TechSpot

Server 2003 Active Directory Problems

By RJ831
Jul 8, 2009
Topic Status:
Not open for further replies.
  1. Ok so we've been handed the task of setting up Active Directory for my school. We currently have 3 servers that have Server 2003 Standard edition. I'm trying to set up my first server which will be the Domain Controller (the other 2 will also be domain controllers.) The name of our domain is catz.k12.ca.us. The server has a static IP set and I'm having a problem with DNS. We DO NOT have a dns server at our campus. Our DNS is supplied by the county so all the schools near us use the same DNS ip (the server is in the city next to us about 25 miles away). The setup looked pretty straight forward. I ran DCPROMO and then when it came time to test for DNS, it failed. I got an error saying this:
    "Diagnostic Failed
    The registration diagnostic has been run 1 time.

    Warning: Domain Controller functions like joining a domain, logging onto a domain, and Active Directory replication will not be available until the DNS infrastructure for Active Directory is correctly configured.

    The wizard encountered an error while trying to determine if the DNS server with which this domain controller will register supports dynamic updates.

    For more information, including steps to correct this problem, see Help.

    Details
    The primary DNS server tested was: catz.k12.ca.us (205.155.43.2)

    The zone was: catz.k12.ca.us

    The test for dynamic DNS update support returned:
    "DNS bad key."
    (error code 0x00002339 RCODE_BADKEY)


    I'm not sure what i've done wrong. I've done pretty much everything by the book and I'm just wondering if there's a problem because we're not using our own DNS server. Our DNS server is in fact 205.155.43.2 but for some reason it's giving me that error. I've tried selecting the option that says "Let DCPROMO fix this problem etc" and it DOES work but it takes 5 minutes for my test users to login. Can anyone help? Thanks in advance!!!!
     
  2. jobeard

    jobeard TS Ambassador Posts: 13,426   +317

    You need to have the DNS localized to your systems, but it is not a FULL blown all encompassing system -- just the local SERVER addresses will be there.
    You then configure it to perform and external referral to whatever full DNS you please.

    Depending upon how the client systems are used, you can have them entered into your DNS when they login and removed with they logout.
     
  3. gguerra

    gguerra TS Enthusiast Posts: 559

    Yes you will need a local DNS for AD. The way I usually do it is I have the DHCP server set the DNS settings for our clients. The first setting is the IP of the local DNS server and the second and third are the IP's of the public DNS servers. I would use IP's instead of the names to simplify things and not have to have your local DNS resolve your public DNS. It is really no big deal to set up a local DNS server as it pretty much requires no maintenance on your part. I set up DNS on the master domain controller or "Schema Master" as it is called in Server 2K3. In your case you would only have a second (205.155.43.2) and not a third setting. Here is an article that may help http://support.microsoft.com/kb/814591
     
  4. RJ831

    RJ831 TS Rookie Topic Starter Posts: 92

    Ok I think I know what you're trying to say. SO when I set up AD, I should select "Setup DNS Manually" right? Can I setup DNS on the MAIN Domain Controller? Thx for that microsoft tip!
     
  5. RJ831

    RJ831 TS Rookie Topic Starter Posts: 92

    Still need help!! So after reading a little more into this, I now have more insight. I read this http://support.microsoft.com/kb/814591 and it was very useful. I still have some questions though. Am I supposed to chage the DNS IP address to the Static IP address of the server?? So if my server address is 172.16.58.90, should I set the DNS IP to 172.16.58.90 BEFORE I start with configuring DNS?? Also, I got really confused when it came to Step 5 (on the link above). As I stated before, we'll have 3 domain controllers for 2 schools and in the winter we'll be setting up another 3 domain controllers which will be setup as a child domain (for the 2 lower elementary schools we have). SO shal I go with Create Forward lookup zone, which is recommended for small networks OR shall I go with Create Forward and reverse lookup zones which is recommended for large networks. I'm considering going with Forward and reverse lookup zones because I have reason to believe that our network will be growing each year. ALSO, it's asking me what type of zone I want to create. I have no clue what this means lol. It says Primary zone, secondary zone or stub zone. Then it asks for zone name which is more confusing to me :/
     
  6. gguerra

    gguerra TS Enthusiast Posts: 559

    Yes set it up on the MAIN domain controller (actually called schema master)
    Do Forward and Reverse, The type will be Integrated Primary on the Forward lookup zone and the name will be the same as your machine on the domain (i.e. machinename.k12.ca.us) You dont change the DNS IP of any machine till your DNS is in place.. This is why it is taking 5 minutes to login.
     
  7. RJ831

    RJ831 TS Rookie Topic Starter Posts: 92

    Thank you sooo much gguera, I really appreciate your time and help with this, you're the man!! So the zone should be the name of the server box or it should be the name of the domain? The full "Computer Name" is SRV1 and the name of our domain will be catz.k12.ca.us. Thank all of you for your help, i've learned sooo much in soo little time and I have you guys and this site to thank. Thanks again.
     
  8. gguerra

    gguerra TS Enthusiast Posts: 559

    not sure what the catz means in your domain. So it would either be srv1.catz.k12.ca.us or srv1.k12.ca.us It would probably be the first one. This is just the name of the zone. When you configure the DNS settinga for the clients it would be the IP address of this machine as the primary and the secondary would be 205.155.43.2
     
  9. RJ831

    RJ831 TS Rookie Topic Starter Posts: 92

    catz is the name of our mascot lol. My boss wanted the domain name to be catz.k12.ca.us. Are you saying we're better off naming our domain k12.ca.us? Or would the first one work. I just want this to be done right the first time so I don't have to undo anything and confuse myself even more, hehe.
     
  10. gguerra

    gguerra TS Enthusiast Posts: 559

    if catz is your mascot and therefore represents your campus then you need to keep it.

    That is your domain and you would NOT want to change it. Although in that context you could name it anything you want. Go ahead and keep it.

    k12.ca.us would be the organization and catz would be your identity within that organization

    I'm assuming k12 represents the school system, the ca is California and the us is of course U.S.

    You would use something else besides catz if the machine was located on another campus.

    P.S. In fact the k12.ca.us is used by all the school districts in your state (i.e. ousd.k12.ca.us would be Oakland Unified School District and www.ousd.k12.ca.us would be their web site

    So you may want to expand the domain name to represent your school district as well as your campus

    Edit: Bump up
     
  11. RJ831

    RJ831 TS Rookie Topic Starter Posts: 92

    Ok cool. thanks man. I had no idea that the name of the server tied in with all of this.
     
     
  12. RJ831

    RJ831 TS Rookie Topic Starter Posts: 92

    Yet another question. So if I understood your post correctly, I also have to modify the DNS settings on EACH client machine? Sooo on the Schema Master so I still have to set the preferred DNS to 172.16.58.90 (Server Static IP) and the second to 205.155.43.2 (our DNS provided by the county) as the second? Or is that only for the client machines?
     
  13. gguerra

    gguerra TS Enthusiast Posts: 559

    Settings are for all domain PC's, Clients and servers. You dont have to manually set them. Just have DHCP set them for you it's much easier this way. Also did you note what I said about expanding your domain name?

    i.e. domain name would be schoolname.schooldistrict.k12.ca.us
    Again this is optional, you can name it anything you want. But I am surprised that these naming conventions are not already in place for your school district. Is it a very small school district? You may want to ask someone within your IT department
     
  14. RJ831

    RJ831 TS Rookie Topic Starter Posts: 92

    Yes, I took your naming scheme into consideration and we decided to change it from catz to our district name (this will also help when we get our exchange server some time down the road.) OK, so I'll let DCHP set the dns for our clients and servers. SOOO is the Schema Master set up the same way (change preferred DNS to Static IP of machine and second to 205.155.43.2)? I assume it is.
     
  15. gguerra

    gguerra TS Enthusiast Posts: 559

    You assume correct. Of course the machine running DHCP will have the static IP's instead of getting them automatically.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.