unable to login to domain

G

Guest

After installing a new win2000 ad in a domain that has only one win2000 ad ,
and moving the operations master role to the new box. The front end system
are unable to login to the domain while the old box off line. Nslookup is
unable to resolve the domain name even though I was able to ping the domain
name from the front end. The old box was taking off line because it has
performance issues . I know it has something to with dns , but I don’t how to
resolve it. Thanks for the help!
 
P

ptwilliams

This is because all the (DNS) clients are pointing at the DC that is
offline. You need to ensure that *all* systems have more than one entry for
DNS in their TCP/IP Settings.

You also need to ensure that both DCs are GCs

How to remove a DC from the domain:
-- http://www.msresource.net/content/view/23/47/


How to replace a DC with new hardware:
-- http://www.msresource.net/content/view/24/47/


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
After installing a new win2000 ad in a domain that has only one win2000 ad
,
and moving the operations master role to the new box. The front end system
are unable to login to the domain while the old box off line. Nslookup is
unable to resolve the domain name even though I was able to ping the domain
name from the front end. The old box was taking off line because it has
performance issues . I know it has something to with dns , but I don't how
to
resolve it. Thanks for the help!
 
G

Guest

Hello Paul,

DC1 has two nic cards with following settings

Nic 1 (lan)

Ip address 1921.168.1.1
SM 255.255.255.0
Default G 192.168.1.1
DNS 192.168.1.1


Nic 2 ( WAN) Connects to Watch Guard fire box SOHO 6tc(192.168.111.1) and
the router is connect to the Fire Box

IP 192.168.111.2
SM 255.255.255.0
DG 192.168.111.1

DNS 12.108.132.6
12.108.132.7
This is how Dc1 is setup and all the clients are able to logon to the
domain.I followed your instructions.I did point the client DNS to the new
DC2 ip address , after taking DC 1 off line,but with no success.

DC2 settings as follows
Nic1
IP 192.168.1.2
SM 255.255.255.0
DG 192.168.1.2

DNS 192.168.1.2

Nic2
IP 192.168.111.2
SM 255.255.255.0
DG 192.168.111.1

DNS 12.108.132.6
12.108.132.7
Front End client
Ip 192.168.1.10
SM 255.255.255.0
DG 192.168.1.2

DNS 192.168.1.2
 
P

ptwilliams

You've got public DNS listed - this is going to cause you no end of
problems, even with tweaks to the binding order and DG, etc.

Also, you should not have two default gateways on one machine.

I recommend you re-evaluate this setup. What are you trying to achieve? I
would get rid of the DG on NIC1 and the DNS on NIC2. I would then configure
that server to forward DNS to those public addresses. You can modify the
routing table if you need to reach other internal subnets from these DCs.

The same goes for the new DC.

Clients (servers are DNS clients too) **MUST** point to an internal DNS
server; they should **NEVER** point to an external DNS server. Allow the
resolution of external names through root hints, forwarders, a proxy or a
mixture of these.

You may be able to get some things working by changing the binding order
and/ or modifying the DG metrics; however you will still encounter issues
with this setup.


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
Hello Paul,

DC1 has two nic cards with following settings

Nic 1 (lan)

Ip address 1921.168.1.1
SM 255.255.255.0
Default G 192.168.1.1
DNS 192.168.1.1


Nic 2 ( WAN) Connects to Watch Guard fire box SOHO 6tc(192.168.111.1) and
the router is connect to the Fire Box

IP 192.168.111.2
SM 255.255.255.0
DG 192.168.111.1

DNS 12.108.132.6
12.108.132.7
This is how Dc1 is setup and all the clients are able to logon to the
domain.I followed your instructions.I did point the client DNS to the new
DC2 ip address , after taking DC 1 off line,but with no success.

DC2 settings as follows
Nic1
IP 192.168.1.2
SM 255.255.255.0
DG 192.168.1.2

DNS 192.168.1.2

Nic2
IP 192.168.111.2
SM 255.255.255.0
DG 192.168.111.1

DNS 12.108.132.6
12.108.132.7
Front End client
Ip 192.168.1.10
SM 255.255.255.0
DG 192.168.1.2

DNS 192.168.1.2
 
G

Guest

Hello Paul,

With DC1 settings, clients are able to logon to the domain and go on line.
In any rate, how do I configure the server to forward DNS request to an
external DNS address? . By the way I have exchange 2000 on Dc1 and I
installed a new Exchange on DC2, which will not mount the Exchange store
because Of DNS issues( I guess).
I am thinking about reinstalling DNS on the new box and demote then promot
again, what do you think? Thanks Paul.
 
P

ptwilliams

Don't do anything drastic like uninstall/ demote etc. just yet; this is
probably just a simple misconfiguration.

**ALL** members of the domain, including the domain controllers themselves,
are DNS clients; and cannot function without DNS. Therefore you **must**
ensure that everyone points to a working, internal DNS server (in fact you
should ensure that all clients point to at least two DNS servers for
resilllience).

You configure a DNS server to forward to a public DNS server by
right-clicking on the server (in the DNS MMC snap-in) and going to the
forwarders tab.

You must also ensure that your DNS server accepts automatic updates (not
strictly necessary but a nightmare without this) and that the DHCP client
service *is* running on all DCs.

So, what you should do is this:

Configure the network adapter bindings so that the internal NIC is on top on
both servers (Network connections\ advanced\ advanced settings...)

Get rid of the default gateway on the internal NICs (only have a DG on the
external NICs)

Get rid of the DNS settings on the public NICs.

Ensure that the internal DNS settings are pointing to the DCs.

Now, with all this done, restart the netlogon service on each DC. ***At
this point, it may be beneficial to point DC2 at DC1 for DNS, and change
this back to point to itself once you've restarted netlogon and allowed for
replication.

Ensure that all PCs, member servers, etc. are pointing to both DCs for DNS
(the order does not matter; the second is a failover if the first cannot be
contacted -not if the first cannot resolve a name).

You should also ensure that both of these DCs are GCs:
-- http://www.msresource.net/content/view/25/47/

GCs are very important in native mode domains, and for exchange!!

Hope this helps,


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
Hello Paul,

With DC1 settings, clients are able to logon to the domain and go on line.
In any rate, how do I configure the server to forward DNS request to an
external DNS address? . By the way I have exchange 2000 on Dc1 and I
installed a new Exchange on DC2, which will not mount the Exchange store
because Of DNS issues( I guess).
I am thinking about reinstalling DNS on the new box and demote then promot
again, what do you think? Thanks Paul.
 
G

Guest

Hello Paul,

I would like to thank you for the time you took to help me out. I will
follow up on your guidlines as soon as I get back to work . I will keep you
posted. Thanks again!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top