none
The DNS server 192.168.1.100 on Local Area Connection did not successfully resolve the name _kerberos._tcp.ad.local.

    Question

  • This is my first time setting up a Windows 2008 R2 server. I am using a WRT610N router. My server is hardwired and my clients are wireless. I have set a static IP for my server through my router by MAC address as my server does not serve as a DHCP server. It is only going to be used for AD and DNS. I set it up through the dcpromo wizard and the installation went great. I have been troubleshooting the heck out of two issues I have been continuously encountering and just can't figure out what I am doing wrong. Due to this issues, my client computers are not connecting to my DNS server. Please help! :) If you need more information, please let me know.


    Title:
    DNS: The DNS server 192.168.1.100 on Local Area Connection must resolve Global Catalog resource records for the domain controller

    Severity:
    Error

    Date:
    4/11/2011 11:01:45 PM

    Category:
    Configuration

    Issue:
    The DNS server 192.168.1.100 on Local Area Connection did not successfully resolve the name _ldap._tcp.gc._msdcs.ad.local.

    Impact:
    Active Directory Domain Services (AD DS) operations that depend on locating a Global Catalog will fail.

    Resolution:
    Click Start, click Network, click Network and Sharing Center, and then click Change adapter settings to configure DNS servers that can resolve the name _ldap._tcp.gc._msdcs.ad.local.

    More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=121970

    -----------

    Title:
    DNS: The DNS server 24.220.0.10 on Local Area Connection must resolve Global Catalog resource records for the domain controller

    Severity:
    Error

    Date:
    4/11/2011 11:01:45 PM

    Category:
    Configuration

    Issue:
    The DNS server 24.220.0.10 on Local Area Connection did not successfully resolve the name _ldap._tcp.gc._msdcs.ad.local.

    Impact:
    Active Directory Domain Services (AD DS) operations that depend on locating a Global Catalog will fail.

    Resolution:
    Click Start, click Network, click Network and Sharing Center, and then click Change adapter settings to configure DNS servers that can resolve the name _ldap._tcp.gc._msdcs.ad.local.

    More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=121970

    -------

    Here is a print-out from my server:


    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SERVER
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
       Physical Address. . . . . . . . . : BC-AE-C5-E3-B1-79
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Tuesday, April 12, 2011 11:48:11 AM
       Lease Expires . . . . . . . . . . : Wednesday, April 13, 2011 11:48:10 AM
       Default Gateway . . . . . . . . . : 192.168.1.1
       DHCP Server . . . . . . . . . . . : 192.168.1.1
       DNS Servers . . . . . . . . . . . : 24.220.0.10
                                           192.168.1.100
                                           24.220.0.11
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{8689FD6E-04DE-46A2-BD51-F8A015840D03}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tuesday, April 12, 2011 5:05 PM

Answers

  • Firstly,remove the public IP 24.220.0.10  & 24.220.0.11 from DNS servers list from DC & if there is any public configured into NIC of any server or client system remove that too.  If public IP listed public DNS IP you received from your ISP for external name resolution, configure it into forwarder tab in DNS server.

    How to configure dns & forwarder.

    http://www.zdnetasia.com/install-a-dns-server-in-windows-server-2008-62040433.htm

    More on DNS recommendations from MS DA Team.

    http://awinish.wordpress.com/2011/03/08/dns-recommendations-from-microsoft/

     

    Make sure you wireless device have DNS for DC configured & able to forwarder request for domain name resolution & DHCP on router support dynamic update of DNS records in AD. I guess you are using AD integrated DNS, please refer links in my blog to get the accurate settings for DNS as DNS is most important component of AD.

     

    Regards  


    Awinish Vishwakarma| MY Blog  

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, April 12, 2011 6:48 PM
    Moderator

All replies

  • Hello,

    Please use 192.168.1.100 as primary DNS server. For other DNS servers, set them as forwarders.

    Once done, run net.exe stop netlogon & net.exe start netlogon or reboot the server.

    After that, check that all is okay.

    Forgot a detail: Like Santhosh said use a static IP address for the DC.

    Exclude the 192.168.1.100 from the DHCP scope and proceed like I mentioned (Give this address to the DC as static one)

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner

    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

     



    • Edited by Mr XMVP Tuesday, April 12, 2011 6:29 PM add information about DHCP
    Tuesday, April 12, 2011 6:13 PM
  • Is it a production or lab AD?

    >>DHCP Enabled. . . . . . . . . . . : Yes

    Use static IP address instead of DHCP. Make sure 192.168.1.100 is excluded from the scope?

    Change Primary IP address to 192.168.1.100. 

    Then restart the DC and Netlogon serverice

    Run DCDIAG and post the result on the Skydrive not here. 

     


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara

    This posting is provided AS IS with no warranties, and confers no rights.
    Tuesday, April 12, 2011 6:25 PM
  • Firstly,remove the public IP 24.220.0.10  & 24.220.0.11 from DNS servers list from DC & if there is any public configured into NIC of any server or client system remove that too.  If public IP listed public DNS IP you received from your ISP for external name resolution, configure it into forwarder tab in DNS server.

    How to configure dns & forwarder.

    http://www.zdnetasia.com/install-a-dns-server-in-windows-server-2008-62040433.htm

    More on DNS recommendations from MS DA Team.

    http://awinish.wordpress.com/2011/03/08/dns-recommendations-from-microsoft/

     

    Make sure you wireless device have DNS for DC configured & able to forwarder request for domain name resolution & DHCP on router support dynamic update of DNS records in AD. I guess you are using AD integrated DNS, please refer links in my blog to get the accurate settings for DNS as DNS is most important component of AD.

     

    Regards  


    Awinish Vishwakarma| MY Blog  

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, April 12, 2011 6:48 PM
    Moderator
  • I was able to get DNS and AD roles up and running on the server from the information you provided, Awinish! Thanks a bunch!!! However, when I attempt to log-on from a computer which has joined the domain successfully, it keeps saying "your account has been configured to prevent you from using this computer". I have gone through all the computers and users and there are no restrictions there are no restrictions that I can see. Any suggestions? Thanks.
    Tuesday, April 12, 2011 11:31 PM
  • What version of OS are you using? Are you trying to log on to the DC?

    Did you check the user properties -> Account tab -> Log On To Make sure All Computers option is selected. 

     


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara

    This posting is provided AS IS with no warranties, and confers no rights.
    Wednesday, April 13, 2011 12:45 AM
  • Never mind. I figured it out. It was a bad user account. I created several new user accounts and the server and clients are running like champs! :D
    Wednesday, April 13, 2011 1:38 AM
  • You are welcome & glad to know the issue has been resolved. Thanks for the update.

     

    Regards  


    Awinish Vishwakarma| MY Blog  

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Wednesday, April 13, 2011 4:13 AM
    Moderator