In news:1292501c411a9$1f73e250$(E-Mail Removed),
Mr.fixit <(E-Mail Removed)> posted their thoughts, then I offered mine
> See if I can answer these quest?
> We have a central static DNS Services.
> Active Directory is running on a single local site.
> All DC's point to the central static DNS Servicer.
> The central IT staff require this configuration.
>
> We are directed not to run DNS Server on the local site
>
> This is a result of a DC upgrade from W2k to W2k3Server.
> Operating system was rebuilt from scratch, with the above
> mentioned problem.
>
> Also, DNS Services is not running on this server, should
> it be added on the win2kserver?
>
> Thank you for your assistance?
>
Hi Mr Fixit,
Sounds like you're part of a University. Many universities do that and have
control, but they have guidelines if you need to run AD.
Maybe if the system was rebuilt from sratch, then you may have misconfigured
something or left something out. Who knows. Since we cannot get any specific
info about your configuration, then it's ALL guess work. Read on and maybe
from what I mention here may help you to help yourself, otherwise, not sure
what to say.
On the central DNS server that is run by the central IT staff, I am going to
assume that the AD domain zone name has been created on that DNS server and
that dynamic updates have been allowed so your DC can update it's AD
information into it. These records are called SRV (service locator) records
and are necessary for AD functionality. If they do not exist, then AD will
malfunction and you will get numerous errors, one of which you are currently
experiencing.
In a nutshell, when one machine asks another for info about AD or where to
find something in AD, it will ask DNS first, specifically it asks DNS for
the SRV record of that specific type of service. Then once it gets it's
location, then it queries for the IP, then once it finds the IP, it then
connects thru a secure channel. If the SRVs don't exist, then, well, you'll
have problems.
You can run various tests to ensure that the SRVs exist. Here's a couple
links to help you out in this respect and to explain what they are:
Verify DNS RR and SRV with nslookup:
http://www.microsoft.com/technet/tre..._verifySRV.asp
DC Locator DNS Records [SRV, RVP]:
http://www.microsoft.com/technet/tre...NS_Records.asp
239897 - SRV Resource Records May Not Be Created on Domain Controller:
http://support.microsoft.com/default...b;en-us;239897
Run the verifiation tests and see if they show you your SRVs.
For proper SRV registration by domain controllers to work, basically, the AD
DNS domain name, the Primary DNS SUffix of the machine, and the DNS zone
name must all be spelled the same and the zone needs to allow dynamic
updates. If none of this matches, then we've got a problem.
Here's an FAQ of AD & DNS:
http://support.microsoft.com/?id=291382
Don;t what else to say without specific info. Talk to your central IT guys
and explain what's happening and what's required of AD. If you can install
DNS on this machine, and point your users who are using your AD only to this
machine for DNS, then things will work. Then you can create a forwarder to
your central IT DNS.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================
Similar Threads
