Child dc trouble

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi all,

Recently I added a child dc in the following situation :

DC company.com

DC division.company.com
My Child DC subdivision.division.company.com

Whe are a child dc from division.company.com, the dc's are all in
different sites/locations. Whe launched dcpromo and the child dc was
succesfuly promoted to domain controller.

Whe installed dns on the child dc created a forward (Primary AD integrated)
and a reverse lookup zone.
Changed the IP properties to point to the new dns server (ip of the child dc
instead of the
ip of the parent dc)

After reboot everything seems to be in place in the forward lookup
zone for the child dc, no errors in event viewer, dcdiag reports all
tests pass, netdiag the same.

When I do nslookups from the console (on the child dc) I'm able to resolve :

- subdivision.division.company.com (authourotive answer)
- division.company.com (non-authourotive answer)
- company.com (non-authoroutive answer)

No probs here ... (at least I think)

When I pick up a XP workstation SP1 and point to the dns server on the
child dc I get the following error when I sent a query to the dns
server :

DNS request timed out.
timeout was 2 seconds.
***Can't find server name for address IP child dc/dns:Timed out
***Default servers are not available
Default Server: Unknown
Address: IP child dc/dns

I'm however able to join the workstation to the domain based on
dns so WINS disabled. After reboot the login is very slow and I
get errors about GPO processing aborted, Netlogon unable to locate
the domain controller ... every service related to dns :-(

One thing I don't understand is that from the child dc I'm able to
query the dns correctly. Why not from the workstation who are on the
same network (site) ?! More crazy is that dynamic updates are succesfull,
a computer is added in ad and an A record for the workstation present in the
forward lookup zone
& PTR record in the reverse lookup zone.

Any suggestions/help is welcome !

Greetz,
Corma.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Corma

I wonder how did you make your DNS zones "stick" together in a continous
namespace? How did you configuere your DNS forwarding and how did you
configure your zone delegation or Stub zones (W2K3 style)?

Regards
Søren Lassen

"Corma" <mathias@telenet.be> wrote in message
news:lDprd.6721$mI6.438395@phobos.telenet-ops.be...
> Hi all,
>
> Recently I added a child dc in the following situation :
>
> DC company.com
>
> DC division.company.com
> My Child DC subdivision.division.company.com
>
> Whe are a child dc from division.company.com, the dc's are all in
> different sites/locations. Whe launched dcpromo and the child dc was
> succesfuly promoted to domain controller.
>
> Whe installed dns on the child dc created a forward (Primary AD
> integrated)
> and a reverse lookup zone.
> Changed the IP properties to point to the new dns server (ip of the child
> dc
> instead of the
> ip of the parent dc)
>
> After reboot everything seems to be in place in the forward lookup
> zone for the child dc, no errors in event viewer, dcdiag reports all
> tests pass, netdiag the same.
>
> When I do nslookups from the console (on the child dc) I'm able to resolve
> :
>
> - subdivision.division.company.com (authourotive answer)
> - division.company.com (non-authourotive answer)
> - company.com (non-authoroutive answer)
>
> No probs here ... (at least I think)
>
> When I pick up a XP workstation SP1 and point to the dns server on the
> child dc I get the following error when I sent a query to the dns
> server :
>
> DNS request timed out.
> timeout was 2 seconds.
> ***Can't find server name for address IP child dc/dns:Timed out
> ***Default servers are not available
> Default Server: Unknown
> Address: IP child dc/dns
>
> I'm however able to join the workstation to the domain based on
> dns so WINS disabled. After reboot the login is very slow and I
> get errors about GPO processing aborted, Netlogon unable to locate
> the domain controller ... every service related to dns :-(
>
> One thing I don't understand is that from the child dc I'm able to
> query the dns correctly. Why not from the workstation who are on the
> same network (site) ?! More crazy is that dynamic updates are succesfull,
> a computer is added in ad and an A record for the workstation present in
> the
> forward lookup zone
> & PTR record in the reverse lookup zone.
>
> Any suggestions/help is welcome !
>
> Greetz,
> Corma.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Søren,

In the parent zone there is currently no delegation for the
nameserver on the child dc. Dcpromo created a zone there
without asking in the promoting process if dns should be installed
on the parent or child dc.

So dcpromo created the child zone on the dns server in the parent dc.

Forwarding is set to default setting. (to all dns servers ...)
Should I enable forwarding to the parent dns server ?

Should the zone on the parent dns server for the child dc be changed
to a delegation ?

How do the parent domain get informed about the changes ?

Greetz,
Corma.



"Søren Lassen" <TAKETHISAWAYslazzen@hotmail.com> wrote in message
news:%23QJ%23RR%231EHA.2292@TK2MSFTNGP15.phx.gbl...
> Hi Corma
>
> I wonder how did you make your DNS zones "stick" together in a continous
> namespace? How did you configuere your DNS forwarding and how did you
> configure your zone delegation or Stub zones (W2K3 style)?
>
> Regards
> Søren Lassen
>
> "Corma" <mathias@telenet.be> wrote in message
> news:lDprd.6721$mI6.438395@phobos.telenet-ops.be...
>> Hi all,
>>
>> Recently I added a child dc in the following situation :
>>
>> DC company.com
>>
>> DC division.company.com
>> My Child DC subdivision.division.company.com
>>
>> Whe are a child dc from division.company.com, the dc's are all in
>> different sites/locations. Whe launched dcpromo and the child dc was
>> succesfuly promoted to domain controller.
>>
>> Whe installed dns on the child dc created a forward (Primary AD
>> integrated)
>> and a reverse lookup zone.
>> Changed the IP properties to point to the new dns server (ip of the child
>> dc
>> instead of the
>> ip of the parent dc)
>>
>> After reboot everything seems to be in place in the forward lookup
>> zone for the child dc, no errors in event viewer, dcdiag reports all
>> tests pass, netdiag the same.
>>
>> When I do nslookups from the console (on the child dc) I'm able to
>> resolve :
>>
>> - subdivision.division.company.com (authourotive answer)
>> - division.company.com (non-authourotive answer)
>> - company.com (non-authoroutive answer)
>>
>> No probs here ... (at least I think)
>>
>> When I pick up a XP workstation SP1 and point to the dns server on the
>> child dc I get the following error when I sent a query to the dns
>> server :
>>
>> DNS request timed out.
>> timeout was 2 seconds.
>> ***Can't find server name for address IP child dc/dns:Timed out
>> ***Default servers are not available
>> Default Server: Unknown
>> Address: IP child dc/dns
>>
>> I'm however able to join the workstation to the domain based on
>> dns so WINS disabled. After reboot the login is very slow and I
>> get errors about GPO processing aborted, Netlogon unable to locate
>> the domain controller ... every service related to dns :-(
>>
>> One thing I don't understand is that from the child dc I'm able to
>> query the dns correctly. Why not from the workstation who are on the
>> same network (site) ?! More crazy is that dynamic updates are succesfull,
>> a computer is added in ad and an A record for the workstation present in
>> the
>> forward lookup zone
>> & PTR record in the reverse lookup zone.
>>
>> Any suggestions/help is welcome !
>>
>> Greetz,
>> Corma.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Corma

Sorry for keeping your waiting, perhaps you allready found a solution...

Anyway...

I most cases you should consider to make your DNS/AD domain namespace
contigous, so name resolution is can be done top-down or bottom-up, i.e.:

company.com
--------------
DNS Server:
Delegate division zone to DNS Servers in division.company.com (or using stub
zones in W2K3 if your familiar with it)

division.company.com
----------------------
Delegate subdivision zone to DNS servers in subdivision.company.com (or
using stub zones in W2K3 if your familiar with it)
Use forwarding (or conditional forwarding in W2K3) to forward non
division.company.com request to DNS servers in company.com

subdivision.company.com
--------------------------
Use forwarding (or conditional forwarding in W2K3) to forward non
subdivision.division.company.com request to DNS servers in
division.company.com


Actually the DNS forwarding and delegation techniques can be used in zillion
of ways, so my suggestion is very hierarchical and "traditional", and will
ensure full FQDN resolution between all domains/zones. Specific requirements
may call for more complex or simplified setups.

