Re: DNS not installing properly
- From: AllforLax <AllforLax@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 29 Nov 2005 06:12:06 -0800
Thanks!!! I will give this a try and see how it comes out...
"Herb Martin" wrote:
> > I added the WINS IP address and able to see the resources in the "Blue"
> > domain.. However, still unable to shared out the resources on the "Blue"
> > domain..
> >
> > I enter the WINS IP address for the organization's "Red" Trust Domain in
> > the
> > primary "Blue's" DNS zone property. I was still not able to create an
> > Integrated Active Directory Zone... I even changed the primary DNS setting
> > in
> > the NIC> Propteries for the "Blue" Domain and still user can not access
> > the
> > resources.. Still getting error, "Blue is not accessable. Logon Failue:
> > user
> > account Restriction".
>
> [This time I was out of town with limited Internet access.]
>
> You must use STRICTLY the LOCAL DNS (the one with all of the correct
> answers) on each machines NIC (DC or not) and you must arrange for that
> DNS server (set) to resolve the other tree (easiest is Win2003 Conditional
> Forwarding but Win2000 can use "cross secondaries" for each Domain tree
> to resolve the other.)
>
> NetBIOS using WINS requires that ALL Servers, especially ALL DCs for
> external trusts be registered in the SAME WINS DATABASE.
>
> This means they (the DCs and the other machiens) must all be WINS Clients
> and you must replicate WINS if you use more than one.
>
> You can only make an AD Integrated Zone when using DNS on a DC.
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
> "AllforLax" <AllforLax@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:B14D83CA-35C7-4B33-AF28-7FC1DE475D3E@xxxxxxxxxxxxxxxx
> > Hello,
> >
> > Been a while.. Sorry.. Ben frustrating in working on tis problem alone..
> >
> > I added the WINS IP address and able to see the resources in the "Blue"
> > domain.. However, still unable to shared out the resources on the "Blue"
> > domain..
> >
> > I enter the WINS IP address for the organization's "Red" Trust Domain in
> > the
> > primary "Blue's" DNS zone property. I was still not able to create an
> > Integrated Active Directory Zone... I even changed the primary DNS setting
> > in
> > the NIC> Propteries for the "Blue" Domain and still user can not access
> > the
> > resources.. Still getting error, "Blue is not accessable. Logon Failue:
> > user
> > account Restriction".
> >
> > "Herb Martin" wrote:
> >
> >> "AllforLax" <AllforLax@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:1C640449-5161-4C75-852D-40CC3592119F@xxxxxxxxxxxxxxxx
> >> > Thanks Herb for your kind reply..
> >>
> >> Sorry for the delay in replying - this thread wasn't marked and I
> >> had trouble re-finding it when you replied.
> >>
> >> > I am very new with working at the server level. I have a strong
> >> > workstation
> >> > level experience. Trying to get more familiar with servers and domain
> >> > controllers.. Let me give you the details that you need to help me...
> >> >
> >> > Orginally, this primary domain controller (PDC) was a Windows NT 4.0
> >> > with
> >> > a
> >> > Trust relationship with our organization's primary domain (Red). I
> >> > built a
> >> > Windows NT 4.0 backup primary domain controller (BDC) on new Compaq
> >> > Proliant
> >> > box and replicated the SAM accounts from the PDC. Then, I promoted the
> >> > newly
> >> > built BDC to PDC. After this was done, I upgraded the new PDC to a
> >> > Windows
> >> > 2000 domain controllers. The Active Directory was created and all the
> >> > policies were modified.
> >>
> >> Standard procedure for upgrading NT when the (old) PDC is not a good
> >> candidate.
> >>
> >> Since: ONLY the PDC can upgrade the domain.
> >>
> >> > The IPs are configured on the new DC as static for our organization's
> >> > primary DNS server. This was the only way to add this new DC to the
> >> > network
> >> > for the existing domain. Also, it is the same domain name as the old
> >> > Windows
> >> > NT 4.0 after the upgrade to Windows 2000.
> >>
> >> You cannot expect to use MANUAL records for AD -- your DCs
> >> really need to register themselves so DNS must practically be
> >> Dynamic.
> >>
> >> While technically it is POSSIBLE to do this manually it is impractical
> >> to the point that it is unworkable for real world domains.
> >>
> >> > All went well, until after the new Windows 2000 domain controller was
> >> > added
> >> > to the organization's Trust relationship. The users are able logon to
> >> > the
> >> > new
> >> > domain contoller's domain (Blue) which I created in the Active
> >> > directory.
