Can't connect to KMS server

All replies

• 

  

  0

  Sign in to vote

  Stub zones are only designed to hold NS records for the zone you created it for, from memory. So what you're describing sounds exactly like what you should be seeing.

  What you won't see in a stub zone is resource records.

  Cheers,
  Lain

  • Marked as answer by Elytis Cheng Friday, January 20, 2012 6:36 AM

  Thursday, January 19, 2012 7:20 AM
• 

  

  0

  Sign in to vote

  Hello,

  Lain is correct here about the stub zone, details in:

  http://technet.microsoft.com/en-us/library/cc779197(WS.10).aspx

  ---

  Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • Marked as answer by Elytis Cheng Friday, January 20, 2012 6:36 AM

  Thursday, January 19, 2012 8:02 AM
• 

  

  0

  Sign in to vote

  Agree with others, stub zones are normally configured when you don't want to populate all the records to be published instead referral to be used using NS records authoritative for the zone. It contains SOA records, host records of NS, NS records for authoritative zone, so its normal if u can't see all the records and this how stub zones ares designed to function.

  http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html

   

  Regards

  ---

  Awinish Vishwakarma

  MY BLOG:  awinish.wordpress.com

  ---

  This posting is provided AS-IS with no warranties/guarantees and confers no rights.

  • Marked as answer by Elytis Cheng Friday, January 20, 2012 6:36 AM

  Thursday, January 19, 2012 9:23 AM
• 

  

  0

  Sign in to vote

  Hi,

  I also agree with the previous posts.

  If you want to read a really good explanation of stub zones take a look at: http://redmondmag.com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones.aspx?Page=1

  ---

  Martin Forch

  • Marked as answer by Elytis Cheng Friday, January 20, 2012 6:36 AM

  Thursday, January 19, 2012 9:51 AM
• 

  

  0

  Sign in to vote

  Thanks all.  So are there any suggestions on how I should make this work?

  Friday, January 20, 2012 1:03 AM
• 

  

  0

  Sign in to vote

  Hi James,

  For my part, I don't think I'm quite following the scenario.

  If the goal is to have servers located in the DMZ be able to resolve queries for resources in the parent domain, then you could point your DMZ servers to your Active Directory DNS servers - which you've probably already done, then set up a conditional forwarder on your DNS servers to route the request to the parent domain DNS servers.

  As an alternative, in the event that there's additional firewall rules outside your control, then you can look at the option of hosting an application partition published by your parent domain's DNS admins. This will replicate their DNS records to your environment if that's what you are after

  Information about DNS application partitions is all over the place. Here's two brief reference:

  • Create a DNS application partition (this step would be performed by your forest administrators)
  • Enlist a DNS application partition (this step would be performed by your own domain's Domain Admins)

  Cheers,
  Lain

  
  

  • Edited by Lain Robertson Friday, January 20, 2012 2:26 AM Assumed something incorrectly.

  Friday, January 20, 2012 2:22 AM
• 

  

  0

  Sign in to vote

  Now that there are 9 posts, most marked as answers, could someone actually answer the original question. He/we can't get the DMZ servers to activate through the KMS server inside the network. As he said  

  "I need DMZ to be able to see the whole DNS on our Domain controller so this server can be activated."

  I believe the issue is more about activation than DNS records.

   

  Thursday, February 2, 2012 2:21 PM
• 

  

  0

  Sign in to vote

  Hi,

  make sure that the servers are able to connect to the kms via port 1688. When this is possible you can try to activate the systems with the commandline slmgr.vbs /skms and define the kms host which should connected (http://technet.microsoft.com/en-us/library/ff793433.aspx). When this works manually you can test it again.

  On your kms you can check if the current count increase (slmgr.vbs /dlv all) - keep in mind that the systems need a count from 5 to activate Windows Server.  

  One more question. Which primary DNS Suffix has the server that should be activated via the kms. The system uses the dns suffix to find the kms srv record(http://support.microsoft.com/kb/929826/en-us).

  For workgroup computers, the DNS automatic discovery of KMS requires that the DNS zone contains the SRV resource record for the KMS host. This DNS zone is the DNS zone that corresponds to either the primary DNS suffix of the computer or to the DNS domain name that is assigned by the Dynamic Host Configuration Protocol (DHCP). This domain name is defined by the option that has the code value of 15 as defined in Request for Comments (RFC) 2132.

   

  ---

  Martin Forch
  

  • Edited by Martin Forch Thursday, February 2, 2012 3:46 PM
  • Proposed as answer by Meinolf Weber Thursday, February 2, 2012 5:19 PM

  Thursday, February 2, 2012 2:32 PM
• 

  

  0

  Sign in to vote

  When I realized I couldn't telnet to the KMS server from the client, I knew the issue had  something to do with firewall rules. We had updated the firewall and had upgraded the KMS server to R2 since this particular server had been activated. We have abt 350 servers in KMS and a few Office 2010(on servers)also. So the regular /ato, /skms we know fairly well and all servers within the domain were (re)activating fine. This one in the DMZ was the only problem, so far.

  Thursday, February 2, 2012 6:03 PM