Sign in with
Sign up | Sign in
Your question

Win2k AD DNS and VPN's oh my..

Tags:
  • Domain
  • DNS
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
February 16, 2005 5:35:56 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi folks Thanks in advance for any help.
BACKGROUND:
A friend of mine and I setup a test domain at home. I setup a Windows 2000
advanced server box with a domain of testprep.mcse
I configured DNS and DHCP so that my network is happy and all clients in my
home can get addresses and get to the web and ping and resolve and all the
happy things PC's do on a network. (192.168.1.x) (255.255.255.0) is my
range/site
I then setup an VPN server for my friend to connect to (same box as AD DNS
and my DHCP).

Once connected he (also on Win2k advanced server) ran DCpromo and joined up
as a 2nd DC on he same domain, no sub-domain. He has setup DHCP for his
home. (192.168.2.x) (255.255.255.0) is his range/site. We ran a few tests
(ping, AD replication, DNS ADI zone replication, file shares, remote
management) And his DC seems to be connected to my domain just fine.

PROBLEM:
He now tries to add PC's in his site to the domain. He is told that the
domain testprep.mcse is not valid or cannot be found in DNS.
We tried using netdiag /fix with no solution. We deleted his forward lookup
zone and recreated it. Ran ipconfig /registerdns on his server. He is
pointing to himself for DNS so it did add a SRV record fro his ldap. We
again ran NETDIAG /FIX.

Here is the log:
The DNS test section is what catches my eye. Any ideas?

......................................

Computer Name: STIMSON-DC
DNS Host Name: stimson-dc.testprep.mcse
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 0 Stepping 0, CyrixInstead
List of installed hotfixes :
KB329115
KB823182
KB823559
KB824105
KB824151
KB825119
KB826232
KB828035
KB828741
KB828749
KB835732
KB837001
KB839643
KB839645
KB840315
KB840987
KB841356
KB841533
KB841872
KB841873
KB842526
KB867282-IE501SP4-20050107.164742
KB867282-IE6SP1-20050127.163319
KB871250
KB873333
KB873339
KB885250
KB885834
KB885835
KB885836
KB888113
KB890047
KB890175
KB891711
KB891781
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : stimson-dc.testprep.mcse
IP Address . . . . . . . . : 192.168.2.104
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.2.1
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 192.168.2.104
204.127.204.8
216.148.227.204


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].

Adapter : {B46AD091-4D55-4656-BFFD-B1928170ED7A}

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : stimson-dc.testprep.mcse
IP Address . . . . . . . . : 192.168.1.202
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . : 192.168.1.202
Dns Servers. . . . . . . . : 216.148.227.79
192.168.1.5
192.168.1.5


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{B46AD091-4D55-4656-BFFD-B1928170ED7A}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'stimson-dc.testprep.mcse.'. [RCODE_SERVER_FAILURE]
The name 'stimson-dc.testprep.mcse.' may not be registered in
DNS.
PASS - All the DNS entries for DC are registered on DNS server
'192.168.2.104'.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{B46AD091-4D55-4656-BFFD-B1928170ED7A}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{B46AD091-4D55-4656-BFFD-B1928170ED7A}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Failed
[FATAL] Secure channel to domain 'TESTPREP' is broken.
[ERROR_NO_LOGON_SERVERS]


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Passed
Entry Name: Ohio
Device Type: Framing protocol : PPP
LCP Extensions : Disabled
Software Compression : Enabled
Network protocols :
NetBEUI
IPX
TCP/IP
IP Address : Specified
Name Server: Specified
IP Header compression : Enabled
Use default gateway on remote network : Enabled

Connection Statistics:
Bytes Transmitted : 138335
Bytes Received : 1270059
Frames Transmitted : 1182
Frames Received : 1477
CRC Errors : 1477
Timeout Errors : 0
Alignment Errors : 0
H/W Overrun Errors : 0
Framing Errors : 0
Buffer Overrun Errors : 0
Compression Ratio In : 62
Compression Ratio Out : 8
Baud Rate ( Bps ) : 10000000
Connection Duration : 296717


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

More about : win2k dns vpn

Anonymous
February 16, 2005 5:35:57 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:WNCdnd1g4rbPPI7fRVn-oQ@comcast.com,
Will <bob@bob.net> commented
Then Kevin replied below:
> Here is the log:
> The DNS test section is what catches my eye. Any ideas?
Yes.
Remove all external DNS entries from all interfaces, no matter which way the
interface points, use only the internal DNS.

