Trying to setup DC but client computers can't see it

[reck]

Trying to setup DC but client computers can't see it


Hi I'm having some problems (DNS I think) with a windows 2003 server I've setup as a domain controller. Basically when I try and get computers to join the domain it can't find the domain.

Here is some background information.

I work in a department where all our computers are connected to a university domain. We login with active directory accounts setup on their DC server and we get our IP address from their DHCP server which also configures DNS.

Now we are trying to setup our own Win 2003 server in our lab which will be configured as a domain controller. Once setup we will join all our computers to our domain and login using accounts setup in active directory. So the computers will still get their IP address from the university DHCP server but will be members of and login to our domain.

So I've setup the server has a DC and as part of the dcpromo routine I setup the server to be a DNS server as well. Now the problem is that when I try and join a computer to this domain it can't find my DC. I'm sure the problem is with DNS because all the computers get their settings from the DCHP server including it's DNS addresses it knows nothing about my DC right? I altered my network settings on my computer to use my DC as the DNS and it seemed to work last week, but now it's not working at all, it can't find my DC. So what should my next step be? Do I need to ask the university to do something their end or can I handle this setup from my end?

From a DNS point of view I thought I could set the DNS address of all the client computers to point to our DC and then at the DC end add in the DNS address for the universitys DNS servers so it could forward queries it doesn't know about, does this sound ok?

Many thanks

[UCHEEKYMONKEY]

Hello reck and Welcome to CF

Can you ping the server you setting up the DNS on?

secondary have you set the subnet mask and default gateway to the correct IP address on the computers you are trying to attached to the network?

[reck]

Hello, and thanks for the welcome.

I can ping the server using it's IP address, but when I ping the domain name mydom.local it doesn't work. The client computers IP, mask and gateway are issued from the university DHCP server. The server also has a static IP on the same subnet.

[slypie]

It could be the security settings on the university's domain. I would of thought it would be best to create a seperate Domain to the Uni and make the DC a DHCP & DNS server as well. That way you shouldn't need the Uni servers to interact with the cleints.

[JonGlory]

Sounds like the dns is coming form the uni server, which has no idea about the server you have set up. maybe just static assign address to the clients and your server, make sure its on a different network, once your done, just set the clients back to "obtain ip address"

[reck]

slypie, I don't believe this is a security setting that the university have set, more like a configuration setting that I've got wrong. Unfortunately I can't set our server up as DHCP because the computers need to keep their university IP address as we will still need to use the university network for internet access as well as other services and these will only work with uni assigned IP addresses.

Jon yep I think this is what's going on because the dns address for all the client computers is coming down from their dhcp server. I've altered the setting on one of the computers so it still get's it IP address automatically via dhcp but I've changed the dns setting from automatic to point to my DC instead. This was enough to get it working last week but today I just can't get it to see the domain.

But does this setup sound like something that should work ok from a dns point of view?

In summary:

Set the client computers network settings to continue to get their IP address from the uni DHCP. But change the DNS setting from DHCP to manual and then enter my DC IP address as the DNS address.

Then on my DC add in the uni's DNS addresses into the forwarders?

[greenbrucelee]

I would agree with manually setting the addreses.

[slypie]

Quote:

Originally Posted by greenbrucelee

I would agree with manually setting the addreses.

Agreed I would make using static IP's your first port of call.

[reck]

Quote:

Originally Posted by greenbrucelee

I would agree with manually setting the addreses.

Which address are you talking about, the DNS address?

[slypie]

Quote:

Originally Posted by reck

Which address are you talking about, the DNS address?

Static IP, DNS, Default Gateway and Subnet Mask. I've had to do this in the past to force it to join the domain I'd setup. After joining the domain I then reverted back to DHCP.

[reck]

OK i've manually entered all the network settings into a client machine (insteadof dhcp). Typed in an ip address, mask, gateway and set the dns server to point to the my dc. Still no go. I can ping the server ok from the client computer but it has no idea what mydom.local is. I tried typing nslookup mydom.local but I got an error saying "DNS request timed out. Can't find server name for {my dc's server ip}: timed out".

So if I have a dc setup with dns running and then set a client's dns to point to this server why can't it see mydom.local. At the start when I ran dcpromo it said I need a dns server so I selected make this computer a dns server and let it configure it itself. Is there anything else I needed to do?

Also I've made the dc a WINS server and set the clients WINS to point to the DC but this hasn't made any difference so neither DNS or WINS is working, not sure where to start with this.

[nugget]

Well I would start with taking 1 pc out of the university domain and trying to join it to your domain.

Also have you set your domains dns server to forward dns requests to the universitys server?

Edit:

Quote:

Originally Posted by reck

The server also has a static IP on the same subnet.

Maybe some of the more knowledgable guys will know but wouldn't this also be a problem, a domain controller for a different domain on the same subnet?

[reck]

Hey nugget,

I have tried many times to join this computer to the domain, but at the moment the computer can't find mydom.local (my win server 2003 DC) so until I find out why i'm not going to be able to join it.

[greenbrucelee]

are the admin passwords the same?

[reck]

OK I think I've found out what the problem is, the window firewall running on the DC. I'm sure the firewall has always been running but it's stopping me from joining computers to the domain. If I turn the firewall off I can ping mydom.local and have also just joined a computer to it with no problems.

So I'm sure you can guess the next question. What is the firewall blocking that’s stopping computers from joining the domain? I can't remember ever having to manually add exceptions to the windows firewall in order for active directory to work ok.