+ Reply to Thread
Results 1 to 11 of 11

Thread: Chapter 5 help

  1. Junior Member
    Join Date
    Nov 2006
    Location
    UK
    Posts
    24

    Certifications
    MCSA:M 2003, A+, MCTS:SBS08, Win7:70-680, 70-648
    #1

    Default Chapter 5 help

    I'm currently working my way through Chapter 5, I'm stuck on Exercise 3: Joining a computer to the domain.


    Computer1 is now a DC and DNS has all the AD entries that the wizard has put in.

    IP: 192.168.0.1/24



    Computer2 which I'm trying to add, just won't connect to the domain, I keep receiving the following:

    DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain domain1.local:

    The query was for the SRV record for _ldap._tcp.dc._msdcs.domain1.local

    The following domain controllers were identified by the query:

    computer1.domain1.local

    Common causes of this error include:

    - Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.

    - Domain controllers registered in DNS are not connected to the network or are not running.

    For information about correcting this problem, click Help.
    It is currently assigned a static IP of 192.168.0.2/24. Its DNS is set to point to 192.168.0.1.
    When adding it, I enter "domain1.local" as the domain

    I can see Computer1 fine:

    Pinging computer1 [192.168.0.1] with 32 bytes of data:

    Reply from 192.168.0.1: bytes=32 time=4ms TTL=128
    Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
    Reply from 192.168.0.1: bytes=32 time<1ms TTL=128
    Reply from 192.168.0.1: bytes=32 time<1ms TTL=128

    and vice versa.

    I have prestaged the Computer2 account in AD
    I have added an A record for computer1 & 2 in DNS under domain1.local
    I thought it could be something to do with VMWare, so I've disabled the virtual NIC aswell as DHCP and NAT, so essentially Computer1 and Computer2 are isolated.


    Any help is greatly appreciated as I'm at my wits end on trying to get it on the domain
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #2
    It looks like the A record was setup incorrectly, and it was cached that way in your local dns cache on computer2. Try an ipconfig /flushdns and try pinging it again. Your ping should contain a FQDN and look like this:

    Code:
    Pinging computer1.domain.local [192.168.0.1] with 32 bytes of data:
    if it's resolving the name through DNS. It looks like it's just relying on a NetBIOS broadcast. You definitely have/had a DNS problem. Double-check all your settings, try flushing the cache, and we'll go from there.
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Nov 2006
    Location
    UK
    Posts
    24

    Certifications
    MCSA:M 2003, A+, MCTS:SBS08, Win7:70-680, 70-648
    #3
    Thanks for the quick reply dynamik.

    Recreated the A record.
    Flushed dns on computer2:
    Pinging computer1.domain1.local [192.168.0.1] with 32 bytes of data:

    Reply from 192.168.0.1: bytes=32 time<1ms TTL=128



    ....and still getting the same


    I had initial problems at the DNS stage of the AD install.

    I'm considering running dcpromo to remove the forest and DNS and start all over.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #4
    Double check your DNS setup:
    http://technet2.microsoft.com/window....mspx?mfr=true

    You might want to try running these as well:
    dcdiag /fix
    netdiag /fix

    You need to download the support tools: http://support.microsoft.com/kb/892777 to get those though.

    edit: You need to run those on your DC. It's easy to just demote/promote. Use this opportunity to do some troubleshooting
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Nov 2006
    Location
    UK
    Posts
    24

    Certifications
    MCSA:M 2003, A+, MCTS:SBS08, Win7:70-680, 70-648
    #5
    Quote Originally Posted by dynamik
    edit: You need to run those on your DC. It's easy to just demote/promote. Use this opportunity to do some troubleshooting

    lol yeah, i've been doing that for the past hour!. I've even checked my old server setup for 70-270. Exactly the same DNS details.

    I'm going to dcpromo it later on.
    Reply With Quote Quote  

  7. Senior Member cacharo's Avatar
    Join Date
    Apr 2007
    Location
    Minneapolis, MN
    Posts
    364

    Certifications
    A+, iNet+, Net+, Sec+, CST, CNST, MCP, MCSE, MCTS (620)
    #6
    Couple quick questions for you;

    1. Does NSLookup work?
    2 Is the DHCP service running?
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Nov 2006
    Location
    UK
    Posts
    24

    Certifications
    MCSA:M 2003, A+, MCTS:SBS08, Win7:70-680, 70-648
    #7
    I've put the server back onto a WG, I'll get around to promoting it later.

    I never thought to try nslookup
    DHCP was not installed as Vmware was handling it, would that have an influence on an AD install?
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Nov 2007
    Location
    Norway
    Posts
    232

    Certifications
    MCTS, MCSA
    #8
    I've noticed that when you follow the guidelines in the book, the forward lookup zone does not contain an SRV Resource record for the domain. As a matter of fact, the domain1.local node does not contain any of the subdomains it should either. And the domain1.local zone is not AD integrated either.

    To get around this, I've had to remove the dns service, demote the DC, and then run a DC install from manage your server, which will install DNS and a forward lookup zone for you.

    I don't know why its like that. Maybe it has to do with adding the DNS service through add/remove windows components before installing AD? I have no idea.

    Did the domain1.local zone contain an SRV resource record for the domain?

    Quote Originally Posted by dynamik
    You need to run those on your DC. It's easy to just demote/promote. Use this opportunity to do some troubleshooting
    Excellent suggestion. I should do that myself, the next time.
    Reply With Quote Quote  

  10. Junior Member
    Join Date
    Nov 2006
    Location
    UK
    Posts
    24

    Certifications
    MCSA:M 2003, A+, MCTS:SBS08, Win7:70-680, 70-648
    #9
    Quote Originally Posted by Dracula28
    I've noticed that when you follow the guidelines in the book, the forward lookup zone does not contain an SRV Resource record for the domain. As a matter of fact, the domain1.local node does not contain any of the subdomains it should either. And the domain1.local zone is not AD integrated either.

    To get around this, I've had to remove the dns service, demote the DC, and then run a DC install from manage your server, which will install DNS and a forward lookup zone for you.

    I don't know why its like that. Maybe it has to do with adding the DNS service through add/remove windows components before installing AD? I have no idea.

    Did the domain1.local zone contain an SRV resource record for the domain?

    Thats what I found too. The steps you took I done the exact same.

    The domain1.local domain does contain the _ldap SRV record. And now I can't seem to ping computer1.domain1.local. Computer2 has a DNS suffix of domain1.local
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Nov 2007
    Location
    Norway
    Posts
    232

    Certifications
    MCTS, MCSA
    #10
    Found out the reason for this. The reason why its fails to create those service records, is because dynamic updates are not configured. The practice in the book where you create the zones, tells you to set dynamic updates as none.

    Later on you are told to run a command, which does not succeed for some reason, this command is supposed to set dynamic updates on the zones to nonsecure and secure.

    And when you then install AD, it fails when testing DNS, because of this. And thats why (I think) it does not create the service records. I set the dynamic updates to secure and non secure manually, and then it passed the DNS registration diagnostics, while installing AD, and the service resource records were there.
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Jul 2003
    Location
    Săo Paulo - Brazil
    Posts
    6

    Certifications
    MCP Windows XP Pro, MCP Windows 2003 Server, MCDST
    #11
    Dracula28,

    Thank you very much for your help.
    I was facing the same problem with my 2 virtual machines. After I set the dynamics updates, like described for you, the SRV recrod appeared in my domain tree and I could add the second VM on the domain.
    Regards,
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks