+ Reply to Thread
Results 1 to 19 of 19

Thread: Newb DC issue

  1. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #1

    Default Newb DC issue

    I have installed Windows Server 2003 and XP Pro in virtual machines in VMWare. The pro computer is currently a standalone machine, I want to add it to my domain.

    I have installed DNS, DHCP, and Active Directory.

    By performing query and recursive tests, I have determined that DNS is working. DHCP is not started, I assume because there are no clients in the domain to least IP addresses to.

    I have verified that both machines are on the same network. The DC domain name is OffworldCorporation.local

    When I attempt to join a domain through system properties-Computer/domain changes, I get a message saying "A domain controller for the domain OffworldCorporation.local could not be contacted." I have no idea what I am doing wrong.

    Both computers can access the internet, however I cannot ping either computer from the other. Maybe I am using the wrong network connection on the VM?
    Last edited by SephStorm; 02-27-2010 at 01:17 AM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Apr 2009
    Location
    New Orleans, LA
    Posts
    199

    Certifications
    MCSE, MCITP:EA, CCNA, CCNP
    #2
    I've had much more luck with this when bridging the two connections to the existing network. However, you can statically set your IP addresses on each machine to see if you're able to get some communication before you try to implement DHCP. Also, once you get your machines pinging one another, try statically setting (or creating a DHCP option) your DNS to the Domain Controller. Most of the time that I've had issues joining a computer to a domain, it's been because of DNS.
    Reply With Quote Quote  

  4. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #3
    I am getting frustrated.

    I set the network type to bridged. I reinstalled everything but the OS on the server(VM), and I set static IP's for every host in my network.

    I can ping from the server to my host OS, but not from the host to the server.
    Reply With Quote Quote  

  5. Senior Member leefdaddy's Avatar
    Join Date
    Oct 2003
    Location
    St. Louis, MO
    Posts
    403

    Certifications
    A+, Network+, Security+, MCP, MCSA, MCTS, VCP 4/5, CCENT, CCNA
    #4
    Turn off Windows firewall on the server and hosts? Can you remote desktop to the server? Can you join the PCs to the domain, if they join the domain they are obviously communicating.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Jul 2009
    Posts
    2,056

    Certifications
    Beer+
    #5
    The XP client is using the IP of the DC for DNS, right?
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #6
    Quote Originally Posted by Hyper-Me View Post
    The XP client is using the IP of the DC for DNS, right?
    More than likely the problem. The XP machine requires the SRV records to locate the DC(s). If you're just using your gateway or your ISP's DNS servers to resolve domain names, it's not going to find those.
    Reply With Quote Quote  

  8. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #7
    ok, heres the config

    Netgear router:
    Dyn assigned IP.
    Dyn assigned DNS
    Router is configured as a DHCP server
    Router is configured as a DNS server


    Host Machine: laptop running W7.
    Static IP from router:192.168.1.2
    DCHP svr: 192.168.1.1
    DNS server:192.168.1.1

    Guest1: Win SVR 2003
    Namesvr-x5vo8s.OffworldCorporation.net
    Domain:OffworldCorporation.net
    Static IP:192.168.1.5
    Default gateway:192.169.1.1
    DNS Server: 192.168.1.1

    Guest2: Win XP 2003
    Static IP:192.168.1.6
    DNS Server:192.168.1.1 (This was the SVR, but changed until I can get on the domain)

    After allowing incoming ICMP echo requests, I was able to ping the server from bost the host and guest#2. I still cannot join the domain, nor can I Remote desktop to the pc, though that may be because I have never used it before.

    If someone wants to try remote desktop, let me know, i'll try it.
    Reply With Quote Quote  

  9. He Hate Me Zartanasaurus's Avatar
    Join Date
    Sep 2009
    Posts
    1,978

    Certifications
    CCIE:R&S
    #8
    Change the DNS address on all your machines to point to 192.168.1.5 (your domain controller). Your router and ISP don't know that your domain exists, so it can't resolve "offworldcorporation.local". Your DC does and can.
    Reply With Quote Quote  

  10. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #9
    For some reason, after turning off windows firewall and doing the above, I can attempt to join at the next step(it askes for authentication. After that I am having another issue, which I think is a result of my domain length).

    What do I need to do to keep WF from blocking requests?
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #10
    It wasn't the firewall; you didn't have the DNS server configured correctly.

    Domain length isn't the problem. Check the event logs on Server 2003 to see what the problem is.

    You're using credentials for an account that can join computers to the domain?
    Reply With Quote Quote  

  12. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #11
    has to be the firewall, if I turn on the firewall, the host will come back with a message stating it can't find the domain(this is after changing the dns server)

    if i turn off the firewall, it finds the domain and asks for an account with permission to join the domain. (now my problem is I cant use the @ symbol in the xp vm for some reason.)
    Reply With Quote Quote  

  13. He Hate Me Zartanasaurus's Avatar
    Join Date
    Sep 2009
    Posts
    1,978

    Certifications
    CCIE:R&S
    #12
    Quote Originally Posted by SephStorm View Post
    (now my problem is I cant use the @ symbol in the xp vm for some reason.)
    You can do it NT style as well IE domain\administrator until you work out the @ problem.
    Reply With Quote Quote  

  14. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #13
    I was finally able to join the domain, I copied the "@" symbol from the internet and pasted it into the window. So I am on the domain now, now I need to figure out the DHCP and DNS issues.

    First I need to figure out the firewall issue. I created account "mhunt" while the svr firewall was down. This user can log onto the domain whether the firewall is on or off. So I turned on the firewall and created account "dstorm" this user cannot log onto the domain when the fw is on, because the "domain is unreachable". I think my svr is in some high security mode where it doesn't except any connection not previously established. Thoughts?
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Jul 2009
    Posts
    2,056

    Certifications
    Beer+
    #14
    you shouldnt need the @.

    I've always just typed in the username because it assumes the domain is the domain you just tried to join to.
    Reply With Quote Quote  

  16. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #15
    I don't need it when I login from the windows login screen, but like I said, the computer was "in a workgroup" and I had to join the domain from inside windows. right click my computer, properties, computer name, change (to join a domain).
    Reply With Quote Quote  

  17. Member rage_hog's Avatar
    Join Date
    Feb 2010
    Posts
    43
    #16
    Have you tried adding
    192.168.1.5 OffworldCorporation.local

    to the
    C:\windows\system32\drivers\etc\hosts

    file on the XP box?
    Reply With Quote Quote  

  18. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #17
    yep, no luck.

    Can someone tell me if this may apply to me? I'm using sp2 but anyway.

    How to configure Windows Server 2003 SP1 firewall for a Domain Controller
    Reply With Quote Quote  

  19. VCDX in 2017 Essendon's Avatar
    Join Date
    Sep 2007
    Location
    Melbourne
    Posts
    4,489

    Certifications
    VCIX-NV, VCAP5-DCD/DTA/DCA, VCP-5/DT, MCSA: 2008, MCITP: EA, MCTS x5, ITIL v3, MCSA: M, MS in Telecom Engg
    #18
    I too struggled with this when I first used VMware. This is what I now do, really simple.

    Leave your host machine alone. Dont worry what its config is. In VMware, make sure that the Ethernet is set to Host-only: A private network shared with the host. Now put the DC vm and the client vm on the same subnet. The client vm should point to the DC for DNS. As for letting the machines communicate on the internet (a DC shouldnt really communicate with the internet anyway), add another network adapter and leave it at the default option of bridged. This second network adapter should be able to pick up the network config from your Netgear router. Make sure that WF is off, otherwise you are going to have problems such as joining clients to the domain.

    HTH.
    VCDX: DCV - Round 2 rescheduled (by VMware) for December 2017.

    Blog >> http://virtual10.com
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #19
    Wait, you enabled the firewall in Server 2003?

    If so, yes, you're going to need to create exceptions for all the ports that a DC uses.

    I thought you were talking about the firewall in your client.

    Easier way to lock it down is to use the security configuration wizard (SCW).
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks