setup DHCP ISP router with windows server 2003

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
P

peacock_81

Distinguished
Feb 10, 2012
36
0
18,540
I want to do the Microsoft exams, so what i have done is to set up a windows 2003 server. Initially i set it up as a DC & DNS server. Initially everything went well and i was able to join a PC to a domain. I was able to log on with two domain user accounts. Now, something went wrong and i am not sure what went wrong. The upshot of it was, when i log on with existing accounts, there is a long pause, but they do log on. They can then access the shares on the server. But i can't log on with new user accounts. When i try to logon with a new user account, there is a long pause then i get an error "The domain controller cannot be contacted...." I can ping the server by IP and if i request the name of the server from it's ip then it replies correctly.

I was advised to remove the computer from the domain, which i did, delete the computer account, recreate the computer account, which i did. Then rejoin it to the domain, there is the problem, now i can't rejoin it to the domain. The error is "An attempt to resolve the DNS names of a domain controller being joined has failed. Please verify this client is configured to reach a DNS server that can resolve DNS names in the target domain."

So it makes me wonder....just how am i supposed to set up the networking?

current setup

Router (LAN side)
dg 192.168.0.1
dns server 1: public IP1
dns server 2: public IP2

Server
ip 192.168.0.2
sm 255.255.255.0
dg 192.168.0.1

dns1 192.168.0.2
dns2 public IP1
dns3 public IP2

Pinging dc1 [192.168.0.2] with 32 bytes of data:
Ping statistics for 192.168.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

C:\>ping -a 192.168.0.2

Pinging dc1 [192.168.0.2] with 32 bytes of data:
Ping statistics for 192.168.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
 
Sort by date Sort by votes

That's not unexpected. The "join to domain" program is running on the client, not the server.

I'm still a little hazy about your setup. Your server and clients are on the same physical network, aren't they? In other words they are all connected to the LAN ports on the router, so it is just acting as a switch. I ask because you can't route DHCP requests without additional configuration.
 
Upvote 0 Downvote
When i attempt to join the client to the domain....

If the domain name is carolina then the pop up box to enter the username and password is immediate.

If the domain name is carolina.local then i get an error

An Active Directory Domain Controller (AD DC) for the domain 'carolina.local' could not be contacted.

Details
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "carolina.local":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.carolina.local

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

194.168.8.100
194.168.4.100
192.168.0.2

- One or more of the following zones do not include delegation to its child zone:

carolina.local
local
. (the root zone)
 
Upvote 0 Downvote
Physical Address. . . . . . . . . : 00-12-F0-1A-f5-2F
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c04a:8e93:198a:5d93%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.171(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 301994736
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-7F-FD-F9-00-12-3F-00-A9-3

DNS Servers . . . . . . . . . . . : 192.168.0.2
public dns1
public dns2
NetBIOS over Tcpip. . . . . . . . : Enabled
 
Upvote 0 Downvote
That's odd because your error report said:
This computer is configured to use DNS servers with the following IP addresses:

194.168.8.100
194.168.4.100
192.168.0.2
Click to expand...
which shows that the client is not looking first at 192.168.0.2 for DNS queries. You should delete any DNS servers from the client configuration that are not part of your AD domain. The DNS server on the DC should be configured to forward queries, if necessary, to your ISP's DNS server (or some other public DNS server). This will avoid DNS errors and, in any case, is far more efficient than pointing your client at any external DNS servers.

However, if you are absolutely sure that it is using the Windows server for DNS, and no other servers, then there may be an error in your AD setup. You should check the zone on your DNS server for the AD domain to ensure that it contains all the requisite SRV records.
 
Upvote 0 Downvote
If i don't put those DNS addresses in the 194.168, if i i delete them from the client. i don't get internet access. Everything else is the same. I noticed that McHenryB said "hat's not unexpected. The "join to domain" program is running on the client, not the server." But if i choose an invalid doman then the pop up box doesn't come up, i get an error instead. I posted something about this before.
 
Upvote 0 Downvote
If i don't put those DNS addresses in the 194.168, if i i delete them from the client. i don't get internet access.
Click to expand...
Then the DNS server on the Windows DC is not set up correctly. You should have enabled forwarding to your ISP's DNS server of queries that it is not authoritative for. That's how DNS works; if the server hosts the domain queried then it provides the response immediately, if not it forwards the query to the next DNS server, gets a response (which it caches for further queries) then returns that response to the client.

DNS setup is absolutely crucial to AD; get that right first before worrying about anything else.
 
Upvote 0 Downvote
very good, i agree.

Can you advise me on how to set up the DNS server please?

After installing windows server software, i then configured it to be a first server in a new forest and it set up DNS and DHCP automatically. I just deactivated the DHCP scope. But there is something wrog with the DNS, but i don't know what.

Given that you know what the domain is called. What should the settings on the server be?
 
Upvote 0 Downvote
Well thank-you McHenryB. I regret that resource is too complicated. This article is aimed at people running mid size to large scale networks. It isn't designed for people who is just starting out with DNS in a very small scale network.

But thank-you for your help all the same.
 
Upvote 0 Downvote
I have looked at DNS server on the server and there are errors to do with AD. AD is running, i can start AD users and computers. Nevertheless event viewer is reporting issues with AD and there are no issues with DNS....more to follow
 
Upvote 0 Downvote
4015
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

The DNS Server service uses Active Directory to store DNS data, and it encountered a Lightweight Directory Access Protocol (LDAP) error while querying the directory. This error could be caused by either a time-out or a temporary interruption of service.

