AD/DNS Setup Issues/Questions
- From: Robert Lindholm <RobertLindholm@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 11 Apr 2008 10:59:01 -0700
Hello:
I'm attempting to setup an Active Directory [AD] test lab using two Windows
2003 servers [Standard Edition], that will become the domain controllers [DC]
and AD-integrated DNS servers for the domain.
For test purposes, the AD environment is going to be a relatively simple
single domain in a new forest with no existing primary DNS server.
I've configured the first server to be a DC and the primary DNS server for
the domain, but am running into a problem:
1) When I attempt to promote the second DC and join the domain, it cannot
locate the first DC and gives me the following error message:
"An Active Directory domain controller for the domain "" could not be
contacted... DNS name doesn't exist [error code 0x0000232b RCODE_NAME_ERROR]"
When I look at the help screen for this error, it indicates that two RRs are
missing:
- _ldap._tcp.dc._msdcs.DNSDomainName
- A record for entry above
This entries are indeed missing in the primary DNS servers DNS records.
While I could simply add these RRs, it appears that there may be other
missing RRs, as the only records that are currently in DNS are the following:
- Forward Lookup Zones
- _msdcs.adtest.seas.rochester.edu
- (same as parent folder) Start of Authority (SOA) [3],
alpha.adtest.seas.rochester.edu., hostmaster.adtest.seas.rochester.edu.
- (same as parent folder) Name Server (NS) alpha.adtest.seas.rochester.edu.
- adtest.seas.rochester.edu
- (same as parent folder) Start of Authority (SOA) [2],
alpha.adtest.seas.rochester.edu., hostmaster.adtest.seas.rochester.edu.
- (same as parent folder) Name Server (NS) alpha.adtest.seas.rochester.edu.
- alpha Host (A) 192.168.1.100
- Reverse Lookup Zones
- No reverse lookup zones
This is my first attempt at AD, so I'm exactly not sure what to expect, but
unless I installed the DC/DNS incorrectly, I would have thought that DNS
would be populated with the necessary RRs to run AD.
I took a look in netlogon.dns and there are a variety of RRs there,
including the ones outlined in the error message above, that I would have
expected to be in DNS.
If populating DNS is a manual process based on the requirements of each AD
environment, I can certainly follow the standard process for populating DNS,
but I would like to proceed with an intelligent understanding of what needs
to be present to run AD and how to achieve that end result in an efficent
manner rather then adding RRs adhoc.
Essentially, I'm looking to verify that what I currently have in DNS should
be in DNS, determine what still needs to be added to DNS for it to work and
what is the best way to make that happen.
I have been looking at several DNS tools [e.g. NSLookup, DNSLint, DCDIAG
/DNS], as well as a voluminous amount of Windows DNS reference material to
try and figure this out on my own, but based on my unfamiliarity with this
subject would appreciate any recommendations on where to start and how to go
about resolving this situation.
Thanks,
Bob
--
Robert Lindholm
University of Rochester
.
- Follow-Ups:
- Re: AD/DNS Setup Issues/Questions
- From: Danny Sanders
- Re: AD/DNS Setup Issues/Questions
- Prev by Date: Re: Problems getting DNS to work properly in upgrade
- Next by Date: Re: Windows 2003 DNS server and Mac OS X (Leopard)
- Previous by thread: Problems getting DNS to work properly in upgrade
- Next by thread: Re: AD/DNS Setup Issues/Questions
- Index(es):
Relevant Pages
|
