Re: DNS Authentication Issue

From: ptwilliams (ptw2001_at_hotmail.com)
Date: 12/07/04

Next message: leopard: "70-290"
Previous message: leopard: "can i use vpn on a xp pro client(only client) broadband enabled machine"
In reply to: John West: "Re: DNS Authentication Issue"
Next in thread: John West: "Re: DNS Authentication Issue"
Messages sorted by: [ date ] [ thread ]

Date: Tue, 7 Dec 2004 06:29:05 -0800

NSLOOKUP is failing because you do not have a reverse-
lookup zone. This, in itself, will not stop AD from
working. But for piece of mind and troubleshooting I
always recommend a Reverse lookup Zone. To simplify
administration, use a subnet that encompasses all of your
network. For example, if you have four class-c nets,
create a class-b reverse zone.

--
Going back to another point you made, do not disable the 
DHCP client service on the DC.  Netlogon uses the DHCP 
client service to dynamically register the SRV records 
(every 12 hours by default, but you'll be hard-pressed to 
find this documented).  If it's not running, you won't 
register SRV records.
Perform the following on the DC:
-- Set DHCP service to automatic and start
-- Ensure that the DC is pointing to it's own IP for DNS
-- Ensure the DNS zone accepts dynamic updates
-- Stop netlogon
-- Start netlogon
-- For good measure, type ipconfig /registerdns too ;-)
Also ensure that the workstations are configured to point 
to the internal DNS server.
Once this is done, install the support tools on one of the 
clients and type nltest /dsgetdc:domain-name.com.  If the 
dsGetDc call succeeds, then the IP-DNS locator should be 
able to get enough info to work.  Logoff and Logon again.
--
Check that both DNS servers are listed in the Name Servers 
tab -if they're not, add the appropriate servers.  The 
Name Servers tab is what defines the NS record and 
therefore which servers are authorative for the domain.
--
Paul Williams
http://www.msresource.net/
http://forums.msresource.net/
>-----Original Message-----
>This is from the client side of things I have also 
changed the ip addressing 
>fearing the ip zero subnet thing:>  The nslookup thing 
really bugs me cant 
>figure out why nslookup cant resolve the name in dns?
>
>
>
>**********************************************************
******
>D:\tools>nltest /dclist:phoenix.com
>Get list of DCs in domain 'phoenix.com' 
from '\\server01.phoenix.com'.
>You don't have access to DsBind to phoenix.com 
(\\server01.phoenix.com) 
>(Trying
>NetServerEnum).
>I_NetGetDCList failed: Status = 6118 0x17e6 
ERROR_NO_BROWSER_SERVERS_FOUND
>**********************************************************
*******
>D:\tools>nltest /dcname:phoenix.com
>NetGetDCName failed: Status = 2453 0x995 NERR_DCNotFound
>**********************************************************
******
>
>
>D:\tools>nltest /dsgetdc:phoenix.com
>           DC: \\server01.phoenix.com
>      Address: \\172.16.1.8
>     Dom Guid: c8876d07-d748-47cc-9dde-9967cb103e46
>     Dom Name: phoenix.com
>  Forest Name: phoenix.com
> Dc Site Name: Default-First-Site-Name
>Our Site Name: Default-First-Site-Name
>        Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV 
WRITABLE DNS_DC 
>DNS_DOMAIN
>DNS_FOREST CLOSE_SITE
>The command completed successfully
>**********************************************************
*****
>D:\>nslookup
>*** Can't find server name for address 172.16.1.8: Non-
existent domain
>**********************************************************
***
>
>
>
>
>
>
>
>
>"Neil" <guess!!!@gmail.com> wrote in message 
>news:Xns95B76AF0EAFC6neilmcsegmailcom@207.46.248.16...
>> did you hear Neil <guess!!!@gmail.com> say in
>> news:Xns95B76A162E789neilmcsegmailcom@207.46.248.16:
>>
>>> dnslint /ad /s /v server01.pheonix.com
>>
>> feh, sorry, use the IP addy of server01 instead...
>>
>> -- 
>> Neil MCNGP #30
>> "Human beings, who are almost unique in having the 
ability to
>> learn from the experience of others, are also 
remarkable for
>> their apparent disinclination to do so."
>> -- a quote by Doug Adams (Author of the Hitchhiker's 
Guide to the Galaxy) 
>
>
>.
>

Next message: leopard: "70-290"
Previous message: leopard: "can i use vpn on a xp pro client(only client) broadband enabled machine"
In reply to: John West: "Re: DNS Authentication Issue"
Next in thread: John West: "Re: DNS Authentication Issue"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Global catalog server died before completing replication to new GC server
... If no DNS is installed on the existing DC: ... Install DNS role and create a forward lookup zone for your complete domainname, ... Then make sure all servers are listed in the zones, ... cause Group Policy problems. ...
(microsoft.public.windows.server.active_directory)
Re: GPO issue on 1 pc
... Automatic certificate enrollment for local system failed to contact the ... Connection-specific DNS Suffix. ... In any case you start troubleshooting this by performing NSLookup ... tests with explicit name servers as the final parameter: ...
(microsoft.public.windows.server.active_directory)
Re: google.com get redirected to google.co.uk
... This will tell you whether it is or is not their servers causing this. ... nslookup www.google.com xxx.xxx.xxx.xxx ... They have four internal AD DNS servers. ... In DNS console, under Cached Lookups, we can see under, co, uk a cname ...
(microsoft.public.windows.server.dns)
Re: w2k3 DNS Server Manual
... nslookup mydomain.com ... directory and i need some servers to have communication to the outside world ... > guide to defining DNS zones. ... > If where you run this is a domain member then those DNS ...
(microsoft.public.windows.server.dns)
Re: Read-Only Access to DNS
... Dèjì Akómöláfé, MCSE MCSA MCP+I ... Nslookup is not enough for them. ... These are legacy DNS servers, ... > not used with AD. I'm running Windows 2000 servers that reside in Windows ...
(microsoft.public.win2000.dns)