"J.R. Raith" <JRRa***@discussions.microsoft.com> wrote in message
news:4E10A573-DB46-452F-80A0-BB28F9DFD090@microsoft.com...
> Hi everyone,
>
> This is going to be extremely newbie-ish and probably long-winded. Sorry
> for
> both in advance.
>
> I have a server that used to be Server NT 4 running as a Domain Controller
> *purely* to manage user access to some computers. These computers run
> Win98,
> NT4 and 2k and cannot be upgraded.
>
> Due to the MS067-08 vulnerability and non-release of a patch for NT4, we
> need to upgrade the server to Server 2003. I tried a straight "upgrade"
> and
> met with lots of failure, so in the end I am going for "clean slate".
>
> So far, I have wiped the hard drive and installed Server 2003 R2 and
> updated
> it. I have also run dcpromo. I selected the pre-windows 2000 computer
> option
> and I let dcpromo install a local DNS server, though it's not necessary.
>
> Now here are the catches:
> 1. I am a small cog at a big university. I do not have direct control over
> DNS servers.
> 2. We don't *need* DNS resolution. All of the computers that will be
> joining
> this domain already have DNS names that are at the same level as the
> Domain
> Controller.
>
> I know this isn't a standard setup, which is why I'm here -- I've done
> Server 2003 and DNS stuff in the past, but not like this, haha. :)
>
> Here's the slightly obfuscated example:
>
> Server is Server 2003 R2 and "lab-server.university.edu" (yes the server
> has
> a hyphen in the name)
> Computer1 is Win2k and "computer1.university.edu"
> Computer2 is Win98 and "computer2.university.edu"
> etc.
> Domain is called "lab.university.edu"; netbios name is "lab".
>
> We have been able to set up an Alias record in DNS to make
> lab.university.edu the same as lab-server.university.edu.
>
> When I try to join the domain computer1, I get the "can't find the domain
> server; could be a DNS issue go.microsoft.com/fw=5171" -- something to
> that
> effect; 5171 is the right error message.
>
> What am I doing wrong? I really *only* need a NETBIOS domain, but that's
> not
> possible after WinNT Server, right? Do I need SRV and A records in DNS for
> this to work? What if I can't get those?
>
> Thanks in advance... I've been pulling my hair out for a couple of weeks
> now. I'm just too inexperienced to figure this one out.
>
> Best regards,
> J.R. Raith

"Danny Sanders" wrote:

> > 2. We don't *need* DNS resolution. All of the computers that will be
> > joining
>
> Actually AD totally relies on DNS so it can function correctly.
>
> Basic DNS setup is Install DNS on the AD server and point the AD DNS server
> to itself in the properties of tcp/ip. Use the actual IP address not
> 127.0.0.1. Point ALL AD clients to the DNS server setup for the AD domain
> ONLY. For Internet acces set up forwarding and list (in your case) the
> University servers as the forwarders. This is the ONLY place on your AD
> domain where the University servers should be listed is as a forwarder.
>
> AD clients MUST find the DNS SRV records in order to "find" the domain.
> Pointiong the DNS server to itself for DNS allows the server to register the
> SRV record in it's DNAS zone. Pointing the clients to the DNS server setup
> for the AD domain will allow the AD clients to find the SRV record they need
> to "find" the domain. Remember servers are AD clients also.
>
> You are isolating your AD domain from the University domain. You will use
> your AD DNS server to "find" resources in your AD domain. You will use the
> University DNS server as a forwarder to find sites on the internet
>
> hth
> DDS
>
>
>
> "J.R. Raith" <JRRa***@discussions.microsoft.com> wrote in message
> news:4E10A573-DB46-452F-80A0-BB28F9DFD090@microsoft.com...
> > Hi everyone,
> >
> > This is going to be extremely newbie-ish and probably long-winded. Sorry
> > for
> > both in advance.
> >
> > I have a server that used to be Server NT 4 running as a Domain Controller
> > *purely* to manage user access to some computers. These computers run
> > Win98,
> > NT4 and 2k and cannot be upgraded.
> >
> > Due to the MS067-08 vulnerability and non-release of a patch for NT4, we
> > need to upgrade the server to Server 2003. I tried a straight "upgrade"
> > and
> > met with lots of failure, so in the end I am going for "clean slate".
> >
> > So far, I have wiped the hard drive and installed Server 2003 R2 and
> > updated
> > it. I have also run dcpromo. I selected the pre-windows 2000 computer
> > option
> > and I let dcpromo install a local DNS server, though it's not necessary.
> >
> > Now here are the catches:
> > 1. I am a small cog at a big university. I do not have direct control over
> > DNS servers.
> > 2. We don't *need* DNS resolution. All of the computers that will be
> > joining
> > this domain already have DNS names that are at the same level as the
> > Domain
> > Controller.
> >
> > I know this isn't a standard setup, which is why I'm here -- I've done
> > Server 2003 and DNS stuff in the past, but not like this, haha. :)
> >
> > Here's the slightly obfuscated example:
> >
> > Server is Server 2003 R2 and "lab-server.university.edu" (yes the server
> > has
> > a hyphen in the name)
> > Computer1 is Win2k and "computer1.university.edu"
> > Computer2 is Win98 and "computer2.university.edu"
> > etc.
> > Domain is called "lab.university.edu"; netbios name is "lab".
> >
> > We have been able to set up an Alias record in DNS to make
> > lab.university.edu the same as lab-server.university.edu.
> >
> > When I try to join the domain computer1, I get the "can't find the domain
> > server; could be a DNS issue go.microsoft.com/fw=5171" -- something to
> > that
> > effect; 5171 is the right error message.
> >
> > What am I doing wrong? I really *only* need a NETBIOS domain, but that's
> > not
> > possible after WinNT Server, right? Do I need SRV and A records in DNS for
> > this to work? What if I can't get those?
> >
> > Thanks in advance... I've been pulling my hair out for a couple of weeks
> > now. I'm just too inexperienced to figure this one out.
> >
> > Best regards,
> > J.R. Raith
>

"GJarvie756" wrote:

> I am not sure on how your your other servers are connecting to the new server
> but you may need WINS Installed on your server on to resolve netbios names for Windows 98. or
> if the servers at the univisity have it on then they will help resolving
> netbios names.
>
> "Danny Sanders" wrote:
>
> > > 2. We don't *need* DNS resolution. All of the computers that will be
> > > joining
> >
> > Actually AD totally relies on DNS so it can function correctly.
> >
> > Basic DNS setup is Install DNS on the AD server and point the AD DNS server
> > to itself in the properties of tcp/ip. Use the actual IP address not
> > 127.0.0.1. Point ALL AD clients to the DNS server setup for the AD domain
> > ONLY. For Internet acces set up forwarding and list (in your case) the
> > University servers as the forwarders. This is the ONLY place on your AD
> > domain where the University servers should be listed is as a forwarder.
> >
> > AD clients MUST find the DNS SRV records in order to "find" the domain.
> > Pointiong the DNS server to itself for DNS allows the server to register the
> > SRV record in it's DNAS zone. Pointing the clients to the DNS server setup
> > for the AD domain will allow the AD clients to find the SRV record they need
> > to "find" the domain. Remember servers are AD clients also.
> >
> > You are isolating your AD domain from the University domain. You will use
> > your AD DNS server to "find" resources in your AD domain. You will use the
> > University DNS server as a forwarder to find sites on the internet
> >
> > hth
> > DDS
> >
> >
> >
> > "J.R. Raith" <JRRa***@discussions.microsoft.com> wrote in message
> > news:4E10A573-DB46-452F-80A0-BB28F9DFD090@microsoft.com...
> > > Hi everyone,
> > >
> > > This is going to be extremely newbie-ish and probably long-winded. Sorry
> > > for
> > > both in advance.
> > >
> > > I have a server that used to be Server NT 4 running as a Domain Controller
> > > *purely* to manage user access to some computers. These computers run
> > > Win98,
> > > NT4 and 2k and cannot be upgraded.
> > >
> > > Due to the MS067-08 vulnerability and non-release of a patch for NT4, we
> > > need to upgrade the server to Server 2003. I tried a straight "upgrade"
> > > and
> > > met with lots of failure, so in the end I am going for "clean slate".
> > >
> > > So far, I have wiped the hard drive and installed Server 2003 R2 and
> > > updated
> > > it. I have also run dcpromo. I selected the pre-windows 2000 computer
> > > option
> > > and I let dcpromo install a local DNS server, though it's not necessary.
> > >
> > > Now here are the catches:
> > > 1. I am a small cog at a big university. I do not have direct control over
> > > DNS servers.
> > > 2. We don't *need* DNS resolution. All of the computers that will be
> > > joining
> > > this domain already have DNS names that are at the same level as the
> > > Domain
> > > Controller.
> > >
> > > I know this isn't a standard setup, which is why I'm here -- I've done
> > > Server 2003 and DNS stuff in the past, but not like this, haha. :)
> > >
> > > Here's the slightly obfuscated example:
> > >
> > > Server is Server 2003 R2 and "lab-server.university.edu" (yes the server
> > > has
> > > a hyphen in the name)
> > > Computer1 is Win2k and "computer1.university.edu"
> > > Computer2 is Win98 and "computer2.university.edu"
> > > etc.
> > > Domain is called "lab.university.edu"; netbios name is "lab".
> > >
> > > We have been able to set up an Alias record in DNS to make
> > > lab.university.edu the same as lab-server.university.edu.
> > >
> > > When I try to join the domain computer1, I get the "can't find the domain
> > > server; could be a DNS issue go.microsoft.com/fw=5171" -- something to
> > > that
> > > effect; 5171 is the right error message.
> > >
> > > What am I doing wrong? I really *only* need a NETBIOS domain, but that's
> > > not
> > > possible after WinNT Server, right? Do I need SRV and A records in DNS for
> > > this to work? What if I can't get those?
> > >
> > > Thanks in advance... I've been pulling my hair out for a couple of weeks
> > > now. I'm just too inexperienced to figure this one out.
> > >
> > > Best regards,
> > > J.R. Raith
> >

>> 2. We don't *need* DNS resolution. All of the computers that will be
>> joining
>
> Actually AD totally relies on DNS so it can function correctly.
>
> Basic DNS setup is Install DNS on the AD server and point the AD DNS
> server to itself in the properties of tcp/ip. Use the actual IP address
> not 127.0.0.1. Point ALL AD clients to the DNS server setup for the AD
> domain ONLY. For Internet acces set up forwarding and list (in your
> case) the University servers as the forwarders. This is the ONLY place
> on your AD domain where the University servers should be listed is as a
> forwarder.
>
> AD clients MUST find the DNS SRV records in order to "find" the domain.
> Pointiong the DNS server to itself for DNS allows the server to register
> the SRV record in it's DNAS zone. Pointing the clients to the DNS server
> setup for the AD domain will allow the AD clients to find the SRV record
> they need to "find" the domain. Remember servers are AD clients also.
>
> You are isolating your AD domain from the University domain. You will
> use your AD DNS server to "find" resources in your AD domain. You will
> use the University DNS server as a forwarder to find sites on the internet
>
> hth
> DDS
>
>
>
> "J.R. Raith" <JRRa***@discussions.microsoft.com> wrote in message
> news:4E10A573-DB46-452F-80A0-BB28F9DFD090@microsoft.com...
>> Hi everyone,
>>
>> This is going to be extremely newbie-ish and probably long-winded.
>> Sorry for
>> both in advance.
>>
>> I have a server that used to be Server NT 4 running as a Domain
>> Controller
>> *purely* to manage user access to some computers. These computers run
>> Win98,
>> NT4 and 2k and cannot be upgraded.
>>
>> Due to the MS067-08 vulnerability and non-release of a patch for NT4, we
>> need to upgrade the server to Server 2003. I tried a straight
>> "upgrade" and
>> met with lots of failure, so in the end I am going for "clean slate".
>>
>> So far, I have wiped the hard drive and installed Server 2003 R2 and
>> updated
>> it. I have also run dcpromo. I selected the pre-windows 2000 computer
>> option
>> and I let dcpromo install a local DNS server, though it's not necessary.
>>
>> Now here are the catches:
>> 1. I am a small cog at a big university. I do not have direct control
>> over
>> DNS servers.
>> 2. We don't *need* DNS resolution. All of the computers that will be
>> joining
>> this domain already have DNS names that are at the same level as the
>> Domain
>> Controller.
>>
>> I know this isn't a standard setup, which is why I'm here -- I've done
>> Server 2003 and DNS stuff in the past, but not like this, haha. :)
>>
>> Here's the slightly obfuscated example:
>>
>> Server is Server 2003 R2 and "lab-server.university.edu" (yes the
>> server has
>> a hyphen in the name)
>> Computer1 is Win2k and "computer1.university.edu"
>> Computer2 is Win98 and "computer2.university.edu"
>> etc.
>> Domain is called "lab.university.edu"; netbios name is "lab".
>>
>> We have been able to set up an Alias record in DNS to make
>> lab.university.edu the same as lab-server.university.edu.
>>
>> When I try to join the domain computer1, I get the "can't find the domain
>> server; could be a DNS issue go.microsoft.com/fw=5171" -- something to
>> that
>> effect; 5171 is the right error message.
>>
>> What am I doing wrong? I really *only* need a NETBIOS domain, but
>> that's not
>> possible after WinNT Server, right? Do I need SRV and A records in DNS
>> for
>> this to work? What if I can't get those?
>>
>> Thanks in advance... I've been pulling my hair out for a couple of weeks
>> now. I'm just too inexperienced to figure this one out.
>>
>> Best regards,
>> J.R. Raith
>

> Hi Everyone,
>
> Thanks for all of your help thus far and your suggestions. I really
> appreciate this. :)
>
> I understand the need for DNS. Got it.
>
> Still having trouble, though:
>
> lab-server.university.edu has its own IP address (not 127.0.0.1) as
> the only DNS Server entry under Network Connections -> Local Area
> Connection -> Properties -> TCP/IP.
>
> lab-server.university.edu has the two DNS server IP addresses that I
> know set up in the DNS server as forwarders. lab-server can ping any
> address (that is pingable) and surf the web no sweat. So DNS
> forwarding is working on lab-server.
>
> The DNS server was installed as part of the dcpromo process. The
> middle option was chosen ("Install a DNS server on this computer and
> use it for DNS queries" or something to that effect). In DNS, I see:
> LAB-SERVER
> -Forward Lookup Zones
> --_msdcs.lab.university.edu
> --lab.university.edu
> ---_msdcs
> -Reverse Lookup Zones
> -Event Viewer
>
> I don't see any SRV records, though... Am I wrong to expect that the
> dcpromo process should have done that? Could I have borked that in
> some way? (likely? :) heh). There is an A record under
> lab.university.edu pointing lab-server to its IP. There is also a NS
> and SOA record there, each showing lab-server.university.edu.
>
> computer1.university.edu has its IP address set and the DNS server is
> the IP address for lab-server.university.edu with no other DNS servers
> in its listing. computer1.university.edu cannot contact the domain
> lab.university.edu. Further, it does not appear to be resolving DNS
> correctly -- if I try to ping lab-server.university.edu, it returns
> "unknown host". But it can find it by NETBIOS, which I expect (since,
> of course, NETBIOS doesn't depend on DNS for resolution).
>
> I think this is all pointing to my DNS server being incorrectly set
> up, but I'm not sure what I'm doing wrong. I took a class in Active
> Directory a few years back, but damn if I don't remember having this
> much trouble last time... haha.
>
> Thanks again for all of your help... Hopefully I can pick up as much
> knowledge as you guys some day. :)
> Regards,
> J.R.
>

> In news:u5r6I0OqJHA.1184@TK2MSFTNGP04.phx.gbl,
> JR Raith <james.raith***@colorado.edu>, posted the following:
>> Hi Everyone,
>>
>> Thanks for all of your help thus far and your suggestions. I really
>> appreciate this. :)
>>
>> I understand the need for DNS. Got it.
>>
>> Still having trouble, though:
>>
>> lab-server.university.edu has its own IP address (not 127.0.0.1) as
>> the only DNS Server entry under Network Connections -> Local Area
>> Connection -> Properties -> TCP/IP.
>>
>> lab-server.university.edu has the two DNS server IP addresses that I
>> know set up in the DNS server as forwarders. lab-server can ping any
>> address (that is pingable) and surf the web no sweat. So DNS
>> forwarding is working on lab-server.
>>
>> The DNS server was installed as part of the dcpromo process. The
>> middle option was chosen ("Install a DNS server on this computer and
>> use it for DNS queries" or something to that effect). In DNS, I see:
>> LAB-SERVER
>> -Forward Lookup Zones
>> --_msdcs.lab.university.edu
>> --lab.university.edu
>> ---_msdcs
>> -Reverse Lookup Zones
>> -Event Viewer
>>
>> I don't see any SRV records, though... Am I wrong to expect that the
>> dcpromo process should have done that? Could I have borked that in
>> some way? (likely? :) heh). There is an A record under
>> lab.university.edu pointing lab-server to its IP. There is also a NS
>> and SOA record there, each showing lab-server.university.edu.
>>
>> computer1.university.edu has its IP address set and the DNS server is
>> the IP address for lab-server.university.edu with no other DNS servers
>> in its listing. computer1.university.edu cannot contact the domain
>> lab.university.edu. Further, it does not appear to be resolving DNS
>> correctly -- if I try to ping lab-server.university.edu, it returns
>> "unknown host". But it can find it by NETBIOS, which I expect (since,
>> of course, NETBIOS doesn't depend on DNS for resolution).
>>
>> I think this is all pointing to my DNS server being incorrectly set
>> up, but I'm not sure what I'm doing wrong. I took a class in Active
>> Directory a few years back, but damn if I don't remember having this
>> much trouble last time... haha.
>>
>> Thanks again for all of your help... Hopefully I can pick up as much
>> knowledge as you guys some day. :)
>> Regards,
>> J.R.
>>
>
> As a refresher from your class, here are some basics behind AD:
>
> As you've already aware of now, AD requires DNS. AD stores AD reource
> and service locations in DNS as SRV records. Hera are some more things
> to check as to why registration may not be working, which is why the SRV
> records are missing. This is a broad list, but they can all contribute
> to registration not working.
>
> 1) External DNS servers are configured under TCP/IP properties.  Only
> use internal DNS servers when part of an Active
>
> Directory domain.  AD Domain machines must ever be pointed at an
> external (ISP) DNS server or even use an ISP DNS
>
> server as an "Alternate DNS server".
>
> 2. Are any services disabled such as the DHCP Client service? (it's
> required).
>
> No DNS Name Resolution or DNS registration functions if DHCP Client
> Service Is Not Running
> http://support.microsoft.com/?id=268674
>
> Dynamic DNS Updates Do Not Work if the DHCP Client Service Stops
> http://support.microsoft.com/?id=264539
>
> 3. AD/DNS zone not configured to allow dynamic updates.
>
> 4. Make sure 'Register this connection's address" in DNS is enabled
> under TCP/IP properties.
>
> 5. Missing or incorrect "Primary DNS suffix" or "Connection-specific DNS
> suffix" of the domain to which the machine
>
> belongs.  With a missing/incorrect DNS suffix a machine cannot find the
> correct zone to register in. If missing or
>
> incorrect, it is called a Disjoined Domain Name.
>
> 6. Is the firewall service enabled? (disable it).
>
> 7. Were the default C: drive permissions altered and was a hotfix
> installed a recently?
>
> "Systems that have changed the default Access Control List permissions
> on the
> %windir%\registration directory may experience various problems after you
> install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC"
> http://support.microsoft.com/kb/909444
>
> For more info about this issue, see:
> http://blogs.technet.com/steriley/archive/2005/11/08/414002.aspx
>
> 8. If using Secure Updates: Not authenticated to the domain (which can
> be due to DNS misconfiguration or DNS server
>
> problem)
>
> 9. Is the File and Print services enabled?
>
> 10. Microsoft Client Services enabled?
>
> 11. Is DNS listening on the private LAN interface?
>
> 12. More than one NIC?
>
> 13. Updates allowed on the zone?
>
> 14. Primary DNS suffix matches the zone name in DNS and the AD domain name?
>
> 15. Was Zone Alarm ever installed on these machines?
>
> 16. Any Event log errors?
>
> 17. Was a Reg entry configured to stop registration?
> 246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations
> (per NIC too):
> http://support.microsoft.com/?id=246804
>
> 18. Spyware or something else such as DotNetDns installed on it?
>
> 19. Single Label Domain Name?
>
> 20. Netlogon and DFS services are started.
>
> 21. Malware or virus altering network services preventing it from
> registering.
>
> 22. Some sort of firewall in place, whether the Windows firewall
> disabling File and Print Services, or a 3rd party
>
> firewall, which many AV programs now have built in and must be adjusted
> to allow this sort of traffic and exclude the
>
> NTDS and SYSVOL folders
>
>
>
>
> 291382 - Frequently asked questions about Windows 2000 DNS and Windows
> Server 2003 DNS
> http://support.microsoft.com/?id=291382
>
> 825036 - Best practices for DNS client settings in Windows 2000 Server
> and in Windows Server 2003
> http://support.microsoft.com/?id=825036
>
> Do not configure the DNS client settings on the domain controllers to
> point to your Internet Service Provider's (ISP's) DNS servers or any
> other DNS other than the DNS hosting the AD zone
> http://smtp25.blogspot.com/2007/05/do-not-configure-dns-client-settings-on_818.html
>
>
> Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
> Domain (whether it was upgraded or not, this is full of useful
> information relating to AD and DNS, among other info):
> http://support.microsoft.com/?id=555040
>
>

> In news:u3Jml5WqJHA.4564@TK2MSFTNGP02.phx.gbl,
> JR Raith <james.raith***@colorado.edu>, posted the following:
>> Thanks for the helpful list -- I'll be checking it off shortly.
>>
>> Before I even begin, though, am I to understand that DHCP is required?
>> Our DHCP is hosted elsewhere and the IPs for the computers in the lab
>> are set as Static.
>>
>
> No, but the DHCP CLient Service is REQUIRED, whether a machine is static
> IPs or not. This service does the actual registration and resolving.
> Kind of a misnomer. I provided two links concerning this service in my
> previous post at the top of the list. You may have missed them. I am
> reposting them for you here, for your convenience:
>
> No DNS Name Resolution or DNS registration functions if DHCP Client
> Service Is Not Running
> http://support.microsoft.com/?id=268674
>
> Dynamic DNS Updates Do Not Work if the DHCP Client Service Stops
> http://support.microsoft.com/?id=264539
>
>
> Ace
>

"JR Raith" <james.raith***@colorado.edu> wrote in message
news:u5r6I0OqJHA.1184@TK2MSFTNGP04.phx.gbl...
> Hi Everyone,
>
> Thanks for all of your help thus far and your suggestions. I really
> appreciate this. :)
>
> I understand the need for DNS. Got it.
>
> Still having trouble, though:
>
> lab-server.university.edu has its own IP address (not 127.0.0.1) as the
> only DNS Server entry under Network Connections -> Local Area
> Connection -> Properties -> TCP/IP.
>
> lab-server.university.edu has the two DNS server IP addresses that I know
> set up in the DNS server as forwarders. lab-server can ping any address
> (that is pingable) and surf the web no sweat. So DNS forwarding is working
> on lab-server.
>
> The DNS server was installed as part of the dcpromo process. The middle
> option was chosen ("Install a DNS server on this computer and use it for
> DNS queries" or something to that effect). In DNS, I see:
> LAB-SERVER
> -Forward Lookup Zones
> --_msdcs.lab.university.edu
> --lab.university.edu
> ---_msdcs
> -Reverse Lookup Zones
> -Event Viewer
>
> I don't see any SRV records, though... Am I wrong to expect that the
> dcpromo process should have done that? Could I have borked that in some
> way? (likely? :) heh). There is an A record under lab.university.edu
> pointing lab-server to its IP. There is also a NS and SOA record there,
> each showing lab-server.university.edu.
>
> computer1.university.edu has its IP address set and the DNS server is the
> IP address for lab-server.university.edu with no other DNS servers in its
> listing. computer1.university.edu cannot contact the domain
> lab.university.edu. Further, it does not appear to be resolving DNS
> correctly -- if I try to ping lab-server.university.edu, it returns
> "unknown host". But it can find it by NETBIOS, which I expect (since, of
> course, NETBIOS doesn't depend on DNS for resolution).
>
> I think this is all pointing to my DNS server being incorrectly set up,
> but I'm not sure what I'm doing wrong. I took a class in Active Directory
> a few years back, but damn if I don't remember having this much trouble
> last time... haha.
>
> Thanks again for all of your help... Hopefully I can pick up as much
> knowledge as you guys some day. :)
> Regards,
> J.R.
>
>
>
> Danny Sanders wrote:
>>> 2. We don't *need* DNS resolution. All of the computers that will be
>>> joining
>>
>> Actually AD totally relies on DNS so it can function correctly.
>>
>> Basic DNS setup is Install DNS on the AD server and point the AD DNS
>> server to itself in the properties of tcp/ip. Use the actual IP address
>> not 127.0.0.1. Point ALL AD clients to the DNS server setup for the AD
>> domain ONLY. For Internet acces set up forwarding and list (in your case)
>> the University servers as the forwarders. This is the ONLY place on your
>> AD domain where the University servers should be listed is as a
>> forwarder.
>>
>> AD clients MUST find the DNS SRV records in order to "find" the domain.
>> Pointiong the DNS server to itself for DNS allows the server to register
>> the SRV record in it's DNAS zone. Pointing the clients to the DNS server
>> setup for the AD domain will allow the AD clients to find the SRV record
>> they need to "find" the domain. Remember servers are AD clients also.
>>
>> You are isolating your AD domain from the University domain. You will use
>> your AD DNS server to "find" resources in your AD domain. You will use
>> the University DNS server as a forwarder to find sites on the internet
>>
>> hth
>> DDS
>>
>>
>>
>> "J.R. Raith" <JRRa***@discussions.microsoft.com> wrote in message
>> news:4E10A573-DB46-452F-80A0-BB28F9DFD090@microsoft.com...
>>> Hi everyone,
>>>
>>> This is going to be extremely newbie-ish and probably long-winded. Sorry
>>> for
>>> both in advance.
>>>
>>> I have a server that used to be Server NT 4 running as a Domain
>>> Controller
>>> *purely* to manage user access to some computers. These computers run
>>> Win98,
>>> NT4 and 2k and cannot be upgraded.
>>>
>>> Due to the MS067-08 vulnerability and non-release of a patch for NT4, we
>>> need to upgrade the server to Server 2003. I tried a straight "upgrade"
>>> and
>>> met with lots of failure, so in the end I am going for "clean slate".
>>>
>>> So far, I have wiped the hard drive and installed Server 2003 R2 and
>>> updated
>>> it. I have also run dcpromo. I selected the pre-windows 2000 computer
>>> option
>>> and I let dcpromo install a local DNS server, though it's not necessary.
>>>
>>> Now here are the catches:
>>> 1. I am a small cog at a big university. I do not have direct control
>>> over
>>> DNS servers.
>>> 2. We don't *need* DNS resolution. All of the computers that will be
>>> joining
>>> this domain already have DNS names that are at the same level as the
>>> Domain
>>> Controller.
>>>
>>> I know this isn't a standard setup, which is why I'm here -- I've done
>>> Server 2003 and DNS stuff in the past, but not like this, haha. :)
>>>
>>> Here's the slightly obfuscated example:
>>>
>>> Server is Server 2003 R2 and "lab-server.university.edu" (yes the server
>>> has
>>> a hyphen in the name)
>>> Computer1 is Win2k and "computer1.university.edu"
>>> Computer2 is Win98 and "computer2.university.edu"
>>> etc.
>>> Domain is called "lab.university.edu"; netbios name is "lab".
>>>
>>> We have been able to set up an Alias record in DNS to make
>>> lab.university.edu the same as lab-server.university.edu.
>>>
>>> When I try to join the domain computer1, I get the "can't find the
>>> domain
>>> server; could be a DNS issue go.microsoft.com/fw=5171" -- something to
>>> that
>>> effect; 5171 is the right error message.
>>>
>>> What am I doing wrong? I really *only* need a NETBIOS domain, but that's
>>> not
>>> possible after WinNT Server, right? Do I need SRV and A records in DNS
>>> for
>>> this to work? What if I can't get those?
>>>
>>> Thanks in advance... I've been pulling my hair out for a couple of weeks
>>> now. I'm just too inexperienced to figure this one out.
>>>
>>> Best regards,
>>> J.R. Raith
>>

>> I don't see any SRV records, though... Am I wrong to expect that the
>> dcpromo process should have done that? Could I have borked that in some
>
>
> The SRV records are registered during the netlogon process. If you can't
> restart the server run net stop netlogon followed by net start netlogon
> and check for the SRV records.
>
> See:
> How to verify that SRV DNS records have been created for a domain
> controller
> http://support.microsoft.com/kb/816587
> How To Reregister SRV records of a Domain Controller In DNS Zone
> http://support.microsoft.com/kb/556002
>
>
> hth
> DDS
>
> "JR Raith" <james.raith***@colorado.edu> wrote in message
> news:u5r6I0OqJHA.1184@TK2MSFTNGP04.phx.gbl...
>> Hi Everyone,
>>
>> Thanks for all of your help thus far and your suggestions. I really
>> appreciate this. :)
>>
>> I understand the need for DNS. Got it.
>>
>> Still having trouble, though:
>>
>> lab-server.university.edu has its own IP address (not 127.0.0.1) as
>> the only DNS Server entry under Network Connections -> Local Area
>> Connection -> Properties -> TCP/IP.
>>
>> lab-server.university.edu has the two DNS server IP addresses that I
>> know set up in the DNS server as forwarders. lab-server can ping any
>> address (that is pingable) and surf the web no sweat. So DNS
>> forwarding is working on lab-server.
>>
>> The DNS server was installed as part of the dcpromo process. The
>> middle option was chosen ("Install a DNS server on this computer and
>> use it for DNS queries" or something to that effect). In DNS, I see:
>> LAB-SERVER
>> -Forward Lookup Zones
>> --_msdcs.lab.university.edu
>> --lab.university.edu
>> ---_msdcs
>> -Reverse Lookup Zones
>> -Event Viewer
>>
>> I don't see any SRV records, though... Am I wrong to expect that the
>> dcpromo process should have done that? Could I have borked that in
>> some way? (likely? :) heh). There is an A record under
>> lab.university.edu pointing lab-server to its IP. There is also a NS
>> and SOA record there, each showing lab-server.university.edu.
>>
>> computer1.university.edu has its IP address set and the DNS server is
>> the IP address for lab-server.university.edu with no other DNS servers
>> in its listing. computer1.university.edu cannot contact the domain
>> lab.university.edu. Further, it does not appear to be resolving DNS
>> correctly -- if I try to ping lab-server.university.edu, it returns
>> "unknown host". But it can find it by NETBIOS, which I expect (since,
>> of course, NETBIOS doesn't depend on DNS for resolution).
>>
>> I think this is all pointing to my DNS server being incorrectly set
>> up, but I'm not sure what I'm doing wrong. I took a class in Active
>> Directory a few years back, but damn if I don't remember having this
>> much trouble last time... haha.
>>
>> Thanks again for all of your help... Hopefully I can pick up as much
>> knowledge as you guys some day. :)
>> Regards,
>> J.R.
>>
>>
>>
>> Danny Sanders wrote:
>>>> 2. We don't *need* DNS resolution. All of the computers that will be
>>>> joining
>>>
>>> Actually AD totally relies on DNS so it can function correctly.
>>>
>>> Basic DNS setup is Install DNS on the AD server and point the AD DNS
>>> server to itself in the properties of tcp/ip. Use the actual IP
>>> address not 127.0.0.1. Point ALL AD clients to the DNS server setup
>>> for the AD domain ONLY. For Internet acces set up forwarding and list
>>> (in your case) the University servers as the forwarders. This is the
>>> ONLY place on your AD domain where the University servers should be
>>> listed is as a forwarder.
>>>
>>> AD clients MUST find the DNS SRV records in order to "find" the
>>> domain. Pointiong the DNS server to itself for DNS allows the server
>>> to register the SRV record in it's DNAS zone. Pointing the clients to
>>> the DNS server setup for the AD domain will allow the AD clients to
>>> find the SRV record they need to "find" the domain. Remember servers
>>> are AD clients also.
>>>
>>> You are isolating your AD domain from the University domain. You will
>>> use your AD DNS server to "find" resources in your AD domain. You
>>> will use the University DNS server as a forwarder to find sites on
>>> the internet
>>>
>>> hth
>>> DDS
>>>
>>>
>>>
>>> "J.R. Raith" <JRRa***@discussions.microsoft.com> wrote in message
>>> news:4E10A573-DB46-452F-80A0-BB28F9DFD090@microsoft.com...
>>>> Hi everyone,
>>>>
>>>> This is going to be extremely newbie-ish and probably long-winded.
>>>> Sorry for
>>>> both in advance.
>>>>
>>>> I have a server that used to be Server NT 4 running as a Domain
>>>> Controller
>>>> *purely* to manage user access to some computers. These computers
>>>> run Win98,
>>>> NT4 and 2k and cannot be upgraded.
>>>>
>>>> Due to the MS067-08 vulnerability and non-release of a patch for
>>>> NT4, we
>>>> need to upgrade the server to Server 2003. I tried a straight
>>>> "upgrade" and
>>>> met with lots of failure, so in the end I am going for "clean slate".
>>>>
>>>> So far, I have wiped the hard drive and installed Server 2003 R2 and
>>>> updated
>>>> it. I have also run dcpromo. I selected the pre-windows 2000
>>>> computer option
>>>> and I let dcpromo install a local DNS server, though it's not
>>>> necessary.
>>>>
>>>> Now here are the catches:
>>>> 1. I am a small cog at a big university. I do not have direct
>>>> control over
>>>> DNS servers.
>>>> 2. We don't *need* DNS resolution. All of the computers that will be
>>>> joining
>>>> this domain already have DNS names that are at the same level as the
>>>> Domain
>>>> Controller.
>>>>
>>>> I know this isn't a standard setup, which is why I'm here -- I've done
>>>> Server 2003 and DNS stuff in the past, but not like this, haha. :)
>>>>
>>>> Here's the slightly obfuscated example:
>>>>
>>>> Server is Server 2003 R2 and "lab-server.university.edu" (yes the
>>>> server has
>>>> a hyphen in the name)
>>>> Computer1 is Win2k and "computer1.university.edu"
>>>> Computer2 is Win98 and "computer2.university.edu"
>>>> etc.
>>>> Domain is called "lab.university.edu"; netbios name is "lab".
>>>>
>>>> We have been able to set up an Alias record in DNS to make
>>>> lab.university.edu the same as lab-server.university.edu.
>>>>
>>>> When I try to join the domain computer1, I get the "can't find the
>>>> domain
>>>> server; could be a DNS issue go.microsoft.com/fw=5171" -- something
>>>> to that
>>>> effect; 5171 is the right error message.
>>>>
>>>> What am I doing wrong? I really *only* need a NETBIOS domain, but
>>>> that's not
>>>> possible after WinNT Server, right? Do I need SRV and A records in
>>>> DNS for
>>>> this to work? What if I can't get those?
>>>>
>>>> Thanks in advance... I've been pulling my hair out for a couple of
>>>> weeks
>>>> now. I'm just too inexperienced to figure this one out.
>>>>
>>>> Best regards,
>>>> J.R. Raith
>>>
>

> Hi everyone,
>
> This is going to be extremely newbie-ish and probably long-winded.
> Sorry for both in advance.
>
> I have a server that used to be Server NT 4 running as a Domain
> Controller *purely* to manage user access to some computers. These
> computers run Win98, NT4 and 2k and cannot be upgraded.
>
> Due to the MS067-08 vulnerability and non-release of a patch for NT4,
> we need to upgrade the server to Server 2003. I tried a straight
> "upgrade" and met with lots of failure, so in the end I am going for
> "clean slate".
>
> So far, I have wiped the hard drive and installed Server 2003 R2 and
> updated it. I have also run dcpromo. I selected the pre-windows 2000
> computer option and I let dcpromo install a local DNS server, though
> it's not necessary.
>
> Now here are the catches:
> 1. I am a small cog at a big university. I do not have direct control
> over
> DNS servers.
> 2. We don't *need* DNS resolution. All of the computers that will be
> joining
> this domain already have DNS names that are at the same level as the
> Domain
> Controller.
> I know this isn't a standard setup, which is why I'm here -- I've done
> Server 2003 and DNS stuff in the past, but not like this, haha. :)
>
> Here's the slightly obfuscated example:
>
> Server is Server 2003 R2 and "lab-server.university.edu" (yes the
> server has
> a hyphen in the name)
> Computer1 is Win2k and "computer1.university.edu"
> Computer2 is Win98 and "computer2.university.edu"
> etc.
> Domain is called "lab.university.edu"; netbios name is "lab".
> We have been able to set up an Alias record in DNS to make
> lab.university.edu the same as lab-server.university.edu.
>
> When I try to join the domain computer1, I get the "can't find the
> domain server; could be a DNS issue go.microsoft.com/fw=5171" --
> something to that effect; 5171 is the right error message.
>
> What am I doing wrong? I really *only* need a NETBIOS domain, but
> that's not possible after WinNT Server, right? Do I need SRV and A
> records in DNS for this to work? What if I can't get those?
>
> Thanks in advance... I've been pulling my hair out for a couple of
> weeks now. I'm just too inexperienced to figure this one out.
>
> Best regards,
> J.R. Raith

"J.R. Raith" <JRRa***@discussions.microsoft.com> wrote in message
news:4E10A573-DB46-452F-80A0-BB28F9DFD090@microsoft.com...
> Hi everyone,
>
> This is going to be extremely newbie-ish and probably long-winded. Sorry
> for
> both in advance.
>
> I have a server that used to be Server NT 4 running as a Domain Controller
> *purely* to manage user access to some computers. These computers run
> Win98,
> NT4 and 2k and cannot be upgraded.
>
> Due to the MS067-08 vulnerability and non-release of a patch for NT4, we
> need to upgrade the server to Server 2003. I tried a straight "upgrade"
> and
> met with lots of failure, so in the end I am going for "clean slate".
>
> So far, I have wiped the hard drive and installed Server 2003 R2 and
> updated
> it. I have also run dcpromo. I selected the pre-windows 2000 computer
> option
> and I let dcpromo install a local DNS server, though it's not necessary.
>
> Now here are the catches:
> 1. I am a small cog at a big university. I do not have direct control over
> DNS servers.
> 2. We don't *need* DNS resolution. All of the computers that will be
> joining
> this domain already have DNS names that are at the same level as the
> Domain
> Controller.
>
> I know this isn't a standard setup, which is why I'm here -- I've done
> Server 2003 and DNS stuff in the past, but not like this, haha. :)
>
> Here's the slightly obfuscated example:
>
> Server is Server 2003 R2 and "lab-server.university.edu" (yes the server
> has
> a hyphen in the name)
> Computer1 is Win2k and "computer1.university.edu"
> Computer2 is Win98 and "computer2.university.edu"
> etc.
> Domain is called "lab.university.edu"; netbios name is "lab".
>
> We have been able to set up an Alias record in DNS to make
> lab.university.edu the same as lab-server.university.edu.
>
> When I try to join the domain computer1, I get the "can't find the domain
> server; could be a DNS issue go.microsoft.com/fw=5171" -- something to
> that
> effect; 5171 is the right error message.
>
> What am I doing wrong? I really *only* need a NETBIOS domain, but that's
> not
> possible after WinNT Server, right? Do I need SRV and A records in DNS for
> this to work? What if I can't get those?
>
> Thanks in advance... I've been pulling my hair out for a couple of weeks
> now. I'm just too inexperienced to figure this one out.
>
> Best regards,
> J.R. Raith