Win2k AD DNS and VPN's oh my..

From: Will (bob_at_bob.net)
Date: 02/16/05 

Date: Wed, 16 Feb 2005 14:35:56 -0500

Hi folks Thanks in advance for any help.
BACKGROUND:
A friend of mine and I setup a test domain at home. I setup a Windows 2000
advanced server box with a domain of testprep.mcse
I configured DNS and DHCP so that my network is happy and all clients in my
home can get addresses and get to the web and ping and resolve and all the
happy things PC's do on a network. (192.168.1.x) (255.255.255.0) is my
range/site
I then setup an VPN server for my friend to connect to (same box as AD DNS
and my DHCP).

Once connected he (also on Win2k advanced server) ran DCpromo and joined up
as a 2nd DC on he same domain, no sub-domain. He has setup DHCP for his
home. (192.168.2.x) (255.255.255.0) is his range/site. We ran a few tests
(ping, AD replication, DNS ADI zone replication, file shares, remote
management) And his DC seems to be connected to my domain just fine.

PROBLEM:
He now tries to add PC's in his site to the domain. He is told that the
domain testprep.mcse is not valid or cannot be found in DNS.
We tried using netdiag /fix with no solution. We deleted his forward lookup
zone and recreated it. Ran ipconfig /registerdns on his server. He is
pointing to himself for DNS so it did add a SRV record fro his ldap. We
again ran NETDIAG /FIX.

Here is the log:
The DNS test section is what catches my eye. Any ideas?

.....................................

    Computer Name: STIMSON-DC
    DNS Host Name: stimson-dc.testprep.mcse
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 0 Stepping 0, CyrixInstead
    List of installed hotfixes :
        KB329115
        KB823182
        KB823559
        KB824105
        KB824151
        KB825119
        KB826232
        KB828035
        KB828741
        KB828749
        KB835732
        KB837001
        KB839643
        KB839645
        KB840315
        KB840987
        KB841356
        KB841533
        KB841872
        KB841873
        KB842526
        KB867282-IE501SP4-20050107.164742
        KB867282-IE6SP1-20050127.163319
        KB871250
        KB873333
        KB873339
        KB885250
        KB885834
        KB885835
        KB885836
        KB888113
        KB890047
        KB890175
        KB891711
        KB891781
        Q147222
        Q828026

Netcard queries test . . . . . . . : Passed

Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : stimson-dc.testprep.mcse
        IP Address . . . . . . . . : 192.168.2.104
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.2.1
        NetBIOS over Tcpip . . . . : Disabled
        Dns Servers. . . . . . . . : 192.168.2.104
                                     204.127.204.8
                                     216.148.227.204

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Skipped
            NetBT is disabled on this interface. [Test skipped]

        WINS service test. . . . . : Skipped
            NetBT is disable on this interface. [Test skipped].

    Adapter : {B46AD091-4D55-4656-BFFD-B1928170ED7A}

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : stimson-dc.testprep.mcse
        IP Address . . . . . . . . : 192.168.1.202
        Subnet Mask. . . . . . . . : 255.255.255.255
        Default Gateway. . . . . . : 192.168.1.202
        Dns Servers. . . . . . . . : 216.148.227.79
                                     192.168.1.5
                                     192.168.1.5

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{B46AD091-4D55-4656-BFFD-B1928170ED7A}
    1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
          [WARNING] Cannot find a primary authoritative DNS server for the
name
            'stimson-dc.testprep.mcse.'. [RCODE_SERVER_FAILURE]
            The name 'stimson-dc.testprep.mcse.' may not be registered in
DNS.
    PASS - All the DNS entries for DC are registered on DNS server
'192.168.2.104'.

Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{B46AD091-4D55-4656-BFFD-B1928170ED7A}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{B46AD091-4D55-4656-BFFD-B1928170ED7A}
    The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Failed
    [FATAL] Secure channel to domain 'TESTPREP' is broken.
[ERROR_NO_LOGON_SERVERS]

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Passed
Entry Name: Ohio
Device Type: Framing protocol : PPP
LCP Extensions : Disabled
Software Compression : Enabled
Network protocols :
     NetBEUI
     IPX
     TCP/IP
IP Address : Specified
Name Server: Specified
IP Header compression : Enabled
Use default gateway on remote network : Enabled

 Connection Statistics:
 Bytes Transmitted : 138335
 Bytes Received : 1270059
 Frames Transmitted : 1182
 Frames Received : 1477
 CRC Errors : 1477
 Timeout Errors : 0
 Alignment Errors : 0
 H/W Overrun Errors : 0
 Framing Errors : 0
 Buffer Overrun Errors : 0
 Compression Ratio In : 62
 Compression Ratio Out : 8
 Baud Rate ( Bps ) : 10000000
 Connection Duration : 296717

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.

The command completed successfully

Relevant Pages

  • Re: How to configure for Two different IP subnets
    ... Active Directory will go haywire in a setup like that. ... AD integrates with the local DNS, so you cannot use the DNS at your ISP ... With Server 2003 Standard ... for its internal interface (ie the VPN endpoint). ...
    (microsoft.public.windows.server.networking)
  • Re: Setting Up LMHost File? (DNS problem on VPN).
    ... We have around 17 remote sites so using a DC for each would be expensive, and I can't see a benefit at the moment. ... also the DNS server. ... which includes the DNS. ... We really need a lot more info about the setup. ...
    (microsoft.public.windows.server.networking)
  • Re: Domain Controller Down
    ... I am guessing you are correct about the 'tweaking', as this was setup a long ... I don't know enough about how to setup DNS, but it looks to me like there is ... The Domain Name System name recommendations for Small Business Server 2000 ... Ethernet adapter Local Area Connection: ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Restoring Active Directory domain
    ... Is that temp DC multihomed? ... I believe you're right and the problem is in my DNS setup. ... the new temp server, I get this: ...
    (microsoft.public.win2000.active_directory)
  • Re: Restoring Active Directory domain
    ... I believe you're right and the problem is in my DNS setup. ... on the new temp server, ... Unlimited Access, Anonymous Accounts, Uncensored Broadband Access ...
    (microsoft.public.win2000.active_directory)