Re: DNS Problems adding Win2K3 Server to Existing Win2K Domain

From: Rebecca Chen [MSFT] (v-rebc_at_online.microsoft.com)
Date: 12/03/04 

Date: Fri, 03 Dec 2004 14:32:20 GMT

Hi Robbie,

I would like to jump in and provide my opinions on this issue.

As I have understand, there are only one win2k server plays the DC, file
server roles and now you want to use a new machine win2k3 replace the old
DC.
The win2k server is called Dharma, DNS name is Dharma.org, it is also the
public DNS name.

Below are my comments for your first thread:
1) Run ADPrep /forestprep and ADPrep /domainprep on the Win2K server.

REBC: correct.

2) Joined the Win2K3 server to the existing domain. (The Win2K3 has joined
the domain without a problem, and can happily browse shares from the Win2K
server.)

3) Checked the "Trust Computer For Delegation" box on the Win2K3 server's
record in AD Users and Computers on the Win2K server. (This was just my
idea. I don't know if it is necessary or not.)

REBC: This is not necessary.

3) Added a DNS server on the Win2K3 server

REBC: Do you mean you have installed the DNS on win2k3 server? What kind of
DNS installed?

Actually, you don't need install DNS on win2k3 server, you need to install
DNS on win2k server, which is your old DC.

When you add an additional DC in the network, the win2k3 server need to
contact win2k DC, it is not only need to ping thought the win2k server,
win2k3 also need to located to the DNS recorder, such as A recorder to
locate to the DC, SRV recorders to locate to the service.

Therefore, I suggest you read to the following article carefully to install
the AD-integrated DNS on win2k DC:

To install a DNS server
http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windo
ws2000/en/advanced/help/sag_DNS_pro_InstallServer.htm

Active Directory integration
http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windo
ws2000/en/advanced/help/sag_DNS_pro_ConfigServerForDS.htm

After doing this, on win2k3 server, point DNS server to win2k DC. Use
"nslookup Dharma" and " nslookup Dharma.org" in CMD, can you successfully
resolve the name?

NOTE: Win2k should resolve Dharma.org successfully if you specify
Dharma.org when you install DNS on win2k. If you do so, in other word, the
internal DNS and the external DNS will use the exact the same name. the
side effect by doing this is that your internal client cannot go to the
www.Dharma.org, this is because win2k DC plays the DNS role and will guild
the client to contact win2k DC to visit www.Dharma.org. To resolve this,
please add a A recorder in DNS and point www.Dharma.org to your ISP's IP
address. By doing this, the client will be guild to your ISP's host to
visit the website.

The steps should be:
Rt-click your zone name, select New Host Record, type in www for the name,
and give it the actual external IP address.

More details can be found from the link below:
http://216.239.63.104/search?q=cache:EyiObFom5ckJ:www.talkroot.com/archivee/
index.php/t-56641_DNS_internal_namespace_same_as_external_www_-Problems.html
+internal+and+external+same+DNS+name&hl=en
This response contains a reference to a third party World Wide Web site.
Microsoft can make no representation concerning the content of these sites.
Microsoft is providing this information only as a convenience to you: this
is to inform you that Microsoft has not tested any software or information
found on these sites and therefore cannot make any representations
regarding the quality, safety, or suitability of any software or
information found there. There are inherent dangers in the use of any
software found on the Internet, and Microsoft cautions you to make sure
that you completely understand the risk before retrieving any software on
the Internet.

More information:

Enterprise Design for DNS
http://www.microsoft.com/technet/itsolutions/wssra/raguide/Network_Services_
SB_1.mspx

Any update, let us get in touch!

