Re: DC of the Parent Domain can't Ping the hostname of the DC Child Do
- From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
- Date: Mon, 27 Nov 2006 18:45:01 -0500
In news:94C2BF9E-7868-4989-92AF-BD1432314F18@xxxxxxxxxxxxx,
DaMoose <DaMoose@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I commented on
below:
Hi there,
Here's the situation with what I have:
1and only AD DC, Windows 2003 Standard R1, hostname "host1 - for
sake of argument" also acting as File Server in head office with all
HO users and branch users authenticating from it.
I added a child domain to it, hostname "host2" and It is Windows 2003
Standard R2. Both servers are communicating through VPN and all
ports and service are open.
I had to run "adprep /forestprep" command on the Parent domain(host1
- the one with R1) from CD 2 of the Windows 2003 Server R2. This
need to be done as per Microsoft so current R1 server could
communicate with R2 windows during AD wizard.
Reboot both servers, and I'm able to ping from the Child to the
Parent with its hostname, "host1", but not the other way around.
However, I could ping host2's FQDN no problem;
"host2.city2.ParentDomain.com"
The Parent, host1, knows about the child domain and its DC in the DNS
service. But I can't ping its hostname nor PCs on the Child domain.
Please help.
This is what I found on the Event Viewer on the Child Domain:
Event Viewer from the Child Domain:
The dynamic registration of the DNS record
'_ldap._tcp.25c022b9-78fc-4ee2-ae4f-943bc9fe10eb.domains._msdcs.auroraimporting.com.
600 IN SRV 0 100 389 host2.city2.ParentDomain.com.' failed on the
following DNS server:
DNS server IP address: 10.10.1.10
Returned Response Code (RCODE): 5
Returned Status Code: 9017
For computers and users to locate this domain controller, this record
must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem,
and initiate registration of the DNS records by the domain
controller. To determine what might have caused this failure, run
DCDiag.exe. You can find this program on the Windows Server 2003
installation CD in Support\Tools\support.cab. To learn more about
DCDiag.exe, see Help and Support Center. To initiate registration of
the DNS records by this domain controller, run 'nltest.exe
/dsregdns' from the command prompt on the domain controller or
restart Net Logon service. Nltest.exe is available in the Microsoft
Windows Server Resource Kit CD.
I will test the User Action and search the Status Code tomorrow.
Thank you for your help in advance.
Sounds like a DNS misconfiguration on the client side (meaning the servers),
in a combination with DNS server settings, delegations, forwarding, etc etc
etc. Not sure because the info to figure that out was not posted.
To keep it short and quick (the KISS method), if you have a child domain in
a different location than the parent, the best thing to do is use a
delegation. You can also use Stubs, but to keep it simple, let's delegate
the child zone. This means you want to create a delegation for
child.auroraimporting.com from the auroraimporting.com (parent domain) DNS
server.
Simple setup providing huge benefits in a scenaro such as yours. To do so,
in the auroraimporting.com DNS, first delete the child zone, if already
created. Rt-click auroraimporting.com, choose new delegation, provide the
domain name "child" (don;t give it the whole child.auroraimporting.com name
since it will suffix that for you), then provide the actual DNS server name
in the child.auroraimporting.com domain. Then configure a conditonal
forwarder for the auroraimporting.com domain from the
child.auroraimporting.com DNS server back to the parent DNS server in
auroraimporting.com. Yu can also create a forwarder from the parent domain
("For ALl Other Domains) to the ISP's DNS.
Make sure ALL machines in the auroraimporting.com location are ONLY using
the auroraimporting.com DNS server, NO OTHERS. In the
child.auroraimporting.com domain, make sure ALL machiens are ONLY using the
child.auroraimporting.com DNS server, NO OTHERS. This should work.
More info:
How To Create a Child Domain in Active Directory and Delegate the DNS
Namespace to the Child Domain
http://support.microsoft.com/?id=255248
--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."
The only constant in life is change...
.
- References:
- Prev by Date: Re: Tombstone lifetime exceeded
- Next by Date: Re: Preparing Network Connections... forever
- Previous by thread: DC of the Parent Domain can't Ping the hostname of the DC Child Do
- Next by thread: Re: Desktop Wallpaper - GPO
- Index(es):
Relevant Pages
|
