Skip to main content

DNS or AD problem?

More
17 years 6 months ago #21615 by KiLLaBeE
DNS or AD problem? was created by KiLLaBeE
After setting up DNS followed Active Directory on my 2000 server, I ran “nslookup experimental.net” and get the following:


Server: pasha.experimental.net
Address: 10.20.25.32

Name: experimental.net
Address: 10.20.25.32



By the way, computer name is "Pasha" and domain name is "experimental.net"

Before, when I setup DNS and AD on a 2003 server, both the "Server:" and the "Name:" section read the same information--computername.servername.net. I suspected that something was wrong. I then ran Active Directory Users and Computers, and received the following error:

Naming information cannot be located because:
The server is not operational.
Contact your system administrator to verify that your domain is properly configured and is currently online.

I looked up the error on Google and it says that TCP/IP filtering may be blocking LDAP traffic, but I verified that all the TCP/IP filters settings were set to "Permit All."

Should I first setup DNS then run DCPROMO, or the other way around?

I used this site ( www.petri.co.il/how_to_install_active_directory_on_w2k.htm ) to assist me in setting up DNS and AD, but the site isn’t well organized and so I must have either skipped something, or added something that shouldn’t have been added. I’ve tried demoting the server, uninstalling DNS and running them again several times, but neither time am I able to get it working properly.

I ask for your assistance in helping me resolve this issue.

Thanks for your time,
K
More
17 years 6 months ago #21617 by S0lo
Replied by S0lo on topic Re: DNS or AD problem?

Should I first setup DNS then run DCPROMO, or the other way around?


You probably know this, but just in case. DCPROMO will offer you to create a DNS server for you while it's promoting to DA. This is probably the easiest way to do it.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
17 years 6 months ago #21618 by Smurf
Replied by Smurf on topic Re: DNS or AD problem?
Have you setup your reverse zone ? The reverse zone is the one that can do the IP to Name translation which is sounds like may be the issue.

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
17 years 6 months ago #21651 by KiLLaBeE
Replied by KiLLaBeE on topic Re: DNS or AD problem?
Ok. I uninstalled DNS and then demoted the server. I then started over, this time I ran DCPROMO and allowed it to config DNS for me. In the end, I ran nslookup and got a worse looking message then what I started with....so I went into DNS and setup the forward and reverse lookup zones, in the end, the nslookup result looked the same as yesterday and when I would try to access AD Users and Computers.....I would receive the same error.....then I looked in event viewer and saw a suggestion of "restart DNS," so I went into DNS and stopped it, then started it, I was then able to pull Users and Computers with no error.

I'm still not sure if the problem is resolved, and I'd hate to imagine that just because no error shows up, that DNS is working fine....only to find out later that internally, the DNS is screwed up.

The result of running nslookup shows the following

Server: pasha.experimental.net
Address: 10.20.25.32

Name: experimental.net
Address: 10.20.25.32

Does it look right? Is it a big deal that they look identical? Again, when I setup a 2003 box with AD, both the Server and Name sections looked the same. Is it different for 2000 Server?

Also, when demoting a server, should I first disable DNS then run DCPROMO, or other way around? Does it matter?

I'll soon start learning Server 2003 and I'll stop asking these silly questions :-P

Thanks again for helping
K
More
17 years 6 months ago #21652 by KiLLaBeE
Replied by KiLLaBeE on topic Re: DNS or AD problem?
Ahhhhhhh, someone shoot me.

I just realized that my firewall must have been blocking LDAP packets, because once I took the firewall down, Users and Computers work well.

K
Time to create page: 0.127 seconds