the primary DNS sever points to the second DNS server and then the alternative DNS points to the outside world for the, where as all the other servers point to the primary dns and then to the second dns on the network. if you see what i mean
Printable View
the primary DNS sever points to the second DNS server and then the alternative DNS points to the outside world for the, where as all the other servers point to the primary dns and then to the second dns on the network. if you see what i mean
You can't point to external DNS servers. You need to configure forwarders. See here for more details, and implement as per your situation:
http://support.microsoft.com/kb/825036
You DC's shouldn't have a dns server that is not a DC on your domain.
For outside world resolution they can either use the root hints or you can set up a dns forwarder to resolve dns that doesn't exist on your domain.
Ben
ye we have got forward lookup zones in place too... or have i totally got the wrong end of the stick?
Your forward lokoup zone is your network.
What you need to do is go into the DNS admin window.
Right click on your server name and select properties, click on the forwarders tab and set up a forwarder for all other dns domains using the ip addresses given to you by your lea.
Ben
ah... we arent with the lea with the internet connection.. we are totally independant to the lea as we can do the internet, filtering etc a hell of a lot cheaper. But i have already got my 2 DNS servers in there from my ISP.
Ok, that's fine. You can leave the forwarders in there then. Just make sure you have the DNS settings correct on your DC's as per my previous post.
Ok well LEA settings other ISP same bones makes no difference.
Ben
Right ok, ive checked all the dns settings etc and they all seem to be ok... what now??
On the DC that isn't registered in DNS correctly run:
That should allow Ntfrs on the other DC be able to find the DC and begin replicating. Check the event logs that this is the case.Code:ipconfig /registerdns
nope... still not work grrr
Then there's something else broken as well. What other errors are there?
Ive just looked in the directory service...
NTDS Replication, NTDS, KCC, NTDS General, NTDS ISAM... there seems to be a load of errors with those sources.
On security we are getting a lot of anonymous logons
What errors? These will all likely be a result of replication faliures.Quote:
NTDS Replication, NTDS, KCC, NTDS General, NTDS ISAM... there seems to be a load of errors with those sources.
Anonymous logins wont work with W2k3 server. Whatever's trying to use them is misconfigured/broken. You should have an IP/Hostname listed in each distinct logon/logoff event. You can track down the device/user that way.Quote:
On security we are getting a lot of anonymous logons
NTDS Replication:
This is the replication status for the following directory partition on the local domain controller.
Directory partition:
CN=Schema,CN=Configuration,DC=shs,DC=com
The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided into the following intervals.
More than 24 hours:
1
More than a week:
1
More than one month:
1
More than two months:
1
More than a tombstone lifetime:
1
Tombstone lifetime (days):
60
Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
NTDS KCC
The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
CN=Configuration,DC=shs,DC=com
Source domain controller:
CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shs,DC=com
Source domain controller address:
552f59d1-eee5-423a-8143-76bb77105d74._msdcs.shs.com
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.
NTDS General
Duplicate event log entries were suppressed.
See the previous event log entry for details. An entry is considered a duplicate if the event code and all of its insertion parameters are identical. The time period for this run of duplicates is from the time of the previous event to the time of this event.
Event Code:
80000785
Number of duplicate entries:
15
And just keep getting teh SceCli source error on the machine with the main policies on