|
|
| me? I dunno... 2002-11-11, 12:14 am |
| I am starting the last section of the MOC 70-217 and gearing up for the excercises.
I have just wiped everything out from 3 dc's and reinstalled w2kserver on all of them. the first one is up and running with active directory, dns appears configured, dhcp is running.
I am trying to install active directory in the second machine but keep getting an error. The network credentials dialogue box of the active directory installation wizard prepopulates with xxxnet.ca domain that I have set up on dc1, but stalls with the error message,
'the wizard cannot gain accesss to the list of domains in the forest. The error is:
The specified domain either does not exist or could not be contacted.'
I can ping either box from each other, by computer name or ip#. | |
|
| configure a static ip address on the 2nd and 3r servers and remember to use the dns address of your 1rst server....... | |
| me? I dunno... 2002-11-12, 2:02 pm |
| I have the previous mess straightened out, now I have a new mess.
bobnet.ca has 2 dc running on 192.168.1.x subnet, I have promoted third machine to dc and am attempting to establish new site on 199.254.254.x subnet. I have put dual nic cards in dc on 199.254.254.x and tried everything I could to get the dns server on 192.168.1.x to work but it won't.
I'm trying to establish functioning bobnet.ca site on different subnet/site, same domain.
Do I have to put extra nic card in 192.168.1.x in order to have it deliver dns for 199.254.254.x subnet?
all computers are on hub.
I'm thinking dns must come from 192.168.1.x site, is this wrong? | |
|
| quote:
Originally posted by me? I dunno...
I have the previous mess straightened out, now I have a new mess.
bobnet.ca has 2 dc running on 192.168.1.x subnet, I have promoted third machine to dc and am attempting to establish new site on 199.254.254.x subnet. I have put dual nic cards in dc on 199.254.254.x and tried everything I could to get the dns server on 192.168.1.x to work but it won't.
I'm trying to establish functioning bobnet.ca site on different subnet/site, same domain.
Do I have to put extra nic card in 192.168.1.x in order to have it deliver dns for 199.254.254.x subnet?
all computers are on hub.
I'm thinking dns must come from 192.168.1.x site, is this wrong?
this is what i mean.
if you have only one dns server on one segment, you need to provide dns service to the 2nd and 3rd server to suscefully locate services and hosts on the network. without dns, the machines canīt locate any of this.
if the dns server 1 is in other range, the server 2 and 3 must be unable to locate resources. | |
| jeff_j_black 2002-11-13, 9:13 am |
| Is routing working correctly? That is the first thing to check. Remember that each NIC has seperate properties that can be configured. In your case, clients on your second subnet would have the address of the routers NIC on that net as the gateway. You would want each of the clients on that net configured with the address of the DNS server in the first net. | |
| me? I dunno... 2002-11-13, 5:24 pm |
| 2 dc's and 1 client on 192.168.1.x side of router.
1dc and 1 client on 199.254.254.x side.
dc on 199.x.x.x is router
all machines will ping all other machines by IP# no problem
all machines on 198.x.x.x side will resolve client name and IP on 199.x.x.x side
client on 199.x.x.x side will ping everyone else by IP but will not resolve any names, also, when I ping the dc on 199.x.x.x from that client, it will resolve the dc name to wrong IP and then fail to connect.
dc is 199.254.254.3 on that side but 199.x.x.x client attempts to connect to 199.254.254.1 using dc host name
No kidding DNS is important! | |
|
| quote:
Originally posted by me? I dunno...
2 dc's and 1 client on 192.168.1.x side of router.
1dc and 1 client on 199.254.254.x side.
dc on 199.x.x.x is router
all machines will ping all other machines by IP# no problem
all machines on 198.x.x.x side will resolve client name and IP on 199.x.x.x side
client on 199.x.x.x side will ping everyone else by IP but will not resolve any names, also, when I ping the dc on 199.x.x.x from that client, it will resolve the dc name to wrong IP and then fail to connect.
dc is 199.254.254.3 on that side but 199.x.x.x client attempts to connect to 199.254.254.1 using dc host name
No kidding DNS is important!
do you have VISIO?
try to put a diagram of your network.
your problem is routing related. you clients on one side are unable to look the dns server.
make a diagram. | |
| me? I dunno... 2002-11-13, 9:21 pm |
| I don't have Visio, but I do have powerpoint | |
| me? I dunno... 2002-11-13, 9:25 pm |
| oops.. | |
| me? I dunno... 2002-11-13, 9:27 pm |
| try this one | |
| me? I dunno... 2002-11-13, 9:30 pm |
| Everybody will resolve client2 name, but client2 will resolve nobody, but does translate dc3 into addresse 199.254.254.1, when addresse is actually 199.254.254.3. Of course client 2 doesn't connect to dc3 either. | |
| me? I dunno... 2002-11-13, 9:37 pm |
| hopefully this rendition will show IP addresses a little better | |
| me? I dunno... 2002-11-13, 10:59 pm |
| Dc1 primary dns, domain properties box\zone transfers dialogue box\allow zone transfers\only to the following servers had wrong addresse entered (199.254.254.1) client2 now simply times out without refering to wrong addresse anymore.
nslookup from client2 yields accurate host name and addresse for dc1, but still will not resolve. | |
|
| quote:
Originally posted by me? I dunno...
hopefully this rendition will show IP addresses a little better
i see your diagram.
cool.
so tell me the following:
* you can ping all hosts from ANY hosts?
if this is right, you donīt have routing problems...... all the problem is dns related.
tell me that.....
you can resolve all hosts from any hosts? try tracert instead of ping to see the path of the packets.
and what about name resolution.
how many dns do you have on this network? | |
| jeff_j_black 2002-11-14, 8:07 am |
| You have gone to a great deal of effort on this one, just stick to it until you make it work.
You mention your DNS server is set to forward zone info, but to what?
Do you have more than one DNS server?
Can you determine if each of your servers and clients are correctly registered in DNS?
Set up both Forward and Reverse DNS zones and make sure they are set for Dynamic Update. Then run IPCONFIG /REGISTERDNS on each computer. Pour through both forward and reverse zone to insure that all computers are properly registered. Look at the network properties of each computer. Insure that all point to the DNS server for DNS resolution. Make sure that each computer on the 192.x.x.x side of the router has the default gateway set to 192.168.1.3 and on the 199.x.x.x side each computer has the default gateway set to 199.254.254.3.
Your issue is just there, right in front of you, keep looking. If all of this was easy, you would not be learning anything. Take notes, keep up the good work. | |
| cm2gj 2002-11-14, 11:56 am |
| quote:
Originally posted by jeff_j_black
You have gone to a great deal of effort on this one, just stick to it until you make it work.
You mention your DNS server is set to forward zone info, but to what?
Do you have more than one DNS server?
Can you determine if each of your servers and clients are correctly registered in DNS?
Set up both Forward and Reverse DNS zones and make sure they are set for Dynamic Update. Then run IPCONFIG /REGISTERDNS on each computer. Pour through both forward and reverse zone to insure that all computers are properly registered. Look at the network properties of each computer. Insure that all point to the DNS server for DNS resolution. Make sure that each computer on the 192.x.x.x side of the router has the default gateway set to 192.168.1.3 and on the 199.x.x.x side each computer has the default gateway set to 199.254.254.3.
Your issue is just there, right in front of you, keep looking. If all of this was easy, you would not be learning anything. Take notes, keep up the good work.
agree. remember this: win2k dns don`t add reverse lookup by defaults!!! you need to make the task manually!! | |
| me? I dunno... 2002-11-14, 1:31 pm |
| Good advise! I have an appointment in town, but when I come back I will get right at it and let you know what happens. | |
|
| quote:
Originally posted by me? I dunno...
Good advise! I have an appointment in town, but when I come back I will get right at it and let you know what happens.
ough!!
you must add the reverse zone and updates all the records on your forward lookup zone to update the reverse records.
how are you providing ip configuration to clients? with dhcp or statically?
how many dns servers do you have on your network? | |
| me? I dunno... 2002-11-14, 5:30 pm |
| I wish I new how to make a screen capture.
Wins is not enabled on anything, native mode.
dc1 does not have any forwarders enabled.
client2 has gone back to thinking that dc3 is 199.254.254.1 instead of 199.254.254.3
client1 receives dhcp from dc1, client2 receives dhcp from dc3, 199.254.254.3 side | |
| me? I dunno... 2002-11-14, 5:42 pm |
| installed dns 'server' on dc3, would not allow installation with forward lookup zone so chose other option, then it installed.
nslookup from client2 indicates that no domain can be found relating to the 199.254.254.3 addresse.
ipconfig /registerdns is currently running on all machines except dc2, which gives error 'Error: The systed cannot find the file specified. : refreshing dns names' | |
| me? I dunno... 2002-11-14, 6:23 pm |
| Event log on dc1 systme log 'The session setup from the computer dc3 failed to authenticate. The name of the account referenced in the security database is DC3$. The following error occurred: Access is denied.'
