Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Win2008 Server join to Win2003 domain question
Win2008 Server join to Win2003 domain question [message #358496] Mon, 04 January 2010 01:27 Go to next message
Jason Huang  is currently offline Jason Huang  Taiwan
Messages: 60
Registered: September 2009
Member
Hi,

We just set up our new Win 2008 Server, and we would like to join this Win
2008 from workgroup to the existed Win 2003 domain MyDomain.com.
The Win2008's DNS is set to the Win2003 AD domain controler, and the DNS in
the 2003 AD Domain Controler, I've added an A
record for the Win 2008 Server (FQDN = Win2008.MyDomain.com).
However, still won't make it.
I'm thinking the Win 2008 is very different from the Win 2003...
How can I fix the problem?
Thanks for help.


Jason
Re: Win2008 Server join to Win2003 domain question [message #358516 is a reply to message #358496] Mon, 04 January 2010 02:22 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Jason,

First there is no need to pre-create an A record, will be done automatically
when the domain is joined.

Which error message is shown when you try to join the server to the domain?
Normally there is no problem to join a Windows server 2008 to the Windows
server 2003 domain. Only if the 2008 machien should become domain controller
you have to upgrade the schema for it, but this is also no problem.

Additional post an unedited ipconfig /all from the 2008 and the 2003 machine,
so we can exclude DNS as a problem.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi,
>
> We just set up our new Win 2008 Server, and we would like to join this
> Win
> 2008 from workgroup to the existed Win 2003 domain MyDomain.com.
> The Win2008's DNS is set to the Win2003 AD domain controler, and the
> DNS in
> the 2003 AD Domain Controler, I've added an A
> record for the Win 2008 Server (FQDN = Win2008.MyDomain.com).
> However, still won't make it.
> I'm thinking the Win 2008 is very different from the Win 2003...
> How can I fix the problem?
> Thanks for help.
> Jason
>
Re: Win2008 Server join to Win2003 domain question [message #358611 is a reply to message #358496] Mon, 04 January 2010 06:17 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
What error message are you getting and post an ipconfig /all (As Meinolf
already requested) of both your 2003 dc and your 2008 machine. Feel free to
modify the first couple of octets to hide your internal ip address (If a
private ip address)

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
news:uvwoDfRjKHA.3792@TK2MSFTNGP02.phx.gbl...
> Hi,
>
> We just set up our new Win 2008 Server, and we would like to join this Win
> 2008 from workgroup to the existed Win 2003 domain MyDomain.com.
> The Win2008's DNS is set to the Win2003 AD domain controler, and the DNS
> in the 2003 AD Domain Controler, I've added an A
> record for the Win 2008 Server (FQDN = Win2008.MyDomain.com).
> However, still won't make it.
> I'm thinking the Win 2008 is very different from the Win 2003...
> How can I fix the problem?
> Thanks for help.
>
>
> Jason
>
>
>
Re: Win2008 Server join to Win2003 domain question [message #358650 is a reply to message #358496] Mon, 04 January 2010 07:29 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
news:uvwoDfRjKHA.3792@TK2MSFTNGP02.phx.gbl...
> Hi,
>
> We just set up our new Win 2008 Server, and we would like to join this Win
> 2008 from workgroup to the existed Win 2003 domain MyDomain.com.
> The Win2008's DNS is set to the Win2003 AD domain controler, and the DNS
> in the 2003 AD Domain Controler, I've added an A
> record for the Win 2008 Server (FQDN = Win2008.MyDomain.com).
> However, still won't make it.
> I'm thinking the Win 2008 is very different from the Win 2003...
> How can I fix the problem?
> Thanks for help.
>
>
> Jason
>
>
>


Windows 2008 and 2003 functionality is basically the same regarding domain
memberships. Please provide the info requested by Paul and Meinolf to help
us assist in diagnosing this issue.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP: Directory Services

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: Win2008 Server join to Win2003 domain question [message #358664 is a reply to message #358496] Mon, 04 January 2010 07:59 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi
- Let's start with some basic testing.
- First make sure that your existing DNS infrastructure is working
correctly. To test that you may use some utilities like "nslint" or/and
"dcdiag". Check the flag options for each tool, run the tests and search for
errors in the output log.
- Assuming that everything is ok, make sure that the DNS, allows dynamic
records registration (this will be more secure if you've your DNS integrated
with Active Directory "DNSAI" - and that is only possible when you have DNS
configured in your DCs).
- Then, check if you don't have any firewalls between or installed in the
servers that may lock active directory and DNS port communications.
- Use Nslookup on the server to be add to the domain, and test if it's
correctly resolving the FQDN and DC.
- After you check that DNS is working correctly and no communications issues
exists, try the operation again. If it fails, take note of the error and
post it here, additionally also check for errors in the event log.

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
news:uvwoDfRjKHA.3792@TK2MSFTNGP02.phx.gbl...
> Hi,
>
> We just set up our new Win 2008 Server, and we would like to join this Win
> 2008 from workgroup to the existed Win 2003 domain MyDomain.com.
> The Win2008's DNS is set to the Win2003 AD domain controler, and the DNS
> in the 2003 AD Domain Controler, I've added an A
> record for the Win 2008 Server (FQDN = Win2008.MyDomain.com).
> However, still won't make it.
> I'm thinking the Win 2008 is very different from the Win 2003...
> How can I fix the problem?
> Thanks for help.
>
>
> Jason
>
>
>
Re: Win2008 Server join to Win2003 domain question [message #359506 is a reply to message #358611] Mon, 04 January 2010 21:48 Go to previous messageGo to next message
Jason Huang  is currently offline Jason Huang  Taiwan
Messages: 60
Registered: September 2009
Member
Hi,

Error message is: Logon Failure: The target account name is incorrect.

The Win 2003 Server ipconfig /all output:

Windows IP Configuration

Host Name . . . . . . . . . . . . : Win2003
Primary Dns Suffix . . . . . . . : mycom.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mycom.com
com

Ethernet adapter :

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-aa-bb-cc-dd-ee
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.0.51
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.0.51

Primary WINS Server . . . . . . . : 192.168.0.200

The Win 2008 Server ipconfig /all output:


Windows IP Configuration

Host Name . . . . . . . . . . . . : Win2008
Primary Dns Suffix . . . . . . . : mycom.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mycom.com

Ethernet adapter ???? 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE
(NDIS VBD ???) #2
Physical Address. . . . . . . . . : 00-aa-cc-DC-48-02
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter ???? 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE
(NDIS VBD ???)
Physical Address. . . . . . . . . : 00-aa-cc-DC-48-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
168.95.1.1
Primary WINS Server . . . . . . . : 192.168.0.200
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{3DE69E6B-1374-422A-8E42-C0CC5768BA2B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8067047D-397A-4917-8A94-9DB2260D971D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . :
2001:0:cf2e:3096:3885:75b:3f57:9b37(Preferred)
Link-local IPv6 Address . . . . . :
fe80::3885:75b:3f57:9b37%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled



"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> glsD:%23nD%23NBUjKHA.2132@TK2MSFTNGP05.phx.gbl...
> What error message are you getting and post an ipconfig /all (As Meinolf
> already requested) of both your 2003 dc and your 2008 machine. Feel free
> to modify the first couple of octets to hide your internal ip address (If
> a private ip address)
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
> news:uvwoDfRjKHA.3792@TK2MSFTNGP02.phx.gbl...
>> Hi,
>>
>> We just set up our new Win 2008 Server, and we would like to join this
>> Win 2008 from workgroup to the existed Win 2003 domain MyDomain.com.
>> The Win2008's DNS is set to the Win2003 AD domain controler, and the DNS
>> in the 2003 AD Domain Controler, I've added an A
>> record for the Win 2008 Server (FQDN = Win2008.MyDomain.com).
>> However, still won't make it.
>> I'm thinking the Win 2008 is very different from the Win 2003...
>> How can I fix the problem?
>> Thanks for help.
>>
>>
>> Jason
>>
>>
>>
>
>
Re: Win2008 Server join to Win2003 domain question [message #359522 is a reply to message #359506] Mon, 04 January 2010 22:13 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
news:%23lI8dJcjKHA.5604@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> Error message is: Logon Failure: The target account name is incorrect.
>
> The Win 2003 Server ipconfig /all output:
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : Win2003
> Primary Dns Suffix . . . . . . . : mycom.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : Yes
> DNS Suffix Search List. . . . . . : mycom.com
> com
>
> Ethernet adapter :
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> Connection
> Physical Address. . . . . . . . . : 00-aa-bb-cc-dd-ee
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.1.1
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> Default Gateway . . . . . . . . . : 192.168.0.51
> DNS Servers . . . . . . . . . . . : 192.168.1.1
> 192.168.0.51
>
> Primary WINS Server . . . . . . . : 192.168.0.200
>
> The Win 2008 Server ipconfig /all output:
>
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : Win2008
> Primary Dns Suffix . . . . . . . : mycom.com
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : mycom.com
>
> Ethernet adapter ???? 3:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE
> (NDIS VBD ???) #2
> Physical Address. . . . . . . . . : 00-aa-cc-DC-48-02
> DHCP Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
>
> Ethernet adapter ???? 2:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE
> (NDIS VBD ???)
> Physical Address. . . . . . . . . : 00-aa-cc-DC-48-00
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> Default Gateway . . . . . . . . . : 192.168.1.1
> DNS Servers . . . . . . . . . . . : 192.168.1.1
> 168.95.1.1
> Primary WINS Server . . . . . . . : 192.168.0.200
> NetBIOS over Tcpip. . . . . . . . : Enabled
>
> Tunnel adapter isatap.{3DE69E6B-1374-422A-8E42-C0CC5768BA2B}:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Microsoft ISATAP Adapter
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
>
> Tunnel adapter isatap.{8067047D-397A-4917-8A94-9DB2260D971D}:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
>
> Tunnel adapter Teredo Tunneling Pseudo-Interface:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> IPv6 Address. . . . . . . . . . . :
> 2001:0:cf2e:3096:3885:75b:3f57:9b37(Preferred)
> Link-local IPv6 Address . . . . . :
> fe80::3885:75b:3f57:9b37%17(Preferred)
> Default Gateway . . . . . . . . . : ::
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
>

Thank you for posting the requested info.

The reason why you are seeing errors, is because of a DNS IP addresses are
incorrect on the machines.

1. On Win2003, the DNS should be only set to 192.168.1.1. Your gateway is
192.168.0.51, but that is the router, and it doesn't have DNS running on it.
If your DC queries for a record in its own domain, it may be asking the
router, and it will not have the answer.

2. On Win2003, you should also disable WINS proxy. That's done in the
registry. Please backup your reg before making any changes.

Set the value for "EnableProxy" to 0 in the following key. This will disable
it.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\P arameters\EnableProxy

More info on WINS proxy can be found here:
How to Disable NetBT Proxy on Incoming Connections
http://support.microsoft.com/kb/319848

3. On Win2008, it's using 192.168.1.1 an 168.95.1.1. I don't know what the
second IP is, so I looked it up. It is an internet DNS server. My
explanation applies to this machine, too. It must ONLY use 192.168.1.1 for
DNS. If there's anything else in there, it will cause problems to the point
that it cannot find the domain.

4. Win2003 shows 192.168.0.200 for WINS. If that is a real WINS server, also
specify that on the Win2003 machine.

Ace
Re: Win2008 Server join to Win2003 domain question [message #359578 is a reply to message #359522] Tue, 05 January 2010 00:19 Go to previous messageGo to next message
Jason Huang  is currently offline Jason Huang  Taiwan
Messages: 60
Registered: September 2009
Member
Thanks a lot.
Now all the Win 2003 and Win 2008 have only 1 DNS 192.168.1.1, which is also
the IP of Win 2003 Server.
And the Win 2003 Win Proxy Enabled is set to No ( not reboot yet).
But, still can't join the domain, and get same error message:
Logon Failure: The target account name is incorrect.
However, in the Win 2008 I did the nslookup and get the following result:

Server: Win23.mycom.com
Address: 192.168.1.1

Name: mycom.com
Addresses: 192.168.1.1
192.168.2.208
192.168.2.209
192.168.2.111
192.168.2.2
192.168.2.222
192.168.2.201
192.168.2.202
192.168.2.213
192.168.2.130
192.168.2.203
192.168.2.205
192.168.2.206
192.168.2.207



Where all the 192.168.2.X is the Secondary AD controler (Win 2003) which has
multiple IP.
I'm not sure will this cause the Win 2008 join domain problem.
Thanks.


>
> Thank you for posting the requested info.
>
> The reason why you are seeing errors, is because of a DNS IP addresses are
> incorrect on the machines.
>
> 1. On Win2003, the DNS should be only set to 192.168.1.1. Your gateway is
> 192.168.0.51, but that is the router, and it doesn't have DNS running on
> it. If your DC queries for a record in its own domain, it may be asking
> the router, and it will not have the answer.
>
> 2. On Win2003, you should also disable WINS proxy. That's done in the
> registry. Please backup your reg before making any changes.
>
> Set the value for "EnableProxy" to 0 in the following key. This will
> disable it.
> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\P arameters\EnableProxy
>
> More info on WINS proxy can be found here:
> How to Disable NetBT Proxy on Incoming Connections
> http://support.microsoft.com/kb/319848
>
> 3. On Win2008, it's using 192.168.1.1 an 168.95.1.1. I don't know what
> the second IP is, so I looked it up. It is an internet DNS server. My
> explanation applies to this machine, too. It must ONLY use 192.168.1.1 for
> DNS. If there's anything else in there, it will cause problems to the
> point that it cannot find the domain.
>
> 4. Win2003 shows 192.168.0.200 for WINS. If that is a real WINS server,
> also specify that on the Win2003 machine.
>
> Ace
>
>
>
Re: Win2008 Server join to Win2003 domain question [message #359596 is a reply to message #359578] Tue, 05 January 2010 01:28 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Jason,

Ace already give you a good starting point for the 2 servers. Now your 3rd
machien comes into play, A DC shold NEVER be multihomed, more then one ip
address.

So please post also an unedited ipconfig /all from all additional existing
DC/DNS servers here and describe why this DC has that amount of ip addresses.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks a lot.
> Now all the Win 2003 and Win 2008 have only 1 DNS 192.168.1.1, which
> is also
> the IP of Win 2003 Server.
> And the Win 2003 Win Proxy Enabled is set to No ( not reboot yet).
> But, still can't join the domain, and get same error message:
> Logon Failure: The target account name is incorrect.
> However, in the Win 2008 I did the nslookup and get the following
> result:
> Server: Win23.mycom.com
> Address: 192.168.1.1
> Name: mycom.com
> Addresses: 192.168.1.1
> 192.168.2.208
> 192.168.2.209
> 192.168.2.111
> 192.168.2.2
> 192.168.2.222
> 192.168.2.201
> 192.168.2.202
> 192.168.2.213
> 192.168.2.130
> 192.168.2.203
> 192.168.2.205
> 192.168.2.206
> 192.168.2.207
> Where all the 192.168.2.X is the Secondary AD controler (Win 2003)
> which has
> multiple IP.
> I'm not sure will this cause the Win 2008 join domain problem.
> Thanks.
>> Thank you for posting the requested info.
>>
>> The reason why you are seeing errors, is because of a DNS IP
>> addresses are incorrect on the machines.
>>
>> 1. On Win2003, the DNS should be only set to 192.168.1.1. Your
>> gateway is 192.168.0.51, but that is the router, and it doesn't have
>> DNS running on it. If your DC queries for a record in its own domain,
>> it may be asking the router, and it will not have the answer.
>>
>> 2. On Win2003, you should also disable WINS proxy. That's done in the
>> registry. Please backup your reg before making any changes.
>>
>> Set the value for "EnableProxy" to 0 in the following key. This will
>> disable it.
>> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\P arameters
>> \EnableProxy
>>
>> More info on WINS proxy can be found here:
>> How to Disable NetBT Proxy on Incoming Connections
>> http://support.microsoft.com/kb/319848
>> 3. On Win2008, it's using 192.168.1.1 an 168.95.1.1. I don't know
>> what the second IP is, so I looked it up. It is an internet DNS
>> server. My explanation applies to this machine, too. It must ONLY use
>> 192.168.1.1 for DNS. If there's anything else in there, it will cause
>> problems to the point that it cannot find the domain.
>>
>> 4. Win2003 shows 192.168.0.200 for WINS. If that is a real WINS
>> server, also specify that on the Win2003 machine.
>>
>> Ace
>>
Re: Win2008 Server join to Win2003 domain question [message #359715 is a reply to message #359578] Tue, 05 January 2010 06:09 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Wow, I have never seen a DC with so many IP addresses. As Meinolf pointed
out, a dc can have only one ip address.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
news:udlp6ddjKHA.4048@TK2MSFTNGP06.phx.gbl...
> Thanks a lot.
> Now all the Win 2003 and Win 2008 have only 1 DNS 192.168.1.1, which is
> also the IP of Win 2003 Server.
> And the Win 2003 Win Proxy Enabled is set to No ( not reboot yet).
> But, still can't join the domain, and get same error message:
> Logon Failure: The target account name is incorrect.
> However, in the Win 2008 I did the nslookup and get the following result:
>
> Server: Win23.mycom.com
> Address: 192.168.1.1
>
> Name: mycom.com
> Addresses: 192.168.1.1
> 192.168.2.208
> 192.168.2.209
> 192.168.2.111
> 192.168.2.2
> 192.168.2.222
> 192.168.2.201
> 192.168.2.202
> 192.168.2.213
> 192.168.2.130
> 192.168.2.203
> 192.168.2.205
> 192.168.2.206
> 192.168.2.207
>
>
>
> Where all the 192.168.2.X is the Secondary AD controler (Win 2003) which
> has multiple IP.
> I'm not sure will this cause the Win 2008 join domain problem.
> Thanks.
>
>
>>
>> Thank you for posting the requested info.
>>
>> The reason why you are seeing errors, is because of a DNS IP addresses
>> are incorrect on the machines.
>>
>> 1. On Win2003, the DNS should be only set to 192.168.1.1. Your gateway is
>> 192.168.0.51, but that is the router, and it doesn't have DNS running on
>> it. If your DC queries for a record in its own domain, it may be asking
>> the router, and it will not have the answer.
>>
>> 2. On Win2003, you should also disable WINS proxy. That's done in the
>> registry. Please backup your reg before making any changes.
>>
>> Set the value for "EnableProxy" to 0 in the following key. This will
>> disable it.
>> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\P arameters\EnableProxy
>>
>> More info on WINS proxy can be found here:
>> How to Disable NetBT Proxy on Incoming Connections
>> http://support.microsoft.com/kb/319848
>>
>> 3. On Win2008, it's using 192.168.1.1 an 168.95.1.1. I don't know what
>> the second IP is, so I looked it up. It is an internet DNS server. My
>> explanation applies to this machine, too. It must ONLY use 192.168.1.1
>> for DNS. If there's anything else in there, it will cause problems to the
>> point that it cannot find the domain.
>>
>> 4. Win2003 shows 192.168.0.200 for WINS. If that is a real WINS server,
>> also specify that on the Win2003 machine.
>>
>> Ace
>>
>>
>>
>
>
Re: Win2008 Server join to Win2003 domain question [message #359851 is a reply to message #359578] Tue, 05 January 2010 09:08 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
news:udlp6ddjKHA.4048@TK2MSFTNGP06.phx.gbl...
> Thanks a lot.
> Now all the Win 2003 and Win 2008 have only 1 DNS 192.168.1.1, which is
> also the IP of Win 2003 Server.
> And the Win 2003 Win Proxy Enabled is set to No ( not reboot yet).
> But, still can't join the domain, and get same error message:
> Logon Failure: The target account name is incorrect.
> However, in the Win 2008 I did the nslookup and get the following result:
>
> Server: Win23.mycom.com
> Address: 192.168.1.1
>
> Name: mycom.com
> Addresses: 192.168.1.1
> 192.168.2.208
> 192.168.2.209
> 192.168.2.111
> 192.168.2.2
> 192.168.2.222
> 192.168.2.201
> 192.168.2.202
> 192.168.2.213
> 192.168.2.130
> 192.168.2.203
> 192.168.2.205
> 192.168.2.206
> 192.168.2.207
>


WOW! and WOW! Where did they come from? Is there another DC??

If there is no additional DC that is multhomed, I think possibly that you
have extra entries in DNS called the LdapIpAddress record, which shows up as
a "(same as parent)" entry. They all need to be removed leaving only the
ones for the DC.


Also, please run the following and post the results. Keep in mind, you must
go into your _msdcs. and your testadservs.net zones properties, Zone
transfers, and allow zone transfers for the commands to run. You can turn
this off after you've completed the run

c:\nslookup
> ls -t srv _msdcs.testadservs.net
(hit enter and copy/paste results)

While still in the command, then run:
> ls -d testadservs.net
(hit enter and copy/paste results)

Ace
Re: Win2008 Server join to Win2003 domain question [message #359906 is a reply to message #358664] Tue, 05 January 2010 09:49 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
This is starting to sound messy...
You said: I want to join a Windows 2008 server to a Domain that has 1 DC
that is running With Windows 2003. IS THIS Correct?
Assuming yes, I assume that the new Windows 2008 server does NOT have to be
an additional DC, correct?

Then you said that your existing DC (that is running Windows 2003) has the
following configuration:
IP Address 192.168.1.1
Subnet Mask 255.255.0.0
Default Gateway 192.168.0.51
DNS Servers 192.168.1.1
192.168.0.51
WINS Server 192.168.0.200

- I also assume that this DC doesn't run any other services than "Active
Directory" and "DNS", if it does, please say which ones.
- What server is the "192.168.0.200"? Is it a DC or a dedicated WINS server?

- As already stated, you should NOT USE the "192.168.0.51" as secondary DNS
server. To remove it:
1 - Remove the entry DNS entry "192.168.0.51" from IP adapter.
2 - Go to command line and run the following command (without the quotes)
"ipconfig /flushdns"
3 - Restart the DNS service on that DC.

- The second step is to run the tests that I already mentioned in my
previous post (let me know if you need help with that).

Assuming that everything is alright, now it's time to check the Server
(Windows 2008) to be added to your domain.

According with your post, the windows 2008 server to be added has the
following configuration:
IPv4 Address 192.168.1.2
Subnet Mask 255.255.0.0
Default Gateway 192.168.1.1
DNS Servers 192.168.1.1
168.95.1.1
Primary WINS Server 192.168.0.200

- The first thing that comes into my head when I look at this configuration,
is that you're running these servers to lab purposes, 16Bit mask address
sounds pretty big for 2 servers only :) and can complicate things.
Now:
- Where did the 168.95.1.1 come from?
- Again, What server is the "192.168.0.200"? Is it a DC or a dedicated WINS
server? Why it's in a different subnet?
- What is the purpose of that Windows 2008 new Server? Are you planning RRAS
for that server or something else?

My opinion, is that you're trying to do something else than just adding it
to the domain, and that should explain the reason why you're adding it so
many addresses, perhaps if you explain your entire infrastructure and your
plans for that server we could better assist you with that.


--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
news:FC491F9F-AD82-4703-A82C-C7F3A588FBCD@microsoft.com...
> Hi
> - Let's start with some basic testing.
> - First make sure that your existing DNS infrastructure is working
> correctly. To test that you may use some utilities like "nslint" or/and
> "dcdiag". Check the flag options for each tool, run the tests and search
> for errors in the output log.
> - Assuming that everything is ok, make sure that the DNS, allows dynamic
> records registration (this will be more secure if you've your DNS
> integrated with Active Directory "DNSAI" - and that is only possible when
> you have DNS configured in your DCs).
> - Then, check if you don't have any firewalls between or installed in the
> servers that may lock active directory and DNS port communications.
> - Use Nslookup on the server to be add to the domain, and test if it's
> correctly resolving the FQDN and DC.
> - After you check that DNS is working correctly and no communications
> issues exists, try the operation again. If it fails, take note of the
> error and post it here, additionally also check for errors in the event
> log.
>
> --
>
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
>
> "Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
> news:uvwoDfRjKHA.3792@TK2MSFTNGP02.phx.gbl...
>> Hi,
>>
>> We just set up our new Win 2008 Server, and we would like to join this
>> Win 2008 from workgroup to the existed Win 2003 domain MyDomain.com.
>> The Win2008's DNS is set to the Win2003 AD domain controler, and the DNS
>> in the 2003 AD Domain Controler, I've added an A
>> record for the Win 2008 Server (FQDN = Win2008.MyDomain.com).
>> However, still won't make it.
>> I'm thinking the Win 2008 is very different from the Win 2003...
>> How can I fix the problem?
>> Thanks for help.
>>
>>
>> Jason
>>
>>
>>
Re: Win2008 Server join to Win2003 domain question [message #360391 is a reply to message #359596] Tue, 05 January 2010 18:18 Go to previous messageGo to next message
Jason Huang  is currently offline Jason Huang  Taiwan
Messages: 60
Registered: September 2009
Member
Thanks.
The reason the another DC (name: kserver) has so many IP is because it also
working as the host of .Net web server, and we have several .Net application
running on line.