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: robbie@fordpinto.com (Robbie)
>Newsgroups: microsoft.public.windows.server.migration
>Subject: Re: DNS Problems adding Win2K3 Server to Existing Win2K Domain
>Date: 2 Dec 2004 16:27:45 -0800
>Organization: http://groups.google.com
>Lines: 47
>Message-ID: <fcca0021.0412021627.1cf81126@posting.google.com>
>References: <fcca0021.0411122117.20775515@posting.google.com>
<WQ$HTHezEHA.3928@cpmsftngxa10.phx.gbl>
<fcca0021.0411191033.106d2659@posting.google.com>
<9qQSjrH0EHA.768@cpmsftngxa10.phx.gbl>
<fcca0021.0411231626.5c7a0bf1@posting.google.com>
<03wV1Mg0EHA.3028@cpmsftngxa10.phx.gbl>
<fcca0021.0411262134.6492e609@posting.google.com>
<VmnsYOf1EHA.1184@cpmsftngxa10.phx.gbl>
<fcca0021.0411291238.2397d2bb@posting.google.com>
<Q4b9QU41EHA.3984@cpmsftngxa10.phx.gbl>
>NNTP-Posting-Host: 24.107.228.198
>Content-Type: text/plain; charset=ISO-8859-1
>Content-Transfer-Encoding: 8bit
>X-Trace: posting.google.com 1102033665 16742 127.0.0.1 (3 Dec 2004
00:27:45 GMT)
>X-Complaints-To: groups-abuse@google.com
>NNTP-Posting-Date: Fri, 3 Dec 2004 00:27:45 +0000 (UTC)
>Path:
cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP08.phx.gbl!news-out.cwi
x.com!newsfeed.cwix.com!logbridge.uoregon.edu!canoe.uoregon.edu!newshub.sdsu
edu!postnews.google.com!not-for-mail
>Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.migration:15718
>X-Tomcat-NG: microsoft.public.windows.server.migration
>
>Hi Carsyn,
>
>Thank you for the suggestions.
>
>> It could cause problems if the internal DNS name and external DNS name
is
>> the same. Let's try to change the name Dharma.org after upgrading to
>> Windows Server 2003 domain to see if it works.
>
>Are you suggesting upgrading our old Win2K server to Win2K3 Server? I
>hope we don't have to do that. Our idea is to replace the old server,
>not upgrade it. I don't want to damage it before I have another server
>to take its place.
>
>Perhaps you are misunderstaning how simple our old network is. We have
>a single Win2K Server that is an AD controller. We have no other
>servers. The Win2K Server provides DNS and DHCP, as well as file and
>print services. That's all. It's about as plain a network as possible.
>
>We have purchased a new computer to replace the old server. We have
>installed Win2k3 on it. It can join the Win2K domain. It authenticates
>to the Win2K domain without a problem. The problem we have is that we
>cannot promote it to be a backup domain controller, due to the
>problems previously described here. I believe that there is a
>configuration problem with DNS on the old server, but I don't
>understand what it is because it appears to do the basic job of DNS
>just fine.
>
>Is it a problem having the dharma as both the name of our Windows
>domain AND a real world domain (dharma.org)? (Is that what you mean by
>"internal DNS name and external DNS name"?) If so, please tell me how
>to rectify it. Do I change the name of our domain from Dharma to
>something else? And why should that matter?
>
>> If the issue is still there, let's try to uninstall the DNS server from
the
>> Windows Server 2003 computer and re-join the system to the Windows
Server
>> 2000 domain to see if it's okay to promote the server. And, please make
>> sure that the Win2k3 use Windows 2000 DNS server as the preferred DNS
>> server.
>
>OK, the Win2K3 server is, right now, just another client on the
>network. It is running DNS, but no computers on the network look to it
>for DNS. It's TCP/IP properties point to the Win2K computer for it's
>own DNS resolution. It is not running as a domain controller. It is
>joined to the Dharma, the Win2K domain. What should I do here?
>
>Thanks again,
>Robbie
>

Relevant Pages

  • Re: Win2k to Win2k3 AD Upgrade
    ... If you don't have the support tools installed, install them from your server ... I guess i can now run the adprep commands against the current Win2k DC? ... I assume the old DC is still listed in AD database and DNS. ...
    (microsoft.public.windows.server.active_directory)
  • DNS Errors
    ... I just setup a Win2k DNS server. ... I can get to the internet from my clients ... the address of the Win2k server. ...
    (microsoft.public.win2000.dns)
  • Re: Configure DNS
    ... Subject: Configure DNS ... Default Server: ns1.methodisthealth.org ... When i have configured one of the win2k box as a DNS client, ... If you wish to confirm the origin or content of this communication, ...
    (AIX-L)
  • Re: Win2k to Win2k3 AD Upgrade
    ... Services i can see the dead server still listed, ... The following 2 roles are still assigned to the dead Win2k DC, ... i have new hardware to install ... I assume the old DC is still listed in AD database and DNS. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Win2k to Win2k3 AD Upgrade
    ... and Services i can see the dead server still listed, ... The following 2 roles are still assigned to the dead Win2k DC, ... install Win2k3 on so i can make that another DC, ... I assume the old DC is still listed in AD database and DNS. ...
    (microsoft.public.windows.server.active_directory)