Directory service log: The attempt to establish a replication link with parameters
Partition: CN=Schema,CN=configuration,DC=
bobnet,DC=ca Source DSADN: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=
site2,CN=Sites,CN=Configuratio
n,DC=bobnet,
DC=ca
Source DSA address: xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx_asdcs.bobnet.ca
Intersite transport {if any} CN=IP, CN=Inter-Site
Transports,CN=Sites,CN=Configu
ration,DC=bobnet,DC=ca
failed with the following status:
Access is deniedThe record is the status code: This operation will be retried. | |
| me? I dunno... 2002-11-14, 6:37 pm |
| client2 will now resolve host to ip namesand return ping but nslookup yields result...
'***can't find server name for addresse Non-Existant Domain
***Default servers are not available
Default server: unknown
Addresse: 199.254.254.3
My network places on 192.xxx.xxx side do not recognize client2
Dc3 shows all domain computers icons, including client2, in my network places but will not connect to client2, instead, 'enter network password' dialogue box opens, shows message 'incorrect password or username for \\client2' with 'connect as' and 'password' box's.
right-click\properties of icon yields message, 'you do not have appropriate access rights for this server, contact your network administrator'
All other computer icon's on domain page can be connected to.
I am logged on to all machines under the same administrator account with the same password. | |
| me? I dunno... 2002-11-14, 6:48 pm |
| I don't understand why client2 can now resolve names to IP's but doesn't know who or where it's server is?
Also, how does DC3 get a $ appended to it? Where would I look to remedy this? | |
|
| quote:
Originally posted by me? I dunno...
I am starting the last section of the MOC 70-217 and gearing up for the excercises.
I have just wiped everything out from 3 dc's and reinstalled w2kserver on all of them. the first one is up and running with active directory, dns appears configured, dhcp is running.
I am trying to install active directory in the second machine but keep getting an error. The network credentials dialogue box of the active directory installation wizard prepopulates with xxxnet.ca domain that I have set up on dc1, but stalls with the error message,
'the wizard cannot gain accesss to the list of domains in the forest. The error is:
The specified domain either does not exist or could not be contacted.'
I can ping either box from each other, by computer name or ip#.
iīm putting all your notes and squeme on paper and read every post again... from the first one.... on this first post i note something weird.... tell me something... you say the "dns appears configured"... mmmmm ... dns is one of the most important requirement on active directory service. YOU MUST check the SRV records on your DNS service before anything.
check it and post. | |
|
| quote:
Originally posted by me? I dunno...
Do I have to put extra nic card in 192.168.1.x in order to have it deliver dns for 199.254.254.x subnet?
all computers are on hub.
I'm thinking dns must come from 192.168.1.x site, is this wrong?
one by one...
i read this post... i note something curious here....
NO... you donīt need a 2nd nic on the dc1 or dc2 domain controllers (i have your network enviroment on paper).... you only need a 2nd card on the dc3 because here you have the routing feature..... i supposed you are using routing on dc3 with RRAS service, no????
dns can come from the DNS1 but a good practice and best practice is to make your dns active directory integrated and put a dns service on all your Domain controllers. on this way, with AD replication, the DNS is updated too.... | |
|
| quote:
Originally posted by me? I dunno...
Do I have to put extra nic card in 192.168.1.x in order to have it deliver dns for 199.254.254.x subnet?
all computers are on hub.
I'm thinking dns must come from 192.168.1.x site, is this wrong?
another interest thing.... this come from 70216 exam.... if your client2 must receive dns from DC1 and you are using a router on the middle of your enviroments, in this case is DC3 your router, check if client 2 is using correctly their dns server.... dns is very important here...
my recomendation... check all the 192.168.x.x subnet enterely, domain controllers, replication, dns, srv, reverse lookup!!, etc.... after that, make focus on the routing feature on DC3....... routing tables here make their part... remember here you have 2 nics and maybe you need to configure some settings on DC3 to provide the correct path to dc1 and dc2.... if the dc3 by mistake try to use nic2 to locate dc1 and dc2 here you can find a big problem.
this is why is not recommended the routing feature on a dc.... remember that dns and dhcp server need bindings too... this must be checked.... | |
|
| quote:
Originally posted by me? I dunno...
Everybody will resolve client2 name, but client2 will resolve nobody, but does translate dc3 into addresse 199.254.254.1, when addresse is actually 199.254.254.3. Of course client 2 doesn't connect to dc3 either.
mmmm
provide me the ip configuration on client 2... i say ip, mask, gtway and dns address... | |
|
| quote:
Originally posted by me? I dunno...
