PC Review


Reply
Thread Tools Rate Thread

two dc and one dhcp

 
 
Krishna
Guest
Posts: n/a
 
      11th Sep 2006
I have two DC's. Each is indiviual forests. Server A is meant for only
DNS/DHCP services. Server B is for logon, fileserver and other applications.
Now, I have a XP box which obtains IP and DNS from Server A(st.abc.net) but
cannot join Server B (efg.net). How to resolve?

Thanks
Kris


 
Reply With Quote
 
 
 
 
Herb Martin
Guest
Posts: n/a
 
      11th Sep 2006
"Krishna" <(E-Mail Removed)> wrote in message
news:%23K%(E-Mail Removed)...
>I have two DC's. Each is indiviual forests. Server A is meant for only
> DNS/DHCP services. Server B is for logon, fileserver and other
> applications.


Generally it is counter-productive to have two DCs but only
only one of them as a DNS server: DC replication and authentication
both require DNS so if the one with DNS is down clients will
either fail to replicate or experiencing slow logons at best.

> Now, I have a XP box which obtains IP and DNS from Server A(st.abc.net)
> but
> cannot join Server B (efg.net). How to resolve?


Server B is in an different DOMAIN?

You are going to have to clarify this since when you write
2-DCs we presume you mean in a single domain where
both should be using the same DNS-domain-name suffix
(e.g, abc.net OR efg.net but not both.)

If you really do have two domains then each will need its
own DNS ZONE (not necessarily it's 'own' DNS server but
that is common practice.)

Each domain must have that DNS zone and it must be dynamic
to support AD.

If you have more than one domain, or even just multiple DNS
zones, there must be a way for each DNS server to find ALL
such zones to make everything work.

With multiple DNS servers sets (one set for each DNS zone
to support each domain) then you need to find a way to get
from each DNS server to the "other zone" -- usually with
Win2000 you will need each DNS server to hold a 'secondary'
for the "other zone".


--
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


 
Reply With Quote
 
 
 
 
Krishna
Guest
Posts: n/a
 
      12th Sep 2006
Herb Martin,
Thank you for the reply.

As mentioned in my post, two DC's are seperate by itself in its own forest.
Both were installed seperately. Since AD requires DNS so both DC's have DNS.
Server A purpose was to provide IP address, gateway etc (even though it has
DC users don't login to this server). On Server B, some users have to login
to access files, access applications etc. Those users when joining there
computer to Server B domain (efg.net) its not able to find. What I have done
so far is:

a. Trust setup (results in SC error, fix?) on both Servers.
b. DNS forwarders (do see SRV records) on both Servers.

What else?

Thanks


 
Reply With Quote
 
Herb Martin
Guest
Posts: n/a
 
      12th Sep 2006
"Krishna" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Herb Martin,
> Thank you for the reply.
>
> As mentioned in my post, two DC's are seperate by itself in its own
> forest. Both were installed seperately. Since AD requires DNS so both DC's
> have DNS. Server A purpose was to provide IP address, gateway etc (even
> though it has DC users don't login to this server). On Server B, some
> users have to login to access files, access applications etc. Those users
> when joining there computer to Server B domain (efg.net) its not able to
> find. What I have done so far is:
>
> a. Trust setup (results in SC error, fix?) on both Servers.


No additional trusts are needed (or usually useful) in a single
forest since all domains in the forest already trust each other.

> b. DNS forwarders (do see SRV records) on both Servers.


NO.

IF you forward both DNS servers to each other you merely
create an INFINITE loop which crashes or causes errors in
the DNS service.

For Win2000, the standard answer is for EACH DNS Server
(representing EACH DOMAIN) to hold a Secondary DNS
zone for the "other DNS" server.

(There are other choices in Win2003 but these features don't
exist in Win2000.)

Make each DNS hold BOTH DNS zones (i.e., the zones for
each domain.)



--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

> What else?
>
> Thanks
>
>



 
Reply With Quote
 
Krishna
Guest
Posts: n/a
 
      12th Sep 2006
> No additional trusts are needed (or usually useful) in a single
> forest since all domains in the forest already trust each other.


They are in separate forest.

>> b. DNS forwarders (do see SRV records) on both Servers.

>
> NO.


I meant each zone is secondary zone for the other (sorry for the confusion).


 
Reply With Quote
 
Herb Martin
Guest
Posts: n/a
 
      13th Sep 2006
"Krishna" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>> No additional trusts are needed (or usually useful) in a single
>> forest since all domains in the forest already trust each other.

>
> They are in separate forest.


It is generally the case that you also need "NetBIOS name resolution"
for work for EXTERNAL trusts to work. (Trusts between domains
of different forests are ALWAYS 'external' in Win2000.)

IF you have more than one subnet and you need NetBIOS then you
also have a practical need for WINS Server AND for every machine
(including DCs) to be set as WINS CLIENTS on their NIC->IP->
Advanced configuration.

>>> b. DNS forwarders (do see SRV records) on both Servers.

>>
>> NO.

>
> I meant each zone is secondary zone for the other (sorry for the
> confusion).


No "zone" can be secondary for another zone.

A SERVER can hold multiple zones and be secondary for some,
and (possibly) primary for others.

We all make the mistake of saying things like "The DNS server for
the 'first zone'" when the fact is that any DNS server can hold zones
for many different domains and zones -- it's just hard to talk about this
stuff without (imprecisely) claiming that the DNS server FROM the
'first domain' is the 'first zone DNS server'.

Truth is, DNS servers are "for" the zones they hold no matter
whether they 'live in' a particular zone or domain, or neither.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


 
Reply With Quote
 
Krishna
Guest
Posts: n/a
 
      13th Sep 2006
They are in the same subnet. How do I get the external trust work? With the
current setup when clicked on verify results in sc error.


 
Reply With Quote
 
Herb Martin
Guest
Posts: n/a
 
      13th Sep 2006
"Krishna" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> They are in the same subnet. How do I get the external trust work? With
> the current setup when clicked on verify results in sc error.
>


Check the NIC->IP properties -> Advanced ->WINS tab and
make sure ALL DCs have NetBIOS enabled.

Since it is a single subnet you don't need WINS Server and
they can broadcast for each other.

If this doesn't resolve the problem then break the trust and
re-establish it.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>



 
Reply With Quote
 
Krishna
Guest
Posts: n/a
 
      14th Sep 2006
Herb,

You are correct that I was trying via netbios name which is failing. I tried
with DNS name, resolved and working like charm. I will verify again to make
sure Netbios is enabled.
Why do I get Secure channel error in trust setup?

Thanks
Kris


 
Reply With Quote
 
Herb Martin
Guest
Posts: n/a
 
      14th Sep 2006
"Krishna" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Herb,
>
> You are correct that I was trying via netbios name which is failing. I
> tried with DNS name, resolved and working like charm. I will verify again
> to make sure Netbios is enabled.
> Why do I get Secure channel error in trust setup?
>


Did you fix the NetBIOS problem yet? NetBIOS is
generally required for external trusts to work.

You really need both DNS and NetBIOS working for
this.

After that you will need to post the exact error message
and perhaps look in the Event Log for more details (numbers
etc.)


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

> Thanks
> Kris
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How To: 1) Merge two or more projects into One MSWMM file? 2) Open two sessions of MM at the same time on one co,mputer with two active monitors? Joe Hissen Windows XP MovieMaker 0 28th May 2006 10:33 PM
DHCP reservation with two DHCP servers on the same network eddiec Microsoft Windows 2000 Networking 1 23rd Nov 2004 02:32 AM
One DHCP in a one LAN with two AD domains howto? epz Microsoft Windows 2000 DNS 3 3rd Dec 2003 04:17 AM
xp bridge (two wireless routers, one configured for DHCP and the othe not) assigns same MAC address to two pc's kenw Windows XP Networking 0 7th Oct 2003 10:01 PM
RE: ics and dhcp - how to disable dhcp but now ics Marc Reynolds [MSFT] Windows XP Networking 0 21st Aug 2003 12:57 AM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 04:09 PM.