The known problem for the DC ksever is it's account can't sync with the
Primary DC.

This is another DC ipconfig/all output:

Windows IP Configuration

Host Name . . . . . . . . . . . . : kserver
Primary Dns Suffix . . . . . . . : mycom.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mycom.com
com

Ethernet adapter ??u:


Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/0 CT Network Connection
Physical Address. . . . . . . . . : 00-11-mm-aa-cc-80
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.222
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.213
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.209
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.208
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.207
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.206
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.205
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.203
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.202
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.201
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.130
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.111
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.2
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.0.51
DNS Servers . . . . . . . . . . . : 192.168.1.1
168.95.1.1

Primary WINS Server . . . . . . . : 192.168.0.200


The IP 192.168.0.200 is a real WINS Server's IP.


"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
???????:6cb2911dbba68cc5c008803a11b@msnews.microsoft.com...
> Hello Jason,
>
> Ace already give you a good starting point for the 2 servers. Now your 3rd
> machien comes into play, A DC shold NEVER be multihomed, more then one ip
> address.
>
> So please post also an unedited ipconfig /all from all additional existing
> DC/DNS servers here and describe why this DC has that amount of ip
> addresses.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Thanks a lot.
>> Now all the Win 2003 and Win 2008 have only 1 DNS 192.168.1.1, which
>> is also
>> the IP of Win 2003 Server.
>> And the Win 2003 Win Proxy Enabled is set to No ( not reboot yet).
>> But, still can't join the domain, and get same error message:
>> Logon Failure: The target account name is incorrect.
>> However, in the Win 2008 I did the nslookup and get the following
>> result:
>> Server: Win23.mycom.com
>> Address: 192.168.1.1
>> Name: mycom.com
>> Addresses: 192.168.1.1
>> 192.168.2.208
>> 192.168.2.209
>> 192.168.2.111
>> 192.168.2.2
>> 192.168.2.222
>> 192.168.2.201
>> 192.168.2.202
>> 192.168.2.213
>> 192.168.2.130
>> 192.168.2.203
>> 192.168.2.205
>> 192.168.2.206
>> 192.168.2.207
>> Where all the 192.168.2.X is the Secondary AD controler (Win 2003)
>> which has
>> multiple IP.
>> I'm not sure will this cause the Win 2008 join domain problem.
>> Thanks.
>>> Thank you for posting the requested info.
>>>
>>> The reason why you are seeing errors, is because of a DNS IP
>>> addresses are incorrect on the machines.
>>>
>>> 1. On Win2003, the DNS should be only set to 192.168.1.1. Your
>>> gateway is 192.168.0.51, but that is the router, and it doesn't have
>>> DNS running on it. If your DC queries for a record in its own domain,
>>> it may be asking the router, and it will not have the answer.
>>>
>>> 2. On Win2003, you should also disable WINS proxy. That's done in the
>>> registry. Please backup your reg before making any changes.
>>>
>>> Set the value for "EnableProxy" to 0 in the following key. This will
>>> disable it.
>>> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\P arameters
>>> \EnableProxy
>>>
>>> More info on WINS proxy can be found here:
>>> How to Disable NetBT Proxy on Incoming Connections
>>> http://support.microsoft.com/kb/319848
>>> 3. On Win2008, it's using 192.168.1.1 an 168.95.1.1. I don't know
>>> what the second IP is, so I looked it up. It is an internet DNS
>>> server. My explanation applies to this machine, too. It must ONLY use
>>> 192.168.1.1 for DNS. If there's anything else in there, it will cause
>>> problems to the point that it cannot find the domain.
>>>
>>> 4. Win2003 shows 192.168.0.200 for WINS. If that is a real WINS
>>> server, also specify that on the Win2003 machine.
>>>
>>> Ace
>>>
>
>
Re: Win2008 Server join to Win2003 domain question [message #360558 is a reply to message #359906] Tue, 05 January 2010 23:08 Go to previous messageGo to next message
Jason Huang  is currently offline Jason Huang  Taiwan
Messages: 60
Registered: September 2009
Member
Thanks a lot!

The Win 2008 will NOT be a DC, just wanna join the Win 2003 MyCom.com
domain.
192.168.0.200 is WINS Server, not a DC.

There are two DCs in my domain, 192.168.1.1(Primary) and 192.168.2.2
(Secondary).
These two DCs have problem to SYNC with each other, due to fail to sync over
some time limit,
and these two DCs has DNS server running, but the Secondary has not added
any zone yet.

Now these two DC's tcp/ip has to only 1 dsn: 192.168.1.1, and have done the
ipconfig/flushdns.

The 168.95.1.1 is the ISP's dns.

And I have also removed some "(same as parent)" (host) A entries from the
192.168.1.1 DNS service,
leaves only two "(same as parent)" (host)A entries: 192.168.1.1,
192.168.2.2.

The reason that the DC 192.168.1.2 is multimhomed is because it is also
working as the .Net web server,
we assigned each .Net web application with a 192.168.2.x ip.

We are planning to set up the the new Win 2008 Server as MS SQL Server DB
server, and I wanna remote logging to the Win2008 from my Win XP which is
logged on to my domain already.






"Jorge Silva" <jorgesilva_pt@hotmail.com>
???????:209F094F-9988-49EA-853C-D3ED4D0DF115@microsoft.com...
> This is starting to sound messy...
> You said: I want to join a Windows 2008 server to a Domain that has 1 DC
> that is running With Windows 2003. IS THIS Correct?
> Assuming yes, I assume that the new Windows 2008 server does NOT have to
> be an additional DC, correct?
>
> Then you said that your existing DC (that is running Windows 2003) has the
> following configuration:
> IP Address 192.168.1.1
> Subnet Mask 255.255.0.0
> Default Gateway 192.168.0.51
> DNS Servers 192.168.1.1
> 192.168.0.51
> WINS Server 192.168.0.200
>
> - I also assume that this DC doesn't run any other services than "Active
> Directory" and "DNS", if it does, please say which ones.
> - What server is the "192.168.0.200"? Is it a DC or a dedicated WINS
> server?
>
> - As already stated, you should NOT USE the "192.168.0.51" as secondary
> DNS server. To remove it:
> 1 - Remove the entry DNS entry "192.168.0.51" from IP adapter.
> 2 - Go to command line and run the following command (without the quotes)
> "ipconfig /flushdns"
> 3 - Restart the DNS service on that DC.
>
> - The second step is to run the tests that I already mentioned in my
> previous post (let me know if you need help with that).
>
> Assuming that everything is alright, now it's time to check the Server
> (Windows 2008) to be added to your domain.
>
> According with your post, the windows 2008 server to be added has the
> following configuration:
> IPv4 Address 192.168.1.2
> Subnet Mask 255.255.0.0
> Default Gateway 192.168.1.1
> DNS Servers 192.168.1.1
> 168.95.1.1
> Primary WINS Server 192.168.0.200
>
> - The first thing that comes into my head when I look at this
> configuration, is that you're running these servers to lab purposes, 16Bit
> mask address sounds pretty big for 2 servers only :) and can complicate
> things.
> Now:
> - Where did the 168.95.1.1 come from?
> - Again, What server is the "192.168.0.200"? Is it a DC or a dedicated
> WINS server? Why it's in a different subnet?
> - What is the purpose of that Windows 2008 new Server? Are you planning
> RRAS for that server or something else?
>
> My opinion, is that you're trying to do something else than just adding it
> to the domain, and that should explain the reason why you're adding it so
> many addresses, perhaps if you explain your entire infrastructure and your
> plans for that server we could better assist you with that.
>
>
> --
>
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
> news:FC491F9F-AD82-4703-A82C-C7F3A588FBCD@microsoft.com...
>> Hi
>> - Let's start with some basic testing.
>> - First make sure that your existing DNS infrastructure is working
>> correctly. To test that you may use some utilities like "nslint" or/and
>> "dcdiag". Check the flag options for each tool, run the tests and search
>> for errors in the output log.
>> - Assuming that everything is ok, make sure that the DNS, allows dynamic
>> records registration (this will be more secure if you've your DNS
>> integrated with Active Directory "DNSAI" - and that is only possible when
>> you have DNS configured in your DCs).
>> - Then, check if you don't have any firewalls between or installed in the
>> servers that may lock active directory and DNS port communications.
>> - Use Nslookup on the server to be add to the domain, and test if it's
>> correctly resolving the FQDN and DC.
>> - After you check that DNS is working correctly and no communications
>> issues exists, try the operation again. If it fails, take note of the
>> error and post it here, additionally also check for errors in the event
>> log.
>>
>> --
>>
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>>
>>
>> "Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
>> news:uvwoDfRjKHA.3792@TK2MSFTNGP02.phx.gbl...
>>> Hi,
>>>
Re: Win2008 Server join to Win2003 domain question [message #360595 is a reply to message #360391] Wed, 06 January 2010 01:03 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
news:OVlim4mjKHA.2164@TK2MSFTNGP02.phx.gbl...
> Thanks.
> The reason the another DC (name: kserver) has so many IP is because it
> also working as the host of .Net web server, and we have several .Net
> application running on line.
>
> The known problem for the DC ksever is it's account can't sync with the
> Primary DC.
>
> This is another DC ipconfig/all output:
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : kserver
> Primary Dns Suffix . . . . . . . : mycom.com
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : mycom.com
> com
>
> Ethernet adapter ??u:
>
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/0 CT Network Connection
> Physical Address. . . . . . . . . : 00-11-mm-aa-cc-80
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.2.222
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.213
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.209
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.208
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.207
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.206
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.205
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.203
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.202
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.201
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.130
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.111
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.2
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> Default Gateway . . . . . . . . . : 192.168.0.51
> DNS Servers . . . . . . . . . . . : 192.168.1.1
> 168.95.1.1
>
> Primary WINS Server . . . . . . . : 192.168.0.200
>
>
> The IP 192.168.0.200 is a real WINS Server's IP.
>