Dc1 primary dns, domain properties box\zone transfers dialogue box\allow zone transfers\only to the following servers had wrong addresse entered (199.254.254.1) client2 now simply times out without refering to wrong addresse anymore.
nslookup from client2 yields accurate host name and addresse for dc1, but still will not resolve.
check on your dns the resource records for the dc3 domain to see why the clients see dc3 as 199.254.254.3 | |
| me? I dunno... 2002-11-14, 11:06 pm |
| DC1 only has 1 NIC 192.168.1.1
I will have to figure out how to check SRV records
Routing on DC3 with RRAS
dns logs on dc1 and dc3 do not show any errors
client2 configuration
IP 199.254.254.4
subnet 255.255.255.0
default gateway 199.254.254.3
dhcp server 199.254.254.3
dns server 199.254.254.3
primary wins server 199.254.254.3 (No computers, including client2, have wins enabled in NIC properties box.)
A mile of SAM errors on dc3
Netlogon erros on dc1 regarding dc3
dc3 was promoted as member of 192.168.1.x subnet
client2 was seeing dc3 as 199.254.254.1 instead of 199.254.254.3 but that has been resolved | |
| me? I dunno... 2002-11-15, 12:49 am |
| infrastructure master is on dc2
I tried to demote dc3 but cannot authenticate to dc2 I think the problem is between dc2 and dc3.
In the final analysis I was not prepared to attempt this, has no idea of what I was doing, and screwed it all up, but did I EVER learn a lot (the hard way)
I'll leave it till tomorrow afternoon, then maybe tear it all down and try to build the same thing over from scratch.
I have to get back to my 70-217 study | |
| me? I dunno... 2002-11-15, 2:28 am |
| . | |
| jeff_j_black 2002-11-15, 8:51 am |
| I did not realize that you were running routing on a dc. Very tricky here as dual homed computers behave in very difficult manner. You should check the properties of each interface in RRAS on dc3 and select the one one the 198 side as 'Register this connection' and make sure that the 199 side does not register. The problem with dual home computers is that the first nic to register, takes over browser and the process is very arbitrary unless you modify the registration properties. Start going to the knowledge base for dual homed issues.
Print Screen and Alt + Print Screen keys do screen capture, in Windows, then just paste into any graphic editing program. | |
|
|
| jeff_j_black 2002-11-15, 2:03 pm |
| If you are going to tear it down and put it up again:
Make one dc on each side of the router and have the router not running any vital services like DNS etc. Just 2k server and RRAS.
code:
DC1 -- hub -- RT1 -- hub -- DC2
| |
CLIENT1--| |-- CLIENT2
| |
|
| quote:
Originally posted by jeff_j_black
If you are going to tear it down and put it up again:
Make one dc on each side of the router and have the router not running any vital services like DNS etc. Just 2k server and RRAS.
code:
DC1 -- hub -- RT1 -- hub -- DC2
| |
CLIENT1--| |-- CLIENT2
YESSSSSSSSSSSSSSS
this is a very important issue... the server with RRAS mUST have ONLY RRAS!!!! he only need to make routing, anything more!!! | |
| me? I dunno... 2002-11-15, 9:56 pm |
| srv records were not right, multiple names and listings for same site(s)
site configuration was an overlapping contradictory nightmare, it is now gone.
srv entry was also the source of the wrong 199.254.254.1 addressing for dc3.
I am reconfiguring dc3 to be router, and transfering infrastructure master back to dc1.
I am attempting to configure network as per Jeff's diagram.
will adv | |
| cm2gj 2002-11-16, 12:44 am |
| quote:
Originally posted by me? I dunno...
srv records were not right, multiple names and listings for same site(s)
site configuration was an overlapping contradictory nightmare, it is now gone.
srv entry was also the source of the wrong 199.254.254.1 addressing for dc3.
I am reconfiguring dc3 to be router, and transfering infrastructure master back to dc1.
I am attempting to configure network as per Jeff's diagram.
will adv
domain controllers location by clients or other servers can be a nightmare or imposible with a dns without SRV.
on the 70217 MOC, MS brings special attention to SRV servers. MORE than 3 pages talking about this....... | |
| me? I dunno... 2002-11-16, 2:29 am |
| I must have been asleep while I was reading that. I will review.
It's a scary feeling when you have been driving all night and you can't remember the last 60 miles. | |
| jeff_j_black 2002-11-16, 8:39 am |
| Been there, done that. Remember to breathe deeply and move you gaze around frequently. |
|
|
|