Created site.lan but can only add machines to site domain, not site.lan?

[Leythos]

I created a new forest called site.lan, single server, with server named
S3KOFFICE. The 2003 DCPROMO auto installed DNS and configured
everything, at least it appears to have. I setup DHCP, like I have a
zillion other times, and clients get the scope and the site.lan zone.

When I join a machine to site.lan it gives and error about DNS not
having a site.lan name. If I enter "site" it joins the domain properly.
Once the machine is in the SITE domain when I look at the network
settings the name is "computername.site.lan".

I can ping computername.site.lan and the server too. I can ping just the
workstation or server names without the site.lan part too.

DCDIAG says that the site.lan is not in the Active Directory, but it
says that the machines name "s3koffice.site.lan" is pingable by address
192.168.2.10......

Any ideas?

 

[Steven L Umbach]

So you created a new forest with a single root domain named site.lan.

When you did dcpromo you should have entered site.lan as the FQDN and
hopefully not just "site" which you may have when you were asked for the
netbios name. I don't even know if it will take a name without a period when
it aks for the full domain name - I have never tried it.

I would verify that the zone site.lan is indeed in your forward lookup zone
and that _srv records also exist in the zone - _msdcs, _sites, etc. I assume
you had the domain controller pointing to itself as it's preferred dns
server before dcpromo and that the workstations are pointing to it before
joining the domain. Running dcdiag may be helpful also looking for any
failed tests/warning/errors particularly about dns, domain membership, and
dclist. Also see if Event Viewer has any pertinent events that may help
troubleshoot. --- Steve

 

[Leythos]

So you created a new forest with a single root domain named site.lan.

When you did dcpromo you should have entered site.lan as the FQDN and
hopefully not just "site" which you may have when you were asked for the
netbios name. I don't even know if it will take a name without a period when
it aks for the full domain name - I have never tried it.

No, I entered "site.lan" when I created the FQDN. It's when I go to a
workstation and add it to the domain that I have to enter "SITE" as the
domain since it gives an error when I enter "SITE.LAN".

I would verify that the zone site.lan is indeed in your forward lookup zone
and that _srv records also exist in the zone - _msdcs, _sites, etc. I assume

Yes, all the DNS configuration information is there, not even log
errors, and it appears to work.

you had the domain controller pointing to itself as it's preferred dns
server before dcpromo and that the workstations are pointing to it before
joining the domain. Running dcdiag may be helpful also looking for any

No workstations were in the domain, none existed until the Server was
configured. The server was setup with a fixed IP of 192.168.2.10/24 and
a default gateway of the router 192.168.2.1 - no DNS entry. DCPROMO
added 127.0.0.1 to the DNS setting in the Network config. Once DHCP was
setup all workstations show a zone of "site.lan" and the DNS server as
192.168.2.10.

All workstations participate in the network as station.site.lan, users
are working, profiles roam, redirected folders work, etc...

The only DNS entry the workstations have is the IP of the server, the
server has forwarders for the ISP's DNS server configured in DNS. All
stations can reach all nodes, the server, and the internet by names
without any problem.

When I open REMOTE DESKTOP on any workstation to the server for remote
administration, it opens and the closes (by itself) as soon as the
server desktop appears - no errors, nothing. If I try a remote desktop
session from the server to the server the same thing happens - on my
other servers if I open a RD session to itself I just get a RD that
shows spawning images of RD (which I expect), not a good test, but it
lets me know that something is wrong with this server.

failed tests/warning/errors particularly about dns, domain membership, and
dclist. Also see if Event Viewer has any pertinent events that may help
troubleshoot. --- Steve

I've setup about 40 single forest/domain 2003 servers in the last 4
months, not one of them has been a problem, this one came with the OS
pre-installed (but not configured) and is the only one that did. All the
others were on blank systems and I installed from scratch.

This one is just kicking my a$$.

If you have any other ideas I would appreciate hearing them.

Thanks,
Mark

 

[Kevin D. Goodknecht [MVP]]

In
Have you ran netdiag /fix?

Post the results from netdiag /test:dns /v and ipconfig /all from the DC.

 

[Scott]

First, for starters, does another server work in the same
evironment. In other words, you definitely don't see
this being a physical issue of some kind with the router,
cable, etc.? Another server in place would verify that
the connectivity is functional. It sounds like this is a
test bench so this may be a non-issue.

Next, with all of the troubleshooting steps performed so
far, it may be a prudent step to remove AD. Then
uninstall DNS, WINS, DHCP, Terminal Services Remote
Desktop, etc and reinstall these components. Following
these steps, then re-run dcpromo and see if the issues
are resolved.

Lastly, if the same symptoms return, then the NOS may be
corrupted and a server reload is required. Hopefully,
not but I always find with troubleshooting to go back to
basics.

Hope this helps,

Scott

 

[Leythos]

First, for starters, does another server work in the same
evironment. In other words, you definitely don't see
this being a physical issue of some kind with the router,
cable, etc.? Another server in place would verify that
the connectivity is functional. It sounds like this is a
test bench so this may be a non-issue.

No other server in the network - single server network with 15
workstations.

Next, with all of the troubleshooting steps performed so
far, it may be a prudent step to remove AD. Then
uninstall DNS, WINS, DHCP, Terminal Services Remote
Desktop, etc and reinstall these components. Following
these steps, then re-run dcpromo and see if the issues
are resolved.

This server is running Windows 2003 standard with all updates from MS.

I demoted the server three times (added AD - DCPROMO, tested, failed,
demoted, repeat), removed DNS, DHCP, but Wins and TS were not installed
to start with. I let the Wizard add DNS and AD for me, it's always
worked in the past. Rebooted each time.

Lastly, if the same symptoms return, then the NOS may be
corrupted and a server reload is required. Hopefully,
not but I always find with troubleshooting to go back to
basics.

Yea, I even did a reinstall on top of itself and got the same thing. I
did not wipe/reinstall though.

I had to install it today, and everyone has joined and can use all the
services, folders, security groups, redirected folders, roaming
profiles, etc... It all works, just doesn't like me to join workstations
using "site.lan", I have to use "site" when I join new workstations to
the domain. Oh, the one thing that doesn't work, and it's the only
thing, is that if I do a RD connection to the server that as soon as it
opens to the RD desktop it closed the RD desktop (no error, just
closes).

I did 4 single server 2003 domains last week without any problems, only
this one, which is the only one that came pre-installed, has kicked my
rear-end.

Thanks for the feedback to everyone that replied.

 

[Leythos]

In

Have you ran netdiag /fix?

Post the results from netdiag /test:dns /v and ipconfig /all from the DC.

Here is a result output from the DCDIAG, didn't do a NETDIAG yet.

Any help would be appreciated.

C:\Program Files\Resource Kit>dcdiag /fix
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\S3KADMOFFICE
Starting test: Connectivity
The host 51ecea82-113e-4139-905b-323c1c1ca3bc._msdcs.saylor.lan
could n
ot be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(51ecea82-113e-4139-905b-323c1c1ca3bc._msdcs.saylor.lan)
couldn't be
resolved, the server name (S3KADMOFFICE.saylor.lan) resolved to
the IP
address (192.168.2.10) and was pingable. Check that the IP
address is
registered correctly with the DNS server.
......................... S3KADMOFFICE failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\S3KADMOFFICE
Skipping all tests, because server S3KADMOFFICE is
not responding to directory service requests
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom
Running partition tests on : saylor
Starting test: CrossRefValidation
......................... saylor passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... saylor passed test CheckSDRefDom
Running enterprise tests on : saylor.lan
Starting test: Intersite
......................... saylor.lan passed test Intersite
Starting test: FsmoCheck
......................... saylor.lan passed test FsmoCheck

 

[Ace Fekay [MVP]]

In

Although the Guid DNS name
(51ecea82-113e-4139-905b-323c1c1ca3bc._msdcs.saylor.lan)
couldn't be
resolved, the server name (S3KADMOFFICE.saylor.lan) resolved
to the IP
address (192.168.2.10) and was pingable. Check that the IP
address is
registered correctly with the DNS server.
......................... S3KADMOFFICE failed test

Does this GUID entry exist under the _msdcs zone?

51ecea82-113e-4139-905b-323c1c1ca3bc._msdcs.saylor.lan

That's what it's looking for.

Curious to see the netdiag results.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Leythos]

In


Does this GUID entry exist under the _msdcs zone?

51ecea82-113e-4139-905b-323c1c1ca3bc._msdcs.saylor.lan

That's what it's looking for.

Curious to see the netdiag results.

I can't find the netdiag tool.

No the GUID it snot visible that I can see. Since 2003 auto-added DNS
and created the zones I can't imagine why it would leave that out. I
could put the GUID in myself, but I'm not sure that would be wise.

 

[Ace Fekay [MVP]]

In

I can't find the netdiag tool.

No the GUID it snot visible that I can see. Since 2003 auto-added DNS
and created the zones I can't imagine why it would leave that out. I
could put the GUID in myself, but I'm not sure that would be wise.

