are empty.
    I'm sure it has to do with the _ldap._tcp_dc._msdcs.mydomian.com error.
    However I have been unable to get this to create.
    When I do NSlookup the message Can't find server name for ip 10.1.2.1:
    Non-existant domain, Default Server unknown, address 10.1.2.1.
    IPConfig /all brings me the following:
    Hostname = carestatserver
    Primary DNS suffix =
    Node Type = hybrid
    IP Route Enabled = yes
    Wins Proxy Enabled = no
    Connection Specific DNS Suffix =
    Description = HPNC3163 Fast Ethernet Nic
    Physical address = 00-0b-cd-5a-0f
    DHCP Enabled = no
    IP address = 10.1.2.1
    subnet mask = 255.255.0.0
    gateway =
    DNS server = 10.1.2.1
    Primary WINS = 10.1.2.1

    dcdiag shows me the following
    Testing Server:
    Default-First-Site-Name\carestatserver
    The Host 5748d3bb-3f99-47bf-9a8e-b3f4c1e2bfb6._msdcs.carestatet.org
    Could not resolve to a IP address
    All other tests pass.
     
    Duane, Aug 4, 2005
    #1
    1. Advertisements

  2. folder and the root-servers folder are empty.

    If I'm following you correctly, these records get created during the logon
    process.

    from command prompt on the DNS server run net stop netlogon followed by net
    start net logon. Then check the records.

    Make sure the DNS server is pointed to itself for DNS in the properties of
    TCP/IP. Use the actual IP address not 127.0.0.1. Make sure the DNS zone is
    set to allow dynamic updates.

    hth
    DDS W 2k MVP MCSE
     
    Danny Sanders, Aug 4, 2005
    #2
    1. Advertisements

  3. Duane

    Duane Guest

    Thank you Danny for your reply.
    I have done the net stop and start of the netlogon.
    however it does not create this "_ldap.tcp_dc._msdcs.mydomain.com" record.
    I think this is the records you're speaking of and yes the DNS server does
    have the IP of DNS pointing at itself.
    The IP of the DNS server is 10.1.2.1.
     
    Duane, Aug 4, 2005
    #3
  4. Any errors in the event viewer on the DNS server?
     
    Danny Sanders, Aug 4, 2005
    #4
  5. Do you have a _msdcs.carestatet.org forward lookup zone?
    If you don't, create one.

    To get rid of the nslookup, "can't find server name for address 10.1.2.1"
    create a reverse lookup zone for the 10.1.2.x subnet and a PTR for IP 1,



    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 5, 2005
    #5
  6. Duane

    Duane Guest

    Hi Danny and Kevin,
    I wrote a message to this issue yesterday but it never posted...
    I did have an error in the event log for 414 but this morning I notice the
    records I was looking for somehow appeared. The NSLookup is now running all
    passed. during all this trying to get the right records in the DNS I now two
    Zones: _msdcs.carestet.org and carestatet.org under the name of the server.
    However I'm still getting the Error at my W/XP "The error was:"a socket
    operation was attempted to an unreachable host" error code 0x00002751
    WSAEHOSTUNREACH"
    The query was for the SRV record for _ldap._tcp.dc._msdcs.carestatet
     
    Duane, Aug 5, 2005
    #6
  7. In
    The WSAEHOSTUNREACH error usually indicates there is no route to the target
    system. Basically saying, it doen't know how to connect via the network to
    get to it. Check these links out to understand what is happening.
    http://www.anzio.com/support/troubleshooting/winsockerrors.htm
    http://soporte.dd.com.ar/faq/winsock_errors.htm
    http://www.pctechnicians.ca/help/Winsock.html

    Are there any services shut down or is there a firewall such as Zone Alarm
    on the XP machine?

    Also, what truly concerns me MOST is the SRV record you provided. It appears
    your domain name is a single label name. That is not good because DNS is
    hierarchal based and a single label name has no 'hierarchy' to it. XP does
    not play well with single label names. Many issues *will* occur due to this.

    At this point it maybe very helpful for us to help you better if you can
    provide more specific information about your infrastructure configuration,
    such as:

    1. A sampleUNEDITED ipconfig /all from a client and from your DC(s)
    2. The DNS domain name of AD (found in ADUC)
    3. The zonename in your Forward Lookup Zones in DNS
    4. If updates are set to allow under zone properties
    5. If this machine has more than one NIC
    6. Do you have a firewall? If so, what brand?
    7. Is/are forwarder(s) configured?
    8. Do the SRV records exist under your zone name?

    Thanks.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services
    Infinite Diversities in Infinite Combinations.
    =================================
     
    Ace Fekay [MVP], Aug 5, 2005
    #7
  8. Duane

    Duane Guest

    Hello Ace,
    I do not have a Firewall on any of the machines, this is a stand alone
    network.
    i do not even have Internet as of this moment.

    1. A sampleUNEDITED ipconfig /all from a client and from your DC(s)
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : carestatserver
    Primary Dns Suffix . . . . . . . : carestatet.org
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : carestatet.org

    Ethernet adapter Local Area Connection 2:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : HP NC3163 Fast Ethernet NIC
    Physical Address. . . . . . . . . : 00-0B-CD-C5-5A-0F
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 10.1.2.1
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 10.1.2.1
    Primary WINS Server . . . . . . . : 10.1.2.1
    ADUC = carestatserver.carestatet.org
    Forward lookup zone =
    Name Type Status
    _msdcs.carestatet.org Active Directory-Integrated Primary Running
    carestatet.org Active Directory-Integrated Primary Running
    Yes I do have multiple SRV records
    I'm not sure which ones you would be most concerned with though.

    Just a reminder I have no Problem taking the Windows XP machine and
    connecting to another domain i have here.
    however This new domain will NOT be apart of that Domain.
    Thank you
     
    Duane, Aug 6, 2005
    #8
  9. In
    Standalone network? IT appears to be an isolated AD network. No prob.

    For the ipconfig, it looks fine. I was actually hoping to see one from the
    misbehaving client for comparison, such as subnet mask, the suffixes, DNS
    addresses, etc, to see if there are any discrepancies based on that error
    you are getting. I was first assuming it could be a subnet mask mismatch.

    Ace
     
    Ace Fekay [MVP], Aug 6, 2005
    #9
  10. Duane

    Duane Guest

    Ace I have multiple machine doing the same thing.
    I have DHCP setup on this server also and the XP is not pulling the IP from
    ths server because it does not see the domain.
    I have given the workstation a static IP of 10.1.11.5 and I have pointed the
    DNS and the WINS to 10.1.2.1.
    I have come to the conclusion I should format and re-instal the server.
    I'm just not sure what I did wrong in the first place.
     
    Duane, Aug 6, 2005
    #10
  11. Formating would be taking it to the extreme, did you authorize the DHCP
    server in Active Directory?

    Are these two domains on the same physical network and are they going to
    stay that way? If so, set a conditional forwarder on both DNS servers for
    the other domain and run ipconfig /flushdns before you try to join.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 7, 2005
    #11
  12. Duane

    Duane Guest

    Hi Kevin,I know formatting is extreme but i getting into a time crunch.
    If I don't figure this out soon I need to do something.
    Yes, I have set the DHCP as Authorized.

    This domain is not part of any other network.
    This domain only has the server, workstations, and a switch.
     
    Duane, Aug 7, 2005
    #12
  13. Hi Duane,

    On the Domain Controller run netdiag /v and post the results

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 7, 2005
    #13
  14. In
    Let's see an ipconfig /all from one of your clients please.

    As Kevin said, formatting is exterme measures, such as re-painting your car
    because of a scratch. Let's try to fix the scratch first.

    Ace
     
    Ace Fekay [MVP], Aug 7, 2005
    #14
  15. Duane

    Duane Guest

    Dcdiag /v
    Domain Controller Diagnosis

    Performing initial setup:
    * Verifying that the local machine carestatserver, is a DC.
    * Connecting to directory service on server carestatserver.
    * Collecting site info.
    * Identifying all servers.
    * Found 1 DC(s). Testing 1 of them.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\CARESTATSERVER
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... CARESTATSERVER passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\CARESTATSERVER
    Starting test: Replications
    * Replications Check
    ......................... CARESTATSERVER passed test Replications
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Starting test: NCSecDesc
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=CareStatET,DC=org
    * Security Permissions Check for
    CN=Configuration,DC=CareStatET,DC=org
    * Security Permissions Check for
    DC=CareStatET,DC=org
    ......................... CARESTATSERVER passed test NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    ......................... CARESTATSERVER passed test NetLogons
    Starting test: Advertising
    The DC CARESTATSERVER is advertising itself as a DC and having a DS.
    The DC CARESTATSERVER is advertising as an LDAP server
    The DC CARESTATSERVER is advertising as having a writeable directory
    The DC CARESTATSERVER is advertising as a Key Distribution Center
    The DC CARESTATSERVER is advertising as a time server
    The DS CARESTATSERVER is advertising as a GC.
    ......................... CARESTATSERVER passed test Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS
    Settings,CN=CARESTATSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CareStatET,DC=org
    Role Domain Owner = CN=NTDS
    Settings,CN=CARESTATSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CareStatET,DC=org
    Role PDC Owner = CN=NTDS
    Settings,CN=CARESTATSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CareStatET,DC=org
    Role Rid Owner = CN=NTDS
    Settings,CN=CARESTATSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CareStatET,DC=org
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=CARESTATSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CareStatET,DC=org
    ......................... CARESTATSERVER passed test
    KnowsOfRoleHolders
    Starting test: RidManager
    * Available RID Pool for the Domain is 1603 to 1073741823
    * carestatserver.carestatet.org is the RID Master
    * DsBind with RID Master was successful
    * rIDAllocationPool is 1103 to 1602
    * rIDPreviousAllocationPool is 1103 to 1602
    * rIDNextRID: 1106
    ......................... CARESTATSERVER passed test RidManager
    Starting test: MachineAccount
    * SPN found :LDAP/carestatserver.carestatet.org/CareStatET.org
    * SPN found :LDAP/carestatserver.carestatet.org
    * SPN found :LDAP/CARESTATSERVER
    * SPN found :LDAP/carestatserver.carestatet.org/CARESTATET
    * SPN found
    :LDAP/5748d3b9-3f9a-47bf-9a8e-b3f4c1e2bfb6._msdcs.CareStatET.org
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5748d3b9-3f9a-47bf-9a8e-b3f4c1e2bfb6/CareStatET.org
    * SPN found :HOST/carestatserver.carestatet.org/CareStatET.org
    * SPN found :HOST/carestatserver.carestatet.org
    * SPN found :HOST/CARESTATSERVER
    * SPN found :HOST/carestatserver.carestatet.org/CARESTATET
    * SPN found :GC/carestatserver.carestatet.org/CareStatET.org
    ......................... CARESTATSERVER passed test MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: RPCLOCATOR
    RPCLOCATOR Service is stopped on [CARESTATSERVER]
    * Checking Service: w32time
    * Checking Service: TrkWks
    TrkWks Service is stopped on [CARESTATSERVER]
    * Checking Service: TrkSvr
    TrkSvr Service is stopped on [CARESTATSERVER]
    * Checking Service: NETLOGON
    ......................... CARESTATSERVER failed test Services
    Test omitted by user request: OutboundSecureChannels
    Starting test: ObjectsReplicated
    CARESTATSERVER is in domain DC=CareStatET,DC=org
    Checking for CN=CARESTATSERVER,OU=Domain
    Controllers,DC=CareStatET,DC=org in domain DC=CareStatET,DC=org on 1 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=CARESTATSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CareStatET,DC=org
    in domain CN=Configuration,DC=CareStatET,DC=org on 1 servers
    Object is up-to-date on all servers.
    ......................... CARESTATSERVER passed test
    ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service Event log test
    The SYSVOL has been shared, and the AD is no longer
    prevented from starting by the File Replication Service.
    ......................... CARESTATSERVER passed test frssysvol
    Starting test: kccevent
    * The KCC Event log test
    Found no KCC errors in Directory Service Event log in the last 15
    minutes.
    ......................... CARESTATSERVER passed test kccevent
    Starting test: systemlog
    * The System Event log test
    Found no errors in System Event log in the last 60 minutes.
    ......................... CARESTATSERVER passed test systemlog

    Running enterprise tests on : CareStatET.org
    Starting test: Intersite
    Skipping site Default-First-Site-Name, this site is outside the scope

    provided by the command line arguments provided.
    ......................... CareStatET.org passed test Intersite
    Starting test: FsmoCheck
    GC Name: \\carestatserver.CareStatET.org
    Locator Flags: 0xe00003fd
    PDC Name: \\carestatserver.CareStatET.org
    Locator Flags: 0xe00003fd
    Time Server Name: \\carestatserver.CareStatET.org
    Locator Flags: 0xe00003fd
    Preferred Time Server Name: \\carestatserver.CareStatET.org
    Locator Flags: 0xe00003fd
    KDC Name: \\carestatserver.CareStatET.org
    Locator Flags: 0xe00003fd
    ......................... CareStatET.org passed test FsmoCheck
     
    Duane, Aug 8, 2005
    #15
  16. Duane

    Duane Guest

    Here is a WXP Config /all
    Windows IP Configuration



    Host Name . . . . . . . . . . . . : carestat-410206

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
    Ethernet NIC

    Physical Address. . . . . . . . . : 00-10-DC-E2-81-90

    Dhcp Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 10.1.11.5

    Subnet Mask . . . . . . . . . . . : 255.255.0.0

    Default Gateway . . . . . . . . . :

    DNS Servers . . . . . . . . . . . : 10.1.2.1

    Primary WINS Server . . . . . . . : 10.1.2.1
     
    Duane, Aug 8, 2005
    #16
  17. In
    Thanks for posting this and the netdiag. This all seems correct. It doesn't
    make sense unless I'm missing something very basic here that isn't hitting
    me in the face.

    Are there any services on the DC that are disabled inadvertenly and not
    knowing they are important services? Can you post a "net start" from the DC
    please and from this client?

    Duane, I remember you saying you can ping the DC, which is good. I would
    like to specifically address the SRV records now. Do the SRV records show
    up? They are the folders with the underscores, such as: _msdcs (which will
    be grayed out because it will be delegated to this server), _tcp, _udp,
    _sites. Then under your "Forward Lookup Zones, you will find the
    _msdcs.carestatet.org zone as well (not grayed out because this is the
    delegated zone). Under this zone, you will find other subfolders, one of
    which is the "gc" folder. Is there an entry under that? When a situation
    comes up that the 'domain is not found', it is usually due to any of these
    SRV records missing, but more importantly, the gc record is empty.

    Post back with your findings please. Too bad you're not on the Internet with
    this, I can offer to remote in and take a look and possibly fix it in 10
    minutes.

    Ace



    Ace
     
    Ace Fekay [MVP], Aug 8, 2005
    #17
  18. Duane

    Duane Guest

    Hello Ace,
    I have checked all the services on the DC and they are running.

    I had said that I can ping from the DC to the workstations.
    However I can not ping the Server from the XP machines.

    I really appreciate all your efforts but I'm going to reformat the server
    and start from scratch again.
    There is nothing on the server that I can't put back.
    I down to crunch time now so need something quick.

    Again thanks to all of you very much.
     
    Duane, Aug 8, 2005
    #18
  19. In
    You are quite welcome.

    That is strange you cannot ping the server itself, but you can ping the
    workstations. Something is blocking communication on the server when
    something else is trying to communicate with it.

    Is the firewall on the server enabled? I am assuming at this point all the
    SRV records exist under the zone.

    I hate to see you go thru a complete reinstall.

    Ace
     
    Ace Fekay [MVP], Aug 8, 2005
    #19
  20. Duane

    Duane Guest

    Ace I have not installed a firewall on this server and i'm not running W2K3
    SP1 yet.
    I'm not sure all SRV's are there so i'm going to re-build the server.
    I have question though....

    You wrote this next paragraph to me:...
    Also, what truly concerns me MOST is the SRV record you provided. It appears
    your domain name is a single label name. That is not good because DNS is
    hierarchal based and a single label name has no 'hierarchy' to it. XP does
    not play well with single label names. Many issues *will* occur due to this.

    When typed the Domain name I type "CareStatET.org.
    What should I have type as the Domain name?
    thank again,
     
    Duane, Aug 8, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.