Do you have a trust in place?
I have an admin server on a child/sub domain for staff used for profiles, home areas, shares and SIMS. The idea was that staff users could access the kids domain but not the other way around - we could have had seperate domains I 'spose - but still - this is how it is.
My problem is I can't browse to machines on the primary domain from this server, apart from the Domain Controller that is.
Is this correct or is there something I can do to fix that??
I can ping the machine names, so I assume DNS is working correctly
Do you have a trust in place?
Yes - and I verified earlier that it was functional.
Just reading up on it - it was said that on the child domain you should have a forward lookup to the primary domain - something that wasn't there. Giving it a while to see if that does it....
I hope you're not stealing Chris' universal excuse as to why things have gone tits up!Originally Posted by Geoff
DNS to you too!
Well that didn't work! Anybody have any ideas how to fix it?
But it always is DNS! That and internet pixies. Anyway. The problem we had at your school the other week? That was DNS was it not? Alright, that and a moron who didn't know how to set up servers several years ago.Originally Posted by Ric_
Yeah - i'm talking through that still - I want to buy a NAT box really - and i've primed the head so it's looking like it will happen. I'm sure that would fix everything.
County have suggested contigous IP ranges and a 255.255.254.0 subnet mask but i'm not keen.
Thing is I just can't believe not seeing everything on the primary domain from this server on the child domain is entirely that problem. Like I said - isn't the fact that I can ping the names of all the machines on the primary domain proof that DNS is working?
Use DCDIAG to confirm everything is as it should be. If you are on Win2K3 SP1, then there is a new version of DCDIAG with DNS tests build it. Very thorough!
(Don't be tempted by the copy of DCDIAG in C:\WINDOWS\ServicePackFiles\i386! Download the latest from MS)
BTW: Remember to ping the FQDN to prove DNS is working, or Windows will resolve by NetBIOS/local broadcast/WINS or some other jiggery pokery!
If I remember rightly, each domain maintains it's own 'domain master browser', which is usually the domain controller (if there are multiple DCs, then I would guess that it would be the PDC emulator). There is a resource kit tool which reports the names of all available domain master browsers, but I can't remember what it is. Might be worth a look.
Thanks ajb - i'll try those on Tuesday when i'm next in [no VPN ]
Didn't know that about the FQDN - thought the opposite in fact!
Master browser - now aint that what every machine by default fights for? Coo - the murky depths huh
To try to clarify the FQDN bit :? , lets assume you are trying to ping OTHERCOMPUTER, which is in DNS domain OTHERDOMAIN.COM. Your PC is called MYCOMPUTER and is in DNS domain MYDOMAIN.COM.
When you DON'T specify a FQDN, you PC will always add it's own domain suffix before doing a DNS lookup, so, if your PC is in MYDOMAIN.COM, and you type 'PING OTHERCOMPUTER', then your PC will do a DNS lookup for 'OTHERCOMPUTER.MYDOMAIN.COM'. This will fail, as the DNS server will not have a record for OTHERCOMPUTER in the MYDOMAIN.COM domain. Your PC will know attempt to resolve OTHERCOMPUTER to an IP address in other ways (not sure of the sequence), but assuming the PC is on the same subnet, then a local network broadcast will reveal the IP address, and the ping will succeed, but will report simply 'OTHERCOMPUTER' and the IP address.
When you DO specify an FQDN, you are in effect forcing DNS only name resolution. Your PC will do a DNS lookup for the exact name you requested 'OTHERPC.OTHERDOMAIN.COM', and this will succeed or fail. If it succeeds, then the FQDN will be reported by ping along with the IP address, and you can be reasonably sure that it was resolved by DNS. (If you want greater certainty, flush your local DNS cache first! IPCONFIG /FLUSHDNS)
You are right about the master browser. All PCs within a domain will 'elect' a master browser. I found this which has some more detail.
Just a note about the master browser thing... install WINS on one of your servers and set the option in DHCP to stop your clients fighting over holding the master browser token. Should cut down on chatter a bit.
mmm - thanks for that Ric_
agreed - thanks for that ric lol
Knew i should have installed wins lol
PS mark - the router/vpn unit will be happier with wins too. At least, my (trial) one implies that
There are currently 1 users browsing this thread. (0 members and 1 guests)