> Hi folks Thanks in advance for any help.
> BACKGROUND:
> A friend of mine and I setup a test domain at home. I
> setup a Windows 2000 advanced server box with a domain of
> testprep.mcse
> I configured DNS and DHCP so that my network is happy and
> all clients in my home can get addresses and get to the
> web and ping and resolve and all the happy things PC's do
> on a network. (192.168.1.x) (255.255.255.0) is my
> range/site
> I then setup an VPN server for my friend to connect to
> (same box as AD DNS and my DHCP).
>
> Once connected he (also on Win2k advanced server) ran
> DCpromo and joined up as a 2nd DC on he same domain, no
> sub-domain. He has setup DHCP for his home.
> (192.168.2.x) (255.255.255.0) is his range/site. We ran
> a few tests (ping, AD replication, DNS ADI zone
> replication, file shares, remote management) And his DC
> seems to be connected to my domain just fine.
>
> PROBLEM:
> He now tries to add PC's in his site to the domain. He
> is told that the domain testprep.mcse is not valid or
> cannot be found in DNS.
> We tried using netdiag /fix with no solution. We deleted
> his forward lookup zone and recreated it. Ran ipconfig
> /registerdns on his server. He is pointing to himself
> for DNS so it did add a SRV record fro his ldap. We
> again ran NETDIAG /FIX.
>
> Here is the log:
> The DNS test section is what catches my eye. Any ideas?
>
> .....................................
>
> Computer Name: STIMSON-DC
> DNS Host Name: stimson-dc.testprep.mcse
> System info : Windows 2000 Server (Build 2195)
> Processor : x86 Family 6 Model 0 Stepping 0,
> CyrixInstead List of installed hotfixes :
> KB329115
> KB823182
> KB823559
> KB824105
> KB824151
> KB825119
> KB826232
> KB828035
> KB828741
> KB828749
> KB835732
> KB837001
> KB839643
> KB839645
> KB840315
> KB840987
> KB841356
> KB841533
> KB841872
> KB841873
> KB842526
> KB867282-IE501SP4-20050107.164742
> KB867282-IE6SP1-20050127.163319
> KB871250
> KB873333
> KB873339
> KB885250
> KB885834
> KB885835
> KB885836
> KB888113
> KB890047
> KB890175
> KB891711
> KB891781
> Q147222
> Q828026
>
>
> Netcard queries test . . . . . . . : Passed
>
>
>
> Per interface results:
>
> Adapter : Local Area Connection
>
> Netcard queries test . . . : Passed
>
> Host Name. . . . . . . . . :
> stimson-dc.testprep.mcse IP Address . . . . . . .
> . : 192.168.2.104 Subnet Mask. . . . . . . . :
> 255.255.255.0 Default Gateway. . . . . . :
> 192.168.2.1 NetBIOS over Tcpip . . . . : Disabled
> Dns Servers. . . . . . . . : 192.168.2.104
> 204.127.204.8
> 216.148.227.204
>
>
> AutoConfiguration results. . . . . . : Passed
>
> Default gateway test . . . : Passed
>
> NetBT name test. . . . . . : Skipped
> NetBT is disabled on this interface. [Test
> skipped]
>
> WINS service test. . . . . : Skipped
> NetBT is disable on this interface. [Test
> skipped].
>
> Adapter : {B46AD091-4D55-4656-BFFD-B1928170ED7A}
>
> Netcard queries test . . . : Passed
>
> Host Name. . . . . . . . . :
> stimson-dc.testprep.mcse IP Address . . . . . . .
> . : 192.168.1.202 Subnet Mask. . . . . . . . :
> 255.255.255.255 Default Gateway. . . . . . :
> 192.168.1.202 Dns Servers. . . . . . . . :
> 216.148.227.79
> 192.168.1.5
> 192.168.1.5
>
>
> AutoConfiguration results. . . . . . : Passed
>
> Default gateway test . . . : Passed
>
> NetBT name test. . . . . . : Passed
>
> WINS service test. . . . . : Skipped
> There are no WINS servers configured for this
> interface.
>
>
> Global results:
>
>
> Domain membership test . . . . . . : Passed
>
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{B46AD091-4D55-4656-BFFD-B1928170ED7A}
> 1 NetBt transport currently configured.
>
>
> Autonet address test . . . . . . . : Passed
>
>
> IP loopback ping test. . . . . . . : Passed
>
>
> Default gateway test . . . . . . . : Passed
>
>
> NetBT name test. . . . . . . . . . : Passed
>
>
> Winsock test . . . . . . . . . . . : Passed
>
>
> DNS test . . . . . . . . . . . . . : Passed
> [WARNING] Cannot find a primary authoritative
> DNS server for the name
> 'stimson-dc.testprep.mcse.'.
> [RCODE_SERVER_FAILURE] The name
> 'stimson-dc.testprep.mcse.' may not be registered in
> DNS.
> PASS - All the DNS entries for DC are registered on
> DNS server '192.168.2.104'.
>
>
> Redir and Browser test . . . . . . : Passed
> List of NetBt transports currently bound to the Redir
> NetBT_Tcpip_{B46AD091-4D55-4656-BFFD-B1928170ED7A}
> The redir is bound to 1 NetBt transport.
>
> List of NetBt transports currently bound to the
> browser
> NetBT_Tcpip_{B46AD091-4D55-4656-BFFD-B1928170ED7A}
> The browser is bound to 1 NetBt transport.
>
>
> DC discovery test. . . . . . . . . : Passed
>
>
> DC list test . . . . . . . . . . . : Passed
>
>
> Trust relationship test. . . . . . : Failed
> [FATAL] Secure channel to domain 'TESTPREP' is broken.
> [ERROR_NO_LOGON_SERVERS]
>
>
> Kerberos test. . . . . . . . . . . : Passed
>
>
> LDAP test. . . . . . . . . . . . . : Passed
>
>
> Bindings test. . . . . . . . . . . : Passed
>
>
> WAN configuration test . . . . . . : Passed
> Entry Name: Ohio
> Device Type: Framing protocol : PPP
> LCP Extensions : Disabled
> Software Compression : Enabled
> Network protocols :
> NetBEUI
> IPX
> TCP/IP
> IP Address : Specified
> Name Server: Specified
> IP Header compression : Enabled
> Use default gateway on remote network : Enabled
>
> Connection Statistics:
> Bytes Transmitted : 138335
> Bytes Received : 1270059
> Frames Transmitted : 1182
> Frames Received : 1477
> CRC Errors : 1477
> Timeout Errors : 0
> Alignment Errors : 0
> H/W Overrun Errors : 0
> Framing Errors : 0
> Buffer Overrun Errors : 0
> Compression Ratio In : 62
> Compression Ratio Out : 8
> Baud Rate ( Bps ) : 10000000
> Connection Duration : 296717
>
>
> Modem diagnostics test . . . . . . : Passed
>
> IP Security test . . . . . . . . . : Passed
> IPSec policy service is active, but no policy is
> assigned.
>
>
> The command completed successfully



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
February 17, 2005 1:41:23 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

We tried this and went a step farther. We severed the VPN, removed his DNS
service totally (add/remove) reinstalled and he created a new Primary (non
ADI) zone for the domain on his DNS. We verified that his SRV records were
in, even ran netdiag /fix for good measure, no luck. Same error. This is
making us nuts.


"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:%23LshJaGFFHA.1396@tk2msftngp13.phx.gbl...
> In news:WNCdnd1g4rbPPI7fRVn-oQ@comcast.com,
> Will <bob@bob.net> commented
> Then Kevin replied below:
>> Here is the log:
>> The DNS test section is what catches my eye. Any ideas?
> Yes.
> Remove all external DNS entries from all interfaces, no matter which way
> the
> interface points, use only the internal DNS.
>
>> Hi folks Thanks in advance for any help.
>> BACKGROUND:
>> A friend of mine and I setup a test domain at home. I
>> setup a Windows 2000 advanced server box with a domain of
>> testprep.mcse
>> I configured DNS and DHCP so that my network is happy and
>> all clients in my home can get addresses and get to the
>> web and ping and resolve and all the happy things PC's do
>> on a network. (192.168.1.x) (255.255.255.0) is my
>> range/site
>> I then setup an VPN server for my friend to connect to
>> (same box as AD DNS and my DHCP).
>>
>> Once connected he (also on Win2k advanced server) ran
>> DCpromo and joined up as a 2nd DC on he same domain, no
>> sub-domain. He has setup DHCP for his home.
>> (192.168.2.x) (255.255.255.0) is his range/site. We ran
>> a few tests (ping, AD replication, DNS ADI zone
>> replication, file shares, remote management) And his DC
>> seems to be connected to my domain just fine.
>>
>> PROBLEM:
>> He now tries to add PC's in his site to the domain. He
>> is told that the domain testprep.mcse is not valid or
>> cannot be found in DNS.
>> We tried using netdiag /fix with no solution. We deleted
>> his forward lookup zone and recreated it. Ran ipconfig
>> /registerdns on his server. He is pointing to himself
>> for DNS so it did add a SRV record fro his ldap. We
>> again ran NETDIAG /FIX.
>>
>> Here is the log:
>> The DNS test section is what catches my eye. Any ideas?
>>
>> .....................................
>>
>> Computer Name: STIMSON-DC
>> DNS Host Name: stimson-dc.testprep.mcse
>> System info : Windows 2000 Server (Build 2195)
>> Processor : x86 Family 6 Model 0 Stepping 0,
>> CyrixInstead List of installed hotfixes :
>> KB329115
>> KB823182
>> KB823559
>> KB824105
>> KB824151
>> KB825119
>> KB826232
>> KB828035
>> KB828741
>> KB828749
>> KB835732
>> KB837001
>> KB839643
>> KB839645
>> KB840315
>> KB840987
>> KB841356
>> KB841533
>> KB841872
>> KB841873
>> KB842526
>> KB867282-IE501SP4-20050107.164742
>> KB867282-IE6SP1-20050127.163319
>> KB871250
>> KB873333
>> KB873339
>> KB885250
>> KB885834
>> KB885835
>> KB885836
>> KB888113
>> KB890047
>> KB890175
>> KB891711
>> KB891781
>> Q147222
>> Q828026
>>
>>
>> Netcard queries test . . . . . . . : Passed
>>
>>
>>
>> Per interface results:
>>
>> Adapter : Local Area Connection
>>
>> Netcard queries test . . . : Passed
>>
>> Host Name. . . . . . . . . :
>> stimson-dc.testprep.mcse IP Address . . . . . . .
>> . : 192.168.2.104 Subnet Mask. . . . . . . . :
>> 255.255.255.0 Default Gateway. . . . . . :
>> 192.168.2.1 NetBIOS over Tcpip . . . . : Disabled
>> Dns Servers. . . . . . . . : 192.168.2.104
>> 204.127.204.8
>> 216.148.227.204
>>
>>
>> AutoConfiguration results. . . . . . : Passed
>>
>> Default gateway test . . . : Passed
>>
>> NetBT name test. . . . . . : Skipped
>> NetBT is disabled on this interface. [Test
>> skipped]
>>
>> WINS service test. . . . . : Skipped
>> NetBT is disable on this interface. [Test
>> skipped].
>>
>> Adapter : {B46AD091-4D55-4656-BFFD-B1928170ED7A}
>>
>> Netcard queries test . . . : Passed
>>
>> Host Name. . . . . . . . . :
>> stimson-dc.testprep.mcse IP Address . . . . . . .
>> . : 192.168.1.202 Subnet Mask. . . . . . . . :
>> 255.255.255.255 Default Gateway. . . . . . :
>> 192.168.1.202 Dns Servers. . . . . . . . :
>> 216.148.227.79
>> 192.168.1.5
>> 192.168.1.5
>>
>>
>> AutoConfiguration results. . . . . . : Passed
>>
>> Default gateway test . . . : Passed
>>
>> NetBT name test. . . . . . : Passed
>>
>> WINS service test. . . . . : Skipped
>> There are no WINS servers configured for this
>> interface.
>>
>>
>> Global results:
>>
>>
>> Domain membership test . . . . . . : Passed
>>
>>
>> NetBT transports test. . . . . . . : Passed
>> List of NetBt transports currently configured:
>> NetBT_Tcpip_{B46AD091-4D55-4656-BFFD-B1928170ED7A}
>> 1 NetBt transport currently configured.
>>
>>
>> Autonet address test . . . . . . . : Passed
>>
>>
>> IP loopback ping test. . . . . . . : Passed
>>
>>
>> Default gateway test . . . . . . . : Passed
>>
>>
>> NetBT name test. . . . . . . . . . : Passed
>>
>>
>> Winsock test . . . . . . . . . . . : Passed
>>
>>
>> DNS test . . . . . . . . . . . . . : Passed
>> [WARNING] Cannot find a primary authoritative
>> DNS server for the name
>> 'stimson-dc.testprep.mcse.'.
>> [RCODE_SERVER_FAILURE] The name
>> 'stimson-dc.testprep.mcse.' may not be registered in
>> DNS.
>> PASS - All the DNS entries for DC are registered on
>> DNS server '192.168.2.104'.
>>
>>
>> Redir and Browser test . . . . . . : Passed
>> List of NetBt transports currently bound to the Redir
>> NetBT_Tcpip_{B46AD091-4D55-4656-BFFD-B1928170ED7A}
>> The redir is bound to 1 NetBt transport.
>>
>> List of NetBt transports currently bound to the
>> browser
>> NetBT_Tcpip_{B46AD091-4D55-4656-BFFD-B1928170ED7A}
>> The browser is bound to 1 NetBt transport.
>>
>>
>> DC discovery test. . . . . . . . . : Passed
>>
>>
>> DC list test . . . . . . . . . . . : Passed
>>
>>
>> Trust relationship test. . . . . . : Failed
>> [FATAL] Secure channel to domain 'TESTPREP' is broken.
>> [ERROR_NO_LOGON_SERVERS]
>>
>>
>> Kerberos test. . . . . . . . . . . : Passed
>>
>>
>> LDAP test. . . . . . . . . . . . . : Passed
>>
>>
>> Bindings test. . . . . . . . . . . : Passed
>>
>>
>> WAN configuration test . . . . . . : Passed
>> Entry Name: Ohio
>> Device Type: Framing protocol : PPP
>> LCP Extensions : Disabled
>> Software Compression : Enabled
>> Network protocols :
>> NetBEUI
>> IPX
>> TCP/IP
>> IP Address : Specified
>> Name Server: Specified
>> IP Header compression : Enabled
>> Use default gateway on remote network : Enabled
>>
>> Connection Statistics:
>> Bytes Transmitted : 138335
>> Bytes Received : 1270059
>> Frames Transmitted : 1182
>> Frames Received : 1477
>> CRC Errors : 1477
>> Timeout Errors : 0
>> Alignment Errors : 0
>> H/W Overrun Errors : 0
>> Framing Errors : 0
>> Buffer Overrun Errors : 0
>> Compression Ratio In : 62
>> Compression Ratio Out : 8
>> Baud Rate ( Bps ) : 10000000
>> Connection Duration : 296717
>>
>>
>> Modem diagnostics test . . . . . . : Passed
>>
>> IP Security test . . . . . . . . . : Passed
>> IPSec policy service is active, but no policy is
>> assigned.
>>
>>
>> The command completed successfully
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
Related resources
Anonymous
February 17, 2005 3:17:21 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:sv-dnZn7n6FEJonfRVn-hg@comcast.com,
Will <bob@bob.net> commented
Then Kevin replied below:
> We tried this and went a step farther. We severed the
> VPN, removed his DNS service totally (add/remove)
> reinstalled and he created a new Primary (non ADI) zone
> for the domain on his DNS. We verified that his SRV
> records were in, even ran netdiag /fix for good measure,
> no luck. Same error. This is making us nuts.

