Workstation resolves incorrect NIC of server

[Joel]

I've got a weird AD/DNS issue with a weird environment. I'm not exactly
sure where I ought to post this. Perhaps it is not possible to accomplish
this in this manner exactly. Let me describe as simply as I am able....

My ultimate objective is to add an xp workstation in another location to a
domain.

We've got a Win2k3 domain controller (DC1) running ad integrated dns in
location A. 2 nic cards, one is 10.2.x.x ip address, the other is
198.70.x.x. DNS appears to be working fine according to the server.
Nslookups are happy anyway.

At location B we have an xp workstation (wrk1) we would like to connect to
the domain. His static ip address is 10.144.x.x. The first and only entry
for dns is the 198.70.x.x address for the server. Wrk1 is able to ping the
198.70.x.x IP of DC1. Wrk1 is unable to join the domain, the error message
is that the domain could not be contacted. Further information is that
nslookup on wrk1 does not work. Also when I try to ping DC1 by name, it is
not successful because it is trying to connect to the 10.2.x.x address!

I'm sure that it would be a step in the right direction if a ping to the
server from the workstation would indicate that it was trying to connect to
the 198.70.x.x address. Why is he trying to connect to the 10.2.x.x
address?

Any ideas are appreciated! Thanks, Joel

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I've got a weird AD/DNS issue with a weird environment.
I'm not exactly sure where I ought to post this. Perhaps
it is not possible to accomplish this in this manner
exactly. Let me describe as simply as I am able....

My ultimate objective is to add an xp workstation in
another location to a domain.

We've got a Win2k3 domain controller (DC1) running ad
integrated dns in location A. 2 nic cards, one is
10.2.x.x ip address, the other is 198.70.x.x. DNS
appears to be working fine according to the server.
Nslookups are happy anyway.

At location B we have an xp workstation (wrk1) we would
like to connect to the domain. His static ip address is
10.144.x.x. The first and only entry for dns is the
198.70.x.x address for the server. Wrk1 is able to ping
the 198.70.x.x IP of DC1. Wrk1 is unable to join the
domain, the error message is that the domain could not be
contacted. Further information is that nslookup on wrk1
does not work. Also when I try to ping DC1 by name, it
is not successful because it is trying to connect to the
10.2.x.x address!

I'm sure that it would be a step in the right direction
if a ping to the server from the workstation would
indicate that it was trying to connect to the 198.70.x.x
address. Why is he trying to connect to the 10.2.x.x
address?

Any ideas are appreciated! Thanks, Joel

Do you have a VPN setup from the Wkstation to the domain?
If you have your DC properly configured file sharing and the domain
resources are only available on the private NIC, so therefore you need a VPN
and connection between the two private networks. You certainly don't want
your domain resouces available on the public NIC (198.70.x.x is a public
address)

 

[Joel]

Yes Kevin,
It is via a vpn connection that the workstation contacts the server. It
still is not working though. Any ideas on how I can get it to resolve the
server name to help it connect to the domain?

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Yes Kevin,
It is via a vpn connection that the workstation contacts
the server. It still is not working though. Any ideas
on how I can get it to resolve the server name to help it
connect to the domain?

Is your public domain name the same as your private domain name?
If it is this is a common issue and why it is not recommended to give your
AD domain the same name as your public domain. You will need to add your
domain controller name and IP to your hosts file.

 

[Joel]

Yes, the public domain name currently is the same as the private (at least
nothing further was configured). I understand this is not recommended.
Where can I make this change?

Currently the server name and IP is in DNS and the server is ok with
nslookup.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Yes, the public domain name currently is the same as the
private (at least nothing further was configured). I
understand this is not recommended. Where can I make this
change?

Currently the server name and IP is in DNS and the server
is ok with nslookup.

You have to add the entry to hosts file on the Workstation.

 

[Joel]

Got it!! Thanks Kevin.

Added a reverse lookup zone in dns to that public ip subnet. Then added
that public ip as a secondary ip address bound to the nic on the server.
Rebooted the workstations and they connected to the domain!