none
nslookup "Can't find server name for address 184.168.221.20: no response from server"

    Question

  • To All,

    I have installed Windows 2033 Enterprise Server (x64 Bit Edition) and installed both DNS (Both Forward & Reverse Lookup Zones) & Active Directory at present and I am having the issue below:

    This is an CMD input from my Server:

    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    E:\Documents and Settings\Administrator.REB01>nslookup
    *** Can't find server name for address 184.168.221.20: No response from server
    Default Server:  UnKnown
    Address:  184.168.221.20

    > rebenterprises.co.uk
    Server:  UnKnown
    Address:  184.168.221.20

    *** UnKnown can't find rebenterprises.co.uk: No response from server
    >

    This is an CMD input from one of my clients:

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Robert Brindle>nslookup
    *** Can't find server name for address 10.10.10.1: Non-existent domain
    *** Default servers are not available
    Default Server:  UnKnown
    Address:  10.10.10.1

    > rebenterprises.co.uk
    Server:  UnKnown
    Address:  10.10.10.1

    Non-authoritative answer:
    Name:    rebenterprises.co.uk
    Address:  97.74.215.7

    >

    I would be geateful for any further assistance in relation to this issue.

    Regards,

    reb999000.

    P.S: I am using a Cisco 837 ADSL Router for my connection(s).

    Wednesday, November 13, 2013 7:55 AM

Answers

  • Hi,

    According to your post, the issue of the server is that there is a missing or mis-configured PTR record for your DNS server in your reverse lookup zone. In general, the DNS Manager does not automatically create a PTR record for your DNS server, even though it may automatically create an "A" record in your forward zone. I recommend you make sure that a reverse lookup zone exists and contains PTR records for the server.

    In addition, please make sure the UDP port 53 is not blocking by any firewall or applications.

    Best regards,

    Susie

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:47 PM
    Thursday, November 14, 2013 5:29 AM
  • Ace Fekay,

    Please find pasted the following images for your further information.

    Regards,

    Bob.

    Everything looks good!

    Please go back through the responses from me or any others that assisted you, and choose which of our responses helped you by marking them as an Answer.

    Thank you, and cheers! :-)

    -

    Oh, and how is it working from the workstations?

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Monday, November 18, 2013 4:18 AM
  • Ace Fekay,

    I have to say that you have been a real great help to me, as we all know configuring DNS on a Server is a quite protracting task to perform.

    I certainly be relying on this thread for any future references, in both commercial and my own private IT work.

    Thanks ever so much as I am extremely grateful for your assistance.

    Regards,

    Bob.



    Thank you, Bob. I am  happy to hear I was able to answer your questions and assist you in resolving this problem.

    As I've asked, please review my post and Susie's posts, and mark the appropriate responses that helped you as "Answers." We get credits for assisting folks. I hope you understand.

    If you feel none of our posts provided the correct Answer, I can understand.

    This also benefits others if they were to come across this thread if they have similar issues.

    Feel free to post additional question or create a new thread if you have any other problems that arise.

    Thank you, and cheers!

    :-)


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:47 PM
    Monday, November 18, 2013 2:33 PM
  • I agree with Susie. This is not really a problem. When nslookup initializes, it *tires* to resolve the IP address of the first DNS entry in your NIC, which it uses, to an host FQDN name, but if there is no reverse zone, or a PTR in the reverse zone, you'll just get that message that it can't find.... non-existent... etc. It's not really a problem.

    Just create a reverse zone for 10.10.0.0, allow Secure Only updates, and you should be fine.

    -

    However, what concerns me you have an Active Directory environment, and your DC (server) is using 184.168.221.20 as a DNS address. This can cause major AD problems. You should only use the DC's IP itself as the IP. Set the second DNS address as the loopback, 127.0.0.1. If you have more than one DC, set the first DNS address to the partner DC, and the second entry to the loopback.

    Either way, never use an outside DNS address in any of your machine's NIC's DNS settings. COnfigure 184.168.221.20 as a Forwarder in DNS server properties, Forwarders tab.

    Here's more info on why this causes problems with AD:

    Active Directory's Reliance on DNS, and why you should never use an ISP's DNS address or your router as a DNS address, or any other DNS server that does not host the AD zone name
    http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 6:26 AM
  • Susie Long,<o:p></o:p>

    Many Thanks for the information, to confirm with you that the DNS Port is already in Exceptions of my Windows Firewall. Concurrently I have<o:p></o:p>

    To confirm with you that the DNS Port is already in Exceptions of my Windows Firewall. Concurrently I have Invoked ipconfig/registerdns in my CMD and the latest information in my Event Viewer in my dnsmgmt is "The DNS server has started".<o:p></o:p>

    Please find below pasted current information from my current nslookuo from my DNS snapin.

    *** Can't find server name for address 10.10.10.2: Non-existent domain
    Default Server:  UnKnown
    Address:  10.10.10.2

    > rebenterprises.co.uk
    Server:  UnKnown
    Address:  10.10.10.2

    Name:    rebenterprises.co.uk
    Address:  184.168.221.20

    >
    >
    >


    Regards,

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:47 PM
    Thursday, November 14, 2013 7:04 AM
  • Ace Fekay,<o:p></o:p>

    Firstly Many Thanks! The loopback address done the trick partially (I have got the Internet up and running on my server) however I am concerned about changing the 10.10.10.3/24 address as I an using a Cisco 837 ADSL Router for my Internet connection.<o:p></o:p>

    As I want my DNS absolutely spot on (As you know that this is critical) before I proceed to installing DHCP, Print Servers, etc.<o:p></o:p>

    I have created a reverse zone for 10.10.10.0 address and after all configuations I have invoked "ipconfig/registerdns" in my Server's CMD (As per your advice from your response). Please view the input from my Server's CND for your further information.


    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    E:\Documents and Settings\Administrator.REB01>nslookup
    DNS request timed out.
        timeout was 2 seconds.
    *** Can't find server name for address 184.168.221.20: Timed out
    Default Server:  UnKnown
    Address:  184.168.221.20

    > rebenterprises.co.uk
    Server:  UnKnown
    Address:  184.168.221.20

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to UnKnown timed-out
    >

    Regards,

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 11:51 AM
  • Bob,

    It still looks like you are using an outside DNS server on your DC.

    Please provide an unedited ipconfig /all from on of your client machines and one from your DC.

    Thank you.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 3:45 PM
  • Ace Fekay,

    please find below the configurations from CMDs on both one of my clients and the Server for further information:

    The CMD configuration from my Win XP Client:

    C:\Documents and Settings\Robert Brindle>ipconfig/all

    Windows IP Configuration

            Host Name . . . . . . . . . . . . : robertbrindle
            Primary Dns Suffix  . . . . . . . :
            Node Type . . . . . . . . . . . . : Unknown
            IP Routing Enabled. . . . . . . . : No
            WINS Proxy Enabled. . . . . . . . : No
            DNS Suffix Search List. . . . . . : 10.10.10.1

    Ethernet adapter Local Area Connection:

            Connection-specific DNS Suffix  . : 10.10.10.1
            Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet
    Controller (3C905C-TX Compatible)
            Physical Address. . . . . . . . . : 00-06-5B-57-05-39
            Dhcp Enabled. . . . . . . . . . . : No
            IP Address. . . . . . . . . . . . : 10.10.10.4
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            Default Gateway . . . . . . . . . : 10.10.10.1
            DNS Servers . . . . . . . . . . . : 10.10.10.1
            NetBIOS over Tcpip. . . . . . . . : Disabled

    C:\Documents and Settings\Robert Brindle>

    The CMD configuration from my Server:

    E:\Documents and Settings\Administrator.REB01>ipconfig/all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : reb01
       Primary Dns Suffix  . . . . . . . : rebenterprises.co.uk
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : 186.168.221.20
                                           127.0.0.1

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . : 184.168.221.20
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
       Physical Address. . . . . . . . . : 00-14-22-B3-8D-B2
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 10.10.10.2
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.10.10.1
       DNS Servers . . . . . . . . . . . : 184.168.221.20
                                           127.0.0.1

    E:\Documents and Settings\Administrator.REB01>

    Regards,

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 3:56 PM
  • Thank you. I see why you are having problems.

    On the server:

    1. Please remove DNS address 184.168.221.20. This is incorrect. The server is asking 184.168.221.20, where's the domain controller for rebenterprises.co.uk? It does not have that answer. This MUST be removed. In any AD environment, you must ONLY use the internal DNS servers that host the AD zone, or things will just not work. More information, please read here:
      Active Directory's Reliance on DNS, and why you should never use an ISP's DNS address or your router as a DNS address, or any other DNS server that does not host the AD zone name
      Published by Ace Fekay, MCT, MVP DS on Aug 17, 2009 at 7:35 PM  1058  2
      http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx
    2. For first DNS, type in 10.10.10.2
    3. Second DNS, keep the loopback (127.0.0.1)

    .

    DNS Suffix search list

    The DNS Suffix must NOT be an IP address. A search suffix must be a domain name, not a numerical value. The DNS client side resolver uses that to resolve names, For example, when you type in ping computername, the resolve will *suffix* the search suffix, so it will be computername.rebenterprises.co.uk.

    The way you have it right now, the resolver will try to ping computername.186.168.221.20. That will not work.

