none
Cannot communicate with Primary DNS Server

    Question

  • Between last thursday and friday something changed on my server and I cant quite figure out why the DNS server is not functioning properly.

    Background information:

    I have been on tons of forums and Ill just list all the information I can so it will help you get a better idea of what I am having issues with. I cant talk between the client (appserver) and the DNS server (Ecladmin). I am trying to add appserver to the AD on Ecladmin but I believe something in DNS is preventing me from doing so. The exact error that comes up when trying to add the appserver to Ecladmin is cant find _ldap._tcp.dc._msdcs.eclimited.local... but from looking at the information from the other server I cant even get to the internet with the DNS ecladmin.

     

    Windows Server 2003 Machine

    Only DC

    Computer Name:Ecladmin

    Manually added Ip configuration: Ipconfig /all

    Windows IP Configuration
       Host Name . . . . . . . . . . . . : ECLAdmin
       Primary Dns Suffix  . . . . . . . : Eclimited.local
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : Eclimited.local

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
       Physical Address. . . . . . . . . : 00-1D-09-26-47-D7
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 10.1.10.5
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.1.10.3
       DNS Servers . . . . . . . . . . . : 10.1.10.5

    Dcdiag /v results

    Domain Controller Diagnosis
    Performing initial setup:
       * Verifying that the local machine ECLAdmin, is a DC.
       * Connecting to directory service on server ECLAdmin.
       * Collecting site info.
       * Identifying all servers.
       * Identifying all NC cross-refs.
       * Found 1 DC(s). Testing 1 of them.
       Done gathering initial info.

    Doing initial required tests
      
       Testing server: Default-First-Site-Name\ECLADMIN
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             * Active Directory RPC Services Check
             ......................... ECLADMIN passed test Connectivity

    Doing primary tests
      
       Testing server: Default-First-Site-Name\ECLADMIN
          Starting test: Replications
             * Replications Check
             * Replication Latency Check
             * Replication Site Latency Check
             ......................... ECLADMIN passed test Replications
          Test omitted by user request: Topology
          Test omitted by user request: CutoffServers
          Starting test: NCSecDesc
             * Security Permissions check for all NC's on DC ECLADMIN.
             * Security Permissions Check for
               DC=ForestDnsZones,DC=Eclimited,DC=local
                (NDNC,Version 2)
             * Security Permissions Check for
               DC=DomainDnsZones,DC=Eclimited,DC=local
                (NDNC,Version 2)
             * Security Permissions Check for
               CN=Schema,CN=Configuration,DC=Eclimited,DC=local
                (Schema,Version 2)
             * Security Permissions Check for
               CN=Configuration,DC=Eclimited,DC=local
                (Configuration,Version 2)
             * Security Permissions Check for
               DC=Eclimited,DC=local
                (Domain,Version 2)
             ......................... ECLADMIN passed test NCSecDesc
          Starting test: NetLogons
             * Network Logons Privileges Check
             Verified share \\ECLADMIN\netlogon
             Verified share \\ECLADMIN\sysvol
             ......................... ECLADMIN passed test NetLogons
          Starting test: Advertising
             The DC ECLADMIN is advertising itself as a DC and having a DS.
             The DC ECLADMIN is advertising as an LDAP server
             The DC ECLADMIN is advertising as having a writeable directory
             The DC ECLADMIN is advertising as a Key Distribution Center
             The DC ECLADMIN is advertising as a time server
             The DS ECLADMIN is advertising as a GC.
             ......................... ECLADMIN passed test Advertising
          Starting test: KnowsOfRoleHolders
             Role Schema Owner = CN=NTDS Settings,CN=ECLADMIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Eclimited,DC=local
             Role Domain Owner = CN=NTDS Settings,CN=ECLADMIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Eclimited,DC=local
             Role PDC Owner = CN=NTDS Settings,CN=ECLADMIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Eclimited,DC=local
             Role Rid Owner = CN=NTDS Settings,CN=ECLADMIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Eclimited,DC=local
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=ECLADMIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Eclimited,DC=local
             ......................... ECLADMIN passed test KnowsOfRoleHolders
          Starting test: RidManager
             * Available RID Pool for the Domain is 1600 to 1073741823
             * ECLAdmin.Eclimited.local is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 1100 to 1599
             * rIDPreviousAllocationPool is 1100 to 1599
             * rIDNextRID: 1130
             ......................... ECLADMIN passed test RidManager
          Starting test: MachineAccount
             Checking machine account for DC ECLADMIN on DC ECLADMIN.
             * SPN found :LDAP/ECLAdmin.Eclimited.local/Eclimited.local
             * SPN found :LDAP/ECLAdmin.Eclimited.local
             * SPN found :LDAP/ECLADMIN
             * SPN found :LDAP/ECLAdmin.Eclimited.local/ECLIMITED
             * SPN found :LDAP/fcaf62ee-e0f7-4322-b86d-57c6c596fce4._msdcs.Eclimited.local
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/fcaf62ee-e0f7-4322-b86d-57c6c596fce4/Eclimited.local
             * SPN found :HOST/ECLAdmin.Eclimited.local/Eclimited.local
             * SPN found :HOST/ECLAdmin.Eclimited.local
             * SPN found :HOST/ECLADMIN
             * SPN found :HOST/ECLAdmin.Eclimited.local/ECLIMITED
             * SPN found :GC/ECLAdmin.Eclimited.local/Eclimited.local
             ......................... ECLADMIN passed test MachineAccount
          Starting test: Services
             * Checking Service: Dnscache
             * Checking Service: NtFrs
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: RpcSs
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... ECLADMIN passed test Services
          Test omitted by user request: OutboundSecureChannels
          Starting test: ObjectsReplicated
             ECLADMIN is in domain DC=Eclimited,DC=local
             Checking for CN=ECLADMIN,OU=Domain Controllers,DC=Eclimited,DC=local in domain DC=Eclimited,DC=local on 1 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=ECLADMIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Eclimited,DC=local in domain CN=Configuration,DC=Eclimited,DC=local on 1 servers
                Object is up-to-date on all servers.
             ......................... ECLADMIN passed test ObjectsReplicated
          Starting test: frssysvol
             * The File Replication Service SYSVOL ready test
             File Replication Service's SYSVOL is ready
             ......................... ECLADMIN passed test frssysvol
          Starting test: frsevent
             * The File Replication Service Event log test
             ......................... ECLADMIN passed test frsevent
          Starting test: kccevent
             * The KCC Event log test
             Found no KCC errors in Directory Service Event log in the last 15 minutes.
             ......................... ECLADMIN passed test kccevent
          Starting test: systemlog
             * The System Event log test
             An Error Event occured.  EventID: 0xC0000021
                Time Generated: 02/05/2012   13:10:22
                (Event String could not be retrieved)
             ......................... ECLADMIN failed test systemlog
          Test omitted by user request: VerifyReplicas
          Starting test: VerifyReferences
             The system object reference (serverReference)

             CN=ECLADMIN,OU=Domain Controllers,DC=Eclimited,DC=local and backlink

             on

             CN=ECLADMIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Eclimited,DC=local

             are correct.
             The system object reference (frsComputerReferenceBL)

             CN=ECLADMIN,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Eclimited,DC=local

             and backlink on

             CN=ECLADMIN,OU=Domain Controllers,DC=Eclimited,DC=local are correct.
             The system object reference (serverReferenceBL)

             CN=ECLADMIN,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Eclimited,DC=local

             and backlink on

             CN=NTDS Settings,CN=ECLADMIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Eclimited,DC=local

             are correct.
             ......................... ECLADMIN passed test VerifyReferences
          Test omitted by user request: VerifyEnterpriseReferences
          Test omitted by user request: CheckSecurityError
      
       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
      
       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
      
       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
      
       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
      
       Running partition tests on : Eclimited
          Starting test: CrossRefValidation
             ......................... Eclimited passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Eclimited passed test CheckSDRefDom
      
       Running enterprise tests on : Eclimited.local
          Starting test: Intersite
             Skipping site Default-First-Site-Name, this site is outside the scope

             provided by the command line arguments provided.
             ......................... Eclimited.local passed test Intersite
          Starting test: FsmoCheck
             GC Name: \\ECLAdmin.Eclimited.local
             Locator Flags: 0xe00003fd
             PDC Name: \\ECLAdmin.Eclimited.local
             Locator Flags: 0xe00003fd
             Time Server Name: \\ECLAdmin.Eclimited.local
             Locator Flags: 0xe00003fd
             Preferred Time Server Name: \\ECLAdmin.Eclimited.local
             Locator Flags: 0xe00003fd
             KDC Name: \\ECLAdmin.Eclimited.local
             Locator Flags: 0xe00003fd
             ......................... Eclimited.local passed test FsmoCheck
          Test omitted by user request: DNS
          Test omitted by user request: DNS

    https://skydrive.live.com/?cid=A764FF1B76D8E1EE&id=A764FF1B76D8E1EE!108&sc=photos

     

    https://skydrive.live.com/redir.aspx?cid=a764ff1b76d8e1ee&resid=A764FF1B76D8E1EE!107&parid=A764FF1B76D8E1EE!101&authkey=!AC7Qp-kiscZqgGI





    Sunday, February 05, 2012 7:48 PM

Answers

  • It seems you have multiple links to your Skydrive, one for each upload. It may have been easier for everyone if you created a folder, shared it, and put all the files in it so tehre's one link to click.


    As far as the following, this is typical response for two things going on:
    1.The machine has no Primary DNS Suffix.
    2.The "can't find server..." means you do not have a reverse zone for 10.1.10.0, or if you do, there is no PTR for ECLAdmin.Eclimited.local for IP 10.1.10.5.

     

     

     

    Therefore:
    1.You can ignore the "can't find server..." message. It's just a message saying you don't have a reverse zone or PTR entry for the DNS server.
    2.Beause there is no Search Suffix for eclimited.local, it CAN'T resolve ecladmin.eclimited.local.
    3.If you use nslookup to resolve ecladmin.eclimited.local. (with a period on the end) it should resolve it.
    4.If you can resolve #3, then there is no problem with DNS. It's simply a client side resolver configuration issue.

    However, this should not affect the ability to join it to the domain.

     

     

    When you tried to join it, what name did you give it for the domain name?
    •eclimited.local
    •eclimited (I'm assuming you tried it with this name)

     

     

    Summary: Suggestions and questions:
    •Try joining using the name eclimited.local instead of eclimited and let us know.
    •If enabled, try disabling the Windows Firewall on the DC.
    •I assume all user machines are only using 10.1.10.5 for DNS.
    •Is NetBIOS disabled on the server or appserver? I didn't see it in the ipconfig /all, so I'm just asking if you truncated that part.

     

     

    Here's more info on what the search suffix is and what it does for you. This is why you can ignore the nslookup error until you get this joined.

    Configuring DNS Search Suffixes
    http://msmvps.com/blogs/acefekay/archive/2011/02/12/configuring-dns-search-suffixes.aspx

     


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Monday, February 06, 2012 5:28 PM

All replies

  •  

    Below is still information on Ecladmin just to show the error is not correct because from the DC server I can verify it is there using nslookup.

    https://skydrive.live.com/redir.aspx?cid=a764ff1b76d8e1ee&resid=A764FF1B76D8E1EE!105&parid=A764FF1B76D8E1EE!101&authkey=!AL-1_YrQt-96dkE

    Below are the setting for the Appserver

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : appserver
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection:
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) #31
       Physical Address. . . . . . . . . : 78-2B-CB-74-06-65
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 10.1.10.11
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.1.10.3
       DNS Servers . . . . . . . . . . . : 10.1.10.5

    https://skydrive.live.com/redir.aspx?cid=a764ff1b76d8e1ee&resid=A764FF1B76D8E1EE!104&parid=A764FF1B76D8E1EE!101&authkey=!AJ2N6rKX2CZxO84



    Sunday, February 05, 2012 7:52 PM
  • Hello,

    in all listed information i cannot see anything wrong.

    Do you use Forwarders with the ISPs DNS server on the DNS server properties?

    Please post also an unedited ipconfig /all from the server you try to add to the domain and the complete error message you get.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Sunday, February 05, 2012 7:56 PM
  • Appserver information continued. I can ping by IP address and name but when I try to get out to the internet it doesnt work even though I have two forwarders setup with IP address 68.87.75.292, and 68.87.64.146 which are from comcast. I can get out to the internet using ECLadmin but not with appserver. I was thinking about just adding it to the Hosts file but i figure that it worked for other computers now it just stopped working. I thought the ping -a should say Ecladmin.eclimited.local.

    https://skydrive.live.com/redir.aspx?cid=a764ff1b76d8e1ee&resid=A764FF1B76D8E1EE!103&parid=A764FF1B76D8E1EE!101&authkey=!APjvhkDrpZN2EM8

    I can ping the Ecladmin name but cant ping the DC Eclimited.local or ecladmin.eclimited.local. I also cant ping anything outside my intranet.

    https://skydrive.live.com/redir.aspx?cid=a764ff1b76d8e1ee&resid=A764FF1B76D8E1EE!106&parid=A764FF1B76D8E1EE!101&authkey=!AIWFdsZ0oeFw-RQ

    I have a netdiag report but it is a little large so I wont post it unless somebody thinks it would help. If you need any more information let me know.

     






    Sunday, February 05, 2012 7:58 PM
  • Hello,

    for large output files please use Windows Sky drive and add only the link to it here.

    Have you tried to join the domain with the firewalls disabled?


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Sunday, February 05, 2012 8:03 PM
  • Ok ill change my images around. 

    The firewall is disabled from both servers also I made sure routing and remote services is not installed on either server. The appserver is just an example. I am already connected on 4 machines 3 windows XP and 1 windows 7 machine however it just up and stopped working. I can communicate effectively with any machine.

     

     

    Sunday, February 05, 2012 8:08 PM
  •       Starting test: systemlog

             * The System Event log test
             An Error Event occured.  EventID: 0xC0000021
                Time Generated: 02/05/2012   13:10:22
                (Event String could not be retrieved)
             ......................... ECLADMIN failed test systemlog        

    Please Check the system log in the event viewer for errors.

    and also Run dcdiag /v /test:systemlog and see if it gives you more details on the error.

    DCDIAG failed test SystemLog


    Gopi Kiran |Facebook| This posting is provided AS IS with no warranties,and confers no rights.
    Sunday, February 05, 2012 8:12 PM
  • Thanks for the help so far guys...

    The result form DCDIAG

    Domain Controller Diagnosis

    Performing initial setup:
       * Verifying that the local machine ECLAdmin, is a DC.
       * Connecting to directory service on server ECLAdmin.
       * Collecting site info.
       * Identifying all servers.
       * Identifying all NC cross-refs.
       * Found 1 DC(s). Testing 1 of them.
       Done gathering initial info.

    Doing initial required tests
      
       Testing server: Default-First-Site-Name\ECLADMIN
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             * Active Directory RPC Services Check
             ......................... ECLADMIN passed test Connectivity

    Doing primary tests
      
       Testing server: Default-First-Site-Name\ECLADMIN
          Test omitted by user request: Replications
          Test omitted by user request: Topology
          Test omitted by user request: CutoffServers
          Test omitted by user request: NCSecDesc
          Test omitted by user request: NetLogons
          Test omitted by user request: Advertising
          Test omitted by user request: KnowsOfRoleHolders
          Test omitted by user request: RidManager
          Test omitted by user request: MachineAccount
          Test omitted by user request: Services
          Test omitted by user request: OutboundSecureChannels
          Test omitted by user request: ObjectsReplicated
          Test omitted by user request: frssysvol
          Test omitted by user request: frsevent
          Test omitted by user request: kccevent
          Starting test: systemlog
             * The System Event log test
             Found no errors in System Event log in the last 60 minutes.
             ......................... ECLADMIN passed test systemlog
          Test omitted by user request: VerifyReplicas
          Test omitted by user request: VerifyReferences
          Test omitted by user request: VerifyEnterpriseReferences
          Test omitted by user request: CheckSecurityError
      
       Running partition tests on : ForestDnsZones
          Test omitted by user request: CrossRefValidation
          Test omitted by user request: CheckSDRefDom
      
       Running partition tests on : DomainDnsZones
          Test omitted by user request: CrossRefValidation
          Test omitted by user request: CheckSDRefDom
      
       Running partition tests on : Schema
          Test omitted by user request: CrossRefValidation
          Test omitted by user request: CheckSDRefDom
      
       Running partition tests on : Configuration
          Test omitted by user request: CrossRefValidation
          Test omitted by user request: CheckSDRefDom
      
       Running partition tests on : Eclimited
          Test omitted by user request: CrossRefValidation
          Test omitted by user request: CheckSDRefDom
      
       Running enterprise tests on : Eclimited.local
          Test omitted by user request: Intersite
          Test omitted by user request: FsmoCheck
          Test omitted by user request: DNS
          Test omitted by user request: DNS

    Sunday, February 05, 2012 8:21 PM
  • did u find any errors in the event logs ??
    Gopi Kiran |Facebook| This posting is provided AS IS with no warranties,and confers no rights.
    Sunday, February 05, 2012 8:56 PM
  • In any of the event logs on the server yeah but they were old issues that I fixed. I accidently had DHCP turned on somehow on the nic card I must of reset the ip address then when it was looking for the DC ecladmin it didnt find it at the right address. but i reset it to the above address. That was the only issue I saw. Replication was ok, application was ok...ect.. some warnings but no errors.

     

    Sunday, February 05, 2012 9:07 PM
  • Dragon,

    Quick glance of appserver's ipconfig /all shows the Primary DNS Suffix is missing, resulting in no Search Suffix. The DNS Client side resolver uses this to resolve single hostnames as the first step, meaning if it's trying to resolve ecladmin, it will suffix Eclimited.local, so it's resolving ecladmin.Eclimited.local. WIthout it, it won't resolve.

    Also, regarding the system log error, simply clear the whole system log, and restart the server, to fix it.

    As Meinolf asked, are you using a Forwarder? If not, is EDNS0 disabled or not supported by your firewall? If EDNS0 is blocked, it will not be able to resolve large domain data, as many domains now have. Forwarders overcome this limitation.

    Here's a quick command to test if there's an EDNS0 restriction in your firewall:
    nslookup -type=TXT rs.dns-oarc.net

    Look for the part in the response that says, " ...DNS reply size limit is at least xxxx." The xxxx is what it will support. If it's under 512, then it is blocking EDNS0 or the Forwarder you are using is blocking or not allowing/configured to use EDNS0.

    Read more on EDNS0:

    What is EDNS0? (Extension mechanisms for DNS) 
    http://msmvps.com/blogs/acefekay/archive/2010/10/11/edns0-extension-mechanisms-for-dns.aspx

     

    Is the Windows Firewall enabled on Appserver? Is it blocking UDP 53 or other necessary AD ports (there are over 28 of them including the emepheral service response ports)? Since your appserver is not joined to the domain, at least I am assuming that since it has no Primary DNS Suffix, then I am assuming the WIndows Firewall is not allowing it. All DNS initial queries and communications is over UDP 53 first.

    Also, what AV is installed? If you disable it, does communication work? Reason I ask is all new antivirus software now provide a feature referred loosely as "network traffic protection," which can efffectively block AD and other necessary traffic. I found this the hard way at a customer site over a year ago. That's now the first thing I disable during troubleshooting AD and other internal communication issues.


    Also, I can't get to the files you posted on Skydrive. Did you remove them?

    Ace


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Monday, February 06, 2012 6:17 AM
  • Ace,

     

    You should be able to view the files now I didnt see the share settings on the sky drive I just thought that the links would work for everybody,

    On the Appserver there is no AV installed, it is a brand new installation where the is just the server 2003 OS and the windows updates installed on it. I made sure that the other NIC card is disabled in the machine so it has only 1 Ip address. I was trying to add it to the Eclimited.local domain when I noticed these issues last friday just like everyone who was on the server.

    On the Ecladmin server there is no AV installed on it anymore for the time being. It was working literally last monday but something happened that I cant use it as a AD/DNS server. Could it be an issue with somebody who was on it synchronizing wrong with the server? I have Folder redirection set-up in AD without an issue now two people cant see their My Documents I think becuase whatever happened communication broke when they were synchronizing. I was on the DNS server but I cant communicate with it either.

     

    Monday, February 06, 2012 4:46 PM
  • It seems you have multiple links to your Skydrive, one for each upload. It may have been easier for everyone if you created a folder, shared it, and put all the files in it so tehre's one link to click.


    As far as the following, this is typical response for two things going on:
    1.The machine has no Primary DNS Suffix.
    2.The "can't find server..." means you do not have a reverse zone for 10.1.10.0, or if you do, there is no PTR for ECLAdmin.Eclimited.local for IP 10.1.10.5.

     

     

     

    Therefore:
    1.You can ignore the "can't find server..." message. It's just a message saying you don't have a reverse zone or PTR entry for the DNS server.
    2.Beause there is no Search Suffix for eclimited.local, it CAN'T resolve ecladmin.eclimited.local.
    3.If you use nslookup to resolve ecladmin.eclimited.local. (with a period on the end) it should resolve it.
    4.If you can resolve #3, then there is no problem with DNS. It's simply a client side resolver configuration issue.

    However, this should not affect the ability to join it to the domain.

     

     

    When you tried to join it, what name did you give it for the domain name?
    •eclimited.local
    •eclimited (I'm assuming you tried it with this name)

     

     

    Summary: Suggestions and questions:
    •Try joining using the name eclimited.local instead of eclimited and let us know.
    •If enabled, try disabling the Windows Firewall on the DC.
    •I assume all user machines are only using 10.1.10.5 for DNS.
    •Is NetBIOS disabled on the server or appserver? I didn't see it in the ipconfig /all, so I'm just asking if you truncated that part.

     

     

    Here's more info on what the search suffix is and what it does for you. This is why you can ignore the nslookup error until you get this joined.

    Configuring DNS Search Suffixes
    http://msmvps.com/blogs/acefekay/archive/2011/02/12/configuring-dns-search-suffixes.aspx

     


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Monday, February 06, 2012 5:28 PM
  • Suggestion

    •If enabled, try disabling the Windows Firewall on the DC.

     

    That seemed to do it for me at least. Do you know of any article that suggests using different firewall settings to allow the TCp and UDP ports to be opened for AD/DNS or just have the firewall off and make sure the router to the internet has the best firewall settings?

     

    Thanks again

    Monday, February 06, 2012 7:06 PM
  • Good to hear that worked. If you want to know which ports AD needs, here they are below, but to make it easier with joining, etc, simply disable it. It will reconfigure itself recognizing it's in a domain, and will allow all necessary ports for domain communications.

    Active Directory Firewall Ports - Let's Try To Make This Simple
    http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx 

    As for that nslookup message, as I said, you can ignore it, but if you want to clean it up, create a reverse zone for "10.1.10.0" and make it AD integrated (middle button), and run ipconfig /registerdns. Wait about 5 to 10 minutes, then try it.

    Ace


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Tuesday, February 07, 2012 1:22 AM