Active directory issue
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Active directory issue

  1. #1
    Senior Member
    Join Date
    Feb 2002
    Posts
    518

    Active directory issue

    Heres a interesting one, maybe someone who has been around AD a bit might see what ever it is that Im missing.

    On a client site, The client has built a server and a domain, called the domain domain.dns...name changed to protect the client... (why .dns?? I dont know...)

    they set up AD with thier tech who "kinda knew about windows2000" UGH.
    Then the same person took the same CD and key to another machine and built another server (yep thats called piracy in my book, but not my call) but did not make this one AD, just joined it to the domain.
    Heres the problem I run into.
    the client wants to install AD on the second server, making it a "secondary" domain controller, if you will. No problem, just run teh wizard right? <sarcasm> RIGHT </Sarcasm>

    The wizard states that the domain does not exist or the Domain controller can not be contacted.

    Now I can ping it, browse it, connect to it any other way I need to, so there is definately a connection from computer a to computer b. I tried putting the main servers DNS as teh ONLY DNS entry on the secondary, I tried adding the IP to the host file. I tried NSLOOKUP to see if I could talk to it, I cant. Im not sure where to turn next, a search on google produces some things, but most of it points to all Ive tried already. A search on microsoft is a copy of what I found on google.

    Anyone out there up on the AD?
    TIA
    Avenger
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Hum, just a guess: are zone transfers disabled/restricted on the DC's DNS?

    Ammo
    Credit travels up, blame travels down -- The Boss

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Also, any firewall software or IPSec rules that might block DNS, SMB over tcp (tcp 445), kerberos (tcp 88)...

    Is the second server part of the domain already?

    Ammo
    Credit travels up, blame travels down -- The Boss

  4. #4
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    Ammo -- well Im not on the client site anymore, but sure to return tommorrow -- Dont know about the IPsec stuff, have to look into it. the second server is part of the domain. one suggestion someone said was that they used the same CD and same Key.... maybe the server detects that? unlikely, but mentioned.
    tommorrow I will look into the things you mentioned, thanks
    keep the suggestions/ideas coming...
    Avenger
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  5. #5
    Senior Member
    Join Date
    Jul 2001
    Posts
    143
    One big thing with AD is its dependence on DNS entries. So here is what I would do, in order of operation:

    1. Check for the correct DNS entries (or even that a DNS server is running) on the original domain controller
    2. Make sure the original domain controller has itself as the first DNS server in the search order
    3. Set the second server's first DNS server to the ip address of teh original server; this too should be the first server in the search order (to simplify things I'd just get rid of all the other DNS addresses besides the original server)
    4. Make sure configuration is correct by pinging server_name.domain.dns; where server_name is the name of the original server

    Now, if this pings correctly, then it should have no problem joining the domain, if this doesn't ping correctly you need to make sure taht the DNS set up on the original server is correct and that the DNS settings on teh second server point to original server

    Hope this wasn't too confusing, and I hope it helps!

    Regards,
    Wizeman
    \"It\'s only arrogrance if you can\'t back it up, otherwise it is confidence.\" - Me

  6. #6
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    Well Im heading in to work soon, so as the day progresses, we will know what worked...
    Thanks everyone Ill keep you posted.

    Avenger
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  7. #7
    Member
    Join Date
    Jan 2002
    Posts
    82
    Originally posted here by Wizeman
    One big thing with AD is its dependence on DNS entries. So here is what I would do, in order of operation:

    1. Check for the correct DNS entries (or even that a DNS server is running) on the original domain controller
    2. Make sure the original domain controller has itself as the first DNS server in the search order
    3. Set the second server's first DNS server to the ip address of teh original server; this too should be the first server in the search order (to simplify things I'd just get rid of all the other DNS addresses besides the original server)
    4. Make sure configuration is correct by pinging server_name.domain.dns; where server_name is the name of the original server



    That should do it.
    Dns is a very important part of AD.
    Too bad i can't give out greenies beacause that response would be worth it!

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    That worked , thank you both!
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  9. #9
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    what was it?

    Ammo
    Credit travels up, blame travels down -- The Boss

  10. #10
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    well I did both - enabled transfers AND set the DNS entrys.. also added a reverse look up zone for good measure. It worked after that.
    so not sure which it was or both, but either way it worked.
    Thanks!
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •