- Posts: 466
- Thank you received: 0
DNS or AD problem?
17 years 6 months ago #21615
by KiLLaBeE
DNS or AD problem? was created by KiLLaBeE
After setting up DNS followed Active Directory on my 2000 server, I ran “nslookup experimental.net” and get the following:
Server: pasha.experimental.net
Address: 10.20.25.32
Name: experimental.net
Address: 10.20.25.32
By the way, computer name is "Pasha" and domain name is "experimental.net"
Before, when I setup DNS and AD on a 2003 server, both the "Server:" and the "Name:" section read the same information--computername.servername.net. I suspected that something was wrong. I then ran Active Directory Users and Computers, and received the following error:
Naming information cannot be located because:
The server is not operational.
Contact your system administrator to verify that your domain is properly configured and is currently online.
I looked up the error on Google and it says that TCP/IP filtering may be blocking LDAP traffic, but I verified that all the TCP/IP filters settings were set to "Permit All."
Should I first setup DNS then run DCPROMO, or the other way around?
I used this site ( www.petri.co.il/how_to_install_active_directory_on_w2k.htm ) to assist me in setting up DNS and AD, but the site isn’t well organized and so I must have either skipped something, or added something that shouldn’t have been added. I’ve tried demoting the server, uninstalling DNS and running them again several times, but neither time am I able to get it working properly.
I ask for your assistance in helping me resolve this issue.
Thanks for your time,
K
Server: pasha.experimental.net
Address: 10.20.25.32
Name: experimental.net
Address: 10.20.25.32
By the way, computer name is "Pasha" and domain name is "experimental.net"
Before, when I setup DNS and AD on a 2003 server, both the "Server:" and the "Name:" section read the same information--computername.servername.net. I suspected that something was wrong. I then ran Active Directory Users and Computers, and received the following error:
Naming information cannot be located because:
The server is not operational.
Contact your system administrator to verify that your domain is properly configured and is currently online.
I looked up the error on Google and it says that TCP/IP filtering may be blocking LDAP traffic, but I verified that all the TCP/IP filters settings were set to "Permit All."
Should I first setup DNS then run DCPROMO, or the other way around?
I used this site ( www.petri.co.il/how_to_install_active_directory_on_w2k.htm ) to assist me in setting up DNS and AD, but the site isn’t well organized and so I must have either skipped something, or added something that shouldn’t have been added. I’ve tried demoting the server, uninstalling DNS and running them again several times, but neither time am I able to get it working properly.
I ask for your assistance in helping me resolve this issue.
Thanks for your time,
K
17 years 6 months ago #21617
by S0lo
You probably know this, but just in case. DCPROMO will offer you to create a DNS server for you while it's promoting to DA. This is probably the easiest way to do it.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: DNS or AD problem?
Should I first setup DNS then run DCPROMO, or the other way around?
You probably know this, but just in case. DCPROMO will offer you to create a DNS server for you while it's promoting to DA. This is probably the easiest way to do it.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
17 years 6 months ago #21618
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: DNS or AD problem?
Have you setup your reverse zone ? The reverse zone is the one that can do the IP to Name translation which is sounds like may be the issue.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
17 years 6 months ago #21651
by KiLLaBeE
Replied by KiLLaBeE on topic Re: DNS or AD problem?
Ok. I uninstalled DNS and then demoted the server. I then started over, this time I ran DCPROMO and allowed it to config DNS for me. In the end, I ran nslookup and got a worse looking message then what I started with....so I went into DNS and setup the forward and reverse lookup zones, in the end, the nslookup result looked the same as yesterday and when I would try to access AD Users and Computers.....I would receive the same error.....then I looked in event viewer and saw a suggestion of "restart DNS," so I went into DNS and stopped it, then started it, I was then able to pull Users and Computers with no error.
I'm still not sure if the problem is resolved, and I'd hate to imagine that just because no error shows up, that DNS is working fine....only to find out later that internally, the DNS is screwed up.
The result of running nslookup shows the following
Server: pasha.experimental.net
Address: 10.20.25.32
Name: experimental.net
Address: 10.20.25.32
Does it look right? Is it a big deal that they look identical? Again, when I setup a 2003 box with AD, both the Server and Name sections looked the same. Is it different for 2000 Server?
Also, when demoting a server, should I first disable DNS then run DCPROMO, or other way around? Does it matter?
I'll soon start learning Server 2003 and I'll stop asking these silly questions
Thanks again for helping
K
I'm still not sure if the problem is resolved, and I'd hate to imagine that just because no error shows up, that DNS is working fine....only to find out later that internally, the DNS is screwed up.
The result of running nslookup shows the following
Server: pasha.experimental.net
Address: 10.20.25.32
Name: experimental.net
Address: 10.20.25.32
Does it look right? Is it a big deal that they look identical? Again, when I setup a 2003 box with AD, both the Server and Name sections looked the same. Is it different for 2000 Server?
Also, when demoting a server, should I first disable DNS then run DCPROMO, or other way around? Does it matter?
I'll soon start learning Server 2003 and I'll stop asking these silly questions
Thanks again for helping
K
17 years 6 months ago #21652
by KiLLaBeE
Replied by KiLLaBeE on topic Re: DNS or AD problem?
Ahhhhhhh, someone shoot me.
I just realized that my firewall must have been blocking LDAP packets, because once I took the firewall down, Users and Computers work well.
K
I just realized that my firewall must have been blocking LDAP packets, because once I took the firewall down, Users and Computers work well.
K
Time to create page: 0.127 seconds