Domain Controller Router Issue

[Videoplusman]

Hey all,.. we have a Linksys cable/DSL router. DHCP is enabled. We have a 12 PC workgroup. Installed Win 2k AS. What is the easiest/best way to keep the DHCP router and go to Active Directory (DC Promo)? Tried to promote the server last week.Workstations couldn't join the domain.Had lots of DNS errors (5474) in event viewer. Our wish list is to have the router and active directory on this server co-exist.
PS:we de-moted the server last night. We're a workgroup again. Any thoughts?
Thanks, Dave

 

[Tanner]

Solution 1.
ditch your D-Link
get a switch
get a firewall
let the WAN from the Firewall come into the server
make W2K AS do all the routing (Why do you have AS instead of Server?)
LAN card on W2K AS to the switch and out to PCs
DC promo

yeah, this is somewhat complicated and costs money, but if U wanna do it right...do it like this! And, to make things easier, why don't you come up w/ an IP scheme for your 12 computers and give them all statics! I believe that this will simplify life for you - after you learn how to do it all

Solution 2.
forget the statics
still need the switch
make w2KAS do all routing between WAN / LAN
allow it to receive the incoming WAN line (not smart, but cheap)
keep that bad boy updated constantly!

I wouldn't take solution 2 if you wanna keep your data or your job safe!

 

[Videoplusman]

Hey.. thanks for the response..got Win 2K AS in a "Direct Access" deal. Ok, we should keep the router with DHCP, then go into the server then into the hub/switch. All clients have Norton AV 2002 and Zone Alarm 2.6. I keep up on Win Updates constantly. When we DC promo and the wizard asks if this is the first server on the network..I guess we'll choose the 2and option "There are already one or more servers operating in my network. Why? Because the present router is considered a "server" with DNS & DHCP enabled? or just chuck the Linksys (which worked very well...2 years) and keep the server on 24/7. Will the server then config NAT to shield us with a "private network" like the Linksys did?....Man...!

 

[Tanner]

<< just chuck the Linksys (which worked very well...2 years) >>



YES!

stick it here and make a little cash on it.

 

[netsysadmin]

OK...first problem...you never want to expose your Domain Controller to the internet...so you defintely want to keep the router!!...and as far as your DNS problems goes they are not being caused by the DHCP on the router...you are setting up the Active Directory incorrecty on your DC thats why you are having problems!!....I would try to explain to you how its supposed to be setup but I would be typing here all night....I would suggest that go get a good book and learn some more about AD before you try and set it up in a production envirement...it can be your worst nightmare if you dont understand it fully

 

[Tanner]

netsysadmin uh.... what <---he said

but, hey, couldn't you still throw the router out and use the firewall like I said? Y wouldn't that werk?

 

[Videoplusman]

Thanx again, netsysman, can I set up the server as a "member server", then, after we make sure everything is OK. Get it to a DC? We're reading the windows 2000 practical server book among others. But believe it or not, none of these books address this specific issue! It seems to be a comman senerio. AD seems to be worth the effort though.

 

[netsysadmin]

Videoplusman...yeah you can set it up as a member server for the mean time...then DCPromo it later...but keep in mind that any user accounts that you add to it now will be lost when you DCPromo it...yeah AD is not easy and I have heard alot of people having the same problems as you are having with the DNS...there is a method to the setup and if its not followed correctly then you will be screwed...just keep looking for info and you will get it....and if you have any questions email me here john@1320imports.com...good luck!

 

[SQL]

When you ran dcpromo did it go through the steps of setting up a DNS server?

 

[Videoplusman]

Followed the wizard. It did ask me if this is the only/first server on the network. Answered yes but maybe I confused the issue because of the existing router. I definetly got a DNS error written in typical cryptic MS language!

 

[SQL]

Router wouldn't have anything to do with it. Remember the error message at all?

Did you choose a non-existant domain name during DNS creation?

 

[Videoplusman]

I dug out a printed error/resolution for a host. This is fron the MS Knowledge base. It is titled "Windows 2000 Host cannot Join the Domain" (Q266324). Rather than type the symptoms, cause etc, the resolution is one sentence. "To resolve this problem, change the target host of every SRV record in the DNS zone for Active Directory to point to a host or A record. There is another paragraph giving more info. Basically adding "if the SRV record points to an alias rather than a host record, the client suspends its attempt to join the domain and returns an error message.
Again, any of the 12 hosts could not join this domain. I know, like a fool I went to them all and tried!
For those who might be looking in: This seems like it would be a comman setup for a network. A router with 12 hosts. I added a server(HCL compatable) and wanted to make this network into Active Directory. Dealing with a 12 now 13 PC's in a peer-to-peer group on 3 floors ain't fun.

 

[netsysadmin]

OK...let me try and help here...the first thing you want to do befofre setting up AD is point the DNS setting of the server to itself....example...if you server is 192.168.1.100...you will want to point the DNS on the server to 192.168.1.100 before you DCPromo it...then when you DCPromo you will want to setup your server as the first server in your domain...and when its time to pic a domain name I would suggest something like .local rather than .com or .net...example "videoplusman.local" could be your domain....even if you have a dot.com registered do not use it...it will cause DNS problems...the dot.com DNS server is not setup for dynamic entries....Im jumping over a whole bunch of steps but its still early here and I cant remember them right now off the top of my head...sorry...but Im definately hitting the important ones....then after the DCPromo finishes you will want to point the DNS of all you workations to your server...that will allow you to join them to the domain properly...the reason for the problems the first time you did it was because your server tryed to query the DNS of you ISP that was set in its DNS settings....when it query the ISP's DNS server it was looking for a dynamicaly updateable DNS server...well it did not find one...thats why you set the DNS to look at itself before you DCPromo the server....and then since your DNS was messed up there was no way for the workstations to find the domain controller...they rely on DNS to locate the DC...so now I hope that gives you a good start...also I would suggest that you build a second domain controller with DNS for redundency purposes...even if its a less powerful box...because if the first one fails you could have lots of problems...no DNS!!....if you need any other help just email me @ john@1320imports.com

 

[Videoplusman]

Wow, just glanced at this. Looks promising. I'm going to my 2and job now. I'll digest it from there. We do not have a registered domain name yet. The book also said use the "local" extension....When I did the upgrade, I made up a domain.com name. Maybe thats the problem. Thanks again..I'll get on this later.

PS: In the "Host cannot join"..message, under cause: "This behavior can occur if the Domain Name System (DNS) zone file is parallel to the Active Directory domain uses an alias (CNAME) record as the target host of the Service Locator (SRV) records rather than a host or A record. Then they gave an example:

Catch You later', Dave

 

[SQL]

You can do a ipconfig /registerdns which will automatically place the correct entries into DNS. This will create the proper SRV records as well.

 

[Tanner]

<< ipconfig /registerdns >>



what exactly does that do again? Execute this command in the "shell" of the server, right? The AD server that I want to be DC and DNS too?

I had previously seen that in an ipconfig /? that I ran...and couldn't see what it was doing when I typed it...but now I rekon I'll have to figure it out little more info?

 

[Videoplusman]

SQL..so if I understand you... after I do the server promote. I go to the host and at cmd prompt--> ipconfig/registerdns then join the domain? Gotta tell you guys/gals this is embarrassing. I'm going for my MCP in 70-210 iin 2 weeks. I imagine all this good stuff is waiting for me in the 70-215 exam.

 

[netsysadmin]

if you select the active directory integrated DNS(which you should) the client records will automatically set themselves up in the DNS server...so there is no need to do the "ipconfig /registerdns" command

 

[Videoplusman]

Hey Netsysadmin...back at job#1. I'm at the server and opened up the networking services dialog box. I'll click the DNS and WINS boxes. (Have a couple of downclients). I'll install these components and wait. The present ip is 192.168.1.--- . I guess this will give me the DNS to point to the present ip address. The Dell server is waiting.....Dave