    By default, the search suffix is the AD domain name. Remove those IP addresses, and replace the Search suffix with the domain name, "rebenterprises.co.uk"

    -

    On the client:

    For DNS, you are using your router for DNS. The same thing goes, that the router does NOT have information about Active Directory.

    1. Remove DNS 10.10.10.1. Never use the router or an outside IP for DNS. Only use the internal DNS. ONLY!
    2. For DNS on the client, enter 10.10.10.2.

    Search Suffix

    Same thing. Remove the IP addresses for the search suffix. Since it is not joined yet, leave it blank. As soon as it is joined, it will automatically set it to rebenterprises.co.uk.

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 4:36 PM
  • I also forgot to mention, you should also enable NetBIOS on the client machine, too.

    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 8:06 PM
  • And one more thing.

    I am *assuming* that your internal AD domain name is the same as your public domain name, "rebenterprises.co.uk," and I'm *assuming* this is the case because the Primary DNS Suffix is using that name.

    I also assume the website is being hosted at a web hosting provider and not internally.

    If my assumptions are correct, this is a "split-zone" scenario, or also referred to as "AD has the same name internally and externally."

    then to be able to resolve the external domain name, in your internal DNS zone called rebenterprises.co.uk, you must create a "www' record and give it the IP, 184.168.221.20. This way when someone types in www.rebenterprises.co.uk, your internal DNS will resolve it. Otherwise, your internal DNS will not forward out to the internet Forwarder DNS servers to resolve the name because your DNS is authoritative for the zone, which means it's hosting the zone.

    As for resolving the website without the 'www' in the URL, such as http://rebenterprises.co.uk, that will be a little more difficult. This is because all domain controllers in Active Directory register a special record called the LdapIpAddress record. THi sis used for DFS, GPO applications, and other functions, and cannot be altered. You can see that record under your internal rebenterprises.co.uk zone. It's the record that looks like the following:

    rebenterprises.co.uk
    (same as parent)      A     10.10.10.2

    That is the record in DNS that you can create without a host name (keeping it blank) to be able to connect to http://rebenterprises.co.uk. Unfortunately, you can't alter it. You can either tell everyone to always use www, www.rebenterprises.co.uk, or you can alter IIS to make it work for you. Instructions are below.

    Can't Access Website with Same Name (Split Zone or no Split Brain)
    Published by Ace Fekay, MCT, MVP DS on Sep 4, 2009 at 12:11 AM  1278  0
    Note - In an AD same name as the external name (split zone) scenario, if you don't want to use WWW in front of URL, such as to access it by http://domain.com, then scroll down to "So you don't want to use WWW in front of the domain name"
    http://msmvps.com/blogs/acefekay/archive/2009/09/04/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name.aspx


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 8:15 PM
  • Ace Fekey,

    Once Again, Many Thanks for your kind assistance.Yes my AD Domain is the same as my DNS Domain and I hace invoked a new A Record for "www" in my forward zone on my DNS.

    I am getting internet only from my server but not from any of my clients as this could be my 837 Router (I have also placed a thread in the Cisco Networker's site for this issue.

    I have placed the 10.10.10.2 in the "Preferred DNS Server" and left the other one completely blank on all my clients and also I have also checked and enabled NETBios on all of my clients.

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Friday, November 15, 2013 2:37 PM
  • Good to hear.

    On the DC, DNS server console, if you right-click, choose properties, of the DNS server name, click on the Forwarders tab, I mentioned to use 184.168.221.20 as the Forwarder. After some testing on my end, I found that this IP is not a DNS server. It's just your website IP. So what I would like you to do is set 4.2.2.3 as the Forwarder. That one works.

    On the workstation, I would like you to run these tests to determine if it's your firewall or if it's something else.

    1. Ping 4.2.2.3  Does it respond?
    2. Ping www.yahoo.com - does it resolve to an IP and ping?
    3. Run nslookup:
      > www.yahoo.com           Does it resolve?

    -

    Here's my nslookup results for www.yahoo.com using 4.2.2.3. But I want you to use your own DNS, 10.10.10.1 with this test, first.

    > www.yahoo.com
    Server:  c.resolvers.level3.net
    Address:  4.2.2.3

    Non-authoritative answer:
    Name:    ds-any-fp3-real.wa1.b.yahoo.com
    Addresses:  2001:4998:f00b:1fe::3001
              2001:4998:f00d:1fe::3001
              2001:4998:f00b:1fe::3000
              98.139.180.149
    Aliases:  www.yahoo.com
              fd-fp3.wg1.b.yahoo.com
              ds-fp3.wg1.b.yahoo.com
              ds-any-fp3-lfb.wa1.b.yahoo.com

    >

    -

    -

    Now try it with 4.2.2.3. TO do that in nslookup, you have to switch it to 4.2.2.3 from using your own DNS. To do that, you simply type in server 4.2.2.3, and re-run www.yahoo.com.

    When you type in server 4.2.2.3, it will look this:

    > server 4.2.2.3
    Default Server:  c.resolvers.level3.net
    Address:  4.2.2.3

    > www.yahoo.com  

    -

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Friday, November 15, 2013 3:02 PM
  • Ace Fakey,

    I have configured a fowarder for 4.2.2.3 on my DNS Server and I had pinged this address on my W/S, that had gone a o-kay however the nslookup was not sucessful.

    Unfortunately I cannot paste either images or body pasted images as on to the account that I don't have a verified email account (I have attempted to get this resolved by configuring my security options).  

    Regards,

    Bob.


    Friday, November 15, 2013 6:23 PM
  • Does the nslookup work on the server, but not the workstation?

    Is there an antivirus or a third party or Windows firewall enabled on the workstation? If yes, disable the AV and the firewall and try again.

    You can screenshot them, save them to a files haring site, such as http://skydrive.com, and provide a link to them in your next post.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Friday, November 15, 2013 7:12 PM
  • Ace Fekay,

    I have intentionally disabled the firewall on both my Server & Workstations and I will confirm with you that I don't have any antivirus software on my Server at this stage.

    Please view my current screen-shot from my Server for your further information:

    Regards,

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Saturday, November 16, 2013 5:34 AM
  • The nslookup results look fine. How about from a workstation?

    And I see you still didn't create a reverse zone for 10.10.10.0. That's why it says, "*** Can't find server name for 10.10.10.2 ... Server: UnKnown for 10.10.10.2."

    If you did create a reverse zone, make sure you set it to store the zone in Active Directory, and set Dynamic Updates to "Secure Only."

    And setup DHCP on the server. Turn if off on the router. You're better off.

    Install DHCP, set the scope options as the following:

    • DHCP Option 003 - IP address of your router: 10.10.10.1. (This is the gateway address you are giving your clients.)
    • DHCP Option 006 - IP Address of your DNS server: 10.10.10.2 (This is the DNS address you are giving your clients, and in this case, it will be your DC.)
    • DHCP Option 015 - Active Directory Domain Name: rebenterprises.co.uk (This is the connection specific suffix provided to the DHCP enabled NIC interface on the client.)

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Saturday, November 16, 2013 5:54 AM
  • Ace Fekay,

    To confirm I had created a Reverse Lookup for 10.10.10.0 and D/checked the configs and this is stored to Active Directory and implemented the settings for Dynamic Updated to Secure Only.

    I have installed DHCP and performed the nessacary configs as per your above guidelines. Please find pasted images of my CMD config from nslookup & from my Reverse Lookup 10.10.10.0 from my DNS for your further information.

    Regards,

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Saturday, November 16, 2013 8:19 AM
  • Close the command prompt. Restart the DNS Service (right-click the server name, restart).

    Try again.

    Also, post any event log errors. Since the DC was misconfigured for some time, and I'm not sure how long, there may be AD problems. Please check all Event log errors (Application, System, and under Application and Services Logs on a DC for the AD Web services, DFS Replication, Directory Services, DNS Server & File Replication Server logs.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Saturday, November 16, 2013 3:15 PM
  • Ace Fekay,

    I have Stopped & Restarted the DNS Server and I have pasted images from Event Viewer, one from the DNS Server and the other from the System.

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Saturday, November 16, 2013 4:07 PM
  • You have numerous AD problems. The errors you've been encountering are all based on the fact up until recently, that you've never used your own DNS server in the NIC properties. The EventID 5781 is indicative of that issue.

    Just an FYI, even though a server is running DNS, it will never use itself if you don't tell it to use itself by configuring its IP address in the NIC's DNS settings.

    I know now that you have it configured correctly (assuming) after my recommendations, but I'm just hoping now that this can easily be fixed. For the record, let's see an updated ipconfig /all from this server.

    -

    Also, make sure the rebenterprises.co.uk zone is set to Secure Only. Then run:

    • ipconfig /registerdns
    • net stop netlogon
    • net start netlogon

    -

    Then wait about 5 minutes, then check the rebenterprises.co.uk to see if you can find an A (host) entry called robertbrindle with the IP, 10.10.10.2.

    If not, then we have a little more of a problem. If it didn't show up, change ALL zones to non-secure and run the above procedure again.

    -

    Do you have a zone called _msdcs.rebenterprises.co.uk? Let's see a screenshot of it while clicked on "_msdcs.rebenterprises.co.uk" and another screenshot with the subfolder called gc expanded so we can see what's in the right pane.

    Here's an example of an _msdcs zone with the _msdcs.domain.local zone expanded. If this zone does not exist on your DNS, then we have more issues.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn


    Saturday, November 16, 2013 4:47 PM
  • Ace Fekay,

    Please find pasted the following images for your further information.

    Regards,

    Bob.

    • Marked as answer by Robert Brindle Sunday, November 17, 2013 9:44 AM
    Saturday, November 16, 2013 5:30 PM

All replies

  • Hi,

    According to your post, the issue of the server is that there is a missing or mis-configured PTR record for your DNS server in your reverse lookup zone. In general, the DNS Manager does not automatically create a PTR record for your DNS server, even though it may automatically create an "A" record in your forward zone. I recommend you make sure that a reverse lookup zone exists and contains PTR records for the server.

    In addition, please make sure the UDP port 53 is not blocking by any firewall or applications.

    Best regards,

    Susie

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:47 PM
    Thursday, November 14, 2013 5:29 AM
  • I agree with Susie. This is not really a problem. When nslookup initializes, it *tires* to resolve the IP address of the first DNS entry in your NIC, which it uses, to an host FQDN name, but if there is no reverse zone, or a PTR in the reverse zone, you'll just get that message that it can't find.... non-existent... etc. It's not really a problem.

    Just create a reverse zone for 10.10.0.0, allow Secure Only updates, and you should be fine.

    -

    However, what concerns me you have an Active Directory environment, and your DC (server) is using 184.168.221.20 as a DNS address. This can cause major AD problems. You should only use the DC's IP itself as the IP. Set the second DNS address as the loopback, 127.0.0.1. If you have more than one DC, set the first DNS address to the partner DC, and the second entry to the loopback.

    Either way, never use an outside DNS address in any of your machine's NIC's DNS settings. COnfigure 184.168.221.20 as a Forwarder in DNS server properties, Forwarders tab.

    Here's more info on why this causes problems with AD:

    Active Directory's Reliance on DNS, and why you should never use an ISP's DNS address or your router as a DNS address, or any other DNS server that does not host the AD zone name
    http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 6:26 AM
  • Susie Long,<o:p></o:p>

    Many Thanks for the information, to confirm with you that the DNS Port is already in Exceptions of my Windows Firewall. Concurrently I have<o:p></o:p>

    To confirm with you that the DNS Port is already in Exceptions of my Windows Firewall. Concurrently I have Invoked ipconfig/registerdns in my CMD and the latest information in my Event Viewer in my dnsmgmt is "The DNS server has started".<o:p></o:p>

    Please find below pasted current information from my current nslookuo from my DNS snapin.

    *** Can't find server name for address 10.10.10.2: Non-existent domain
    Default Server:  UnKnown
    Address:  10.10.10.2

    > rebenterprises.co.uk
    Server:  UnKnown
    Address:  10.10.10.2

    Name:    rebenterprises.co.uk
    Address:  184.168.221.20

    >
    >
    >


    Regards,

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:47 PM
    Thursday, November 14, 2013 7:04 AM
  • Ace Fekay,<o:p></o:p>

    Firstly Many Thanks! The loopback address done the trick partially (I have got the Internet up and running on my server) however I am concerned about changing the 10.10.10.3/24 address as I an using a Cisco 837 ADSL Router for my Internet connection.<o:p></o:p>

    As I want my DNS absolutely spot on (As you know that this is critical) before I proceed to installing DHCP, Print Servers, etc.<o:p></o:p>

    I have created a reverse zone for 10.10.10.0 address and after all configuations I have invoked "ipconfig/registerdns" in my Server's CMD (As per your advice from your response). Please view the input from my Server's CND for your further information.


    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    E:\Documents and Settings\Administrator.REB01>nslookup
    DNS request timed out.
        timeout was 2 seconds.
    *** Can't find server name for address 184.168.221.20: Timed out
    Default Server:  UnKnown
    Address:  184.168.221.20

    > rebenterprises.co.uk
    Server:  UnKnown
    Address:  184.168.221.20

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to UnKnown timed-out
    >

    Regards,

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 11:51 AM
  • Bob,

    It still looks like you are using an outside DNS server on your DC.

    Please provide an unedited ipconfig /all from on of your client machines and one from your DC.