Do this, Leave the VPN connected, point the remote DC to this DC for DNS
only. Convert the zone on this DC to Standard Primary (not stored in AD)
with dynamic updates set to Yes on Win2k) Use the DNS managment console to
connect to the other DC, delete any zone for the AD domain from it.
Use ADU&C to connect to each DC, expand to the Sytems\MicrosoftDNS container
and delete any zone objects from the container.
With the remote DC still using this DNS server and this DC using only its
own address for DNS, run this command on both DCs.
net stop netlogon & net start netlogon & ipconfig /flushdns & ipconfig
/registerdns
Then run netdiag /fix on both DCs look for errors.

If the DNS registration errors are gone, convert the primary zone to AD
integrated and wait for it to replicate to the remote DC. Do NOT manually
create the zone on the remote DC, let this zone replicate to it. creating a
zone for this domain on the other DC, of any type, will cause a zone
conflict with the zone in AD.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
February 17, 2005 10:12:22 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Okies prior to your reply, great info btw, we did some more testing with
netdiag and dcdiag. We are now able to connect PC's on his home network to
the domain, except one of them. It is a win2k pro box. At first it had a
static IP, 192.168.2.100 subnet 255.255.255.0 gateway of 192.168.2.1 and DNS
of 192.168.2.104 (his DC/DHCP/DNS) We have tried letting it pull an ip from
DHCP it gets 192.168.2.10 all other scope options are the same as listed
above. Othe PC's on his domain joined ok with static IP's. The problem PC
gives the error " The specified domain does not exist or could not be
contacted " Odd that other PC's have no issue finding it. This PC can ping
the server, and can be pinged from the server. No firewall is up. It
registers in DNS (I guess DHCP may have done that)

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:%23aryuzRFFHA.628@TK2MSFTNGP15.phx.gbl...
> In news:sv-dnZn7n6FEJonfRVn-hg@comcast.com,
> Will <bob@bob.net> commented
> Then Kevin replied below:
>> We tried this and went a step farther. We severed the
>> VPN, removed his DNS service totally (add/remove)
>> reinstalled and he created a new Primary (non ADI) zone
>> for the domain on his DNS. We verified that his SRV
>> records were in, even ran netdiag /fix for good measure,
>> no luck. Same error. This is making us nuts.
>
> Do this, Leave the VPN connected, point the remote DC to this DC for DNS
> only. Convert the zone on this DC to Standard Primary (not stored in AD)
> with dynamic updates set to Yes on Win2k) Use the DNS managment console to
> connect to the other DC, delete any zone for the AD domain from it.
> Use ADU&C to connect to each DC, expand to the Sytems\MicrosoftDNS
> container
> and delete any zone objects from the container.
> With the remote DC still using this DNS server and this DC using only its
> own address for DNS, run this command on both DCs.
> net stop netlogon & net start netlogon & ipconfig /flushdns & ipconfig
> /registerdns
> Then run netdiag /fix on both DCs look for errors.
>
> If the DNS registration errors are gone, convert the primary zone to AD
> integrated and wait for it to replicate to the remote DC. Do NOT manually
> create the zone on the remote DC, let this zone replicate to it. creating
> a
> zone for this domain on the other DC, of any type, will cause a zone
> conflict with the zone in AD.
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
Anonymous
February 17, 2005 10:43:27 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:1pydncrNeeMArojfRVn-iA@comcast.com,
Will <bob@bob.net> commented
Then Kevin replied below:
> Okies prior to your reply, great info btw, we did some
> more testing with netdiag and dcdiag. We are now able to
> connect PC's on his home network to the domain, except
> one of them. It is a win2k pro box. At first it had a
> static IP, 192.168.2.100 subnet 255.255.255.0 gateway of
> 192.168.2.1 and DNS of 192.168.2.104 (his DC/DHCP/DNS)

He has a DNS server on his home network?

If he does let him pull a secondary zone from yours.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
February 20, 2005 2:38:30 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks for all the help, both DNS servers are hosting a zone for
testprep.mcse and they are both ADI. Things seems to be working well, for
now.

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:o w7MHtVFFHA.3312@TK2MSFTNGP15.phx.gbl...
> In news:1pydncrNeeMArojfRVn-iA@comcast.com,
> Will <bob@bob.net> commented
> Then Kevin replied below:
>> Okies prior to your reply, great info btw, we did some
>> more testing with netdiag and dcdiag. We are now able to
>> connect PC's on his home network to the domain, except
>> one of them. It is a win2k pro box. At first it had a
>> static IP, 192.168.2.100 subnet 255.255.255.0 gateway of
>> 192.168.2.1 and DNS of 192.168.2.104 (his DC/DHCP/DNS)
>
> He has a DNS server on his home network?
>
> If he does let him pull a secondary zone from yours.
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
!