Re: guid based dns name not registered
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 02/19/05
- Next message: ptwilliams: "Re: web page to read from AD Live"
- Previous message: ptwilliams: "Re: sAMAccountName Help Needed"
- In reply to: aks: "Re: guid based dns name not registered"
- Next in thread: aks: "Re: guid based dns name not registered"
- Reply: aks: "Re: guid based dns name not registered"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 19 Feb 2005 13:42:09 -0000
I've been thinking about this, and we may be able to do this quicker by
simply pointing all three DCs at the forest root for DNS. If you do this,
and then restart netlogon all three will register records in DNS on orange;
they will then be able to see each other and replicate this info. to each
other. Once they've successfully replicated, they can be changed back to
point to themselves.
Try this first. Let me know what happens.
However, for completion's sake, I've answered all your questions too.
Answers inline...
p.s. in my last post I meant to say "no I don't mean forwarders; I mean zone
transfers".
My apologies.
-- Paul Williams http://www.msresource.net/ http://forums.msresource.net/ "aks" <aks@discussions.microsoft.com> wrote in message news:B32767C0-1180-4BC8-9BCB-6DBD0380BDDE@microsoft.com... Hi Paul, Nice to hear back from you. I'm too consumed with this problem as my time is running out on this... Appreciate your 'divine' help. >> PAUL: No sweat! ;-) Per your suggestions so far, I have tried few more things on the system. Would like to update you so we both are on the same page - 1. Biggest question: >From day one, nslookup <hostname or IP> on each DC is giving an error. For e.g - On serv1, when running: nslookup serv2, i get this error "dns request timed out, time out was 2 secs. Can't find server name for address 1.2.3.0: timed out" server: unknown address: 1.2.3.0 (is correct IP of serv1) name: serv2.orange.com (is correct) address: 1.2.3.1 (is correct IP of serv2) I get results back, however see an error msg also. Is something wrong somewhere? >> PAUL: This is because you don't have any reverse lookup zones defined. >> This is nothing to worry about, but having reverse lookup zones helps >> when troubleshooting...so, create one on the root DC forest wide. This >> is based on subnet - not domain. 2. On each DC, I removed the "forwarders" that I had configured as mentioned in my last msg, and added 2 more PRIMARY zones to force each DC to list all the domains under Forward Lookup Zones(FLZ). By doing so, each DC, under FLZ now lists the names of all 3 domains - one local domain, 2 non-local domains. Not sure if on each DC, other 2 zones representing 2 non-local domains have to be added as primary or secondary ? >> PAUL: Hmmm...not quite sure about this. You should be adding secondary >> zones. Each domain DC is the primary zone (even if they're >> AD-Integrated); the other DCs need to pull a secondary copy. I assume that you mean that each DC stores it's own domain zone and a secondary copy of the other two? If not, that's how it should be. Otherwise we're going to confuse things even more... 3. I configured "zone transfers" for each domain listed under FLZ, and enabled "allow zone transfer" and added domain name and IP addr of the other two domains in the forest. So total I have 6 entries (3 domains times 2 zone transfer entries for each domain , 3 x2 = 6). This is also done on each DC. >> PAUL: On the Zone Transfers tab (right-click on the zone and choose >> properties) there are three options underneath 'Allow zone transfers': To >> any server; only to servers listed on the name servers tab; and only to >> the following servers. As this is only a temporary measure to get >> replication to work, we'll go with the third option: Only to the >> following servers. On orange, you should add apple and banana. On >> apple, orange and banana, etc. However, try my suggestion above first. This is a very convoluted way about this. I didn't have a 2003 DNS server in front of me when I first answered your post and was in Win2000 mode! 4. Installed system tools on each DC. Using replmon, replication topology displays a GUI with each DC pointing to two other DC's in the forest only if I select 'intra site topology'(right click DC). I do not see this when I select 'inter-site topology'. I think my goal is to set up one site per domain, so the above seems incorrect. Please advise. Also in replmon, need some pointers on what to select to force 'replication of applicatioon partitions' - there are too many options, don't see 'replicate now' anywhere.... >> PAUL: The above is correct if they're all in the same site; inter-site >> topology will only show data when you have DCs in different sites. If >> all DCs are on the same subnet, you don't need multiple sites. Site are >> for localising traffic. As for replmon... When you add a monitored server, the default view is fine. This shows all direct replication partners for each partition. You can enable viewing of transitive replication partners through View\ Options\ Show transitive replication partners and extended data. Although this won't be necessary as you don't have enough DCs for a mesh and all three are in the same site. You force replication by right-clicking on a partition (or the server to replicate all partitions) and choosing Synchronise each directory partition with all replication partners. In the resultant box, select push mode and OK. If these were spread across multiple sites you would also choose cross site boundaries 5. upon executing dcdiag /v on each DC the errors have reduced significantly, but these are still there: a) on both serv1(apple.com) and serv3(banana.com), I get this: - Replication test: Serv2 (its orange.com): DS Bind() failed with error 1722. RPC server is unavailable b) on all DC's, see Netlogon failure. For e.g on serv3, i see this: Starting test: NetLogons * Network Logons Privileges Check ......................... SERV3 passed test NetLogons Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: RPCLOCATOR RPCLOCATOR Service is stopped on [SERV3] * Checking Service: w32time * Checking Service: TrkWks TrkWks Service is stopped on [SERV3] * Checking Service: TrkSvr TrkSvr Service is stopped on [SERV3] * Checking Service: NETLOGON ......................... SERV3 failed test Services Please advise. c) using dcdiag /v, on all DC's, I donot see mention of other two (non-local) domains, not even in the 'Intersite test' section - Is this expected ? >> PAUL: The RPC and bind errors are DNS lookup errors. These are what we >> are trying to fix, and will do soon... dcdiag /v is a verbose test on the local DC. If you want to test all DCs in the enterprise, with a complete set to tests run dcdiag /v /c /e. Much thanks in advance. >> PAUL: No problem!! If you would like to take this offline at this point/work thru the weekend, please let me know. I'll pass my email id to you. >> PAUL: No need. It may benefit others if we keep it online. aks "ptwilliams" wrote: > No, I mean forwarders ;-) > > I'm not in front of a 2003 box now...but over the weekend I'll fire one up > and answer your questions... > > Don't rebuild yet. Fixing this will be *fun* and helpful in the future... > > > -- > > Paul Williams > > http://www.msresource.net/ > http://forums.msresource.net/
- Next message: ptwilliams: "Re: web page to read from AD Live"
- Previous message: ptwilliams: "Re: sAMAccountName Help Needed"
- In reply to: aks: "Re: guid based dns name not registered"
- Next in thread: aks: "Re: guid based dns name not registered"
- Reply: aks: "Re: guid based dns name not registered"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