--

Netdiag is found by installing the Windows Support Tools off the cdrom.

If W2k3 created it, there should be a separate zone called _msdcs. etc.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Leythos]

In

Netdiag is found by installing the Windows Support Tools off the cdrom.

If W2k3 created it, there should be a separate zone called _msdcs. etc.

there is a zone with that name, same as on all my 2003 servers. The
problem indicates it's looking for:

51ecea82-113e-4139-905b-323c1c1ca3bc._msdcs.saylor.lan

I've demoted the server three times, even installed 2003 on top of
itself while it was demoted, and the problem continues. The only thing I
have not done is wipe/reinstall.

 

[Ace Fekay [MVP]]

In

there is a zone with that name, same as on all my 2003 servers. The
problem indicates it's looking for:

51ecea82-113e-4139-905b-323c1c1ca3bc._msdcs.saylor.lan

I've demoted the server three times, even installed 2003 on top of
itself while it was demoted, and the problem continues. The only
thing I have not done is wipe/reinstall.


--

See if this helps to re-create it:

817470 - HOW TO Reconfigure an _msdcs Subdomain to a Forest-wide DNS
Application Directory Partition When You Upgrade from Win:
http://support.microsoft.com/?id=817470



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Leythos]

In

See if this helps to re-create it:

817470 - HOW TO Reconfigure an _msdcs Subdomain to a Forest-wide DNS
Application Directory Partition When You Upgrade from Win:
http://support.microsoft.com/?id=817470

Thanks, I'll try it on Monday.

 

[Ace Fekay [MVP]]

In

Thanks, I'll try it on Monday.

--

Ok, let us know if it helped.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Leythos]

In
Ok, let us know if it helped.

I have not had time to try it yet, but I thought it worth mentioning
again:

1) Server came with 2003 STD installed, not AD, just the base 2003 STD
installed and what appeared to me a SYSPREP run on it.

2) I entered all setup info, was able to check for updates, then...

3) Did a DCPROMO, created site.lan, let it install and auto-configure
DNS.

4) when trying to join workstations to domain I tried using site.lan as
the domain name, only site worked, not site.lan (Win XP Prof all
updates)....

4.1) After several attempts at demote/promo and uninstalling DNS each
time, I did a reinstall on top of itself. Didn't change anything, same
issues.

5) The only error I get is from the NETDIAG, no event errors, no
indications of a problem in the logs anywhere, and all shared/redirected
folders and all security groups work fine.

6) The only reason I'm concerned is that RD to the server from any
workstation, or from the server to the server (test) closes the RD
window as soon as it authenticates.

I'll try the MS fix, but this was not an upgrade.

Thanks to all that have suggested things - I'll let you know.

 

[Ace Fekay [MVP]]

In

I have not had time to try it yet, but I thought it worth mentioning
again:

1) Server came with 2003 STD installed, not AD, just the base 2003 STD
installed and what appeared to me a SYSPREP run on it.

2) I entered all setup info, was able to check for updates, then...

3) Did a DCPROMO, created site.lan, let it install and auto-configure
DNS.

4) when trying to join workstations to domain I tried using site.lan
as the domain name, only site worked, not site.lan (Win XP Prof all
updates)....

4.1) After several attempts at demote/promo and uninstalling DNS each
time, I did a reinstall on top of itself. Didn't change anything, same
issues.

5) The only error I get is from the NETDIAG, no event errors, no
indications of a problem in the logs anywhere, and all
shared/redirected folders and all security groups work fine.

6) The only reason I'm concerned is that RD to the server from any
workstation, or from the server to the server (test) closes the RD
window as soon as it authenticates.

I'll try the MS fix, but this was not an upgrade.

Thanks to all that have suggested things - I'll let you know.

--

Wow, still occuring. Not sure where the issue is now. Let me know if you
find anything.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Leythos]

In

Wow, still occuring. Not sure where the issue is now. Let me know if you
find anything.

Yes, I have one thing left to try, but I have to wait for their weekend
so that if it blows the AD structure I'll have time to rebuild it.

 

[Ace Fekay [MVP]]

In

Yes, I have one thing left to try, but I have to wait for their
weekend so that if it blows the AD structure I'll have time to
rebuild it.

--

What is that if I may ask?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Leythos]

In

What is that if I may ask?

http://support.microsoft.com/?id=817470

 

[Ace Fekay [MVP]]

In

http://support.microsoft.com/?id=817470

--

Ok, post back and let us know if it worked.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================