> >> > But, when browsing "My Network Places" to look at the entire contents
> >> > of
> >> > the
> >> > (Blue) domain, it come back with error;
> >> >
> >> > "Blue is not accessable. Logon Failue: user account Restriction.
> >>
> >> Trusts outside of a single forest AND browsing are both dependent
> >> on NetBIOS (as I mentioned previously.)
> >>
> >> > After researching this, reading the event viewer and consulting with
> >> > several
> >> > persons.. I was told that I did not have a DNS Zone.. I went ahead and
> >> > attempt to install the DNS manager and DNS Zone.. While attempting to
> >> > install
> >> > the DNS "Active Directory Integrated" Zone, the message appears as;
> >> >
> >> > "Zone can not be created. The Active Directory service is not
> >> > available."
> >> >
> >> > I went ahead and installed the "Standard Zone" I received the same
> >> > message;
> >> >
> >> > "Zone can not be created. The Active Directory service is not
> >> > available."
> >> > When attempting to install the "Reverse: Active Directory-integrated
> >> > Primary Zone"
> >>
> >> You don't really need a reverse zone. You need a forward zone (which
> >> might have been created automatically for you) but I though you already
> >> had DNS setup?
> >>
> >> Your DC must point to the DNS server it will use on it's NIC->IP
> >> properties.
> >>
> >> > I hope I have explain this the best I could with little experience that
> >> > I
> >> > have at the server level..
> >>
> >> You have two problems. DNS (fixing the zones) and NetBIOS (likely
> >> WINS server needed if you have more than one Subnet) to fix browsing
> >> and to enable trusts OUTSIDE of the forest.
> >>
> >> --
> >> Herb Martin, MCSE, MVP
> >> Accelerated MCSE
> >> http://www.LearnQuick.Com
> >> [phone number on web site]
> >>
> >> >
> >> > Thanks AllforLax
> >> >
> >> >
> >> > "Herb Martin" wrote:
> >> >
> >> >> "AllforLax" <AllforLax@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> >> news:64897406-E279-41B5-BA8D-F04560AAED48@xxxxxxxxxxxxxxxx
> >> >> >I have a DC that is Trust with the primary DC.. My DC is an isolated
> >> >> >network
> >> >> > with a Trust relationship the agencies primary DNS... All the users
> >> >> > that
> >> >> > logon to my DC can only see my DC.. I can see my Trusted DC and the
> >> >> > Trust
> >> >> > DC...
> >> >>
> >> >> "See"? Do you mean browse? Browsing is a NetBIOS application
> >> >> and as such is not releated to trusts or DNS directly.
> >> >>
> >> >> Also note that a "DC" cannot trust another DC nor DNS. Trusts are
> >> >> between domains (except in one new Win2003 exception case for
> >> >> forests.)
> >> >>
> >> >> You indicate an "isolated" network -- if this implies routers (or
> >> >> router switches) then your problem is likely a lack of (common)
> >> >> WINS servers.
> >> >>
> >> >> NetBIOS resolution has a practical requirement for a common
> >> >> WINS database.
> >> >>
> >> >> > I upgraded my DC from Windows Nt 4.0 to Windows 2000 and bulted the
> >> >> > Active
> >> >> > directory.. Applied the GPO security policies, but can not load
> >> >> > either
> >> >> > Integrated DNS or Standard DNS Zones...
> >> >>
> >> >> What? IF you have a DC then you can run DNS on it. If you run
> >> >> DNS on the DC it CAN be integrated.
> >> >>
> >> >> > I know you can not completely work with Active Directory without the
> >> >> > DNS
> >> >> > Zone.. Though I tried to load the zones it never takes with the
> >> >> > active
> >> >> > directory..
> >> >>
> >> >> What do you mean by "never takes"?
> >> >>
> >> >> > What should I do next?
> >> >>
> >> >> Be very explicit about exactly what happens, avoid generic
> >> >> phrases and describe your exact actions, results, and error
> >> >> messages.
> >> >>
> >> >> --
> >> >> Herb Martin, MCSE, MVP
> >> >> Accelerated MCSE
> >> >> http://www.LearnQuick.Com
> >> >> [phone number on web site]
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
> >>
>
>
>
.
- References:
- Re: DNS not installing properly
- From: AllforLax
- Re: DNS not installing properly
- From: Herb Martin
- Re: DNS not installing properly
- Prev by Date: restricting clients queries
- Next by Date: Re: restricting clients queries
- Previous by thread: Re: DNS not installing properly
- Next by thread: Simple Question :-)
- Index(es):
Relevant Pages
|