    Thank you.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 3:45 PM
  • Ace Fekay,

    please find below the configurations from CMDs on both one of my clients and the Server for further information:

    The CMD configuration from my Win XP Client:

    C:\Documents and Settings\Robert Brindle>ipconfig/all

    Windows IP Configuration

            Host Name . . . . . . . . . . . . : robertbrindle
            Primary Dns Suffix  . . . . . . . :
            Node Type . . . . . . . . . . . . : Unknown
            IP Routing Enabled. . . . . . . . : No
            WINS Proxy Enabled. . . . . . . . : No
            DNS Suffix Search List. . . . . . : 10.10.10.1

    Ethernet adapter Local Area Connection:

            Connection-specific DNS Suffix  . : 10.10.10.1
            Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet
    Controller (3C905C-TX Compatible)
            Physical Address. . . . . . . . . : 00-06-5B-57-05-39
            Dhcp Enabled. . . . . . . . . . . : No
            IP Address. . . . . . . . . . . . : 10.10.10.4
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            Default Gateway . . . . . . . . . : 10.10.10.1
            DNS Servers . . . . . . . . . . . : 10.10.10.1
            NetBIOS over Tcpip. . . . . . . . : Disabled

    C:\Documents and Settings\Robert Brindle>

    The CMD configuration from my Server:

    E:\Documents and Settings\Administrator.REB01>ipconfig/all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : reb01
       Primary Dns Suffix  . . . . . . . : rebenterprises.co.uk
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : 186.168.221.20
                                           127.0.0.1

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . : 184.168.221.20
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
       Physical Address. . . . . . . . . : 00-14-22-B3-8D-B2
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 10.10.10.2
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.10.10.1
       DNS Servers . . . . . . . . . . . : 184.168.221.20
                                           127.0.0.1

    E:\Documents and Settings\Administrator.REB01>

    Regards,

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 3:56 PM
  • Thank you. I see why you are having problems.

    On the server:

    1. Please remove DNS address 184.168.221.20. This is incorrect. The server is asking 184.168.221.20, where's the domain controller for rebenterprises.co.uk? It does not have that answer. This MUST be removed. In any AD environment, you must ONLY use the internal DNS servers that host the AD zone, or things will just not work. More information, please read here:
      Active Directory's Reliance on DNS, and why you should never use an ISP's DNS address or your router as a DNS address, or any other DNS server that does not host the AD zone name
      Published by Ace Fekay, MCT, MVP DS on Aug 17, 2009 at 7:35 PM  1058  2
      http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx
    2. For first DNS, type in 10.10.10.2
    3. Second DNS, keep the loopback (127.0.0.1)

    .

    DNS Suffix search list

    The DNS Suffix must NOT be an IP address. A search suffix must be a domain name, not a numerical value. The DNS client side resolver uses that to resolve names, For example, when you type in ping computername, the resolve will *suffix* the search suffix, so it will be computername.rebenterprises.co.uk.

    The way you have it right now, the resolver will try to ping computername.186.168.221.20. That will not work.

    By default, the search suffix is the AD domain name. Remove those IP addresses, and replace the Search suffix with the domain name, "rebenterprises.co.uk"

    -

    On the client:

    For DNS, you are using your router for DNS. The same thing goes, that the router does NOT have information about Active Directory.

    1. Remove DNS 10.10.10.1. Never use the router or an outside IP for DNS. Only use the internal DNS. ONLY!
    2. For DNS on the client, enter 10.10.10.2.

    Search Suffix

    Same thing. Remove the IP addresses for the search suffix. Since it is not joined yet, leave it blank. As soon as it is joined, it will automatically set it to rebenterprises.co.uk.

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 4:36 PM
  • I also forgot to mention, you should also enable NetBIOS on the client machine, too.

    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 8:06 PM
  • And one more thing.

    I am *assuming* that your internal AD domain name is the same as your public domain name, "rebenterprises.co.uk," and I'm *assuming* this is the case because the Primary DNS Suffix is using that name.

    I also assume the website is being hosted at a web hosting provider and not internally.

    If my assumptions are correct, this is a "split-zone" scenario, or also referred to as "AD has the same name internally and externally."

    then to be able to resolve the external domain name, in your internal DNS zone called rebenterprises.co.uk, you must create a "www' record and give it the IP, 184.168.221.20. This way when someone types in www.rebenterprises.co.uk, your internal DNS will resolve it. Otherwise, your internal DNS will not forward out to the internet Forwarder DNS servers to resolve the name because your DNS is authoritative for the zone, which means it's hosting the zone.

    As for resolving the website without the 'www' in the URL, such as http://rebenterprises.co.uk, that will be a little more difficult. This is because all domain controllers in Active Directory register a special record called the LdapIpAddress record. THi sis used for DFS, GPO applications, and other functions, and cannot be altered. You can see that record under your internal rebenterprises.co.uk zone. It's the record that looks like the following:

    rebenterprises.co.uk
    (same as parent)      A     10.10.10.2

    That is the record in DNS that you can create without a host name (keeping it blank) to be able to connect to http://rebenterprises.co.uk. Unfortunately, you can't alter it. You can either tell everyone to always use www, www.rebenterprises.co.uk, or you can alter IIS to make it work for you. Instructions are below.

    Can't Access Website with Same Name (Split Zone or no Split Brain)
    Published by Ace Fekay, MCT, MVP DS on Sep 4, 2009 at 12:11 AM  1278  0
    Note - In an AD same name as the external name (split zone) scenario, if you don't want to use WWW in front of URL, such as to access it by http://domain.com, then scroll down to "So you don't want to use WWW in front of the domain name"
    http://msmvps.com/blogs/acefekay/archive/2009/09/04/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name.aspx


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Thursday, November 14, 2013 8:15 PM
  • Ace Fekey,

    Once Again, Many Thanks for your kind assistance.Yes my AD Domain is the same as my DNS Domain and I hace invoked a new A Record for "www" in my forward zone on my DNS.

    I am getting internet only from my server but not from any of my clients as this could be my 837 Router (I have also placed a thread in the Cisco Networker's site for this issue.

    I have placed the 10.10.10.2 in the "Preferred DNS Server" and left the other one completely blank on all my clients and also I have also checked and enabled NETBios on all of my clients.

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Friday, November 15, 2013 2:37 PM
  • Good to hear.

    On the DC, DNS server console, if you right-click, choose properties, of the DNS server name, click on the Forwarders tab, I mentioned to use 184.168.221.20 as the Forwarder. After some testing on my end, I found that this IP is not a DNS server. It's just your website IP. So what I would like you to do is set 4.2.2.3 as the Forwarder. That one works.

    On the workstation, I would like you to run these tests to determine if it's your firewall or if it's something else.

    1. Ping 4.2.2.3  Does it respond?
    2. Ping www.yahoo.com - does it resolve to an IP and ping?
    3. Run nslookup:
      > www.yahoo.com           Does it resolve?

    -

    Here's my nslookup results for www.yahoo.com using 4.2.2.3. But I want you to use your own DNS, 10.10.10.1 with this test, first.

    > www.yahoo.com
    Server:  c.resolvers.level3.net
    Address:  4.2.2.3

    Non-authoritative answer:
    Name:    ds-any-fp3-real.wa1.b.yahoo.com
    Addresses:  2001:4998:f00b:1fe::3001
              2001:4998:f00d:1fe::3001
              2001:4998:f00b:1fe::3000
              98.139.180.149
    Aliases:  www.yahoo.com
              fd-fp3.wg1.b.yahoo.com
              ds-fp3.wg1.b.yahoo.com
              ds-any-fp3-lfb.wa1.b.yahoo.com

    >

    -

    -

    Now try it with 4.2.2.3. TO do that in nslookup, you have to switch it to 4.2.2.3 from using your own DNS. To do that, you simply type in server 4.2.2.3, and re-run www.yahoo.com.

    When you type in server 4.2.2.3, it will look this:

    > server 4.2.2.3
    Default Server:  c.resolvers.level3.net
    Address:  4.2.2.3

    > www.yahoo.com  

    -

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:46 PM
    Friday, November 15, 2013 3:02 PM
  • Ace Fakey,

    I have configured a fowarder for 4.2.2.3 on my DNS Server and I had pinged this address on my W/S, that had gone a o-kay however the nslookup was not sucessful.

    Unfortunately I cannot paste either images or body pasted images as on to the account that I don't have a verified email account (I have attempted to get this resolved by configuring my security options).  

    Regards,

    Bob.


    Friday, November 15, 2013 6:23 PM
  • Ace Fekay,

    I have infomed one of the moderators in regards to my account issue.

    Bob.


    Friday, November 15, 2013 7:02 PM
  • Does the nslookup work on the server, but not the workstation?

    Is there an antivirus or a third party or Windows firewall enabled on the workstation? If yes, disable the AV and the firewall and try again.

    You can screenshot them, save them to a files haring site, such as http://skydrive.com, and provide a link to them in your next post.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Friday, November 15, 2013 7:12 PM
  • Ace Fekay,

    I have intentionally disabled the firewall on both my Server & Workstations and I will confirm with you that I don't have any antivirus software on my Server at this stage.

    Please view my current screen-shot from my Server for your further information:

    Regards,

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Saturday, November 16, 2013 5:34 AM
  • The nslookup results look fine. How about from a workstation?

    And I see you still didn't create a reverse zone for 10.10.10.0. That's why it says, "*** Can't find server name for 10.10.10.2 ... Server: UnKnown for 10.10.10.2."

    If you did create a reverse zone, make sure you set it to store the zone in Active Directory, and set Dynamic Updates to "Secure Only."

    And setup DHCP on the server. Turn if off on the router. You're better off.

    Install DHCP, set the scope options as the following:

    • DHCP Option 003 - IP address of your router: 10.10.10.1. (This is the gateway address you are giving your clients.)
    • DHCP Option 006 - IP Address of your DNS server: 10.10.10.2 (This is the DNS address you are giving your clients, and in this case, it will be your DC.)
    • DHCP Option 015 - Active Directory Domain Name: rebenterprises.co.uk (This is the connection specific suffix provided to the DHCP enabled NIC interface on the client.)

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Saturday, November 16, 2013 5:54 AM
  • Ace Fekay,

    To confirm I had created a Reverse Lookup for 10.10.10.0 and D/checked the configs and this is stored to Active Directory and implemented the settings for Dynamic Updated to Secure Only.

    I have installed DHCP and performed the nessacary configs as per your above guidelines. Please find pasted images of my CMD config from nslookup & from my Reverse Lookup 10.10.10.0 from my DNS for your further information.

    Regards,

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Saturday, November 16, 2013 8:19 AM
  • Close the command prompt. Restart the DNS Service (right-click the server name, restart).

    Try again.

    Also, post any event log errors. Since the DC was misconfigured for some time, and I'm not sure how long, there may be AD problems. Please check all Event log errors (Application, System, and under Application and Services Logs on a DC for the AD Web services, DFS Replication, Directory Services, DNS Server & File Replication Server logs.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Saturday, November 16, 2013 3:15 PM
  • Ace Fekay,

    I have Stopped & Restarted the DNS Server and I have pasted images from Event Viewer, one from the DNS Server and the other from the System.

    Bob.

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Saturday, November 16, 2013 4:07 PM
  • You have numerous AD problems. The errors you've been encountering are all based on the fact up until recently, that you've never used your own DNS server in the NIC properties. The EventID 5781 is indicative of that issue.

    Just an FYI, even though a server is running DNS, it will never use itself if you don't tell it to use itself by configuring its IP address in the NIC's DNS settings.

    I know now that you have it configured correctly (assuming) after my recommendations, but I'm just hoping now that this can easily be fixed. For the record, let's see an updated ipconfig /all from this server.

    -

    Also, make sure the rebenterprises.co.uk zone is set to Secure Only. Then run:

    • ipconfig /registerdns
    • net stop netlogon
    • net start netlogon

    -

    Then wait about 5 minutes, then check the rebenterprises.co.uk to see if you can find an A (host) entry called robertbrindle with the IP, 10.10.10.2.

    If not, then we have a little more of a problem. If it didn't show up, change ALL zones to non-secure and run the above procedure again.

    -

    Do you have a zone called _msdcs.rebenterprises.co.uk? Let's see a screenshot of it while clicked on "_msdcs.rebenterprises.co.uk" and another screenshot with the subfolder called gc expanded so we can see what's in the right pane.

    Here's an example of an _msdcs zone with the _msdcs.domain.local zone expanded. If this zone does not exist on your DNS, then we have more issues.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn


    Saturday, November 16, 2013 4:47 PM
  • Ace Fekay,

    Please find pasted the following images for your further information.

    Regards,

    Bob.

    • Marked as answer by Robert Brindle Sunday, November 17, 2013 9:44 AM
    Saturday, November 16, 2013 5:30 PM
  • Ace Fekay,

    Please find pasted the following images for your further information.

    Regards,

    Bob.

    Everything looks good!

    Please go back through the responses from me or any others that assisted you, and choose which of our responses helped you by marking them as an Answer.

    Thank you, and cheers! :-)

    -

    Oh, and how is it working from the workstations?

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:45 PM
    Monday, November 18, 2013 4:18 AM
  • Ace Fekay,

    I have to say that you have been a real great help to me, as we all know configuring DNS on a Server is a quite protracting task to perform.

    I certainly be relying on this thread for any future references, in both commercial and my own private IT work.

    Thanks ever so much as I am extremely grateful for your assistance.

    Regards,

    Bob.



    Monday, November 18, 2013 1:32 PM
  • Ace Fekay,

    I have to say that you have been a real great help to me, as we all know configuring DNS on a Server is a quite protracting task to perform.

    I certainly be relying on this thread for any future references, in both commercial and my own private IT work.

    Thanks ever so much as I am extremely grateful for your assistance.

    Regards,

    Bob.



    Thank you, Bob. I am  happy to hear I was able to answer your questions and assist you in resolving this problem.

    As I've asked, please review my post and Susie's posts, and mark the appropriate responses that helped you as "Answers." We get credits for assisting folks. I hope you understand.

    If you feel none of our posts provided the correct Answer, I can understand.

    This also benefits others if they were to come across this thread if they have similar issues.

    Feel free to post additional question or create a new thread if you have any other problems that arise.

    Thank you, and cheers!

    :-)


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Robert Brindle Monday, November 18, 2013 2:47 PM
    Monday, November 18, 2013 2:33 PM