As AD totally relies on DNS to function, it is recommended to get a firm
grasp of concepts and technologies for configuration and troubleshooting.

best regards

Søren Lassen
MCSE



"Corma" <mathias@telenet.be> wrote in message
news:ZDqrd.6815$c93.431169@phobos.telenet-ops.be...
> Hi Søren,
>
> In the parent zone there is currently no delegation for the
> nameserver on the child dc. Dcpromo created a zone there
> without asking in the promoting process if dns should be installed
> on the parent or child dc.
>
> So dcpromo created the child zone on the dns server in the parent dc.
>
> Forwarding is set to default setting. (to all dns servers ...)
> Should I enable forwarding to the parent dns server ?
>
> Should the zone on the parent dns server for the child dc be changed
> to a delegation ?
>
> How do the parent domain get informed about the changes ?
>
> Greetz,
> Corma.
>
>
>
> "Søren Lassen" <TAKETHISAWAYslazzen@hotmail.com> wrote in message
> news:%23QJ%23RR%231EHA.2292@TK2MSFTNGP15.phx.gbl...
>> Hi Corma
>>
>> I wonder how did you make your DNS zones "stick" together in a continous
>> namespace? How did you configuere your DNS forwarding and how did you
>> configure your zone delegation or Stub zones (W2K3 style)?
>>
>> Regards
>> Søren Lassen
>>
>> "Corma" <mathias@telenet.be> wrote in message
>> news:lDprd.6721$mI6.438395@phobos.telenet-ops.be...
>>> Hi all,
>>>
>>> Recently I added a child dc in the following situation :
>>>
>>> DC company.com
>>>
>>> DC division.company.com
>>> My Child DC subdivision.division.company.com
>>>
>>> Whe are a child dc from division.company.com, the dc's are all in
>>> different sites/locations. Whe launched dcpromo and the child dc was
>>> succesfuly promoted to domain controller.
>>>
>>> Whe installed dns on the child dc created a forward (Primary AD
>>> integrated)
>>> and a reverse lookup zone.
>>> Changed the IP properties to point to the new dns server (ip of the
>>> child dc
>>> instead of the
>>> ip of the parent dc)
>>>
>>> After reboot everything seems to be in place in the forward lookup
>>> zone for the child dc, no errors in event viewer, dcdiag reports all
>>> tests pass, netdiag the same.
>>>
>>> When I do nslookups from the console (on the child dc) I'm able to
>>> resolve :
>>>
>>> - subdivision.division.company.com (authourotive answer)
>>> - division.company.com (non-authourotive answer)
>>> - company.com (non-authoroutive answer)
>>>
>>> No probs here ... (at least I think)
>>>
>>> When I pick up a XP workstation SP1 and point to the dns server on the
>>> child dc I get the following error when I sent a query to the dns
>>> server :
>>>
>>> DNS request timed out.
>>> timeout was 2 seconds.
>>> ***Can't find server name for address IP child dc/dns:Timed out
>>> ***Default servers are not available
>>> Default Server: Unknown
>>> Address: IP child dc/dns
>>>
>>> I'm however able to join the workstation to the domain based on
>>> dns so WINS disabled. After reboot the login is very slow and I
>>> get errors about GPO processing aborted, Netlogon unable to locate
>>> the domain controller ... every service related to dns :-(
>>>
>>> One thing I don't understand is that from the child dc I'm able to
>>> query the dns correctly. Why not from the workstation who are on the
>>> same network (site) ?! More crazy is that dynamic updates are
>>> succesfull,
>>> a computer is added in ad and an A record for the workstation present in
>>> the
>>> forward lookup zone
>>> & PTR record in the reverse lookup zone.
>>>
>>> Any suggestions/help is welcome !
>>>
>>> Greetz,
>>> Corma.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>
>