none
How to connect to another DNS server from/to an standalone DNS Server using DNS Management Console.

    Question

  • I have 2 windows 2003 SP2 standalone servers (no DC) on the same network, I setup 2 DNS servers for Internet Use.

    I setup one server as the primary DNS and the other one as a secondary DNS, and the changes made on the primary DNS are getting replicated to the secondary DNS, that is working fine.

    I want to be able to manage both DNS serves from one DNS Management Console but I am not able to do it.

    Any help on that to do this?

    Remember that the servers are not member of the domain and because of this the users account one Server are not the same on the other server.


    Please help

    Thanks
    Thursday, March 26, 2009 12:51 AM

Answers

  • Hi Jack,

     

    Do these 2 servers connect to each via the LAN or the Internet?


    The possible cause of the issue is port blocking.
     

    Based on the further research, if we want to connect to a remote DNS server via DNS management console, we may need to check and verify that some network ports need to be open and not be blocked by any Firewall between the source and target server.

     

     

    1.   Please check PRC traffic is allowed by using RPCPing or portqry to ensure 135 and PRC dynamic ports are opened on the routers and firewalls between the two servers:

     

    RPC dynamic port allocation is used by various remote administration applications. Dynamic port allocation will instruct the RPC program to use a particular random port above 1024. Customers using firewalls may want to control which ports RPC is using so that their firewall router can be configured to forward only these ports.

     

    For instructions on adding registry entries to control dynamic port allocation settings, please see article 154596.

     

    154596 How to configure RPC dynamic port allocation to work with firewalls

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;154596

     

    2.   Please check the registry value RpcProtocol of the destination DNS server to ensure that remote administration of DNS server service is not blocked:

     

    How to disable remote administration of the DNS Server service in Windows Server 2003 and in Windows 2000 Server

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;936263

     

    For more information, please refer to:

     

    Service overview and network port requirements for the Windows Server system

    http://support.microsoft.com/kb/832017

     

    Hope it helps.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by David Shen Thursday, April 02, 2009 2:41 AM
    Tuesday, March 31, 2009 3:51 AM
  • Hello Jack,
     
    To remote manage the other DNS server via the local DNS Management console, there are some presupposition we may need to check.
     
    1. You have permission on both the source and target server, as Syed said, you may create identical username and password for both the server with full administrative rights. I suggest that you use built-in Administrator and set them with the same password on both of the servers.
     
    2. The RPC traffic and other related traffic in not blocked by any Firewall between the 2 servers, please turn off the Windows Firewall on the target server for test purpose.
     
    3. You may have the DCOM permission to remote launch the DNS snap-in on that server, please verify the DCOM permission on the target computer.
     
    a. Click Start, click Run, type dcomcnfg, and then click OK.
     
    b. In the Component Services window, expand Component Services, and then click Computers.
     
    c. Right-click My Computer, and then click Properties.
     
    d. Click the COM Security tab.
     
    e. In the Access Permissions area, click Edit Limits.
     
    f. Click ANONYMOUS LOGON. In the bottom pane, click to select the Remote Access check box in the Allow column, and then click OK.
     
    g. In the Launch and Activation Permissions area, click Edit Limits.
     
    h. Click Everyone, and then in the Allow column, click to select the Remote Launch and Remote Activation check boxes.
     
    Hope it helps.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by David Shen Thursday, April 02, 2009 2:41 AM
    Friday, March 27, 2009 7:05 AM

All replies

  • hi there,

    this forum is specific to windows 2008 server general queries.

    As your question is related to widnows 2003 dns server, please do post under

    http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?dg=microsoft.public.windows.server.dns&cat=en_us_a10eb074-42a2-47bb-ae2f-8ff9efe57b80&lang=en&cr=us

    best of luck


    sainath Windows Driver Development
    Thursday, March 26, 2009 3:51 AM
  • Hello,

            Can you create identical username and password for both the server with full administrative rights and log on to the management console for DNS and check if it works.

    Thanks  
    Syed Khairuddin
    Thursday, March 26, 2009 9:00 AM
  • I already tried that without luck.
    Thursday, March 26, 2009 5:08 PM
  • Hello Jack,
     
    To remote manage the other DNS server via the local DNS Management console, there are some presupposition we may need to check.
     
    1. You have permission on both the source and target server, as Syed said, you may create identical username and password for both the server with full administrative rights. I suggest that you use built-in Administrator and set them with the same password on both of the servers.
     
    2. The RPC traffic and other related traffic in not blocked by any Firewall between the 2 servers, please turn off the Windows Firewall on the target server for test purpose.
     
    3. You may have the DCOM permission to remote launch the DNS snap-in on that server, please verify the DCOM permission on the target computer.
     
    a. Click Start, click Run, type dcomcnfg, and then click OK.
     
    b. In the Component Services window, expand Component Services, and then click Computers.
     
    c. Right-click My Computer, and then click Properties.
     
    d. Click the COM Security tab.
     
    e. In the Access Permissions area, click Edit Limits.
     
    f. Click ANONYMOUS LOGON. In the bottom pane, click to select the Remote Access check box in the Allow column, and then click OK.
     
    g. In the Launch and Activation Permissions area, click Edit Limits.
     
    h. Click Everyone, and then in the Allow column, click to select the Remote Launch and Remote Activation check boxes.
     
    Hope it helps.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by David Shen Thursday, April 02, 2009 2:41 AM
    Friday, March 27, 2009 7:05 AM
  • I did the DCOM steps and I am still getting the same message, when I try to connect I get "The Server is unavailable, Would you like to add it anyway."

    I am able to open any other consoles from the second server but not the DNS.

    I still haven't try to match the passwords of the Administrator account. But I created and two account with the same username and password with administration rights on both Servers.

    Please let me know what else I can try.

    How do I test if the RPC traffic is not getting block?

    Thanks
    Friday, March 27, 2009 2:43 PM
  • David,

    Just to be 100% sure, I changed and match the passwords of the administrator account on both Server.

    When I try to add the DNS server I get "Access is Denied

    You do not have permission to access this DNS Server"

    Any Ideas?

    Friday, March 27, 2009 3:25 PM
  • Jack:

    Assuming you have administrative priveleges, you can open MMC, select File\Add/Remove Snap-in and select DNS.

    When you right click the new DNS icon in MMC, you can select "Connect to DNS Server" and connect to a different server.

    I just did this connecting to a Server 2008 from a Server 2003 R2.  I could not connect to a Server 2008 R2, however.

     

    Sainath:  This forum is for all supported server versions.  Only the 2008 R2 forums are version specific.

    Saturday, March 28, 2009 2:31 AM
  • I already tried that. My issue is a little more complex.
    Sunday, March 29, 2009 12:24 AM
  • It reminds me of the problem I was having with Hyper-V.  I couldn't create any more virtual machines.  I kept getting access denied.

    I had to uninstall Hyper-V and then re install it.  Maybe you could do something similar with DNS, but I don't know how.

    I found out the reason I couldn't connect to 2008 R2.  You need to enable remote management in the root page of Server Manager.
    Sunday, March 29, 2009 1:45 AM
  • I did the DCOM steps and I am still getting the same message, when I try to connect I get "The Server is unavailable, Would you like to add it anyway."



    Hi Jack,

    Based on my research, this error message "The Server is unavailabe, would you like to add it anyway?" could occure because of the reason that the Windows Firewall on the target server is enable, which blocks the RPC traffic.

    For test purpose, would you please test with turning off the Windows Firewall on the target server and then check if you can connect to it via DNS managment console?

    Steps:
    1. Open Control Panel.
    2. Launch Windows Firewall
    3. on the General Tab, Select Off.
    4. Click OK.

    Hope it helps.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, March 30, 2009 6:07 AM
  • Hello David,

    The Firewall is disable.

    Any ideas if a wook policy will block this type of request?

    Thanks
    Monday, March 30, 2009 2:57 PM
  • Hi Jack,

     

    Do these 2 servers connect to each via the LAN or the Internet?


    The possible cause of the issue is port blocking.
     

    Based on the further research, if we want to connect to a remote DNS server via DNS management console, we may need to check and verify that some network ports need to be open and not be blocked by any Firewall between the source and target server.

     

     

    1.   Please check PRC traffic is allowed by using RPCPing or portqry to ensure 135 and PRC dynamic ports are opened on the routers and firewalls between the two servers:

     

    RPC dynamic port allocation is used by various remote administration applications. Dynamic port allocation will instruct the RPC program to use a particular random port above 1024. Customers using firewalls may want to control which ports RPC is using so that their firewall router can be configured to forward only these ports.

     

    For instructions on adding registry entries to control dynamic port allocation settings, please see article 154596.

     

    154596 How to configure RPC dynamic port allocation to work with firewalls

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;154596

     

    2.   Please check the registry value RpcProtocol of the destination DNS server to ensure that remote administration of DNS server service is not blocked:

     

    How to disable remote administration of the DNS Server service in Windows Server 2003 and in Windows 2000 Server

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;936263

     

    For more information, please refer to:

     

    Service overview and network port requirements for the Windows Server system

    http://support.microsoft.com/kb/832017

     

    Hope it helps.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by David Shen Thursday, April 02, 2009 2:41 AM
    Tuesday, March 31, 2009 3:51 AM
  • Hello David,

    Thank you for your help

    That thick fixed the issue.

    Thanks
    Thursday, April 02, 2009 6:06 PM