4004
The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

The DNS server was unable to complete directory service enumeration of zone _msdcs.carolina.local. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

The DNS server was unable to complete directory service enumeration of zone Carolina.local. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

 
Upvote 0 Downvote
Here is yet another indication it's probably an AD issue and not DNS.

I was able to map a drive to the users home folder and access that folder even though the client isn't joined to the domain. So windows file sharing is working. So the error cannot be with DNS.
 
Upvote 0 Downvote
1. Check that the Server is configured to use itself as DNS server, and no other DNS servers.

2. The fact that file sharing is working does not show that you don't have a DNS problem. As you said, the client is not using AD services when doing that as it is not joined to the domain. That is a red herring.

3. At the risk of posting another link that you think is too advanced (sorry, but Active Directory is advanced): https://technet.microsoft.com/en-us/library/cc737561.aspx

4. Google the specific error messages.

As a general comment, I would suggest that you refer to the Microsoft documentation on Technet. It is certainly better than working in the dark.
 
Upvote 0 Downvote
I was able to map a drive to the users home folder and access that folder even though the client isn't joined to the domain. So windows file sharing is working. So the error cannot be with DNS.
Click to expand...

The sharing works on host mapping via your router. Host mapping is not DNS. As said earlier "dc1" is your DNS server "host". Please clear your confusion between LAN host mapping and DNS name mapping i.e. you can call a computer on local network by it's name registered on router when mapping fixed ip address for servers MAC address in router (192.168.0.2 -> dc1 [MAC address]) , the same works to solve smb networks on LAN :)
Host mapping works on LAN with DHCP server and DNS is entire different software. Now let's make one thing clear. We need to know more about client you are talking about. So tell us what it requires at first place in configuration steps. That way we'll know if it requires DNS host IP or host name or Domain controller specific names.

@McHenryB So far I know these things:
-He's trying to configure local DNS server which will be on same Local LAN network with the clients. All the computers ie. DNS server and clients are on same LAN connected to a regular router.
-The router is then connected to broadband.
-All hosts are accessible via their IP address or "host names"(dc1) ie. there is not network setup problems.

Requirements :
- Clients should connected to DNS server and work as slaves to process DNS queries.
-Clients should be able to access internet at same time (since they are personal computers & not dedicated to solve DNS queries only).


@peacock_81
All we can conclude is we have a problem with Domain controller and client setup. Clear up the settings and go through guide which we already presented. There's no better source then Microsoft itself.

 
Upvote 0 Downvote

DNS in an Active Directory setup is rather more involved than a simple local DNS server because, as I have already explained, of the need for a rather complicated set of SRV records to enable the location of the various server roles. The first server that needs to be located is a DC.

Anyway, I believe that all the necessary information is contained in the Technet web site and I'm getting rather tired of going round in circles. My advice to the OP would be to start over and create the DC from new, paying particular attention to Microsoft's recommendations with respect to the locations and configuration of the DNS server for the domain.
 
Upvote 0 Downvote
Anyway, I believe that all the necessary information is contained in the Technet web site and I'm getting rather tired of going round in circles. My advice to the OP would be to start over and create the DC from new, paying particular attention to Microsoft's recommendations with respect to the locations and configuration of the DNS server for the domain.
Click to expand...

Yes, we have already figured out about problem lot earlier. The network setup is okay and only problem is Domain controller and client setup. OP should go through all the steps provided by Microsoft. This thread was mislead earlier. All the required information to setup Controller is given in documentation, so if it's done correctly there shouldn't be any errors at all. See the comment #2 [http://www.tomshardware.com/answers/id-2610662/setup-dhcp-isp-router-windows-server-2003.html#15685188] and please follow all the steps, you already have correct network setup. Follow the instructions and setup Controller as well as clients correct.

To others : This is not a regular network setup and it has nothing to do with router or local network or ipconfigs. Please read the original question before answering.
 
Upvote 0 Downvote
Thank-you for your replies, i will read the articles and give it a go. The thing that is strange is, it was working. I then turned off the server and unplugged it for a few days. I didn't know the CMOS wasn't working. When i restarted, to start off with i couldn't log onto the server, it changed the date & time on the client (which was joined to the domain at that point). No new users could log on, but existing users could log on, but there was an extended delay.I didn't want to start all over again, but it would have been the easiest solution.

 
Upvote 0 Downvote
You appear to have added new information - that there was a problem with time in the domain. Synchronization of clocks in an AD domain is very important to it's correct information, so it is possible that this might have somehow corrupted the AD database. The ideal situation is that DCs run continuously rather than being stopped and started daily.

But I still think your best course of action now is to start over.
 
Upvote 0 Downvote
Well thank-you everyone for all your support. This problem is now resolved and you won't be able to guess what the solution is.

I tried McHenryB's suggestion of starting over
I installed the windows server all over again, including service pack 2 and all of the updates. But the problem was the same.

So then i started over again and this time i didn't install any updates. But the problem was the same.

I didn't get it at all. Then....

i was poking around in the network settings of Control panel of the windows 7 client.

The setting that talks about connection encryption was the answer. I lowered it to 40-56 and then it all started working.

Control Panel\All Control Panel Items\Network and Sharing Center\Advanced sharing settings\file sharing connections and choose
enable file sharing for devices that use 40-56 bit encryption.

You may have to log off and log back on, but if i then ping dc1.domain.local i get a reply.

The PC is now joined to the domain and users can log on with no problems.

There is one problem that remains, but i will re-post as it is a different (unrelated) problem.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom