none
Connect to dns server access denied RRS feed

  • Question

  • Hi, first post on here everyone :)

    Basically, i have 2 domain controllers, one is my primary gui server and another is on server core. I'm trying to "connect to dns server" on my gui server to bring up my server core dns server on it, everytime i try it i keep getting an "access denied " message. I'm wondering why and how i go about correcting this? The security groups have been left to default and the "administrator" account is being used on BOTH DC's.

    Thanks

    Friday, March 25, 2016 2:54 PM

All replies

  • 1. What is Event log error number and detailed description?

    2. What did you before you try to connect?

    3. Try enterprise administrator account.

    4. Test the AD health with dcdiag

    Share your findings here.

    M.

     
    Friday, March 25, 2016 8:41 PM
  • The "Jedi" machine is the GUI primary server and "Jedicore" machine is the server core machine.

                                        

    Directory Server Diagnosis


    Performing initial setup:

       Trying to find home server...

       Home Server = Jedi

       * Identified AD Forest. 
       [JEDICORE] LDAP bind failed with error 1326,

       The user name or password is incorrect..
       Got error while checking if the DC is using FRS or DFSR. Error:

       The user name or password is incorrect.The VerifyReferences, FrsEvent and

       DfsrEvent tests might fail because of this error. 

       Done gathering initial info.


    Doing initial required tests


       Testing server: Default-First-Site-Name\JEDI

          Starting test: Connectivity

             ......................... JEDI passed test Connectivity


       Testing server: Default-First-Site-Name\JEDICORE

          Starting test: Connectivity

             Got error while checking LDAP and RPC connectivity. Please check your

             firewall settings.

             ......................... JEDICORE failed test Connectivity



    Doing primary tests


       Testing server: Default-First-Site-Name\JEDI

          Starting test: Advertising

             ......................... JEDI passed test Advertising

          Starting test: FrsEvent

             ......................... JEDI passed test FrsEvent

          Starting test: DFSREvent

             There are warning or error events within the last 24 hours after the

             SYSVOL has been shared.  Failing SYSVOL replication problems may cause

             Group Policy problems. 
             ......................... JEDI failed test DFSREvent

          Starting test: SysVolCheck

             ......................... JEDI passed test SysVolCheck

          Starting test: KccEvent

             ......................... JEDI passed test KccEvent

          Starting test: KnowsOfRoleHolders

             ......................... JEDI passed test KnowsOfRoleHolders

          Starting test: MachineAccount

             ......................... JEDI passed test MachineAccount

          Starting test: NCSecDesc

             ......................... JEDI passed test NCSecDesc

          Starting test: NetLogons

             ......................... JEDI passed test NetLogons

          Starting test: ObjectsReplicated

             ......................... JEDI passed test ObjectsReplicated

          Starting test: Replications

             ......................... JEDI passed test Replications

          Starting test: RidManager

             ......................... JEDI passed test RidManager

          Starting test: Services

             ......................... JEDI passed test Services

          Starting test: SystemLog

             ......................... JEDI failed test SystemLog

          Starting test: VerifyReferences

             ......................... JEDI passed test VerifyReferences


       Testing server: Default-First-Site-Name\JEDICORE

          Skipping all tests, because server JEDICORE is not responding to

          directory service requests.




       Running partition tests on : ForestDnsZones

          Starting test: CheckSDRefDom

             ......................... ForestDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... ForestDnsZones passed test

             CrossRefValidation


       Running partition tests on : DomainDnsZones

          Starting test: CheckSDRefDom

             ......................... DomainDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... DomainDnsZones passed test

             CrossRefValidation


       Running partition tests on : Schema

          Starting test: CheckSDRefDom

             ......................... Schema passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Schema passed test CrossRefValidation


       Running partition tests on : Configuration

          Starting test: CheckSDRefDom

             ......................... Configuration passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Configuration passed test CrossRefValidation


       Running partition tests on : starwars

          Starting test: CheckSDRefDom

             ......................... starwars passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... starwars passed test CrossRefValidation


       Running enterprise tests on : starwars.com

          Starting test: LocatorCheck

             ......................... starwars.com passed test LocatorCheck

          Starting test: Intersite

             ......................... starwars.com passed test Intersite

    Maybe the core machine doesn't have services enabled? I'm not sure what LDAP binding means in all honesty. BOTH machies have the same admin account logged in.



    • Edited by robbo777 Friday, March 25, 2016 11:55 PM
    Friday, March 25, 2016 11:47 PM
  • Hi robbo,

    Thanks for posting here.

    >> everytime i try it i keep getting an "access denied " message

    I suppose the major issue was caused by the privileges of the remote machine.

    You could try to use the powershell command to connect to the server core, just like descriptions below:

    enter-pssession -computername server core -credential(get-credential)

    you need to run this command as admin on your gui server

    If you could enter the remote server, you could use the powershell command to list all the scopes and caches and almost anything you want .

    For more information, you could refer to link below:

    https://blogs.technet.microsoft.com/heyscriptingguy/2010/09/13/manage-dns-in-a-windows-environment-by-using-powershell/

    Best regards,


    Andy_Pan



    • Edited by Hello_2018 Sunday, March 27, 2016 3:14 AM
    • Proposed as answer by Hello_2018 Tuesday, April 5, 2016 9:08 AM
    Sunday, March 27, 2016 3:13 AM
  • Hi robbo,

    If you have any updates, welcome to share here.

    Best regards,


    Andy_Pan

    Tuesday, April 5, 2016 9:09 AM