+ Reply to Thread
Results 1 to 23 of 23
  1. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #1

    Default Need Help Labbing (creating new domain tree)

    Hey TE,
    Got issues with creating new domain tree. Can't seem to figure it out.. I'll lay out the IP configuration and everything.

    Main Domain Controller and DNS Server
    Name:Hyper-DC
    Domain Name: L2G.Local
    Link-local IPv6 Address . . . . . : fe80::5c4f:3664:17e7:a337%17(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.95(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 192.168.1.95
    127.0.0.1


    Child Domain DC2
    NameC2
    Domain Name: Geek1.L2G.local
    IPv4 Address: 192.168.1.96
    Subnet Mask: 255.255.255.0
    Default Gateway: 192.168.1.1
    DNS Servers: 192.168.1.95
    192.168.1.96
    127.0.0.1

    I want to create a new domain tree under name Learn2Geek.local
    I point DNS servers to 192.168.1.95 and 192.168.1.96 and set the static ip to 192.168.1.97.

    When I DCPromo I always get DNS errors. Should I be creating stub or a dns zone before i create it on my main dns server?
    Reply With Quote Quote  

  2. SS -->
  3. VCDX in 2017 Essendon's Avatar
    Join Date
    Sep 2007
    Location
    Melbourne
    Posts
    4,489

    Certifications
    VCIX-NV, VCAP5-DCD/DTA/DCA, VCP-5/DT, MCSA: 2008, MCITP: EA, MCTS x5, ITIL v3, MCSA: M, MS in Telecom Engg
    #2
    VCDX: DCV - Round 2 rescheduled (by VMware) for December 2017.

    Blog >> http://virtual10.com
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #3
    Essendon,
    Your becoming my go to guy almost for certs and questions lol.
    I'll have to read this tomorrow tho. I will let you know if I'm confused about it still.
    Thanks!
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #4
    Trying those steps right now but got a rpc server unavailable. Looked up information about it but I clicked next and the server rebooted waiting 30 mins now just like the site you sent me told me to..

    Update:
    Everything went wrong... It keeps telling me that it can't find the main DC and DNS server even though its set to 192.168.1.95. Not sure if this is caused by the RPC Server being Down?? Not even sure how its down.

    help please lol

    Update 2:
    Well, Some how I turned my Main DNS server primary zone into a stub.. Not sure how. Good thing this is a lab. Starting over again
    Last edited by jahaziel; 06-12-2013 at 05:19 PM.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #5
    Wow, I must be stupid... but what password am suppose to be using here. I tired using the my enterprise username and password from my original domain and its not working at all.
    .Screenshot from 2013-06-13 13:05:06.jpg
    Last edited by jahaziel; 06-14-2013 at 06:59 PM.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #6
    uh... I was finally able to do it. It gave me a error while I was dcpromo it but everything replicated after 30 or so mins.. going to try it one more time.

    I had to turn off firewall not really happy with that. Can someone give their input?
    Reply With Quote Quote  

  8. VCDX in 2017 Essendon's Avatar
    Join Date
    Sep 2007
    Location
    Melbourne
    Posts
    4,489

    Certifications
    VCIX-NV, VCAP5-DCD/DTA/DCA, VCP-5/DT, MCSA: 2008, MCITP: EA, MCTS x5, ITIL v3, MCSA: M, MS in Telecom Engg
    #7
    Assuming your talking about the Windows Firewall, it's best to have it off in a lab environment. More often than not, it's the culprit (after DNS, of course). Glad you worked it out!

    How did you turn your primary DNS zone into a stub? Mis-clicked? (is that a word?!!)
    VCDX: DCV - Round 2 rescheduled (by VMware) for December 2017.

    Blog >> http://virtual10.com
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #8
    Yeah most likely misclicked. Need to be more careful. Is there anyway to keep the firewall on?
    Reply With Quote Quote  

  10. VCDX in 2017 Essendon's Avatar
    Join Date
    Sep 2007
    Location
    Melbourne
    Posts
    4,489

    Certifications
    VCIX-NV, VCAP5-DCD/DTA/DCA, VCP-5/DT, MCSA: 2008, MCITP: EA, MCTS x5, ITIL v3, MCSA: M, MS in Telecom Engg
    #9
    Keep it off I recommend, otherwise you'll keep wrestling with it. Look at here on how to add exceptions > Windows 7 Firewall
    VCDX: DCV - Round 2 rescheduled (by VMware) for December 2017.

    Blog >> http://virtual10.com
    Reply With Quote Quote  

  11. Virtual Member undomiel's Avatar
    Join Date
    Sep 2007
    Location
    Bellevue, WA
    Posts
    2,813

    Certifications
    MCSA:2008, VCP4/5, CCA (XS), MCITP: EA/VA, MCSE, MCSA, Linux+, Security+, Server+, A+
    #10
    For once I'll have to disagree with Essendon on this one. You'll need to know what exceptions to create in the firewall at some point in your career as an admin so keeping the firewall on and having to troubleshoot those darn firewall related errors that crop up keeps you in the healthy habit of always checking your firewall exceptions. I receive way too many escalations that were as simple as the firewall not being open i.e. the tech couldn't figure out why nobody could connect to the terminal server, so I go in and open up RDP on the firewall.

    In this particular instance I would advise checking the Active Directory Domain Controller LDAP/GC rules and File and Print Sharing rules. Another good reference would be How to configure a firewall for domains and trusts
    Reply With Quote Quote  

  12. VCDX in 2017 Essendon's Avatar
    Join Date
    Sep 2007
    Location
    Melbourne
    Posts
    4,489

    Certifications
    VCIX-NV, VCAP5-DCD/DTA/DCA, VCP-5/DT, MCSA: 2008, MCITP: EA, MCTS x5, ITIL v3, MCSA: M, MS in Telecom Engg
    #11
    Darn firewalls!

    I concur with you Jeff about having a healthy firewall, I was only trying to make things easier for him. Never turn off in prod environment, that's for sure!
    VCDX: DCV - Round 2 rescheduled (by VMware) for December 2017.

    Blog >> http://virtual10.com
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #12
    Thanks. I do have other issue. Every time I create the new domain tree (I must of done this lab 30 times already no real success yet..) I try to make the DNS to replicate to all of my forest and receive "the replication scope could not be set...... There is a server failure"

    Update: Why cant I figure this out... Been playing with this forever... I just wish I can find a CBTnugget or something explaining this... LOL just want it to magically be pushed in my end. So far I hate replication and dns so much.

    I'm actually going to give myself a congrats for not giving up yet.

    Update 2: It seems like my firewall has all the incoming and outgoing ports allow connection on my main dc.
    Last edited by jahaziel; 06-14-2013 at 02:48 PM.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #13
    I started reading over the article essendon gave me. I have question about step number 2:
    "2. Point DNS on the new machine prior to promoting it, to the existing forest root DNS server that you just created the zone on in step# 1."

    Does this mean the IP Address of the root dns server
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Jul 2011
    Location
    Idaho
    Posts
    334

    Certifications
    MTA:OS, MTA:N, MTA:SA, MTA:S, MCTS:70-640, Solarwinds Cert. Prof. VCA-DCV, VCA-WM - Expired CompTia Net+
    #14
    So server 1 should be your first DC and DNS server right? server 2 is the new DC in the new domain tree.

    Server 2 should be using Server 1 as its DNS server until everything is working ect then set it to server 2s ip
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #15
    Quote Originally Posted by cruwl View Post
    So server 1 should be your first DC and DNS server right? server 2 is the new DC in the new domain tree.

    Server 2 should be using Server 1 as its DNS server until everything is working ect then set it to server 2s ip
    Thanks. Exactly what I been doing. So its not the issue.

    Now step on says "1. Create the zone for the new tree, on the forest root's DNS server. Configure the zone's replication scope Forest Wide."

    Just to make sure I'm doing this right. I go into DNS Management Console. Click on the dns server to expand and under forward lookup zones click "new zone" correct?

    Also, can someone clarify on post 5 of this thread? I seem to run into this issue more then once when i'm doing this lab. I'm using my main domain enterprise admin account and still get denied.

    This might seem silly but I am getting annoyed because I have been able to do this correctly without dns or replication issues.
    Last edited by jahaziel; 06-14-2013 at 06:59 PM.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Jul 2011
    Location
    Idaho
    Posts
    334

    Certifications
    MTA:OS, MTA:N, MTA:SA, MTA:S, MCTS:70-640, Solarwinds Cert. Prof. VCA-DCV, VCA-WM - Expired CompTia Net+
    #16
    From the practice:
    "3. Right-click Forward Lookup Zones and click New Zone.
    This launches the New Zone Wizard.
    4. Click Next.
    5. On the Zone Type page, select Primary Zone and make sure that the Store The Zone In
    Active Directory check box is selected. Click Next.
    You must create a new zone to host the delegation because if you tried to store the
    delegation in an existing zone, it would automatically add the name suffix for the
    existing zone. Because a domain tree is distinguished from the forest namespace by its
    name suffix, you must create a new zone to host it.
    6. On the Active Directory Zone Replication Scope page, select To All DNS Servers
    In This Domain: Treyresearch.net and click Next. This places the DNS data in the
    DomainDnsZones application directory partition for the treyresearch.net domain."
    Last edited by cruwl; 06-14-2013 at 07:41 PM.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #17
    Im using sybex book and instead of entering a delegation manually it says to let dcpromo do it. But when I do this I then get dns replication errors.

    No on regards to what wrote. Why should I do step 6. On the Active Directory Zone Replication Scope page, select To All DNS Servers
    In This Domain: Treyresearch.net and click Next. This places the DNS data in the
    DomainDnsZones application directory partition for the treyresearch.net domain."?

    Shouldn't it be forest since my new domain won't be a child domain but a new domain?
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #18
    Decided to add it without the zone adding on the main root forest and everything went fine... Not sure why its not letting me the other way. But now doesn't let me make it into a active directory dns server
    Last edited by jahaziel; 06-14-2013 at 09:58 PM.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Aug 2011
    Location
    Plano, TX
    Posts
    103

    Certifications
    CompTIA A+/Net+/Sec+/Proj+; MCTSx5; MCSAx2; MCITPx2; CCNA R&S
    #19
    Quote Originally Posted by Essendon View Post
    Darn firewalls!

    I concur with you Jeff about having a healthy firewall, I was only trying to make things easier for him. Never turn off in prod environment, that's for sure!
    I agree with Jeff. Keeping the firewall on in the lab environment will only help to solidify your learning. Sure, it might slow the student down a bit, but in the real world (where it counts) you will know how to troubleshoot basic firewall issues instead of simply turning it off. Some tech's I work with (who labbed with it off) don't know how to troubleshoot the firewall and end up turning it off on a users system. Doh!
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #20
    When I run NSLookup my dns server resolves them as computer-4.home when name is tototally different and never was that before. Any reason why this is happening?
    Reply With Quote Quote  

  22. Virtual Member undomiel's Avatar
    Join Date
    Sep 2007
    Location
    Bellevue, WA
    Posts
    2,813

    Certifications
    MCSA:2008, VCP4/5, CCA (XS), MCITP: EA/VA, MCSE, MCSA, Linux+, Security+, Server+, A+
    #21
    Check and see what is registered in the DNS server being referenced. Something at one point registered an A record or PTR record (you didn't specify which) with that name. Records on DNS servers don't magically appear without cause. Either they are manually created or dynamically created and for dynamic creation to happen something would have to initiate the creation. Look over what DNS is being handed out by DHCP and what the permissions are on your DNS zones.
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #22
    I decided to create a child domain using the same setting on the server and everything went well..

    Not sure what is going wrong.
    Reply With Quote Quote  

  24. Senior Member
    Join Date
    May 2011
    Location
    =
    Posts
    174

    Certifications
    A+, CCENT,CCNA,BAIS,BCNE,MSCA Server 2012, MCP windows 8.1
    #23
    Finnaly worked!!!!!

    I added the second domain def.com ip address as a dns server to my other domain abc.com... then created a secondary zone of the def.com and it seems to work..
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks