Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Active Directory problems 1

Status
Not open for further replies.
birkato

birkato

Technical User
Feb 16, 2005
4
US
I am getting the error that "no authority could be contacted" when I try to get into AD on a win2k server. I have read and read about this and most sources tell me it is a DNS problem, but my DNS seems to be working fine. My network is: a DSL connection coming into the server with a public IP. The server provides firewall and NAT. Another NIC in the server is hooked to the LAN. Server is providing DNS & DHCP. All clients are pointed to the private side of the server as their only DNS server. DNS on the server has a forward lookupzone with the server listed as SOA, NS and a couple of A records, as well as the A records for both of the server's IP's and a few clients. The reverse lookup zone is set up for the LAN's 10.0.0.x network and is registering all of the clients just fine.

Two annomalies here: one is that I am missing a SRV folder in the forward lookup zone that people tell me I should have called '_udp', is it OK that I am missing this? I have recreated the zone before and it didn't show up.

Also, when I ran netdiag, I noticed that the netbios domain name was ATO-ISU and the DNS domain name is atoisu.com. Someone told me these must be identical for the DNS to work properly. Is this true? If so the only way to rename would be to dcpromo and remake the domain correct?
Net diag also fails the netBT transports tests. I don't know what the signifigance of this is.

Any ideas as to what my problem might be would be greatly appreciated.
 
Sort by date Sort by votes
1. not true about netbios and dns... it can have a different name. There may be consequences, but dns not working is not one of them...

2. for the SRV folder, check see if your dns console is in 'advanced view' mode, these entries are not visible in normal mode.

3. if still not visible, non existant...
on your dc, open cmd console and type:
net stop netlogon
net start netlogon
ipconfig /registerdns

this should recreate in dns all necessary entries for your DC

Aftertaf

"Resolve is never stronger than the night before it was never weaker
 
Upvote 0 Downvote
Hi birkato, you mention

"as well as the A records for both of the server's IP's"

I believe you should only have the internal ip address registered in your dns. This address should be used for your NS record as well.
 
Upvote 0 Downvote
So the SOA, NS, and A records on the DNS pertaining to the server should only contain the 10.0.0.x address?

Right now there are 8 entries in my forward zone:

(same as parent folder) SOA [33]atoisu.atoisu.com, admin.atoisu.com with both of the server's IP addresses tied to it.

(same as parent folder) NS atoisu.atoisu.com again with both the server's IP addresses tied to it.

(same as perent folder) A points to the public IP address in server

(same as perent folder) A points to the private '10.0.0.2' IP address in server

atoisu A pointing to the public IP address

atoisu A 10.0.0.2

One of the clients also has an A record pointing to its IP

points to the public IP address

Are you saying that in the first 2 entries I should remove the pointer to the server's public IP address and only have the 10.0.0.2 address remain? And then remove the 3rd entry (A record for public IP) altogether? These were all created automatically (with the exception of the to make the web server work).

I tried to reregister the DNS like aftertaf suggested with no luck. I have tried that before as well. I am still missing the _udp SRV folder, which I am told I need to have in there but don't know why.

Also, just curious, what are some of the consequences of having a NETBIOS and DNS domain name have different entries?

Thanks for the help!
 
Upvote 0 Downvote
have you found 'advanced mode'?

Aftertaf

"Resolve is never stronger than the night before it was never weaker
 
Upvote 0 Downvote
Yes, I switched to Advanced mode, I can see the same view in both modes. All that changes is that 'a' records change to 'Alias' SOA changes to Start of Authority. I can still see the SRV folders and no new ones appear.
 
Upvote 0 Downvote
what do you see in the srv folders????

Aftertaf

"Resolve is never stronger than the night before it was never weaker
 
Upvote 0 Downvote
The SRV folders I see are _msdcs _sites and _tcp. As far as what's in them, there are all kinds of subdirectories and entries in each SRV folder, except _tcp which has only two entries in it a _gc and _ldap entry. I don't much about what is contained in these folders and I'm not even sure I am supposed to have that missing _udp SRV folder, but it is not there. Does this all sound normal?
 
Upvote 0 Downvote
good one moorethan :)


Aftertaf

"Resolve is never stronger than the night before it was never weaker
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
245
julis2103
julis2103
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
973
goombawaho
goombawaho
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
211
geneg28
geneg28
axilleas
  • Locked
  • Question
Windows 2012 R2 Active directory problem after applying GPO
Replies
7
Views
503
technome
technome
mkrausnick
  • Locked
  • Question
Can't write to folder even though Active Directory effective permissions shows full control
Replies
1
Views
247
mkrausnick
mkrausnick

Part and Inventory Search

Sponsor

Back
Top