Jason,

I can see why it can't sync. You really, and truly honestly need to not use
a DC to run a webserver. More than one IP causes numerous problems. Imagine
what happens when there are 10. I would highly suggest to use a member
server as a webserver and give it as many IPs as you want, but not a DC.

Otherwise, we really can't help you straighten this out, unless you're up to
some registry changes. Please read my following blog explaining the
implications to a DC, why it causes harm to a DC, and how to workaround it
(registry and other changes), if you want to continue using this as a DC.

Ace
Re: Win2008 Server join to Win2003 domain question [message #360607 is a reply to message #359851] Wed, 06 January 2010 01:22 Go to previous messageGo to next message
Jason Huang  is currently offline Jason Huang  Taiwan
Messages: 60
Registered: September 2009
Member
Even I delete some "(same as parent)" entries, they seem come back later.
By the way, the command in the nslookup
ls -t srv _msdcs.testadservs.net
Do I need to replace the testadservs.net to myns.mycom at all?
Thanks again.



>> Name: mycom.com
>> Addresses: 192.168.1.1
>> 192.168.2.208
>> 192.168.2.209
>> 192.168.2.111
>> 192.168.2.2
>> 192.168.2.222
>> 192.168.2.201
>> 192.168.2.202
>> 192.168.2.213
>> 192.168.2.130
>> 192.168.2.203
>> 192.168.2.205
>> 192.168.2.206
>> 192.168.2.207
>>
>
>
> WOW! and WOW! Where did they come from? Is there another DC??
>
> If there is no additional DC that is multhomed, I think possibly that you
> have extra entries in DNS called the LdapIpAddress record, which shows up
> as a "(same as parent)" entry. They all need to be removed leaving only
> the ones for the DC.
>
>
> Also, please run the following and post the results. Keep in mind, you
> must
> go into your _msdcs. and your testadservs.net zones properties, Zone
> transfers, and allow zone transfers for the commands to run. You can turn
> this off after you've completed the run
>
> c:\nslookup
>> ls -t srv _msdcs.testadservs.net
> (hit enter and copy/paste results)
>
> While still in the command, then run:
>> ls -d testadservs.net
> (hit enter and copy/paste results)
>
> Ace
>
Re: Win2008 Server join to Win2003 domain question [message #360632 is a reply to message #360391] Wed, 06 January 2010 02:51 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Jason,

As Ace said a DC shouldn't run any other application, especially no web server,
Exchange or SQL. Additional you have also the 168.x.x.x as DNS server on
the NIC listed. So at least kick this out and maybe you are lucky, presonal
i think it wan't even if the wrong DNS is removed.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks.
> The reason the another DC (name: kserver) has so many IP is because
> it also
> working as the host of .Net web server, and we have several .Net
> application
> running on line.
> The known problem for the DC ksever is it's account can't sync with
> the Primary DC.
>
> This is another DC ipconfig/all output:
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : kserver
> Primary Dns Suffix . . . . . . . : mycom.com
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : mycom.com
> com
> Ethernet adapter °??½u:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/0 CT Network
> Connection
> Physical Address. . . . . . . . . : 00-11-mm-aa-cc-80
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.2.222
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.213
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.209
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.208
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.207
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.206
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.205
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.203
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.202
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.201
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.130
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.111
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> IP Address. . . . . . . . . . . . : 192.168.2.2
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> Default Gateway . . . . . . . . . : 192.168.0.51
> DNS Servers . . . . . . . . . . . : 192.168.1.1
> 168.95.1.1
> Primary WINS Server . . . . . . . : 192.168.0.200
>
> The IP 192.168.0.200 is a real WINS Server's IP.
>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
> ???????:6cb2911dbba68cc5c008803a11b@msnews.microsoft.com...
>
>> Hello Jason,
>>
>> Ace already give you a good starting point for the 2 servers. Now
>> your 3rd machien comes into play, A DC shold NEVER be multihomed,
>> more then one ip address.
>>
>> So please post also an unedited ipconfig /all from all additional
>> existing DC/DNS servers here and describe why this DC has that amount
>> of ip addresses.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Thanks a lot.
>>> Now all the Win 2003 and Win 2008 have only 1 DNS 192.168.1.1, which
>>> is also
>>> the IP of Win 2003 Server.
>>> And the Win 2003 Win Proxy Enabled is set to No ( not reboot yet).
>>> But, still can't join the domain, and get same error message:
>>> Logon Failure: The target account name is incorrect.
>>> However, in the Win 2008 I did the nslookup and get the following
>>> result:
>>> Server: Win23.mycom.com
>>> Address: 192.168.1.1
>>> Name: mycom.com
>>> Addresses: 192.168.1.1
>>> 192.168.2.208
>>> 192.168.2.209
>>> 192.168.2.111
>>> 192.168.2.2
>>> 192.168.2.222
>>> 192.168.2.201
>>> 192.168.2.202
>>> 192.168.2.213
>>> 192.168.2.130
>>> 192.168.2.203
>>> 192.168.2.205
>>> 192.168.2.206
>>> 192.168.2.207
>>> Where all the 192.168.2.X is the Secondary AD controler (Win 2003)
>>> which has
>>> multiple IP.
>>> I'm not sure will this cause the Win 2008 join domain problem.
>>> Thanks.
>>>> Thank you for posting the requested info.
>>>>
>>>> The reason why you are seeing errors, is because of a DNS IP
>>>> addresses are incorrect on the machines.
>>>>
>>>> 1. On Win2003, the DNS should be only set to 192.168.1.1. Your
>>>> gateway is 192.168.0.51, but that is the router, and it doesn't
>>>> have DNS running on it. If your DC queries for a record in its own
>>>> domain, it may be asking the router, and it will not have the
>>>> answer.
>>>>
>>>> 2. On Win2003, you should also disable WINS proxy. That's done in
>>>> the registry. Please backup your reg before making any changes.
>>>>
>>>> Set the value for "EnableProxy" to 0 in the following key. This
>>>> will disable it.
>>>> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\P aramete
>>>> rs \EnableProxy
>>>>
>>>> More info on WINS proxy can be found here:
>>>> How to Disable NetBT Proxy on Incoming Connections
>>>> http://support.microsoft.com/kb/319848
>>>> 3. On Win2008, it's using 192.168.1.1 an 168.95.1.1. I don't know
>>>> what the second IP is, so I looked it up. It is an internet DNS
>>>> server. My explanation applies to this machine, too. It must ONLY
>>>> use
>>>> 192.168.1.1 for DNS. If there's anything else in there, it will
>>>> cause
>>>> problems to the point that it cannot find the domain.
>>>> 4. Win2003 shows 192.168.0.200 for WINS. If that is a real WINS
>>>> server, also specify that on the Win2003 machine.
>>>>
>>>> Ace
>>>>
Re: Win2008 Server join to Win2003 domain question [message #360633 is a reply to message #360607] Wed, 06 January 2010 02:54 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Jason,

Move the webservices to another server and use only one ip address for the
DC with the correct DNS servers, remove 168.x.x.x, on the NIC and your problems
with the new machine will go away, i am sure.

Or think about demoting that server to member server, IF the applications
are not effected with that step and you can leave ti multihomed for the web
service.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Even I delete some "(same as parent)" entries, they seem come back
> later.
> By the way, the command in the nslookup
> ls -t srv _msdcs.testadservs.net
> Do I need to replace the testadservs.net to myns.mycom at all?
> Thanks again.
>>> Name: mycom.com
>>> Addresses: 192.168.1.1
>>> 192.168.2.208
>>> 192.168.2.209
>>> 192.168.2.111
>>> 192.168.2.2
>>> 192.168.2.222
>>> 192.168.2.201
>>> 192.168.2.202
>>> 192.168.2.213
>>> 192.168.2.130
>>> 192.168.2.203
>>> 192.168.2.205
>>> 192.168.2.206
>>> 192.168.2.207
>> WOW! and WOW! Where did they come from? Is there another DC??
>>
>> If there is no additional DC that is multhomed, I think possibly that
>> you have extra entries in DNS called the LdapIpAddress record, which
>> shows up as a "(same as parent)" entry. They all need to be removed
>> leaving only the ones for the DC.
>>
>> Also, please run the following and post the results. Keep in mind,
>> you
>> must
>> go into your _msdcs. and your testadservs.net zones properties, Zone
>> transfers, and allow zone transfers for the commands to run. You can
>> turn
>> this off after you've completed the run
>> c:\nslookup
>>
>>> ls -t srv _msdcs.testadservs.net
>>>
>> (hit enter and copy/paste results)
>>
>> While still in the command, then run:
>>
>>> ls -d testadservs.net
>>>
>> (hit enter and copy/paste results)
>>
>> Ace
>>
Re: Win2008 Server join to Win2003 domain question [message #360634 is a reply to message #360558] Wed, 06 January 2010 02:59 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Jason,

That your DCs are not in sync belongs to the above listd problem with multihoming
and external DNS servers on the NIC.

If they are over the tombstone lifetime, what i assume about the time limit
error, the safest way is to kick out the machine, with the error listed,
with dcpromo or dcpromo /forceremoval and check the AD database, DNS , AD
sites and services etc. for old entries of it according to:
http://support.microsoft.com/kb/555846/en-us

Please run "repadmin /showrepl" and post the output here from both DCs.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks a lot!
>
> The Win 2008 will NOT be a DC, just wanna join the Win 2003 MyCom.com
> domain.
> 192.168.0.200 is WINS Server, not a DC.
> There are two DCs in my domain, 192.168.1.1(Primary) and 192.168.2.2
> (Secondary).
> These two DCs have problem to SYNC with each other, due to fail to
> sync over
> some time limit,
> and these two DCs has DNS server running, but the Secondary has not
> added
> any zone yet.
> Now these two DC's tcp/ip has to only 1 dsn: 192.168.1.1, and have
> done the ipconfig/flushdns.
>
> The 168.95.1.1 is the ISP's dns.
>
> And I have also removed some "(same as parent)" (host) A entries from
> the
> 192.168.1.1 DNS service,
> leaves only two "(same as parent)" (host)A entries: 192.168.1.1,
> 192.168.2.2.
> The reason that the DC 192.168.1.2 is multimhomed is because it is
> also
> working as the .Net web server,
> we assigned each .Net web application with a 192.168.2.x ip.
> We are planning to set up the the new Win 2008 Server as MS SQL Server
> DB server, and I wanna remote logging to the Win2008 from my Win XP
> which is logged on to my domain already.
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com>
> ???????:209F094F-9988-49EA-853C-D3ED4D0DF115@microsoft.com...
>
>> This is starting to sound messy...
>> You said: I want to join a Windows 2008 server to a Domain that has 1
>> DC
>> that is running With Windows 2003. IS THIS Correct?
>> Assuming yes, I assume that the new Windows 2008 server does NOT have
>> to
>> be an additional DC, correct?
>> Then you said that your existing DC (that is running Windows 2003)
>> has the
>> following configuration:
>> IP Address 192.168.1.1
>> Subnet Mask 255.255.0.0
>> Default Gateway 192.168.0.51
>> DNS Servers 192.168.1.1
>> 192.168.0.51
>> WINS Server 192.168.0.200
>> - I also assume that this DC doesn't run any other services than
>> "Active
>> Directory" and "DNS", if it does, please say which ones.
>> - What server is the "192.168.0.200"? Is it a DC or a dedicated WINS
>> server?
>> - As already stated, you should NOT USE the "192.168.0.51" as
>> secondary
>> DNS server. To remove it:
>> 1 - Remove the entry DNS entry "192.168.0.51" from IP adapter.
>> 2 - Go to command line and run the following command (without the
>> quotes)
>> "ipconfig /flushdns"
>> 3 - Restart the DNS service on that DC.
>> - The second step is to run the tests that I already mentioned in my
>> previous post (let me know if you need help with that).
>>
>> Assuming that everything is alright, now it's time to check the
>> Server (Windows 2008) to be added to your domain.
>>
>> According with your post, the windows 2008 server to be added has the
>> following configuration:
>> IPv4 Address 192.168.1.2
>> Subnet Mask 255.255.0.0
>> Default Gateway 192.168.1.1
>> DNS Servers 192.168.1.1
>> 168.95.1.1
>> Primary WINS Server 192.168.0.200
>> - The first thing that comes into my head when I look at this
>> configuration, is that you're running these servers to lab purposes,
>> 16Bit
>> mask address sounds pretty big for 2 servers only :) and can
>> complicate
>> things.
>> Now:
>> - Where did the 168.95.1.1 come from?
>> - Again, What server is the "192.168.0.200"? Is it a DC or a
>> dedicated
>> WINS server? Why it's in a different subnet?
>> - What is the purpose of that Windows 2008 new Server? Are you
>> planning
>> RRAS for that server or something else?
>> My opinion, is that you're trying to do something else than just
>> adding it to the domain, and that should explain the reason why
>> you're adding it so many addresses, perhaps if you explain your
>> entire infrastructure and your plans for that server we could better
>> assist you with that.
>>
>> --
>>
>> I hope that the information above helps you.
>> Have a Nice day.
>> Jorge Silva
>> MVP Directory Services
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>> news:FC491F9F-AD82-4703-A82C-C7F3A588FBCD@microsoft.com...
>>
>>> Hi
>>> - Let's start with some basic testing.
>>> - First make sure that your existing DNS infrastructure is working
>>> correctly. To test that you may use some utilities like "nslint"
>>> or/and
>>> "dcdiag". Check the flag options for each tool, run the tests and
>>> search
>>> for errors in the output log.
>>> - Assuming that everything is ok, make sure that the DNS, allows
>>> dynamic
>>> records registration (this will be more secure if you've your DNS
>>> integrated with Active Directory "DNSAI" - and that is only possible
>>> when
>>> you have DNS configured in your DCs).
>>> - Then, check if you don't have any firewalls between or installed
>>> in the
>>> servers that may lock active directory and DNS port communications.
>>> - Use Nslookup on the server to be add to the domain, and test if
>>> it's
>>> correctly resolving the FQDN and DC.
>>> - After you check that DNS is working correctly and no
>>> communications
>>> issues exists, try the operation again. If it fails, take note of
>>> the
>>> error and post it here, additionally also check for errors in the
>>> event
>>> log.
>>> --
>>>
>>> I hope that the information above helps you.
>>> Have a Nice day.
>>> Jorge Silva
>>> MVP Directory Services
>>> Please no e-mails, any questions should be posted in the NewsGroup
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>> "Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
>>> news:uvwoDfRjKHA.3792@TK2MSFTNGP02.phx.gbl...
>>>
>>>> Hi,
>>>>
Re: Win2008 Server join to Win2003 domain question [message #360712 is a reply to message #360558] Wed, 06 January 2010 06:17 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Ok,
Let's start with a basic test.
- Unplug the multihomed DC from network.
- Run ipconfig /flushdns on both (Win2008 and the DC that is plugged to your
network switch).
- Restart the DNS service on the online DC.
- On the DC that is online run the following command (without the quotes):
"netdom query fsmo". Post here the results.
- Check the name of the Win2008 to be added to the domain, then go to the
online DC and make sure that you DON'T have ANY account with the same name.
- In the win2008 server Point the Preferred DNS server to the ONLINE DC. Try
to add it again to the Domain. If it fails post here the exact error
message. Go to the DC and check the eventlog for error messages that were
logged when you attempted to add that new server.

- Plug the unplugged DC to the network again.

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
news:uk9B9apjKHA.4500@TK2MSFTNGP06.phx.gbl...
> Thanks a lot!
>
> The Win 2008 will NOT be a DC, just wanna join the Win 2003 MyCom.com
> domain.
> 192.168.0.200 is WINS Server, not a DC.
>
> There are two DCs in my domain, 192.168.1.1(Primary) and 192.168.2.2
> (Secondary).
> These two DCs have problem to SYNC with each other, due to fail to sync
> over some time limit,
> and these two DCs has DNS server running, but the Secondary has not added
> any zone yet.
>
> Now these two DC's tcp/ip has to only 1 dsn: 192.168.1.1, and have done
> the ipconfig/flushdns.
>
> The 168.95.1.1 is the ISP's dns.
>
> And I have also removed some "(same as parent)" (host) A entries from the
> 192.168.1.1 DNS service,
> leaves only two "(same as parent)" (host)A entries: 192.168.1.1,
> 192.168.2.2.
>
> The reason that the DC 192.168.1.2 is multimhomed is because it is also
> working as the .Net web server,
> we assigned each .Net web application with a 192.168.2.x ip.
>
> We are planning to set up the the new Win 2008 Server as MS SQL Server DB
> server, and I wanna remote logging to the Win2008 from my Win XP which is
> logged on to my domain already.
>
>
>
>
>
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com>
> ???????:209F094F-9988-49EA-853C-D3ED4D0DF115@microsoft.com...
>> This is starting to sound messy...
>> You said: I want to join a Windows 2008 server to a Domain that has 1 DC
>> that is running With Windows 2003. IS THIS Correct?
>> Assuming yes, I assume that the new Windows 2008 server does NOT have to
>> be an additional DC, correct?
>>
>> Then you said that your existing DC (that is running Windows 2003) has
>> the following configuration:
>> IP Address 192.168.1.1
>> Subnet Mask 255.255.0.0
>> Default Gateway 192.168.0.51
>> DNS Servers 192.168.1.1
>> 192.168.0.51
>> WINS Server 192.168.0.200
>>
>> - I also assume that this DC doesn't run any other services than "Active
>> Directory" and "DNS", if it does, please say which ones.
>> - What server is the "192.168.0.200"? Is it a DC or a dedicated WINS
>> server?
>>
>> - As already stated, you should NOT USE the "192.168.0.51" as secondary
>> DNS server. To remove it:
>> 1 - Remove the entry DNS entry "192.168.0.51" from IP adapter.
>> 2 - Go to command line and run the following command (without the quotes)
>> "ipconfig /flushdns"
>> 3 - Restart the DNS service on that DC.
>>
>> - The second step is to run the tests that I already mentioned in my
>> previous post (let me know if you need help with that).
>>
>> Assuming that everything is alright, now it's time to check the Server
>> (Windows 2008) to be added to your domain.
>>
>> According with your post, the windows 2008 server to be added has the
>> following configuration:
>> IPv4 Address 192.168.1.2
>> Subnet Mask 255.255.0.0
>> Default Gateway 192.168.1.1
>> DNS Servers 192.168.1.1
>> 168.95.1.1
>> Primary WINS Server 192.168.0.200
>>
>> - The first thing that comes into my head when I look at this
>> configuration, is that you're running these servers to lab purposes,
>> 16Bit mask address sounds pretty big for 2 servers only :) and can
>> complicate things.
>> Now:
>> - Where did the 168.95.1.1 come from?
>> - Again, What server is the "192.168.0.200"? Is it a DC or a dedicated
>> WINS server? Why it's in a different subnet?
>> - What is the purpose of that Windows 2008 new Server? Are you planning
>> RRAS for that server or something else?
>>
>> My opinion, is that you're trying to do something else than just adding
>> it to the domain, and that should explain the reason why you're adding it
>> so many addresses, perhaps if you explain your entire infrastructure and
>> your plans for that server we could better assist you with that.
>>
>>
>> --
>>
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>>
>>
>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>> news:FC491F9F-AD82-4703-A82C-C7F3A588FBCD@microsoft.com...
>>> Hi
>>> - Let's start with some basic testing.
>>> - First make sure that your existing DNS infrastructure is working
>>> correctly. To test that you may use some utilities like "nslint" or/and
>>> "dcdiag". Check the flag options for each tool, run the tests and search
>>> for errors in the output log.
>>> - Assuming that everything is ok, make sure that the DNS, allows dynamic
>>> records registration (this will be more secure if you've your DNS
>>> integrated with Active Directory "DNSAI" - and that is only possible
>>> when you have DNS configured in your DCs).
>>> - Then, check if you don't have any firewalls between or installed in
>>> the servers that may lock active directory and DNS port communications.
>>> - Use Nslookup on the server to be add to the domain, and test if it's
>>> correctly resolving the FQDN and DC.
>>> - After you check that DNS is working correctly and no communications
>>> issues exists, try the operation again. If it fails, take note of the
>>> error and post it here, additionally also check for errors in the event
>>> log.
>>>
>>> --
>>>
>>> I hope that the information above helps you.
>>> Have a Nice day.
>>>
>>> Jorge Silva
>>> MVP Directory Services
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>>
>>>
>>>
>>> "Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
>>> news:uvwoDfRjKHA.3792@TK2MSFTNGP02.phx.gbl...
>>>> Hi,
>>>>
>
>
Re: Win2008 Server join to Win2003 domain question [message #360852 is a reply to message #360607] Wed, 06 January 2010 08:46 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
news:eUZYjlqjKHA.4048@TK2MSFTNGP06.phx.gbl...
> Even I delete some "(same as parent)" entries, they seem come back later.
> By the way, the command in the nslookup
> ls -t srv _msdcs.testadservs.net
> Do I need to replace the testadservs.net to myns.mycom at all?
> Thanks again.
>

Yes, replace it with mycom.com. However, it's ok, you don't have to run it.
The ipconfig you posted is enough to diagnose it, as we already did, and you
have our recommendations to resolve it, one of which I agree with Meinolf is
to demote this machine to a member server and remove the DNS address
168.95.1.1.

Even if you delete the "(same as parent)" record, it will return
automatically. This is because the netlogon service is putting it back in.
That is one of the services running on the DC that ensures proper SRV
records are registered in DNS. However, since there are 10-15 addresses, the
service is registering all of them.

A web server should never be a DC. Any reason this machine is a DC? Is it
safe for you to demote it?

If you really want to keep it, as I mentioned earlier there are steps you
can perform to change a dmoain controller's default functionality that
include multiple registry changes. I forgot to post my blog link, which I
apologize. I posted it below. It shows you why this configuration is
detrimental on a DC, but if you want to keep it as a DC for whatever reason,
it shows steps to alter the configuration to work with multiple IPs,
multiple NICs and/or RRAS installed.

Multihomed DCs with DNS, RRAS, multiple IPs, and/or PPPoE adapters
http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihom ed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

I hope you find it helpful.

Ace
Re: Win2008 Server join to Win2003 domain question [message #361458 is a reply to message #360634] Wed, 06 January 2010 20:44 Go to previous messageGo to next message
Jason Huang  is currently offline Jason Huang  Taiwan
Messages: 60
Registered: September 2009
Member
Thanks so much!
I'm thinking demoting the Secondary DC (192.168.2.2) to just member server,
and put all .Net web applications on this member server. Then join the
Win2008 to the domain.
I would dcpromo another member server(192.168.1.15) as an AD Server, and
switch it to be the Primary AD server, cuz the current AD root server
192.168.1.1 is kind of old( 6 years old).


"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
???????:6cb2911dbcbd8cc5cd66e3aaeef@msnews.microsoft.com...
> Hello Jason,
>
> That your DCs are not in sync belongs to the above listd problem with
> multihoming and external DNS servers on the NIC.
>
> If they are over the tombstone lifetime, what i assume about the time
> limit error, the safest way is to kick out the machine, with the error
> listed, with dcpromo or dcpromo /forceremoval and check the AD database,
> DNS , AD sites and services etc. for old entries of it according to:
> http://support.microsoft.com/kb/555846/en-us
>
> Please run "repadmin /showrepl" and post the output here from both DCs.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Thanks a lot!
>>
>> The Win 2008 will NOT be a DC, just wanna join the Win 2003 MyCom.com
>> domain.
>> 192.168.0.200 is WINS Server, not a DC.
>> There are two DCs in my domain, 192.168.1.1(Primary) and 192.168.2.2
>> (Secondary).
>> These two DCs have problem to SYNC with each other, due to fail to
>> sync over
>> some time limit,
>> and these two DCs has DNS server running, but the Secondary has not
>> added
>> any zone yet.
>> Now these two DC's tcp/ip has to only 1 dsn: 192.168.1.1, and have
>> done the ipconfig/flushdns.
>>
>> The 168.95.1.1 is the ISP's dns.
>>
>> And I have also removed some "(same as parent)" (host) A entries from
>> the
>> 192.168.1.1 DNS service,
>> leaves only two "(same as parent)" (host)A entries: 192.168.1.1,
>> 192.168.2.2.
>> The reason that the DC 192.168.1.2 is multimhomed is because it is
>> also
>> working as the .Net web server,
>> we assigned each .Net web application with a 192.168.2.x ip.
>> We are planning to set up the the new Win 2008 Server as MS SQL Server
>> DB server, and I wanna remote logging to the Win2008 from my Win XP
>> which is logged on to my domain already.
>>
>> "Jorge Silva" <jorgesilva_pt@hotmail.com>
>> ???????:209F094F-9988-49EA-853C-D3ED4D0DF115@microsoft.com...
>>
Re: Win2008 Server join to Win2003 domain question [message #361524 is a reply to message #360632] Wed, 06 January 2010 22:45 Go to previous messageGo to next message
Jason Huang  is currently offline Jason Huang  Taiwan
Messages: 60
Registered: September 2009
Member
I'm wondering why a DC shouldn't run the SQL Server.


"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
???????:6cb2911dbcba8cc5cd5543d39b2@msnews.microsoft.com...
> Hello Jason,
>
> As Ace said a DC shouldn't run any other application, especially no web
> server, Exchange or SQL. Additional you have also the 168.x.x.x as DNS
> server on the NIC listed. So at least kick this out and maybe you are
> lucky, presonal i think it wan't even if the wrong DNS is removed.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Thanks.
>> The reason the another DC (name: kserver) has so many IP is because
>> it also
>> working as the host of .Net web server, and we have several .Net
>> application
>> running on line.
>> The known problem for the DC ksever is it's account can't sync with
>> the Primary DC.
>>
>> This is another DC ipconfig/all output:
>>
>> Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : kserver
>> Primary Dns Suffix . . . . . . . : mycom.com
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : mycom.com
>> com
>> Ethernet adapter ??u:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/0 CT Network
>> Connection
>> Physical Address. . . . . . . . . : 00-11-mm-aa-cc-80
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.2.222
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>> IP Address. . . . . . . . . . . . : 192.168.2.213
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>> IP Address. . . . . . . . . . . . : 192.168.2.209
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>> IP Address. . . . . . . . . . . . : 192.168.2.208
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>> IP Address. . . . . . . . . . . . : 192.168.2.207
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>> IP Address. . . . . . . . . . . . : 192.168.2.206
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>> IP Address. . . . . . . . . . . . : 192.168.2.205
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>> IP Address. . . . . . . . . . . . : 192.168.2.203
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>> IP Address. . . . . . . . . . . . : 192.168.2.202
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>> IP Address. . . . . . . . . . . . : 192.168.2.201
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>> IP Address. . . . . . . . . . . . : 192.168.2.130
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>> IP Address. . . . . . . . . . . . : 192.168.2.111
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>> IP Address. . . . . . . . . . . . : 192.168.2.2
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>> Default Gateway . . . . . . . . . : 192.168.0.51
>> DNS Servers . . . . . . . . . . . : 192.168.1.1
>> 168.95.1.1
>> Primary WINS Server . . . . . . . : 192.168.0.200
>>
>> The IP 192.168.0.200 is a real WINS Server's IP.
>>
>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
>> ???????:6cb2911dbba68cc5c008803a11b@msnews.microsoft.com...
>>
Re: Win2008 Server join to Win2003 domain question [message #361571 is a reply to message #361524] Thu, 07 January 2010 00:54 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Jason,

A DC is the heart of the domain and should only run it's basic tasks, AD,
DNS, GC and maybe DHCP. Any additional application requires additional performance
or more important depending on the application/role lowers security setttings
on a DC. Also if you have the need to demote the DC you have to be sure that
the SQL instances will work after demoting or you have to move SQL to another
server at that time.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I'm wondering why a DC shouldn't run the SQL Server.
>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
> ???????:6cb2911dbcba8cc5cd5543d39b2@msnews.microsoft.com...
>
>> Hello Jason,
>>
>> As Ace said a DC shouldn't run any other application, especially no
>> web server, Exchange or SQL. Additional you have also the 168.x.x.x
>> as DNS server on the NIC listed. So at least kick this out and maybe
>> you are lucky, presonal i think it wan't even if the wrong DNS is
>> removed.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Thanks.
>>> The reason the another DC (name: kserver) has so many IP is because
>>> it also
>>> working as the host of .Net web server, and we have several .Net
>>> application
>>> running on line.
>>> The known problem for the DC ksever is it's account can't sync with
>>> the Primary DC.
>>> This is another DC ipconfig/all output:
>>>
>>> Windows IP Configuration
>>>
>>> Host Name . . . . . . . . . . . . : kserver
>>> Primary Dns Suffix . . . . . . . : mycom.com
>>> Node Type . . . . . . . . . . . . : Hybrid
>>> IP Routing Enabled. . . . . . . . : No
>>> WINS Proxy Enabled. . . . . . . . : No
>>> DNS Suffix Search List. . . . . . : mycom.com
>>> com
>>> Ethernet adapter °??½u:
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : Intel(R) PRO/0 CT Network
>>> Connection
>>> Physical Address. . . . . . . . . : 00-11-mm-aa-cc-80
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.2.222
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>> IP Address. . . . . . . . . . . . : 192.168.2.213
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>> IP Address. . . . . . . . . . . . : 192.168.2.209
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>> IP Address. . . . . . . . . . . . : 192.168.2.208
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>> IP Address. . . . . . . . . . . . : 192.168.2.207
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>> IP Address. . . . . . . . . . . . : 192.168.2.206
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>> IP Address. . . . . . . . . . . . : 192.168.2.205
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>> IP Address. . . . . . . . . . . . : 192.168.2.203
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>> IP Address. . . . . . . . . . . . : 192.168.2.202
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>> IP Address. . . . . . . . . . . . : 192.168.2.201
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>> IP Address. . . . . . . . . . . . : 192.168.2.130
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>> IP Address. . . . . . . . . . . . : 192.168.2.111
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>> IP Address. . . . . . . . . . . . : 192.168.2.2
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>> Default Gateway . . . . . . . . . : 192.168.0.51
>>> DNS Servers . . . . . . . . . . . : 192.168.1.1
>>> 168.95.1.1
>>> Primary WINS Server . . . . . . . : 192.168.0.200
>>> The IP 192.168.0.200 is a real WINS Server's IP.
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
>>> ???????:6cb2911dbba68cc5c008803a11b@msnews.microsoft.com...
Re: Win2008 Server join to Win2003 domain question [message #361572 is a reply to message #361458] Thu, 07 January 2010 00:56 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Jason,

Make sure to have the replication problems solved/corrected before going
into deeper changes of the network.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks so much!
> I'm thinking demoting the Secondary DC (192.168.2.2) to just member
> server,
> and put all .Net web applications on this member server. Then join the
> Win2008 to the domain.
> I would dcpromo another member server(192.168.1.15) as an AD Server,
> and
> switch it to be the Primary AD server, cuz the current AD root server
> 192.168.1.1 is kind of old( 6 years old).
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
> ???????:6cb2911dbcbd8cc5cd66e3aaeef@msnews.microsoft.com...
>
>> Hello Jason,
>>
>> That your DCs are not in sync belongs to the above listd problem with
>> multihoming and external DNS servers on the NIC.
>>
>> If they are over the tombstone lifetime, what i assume about the time
>> limit error, the safest way is to kick out the machine, with the
>> error listed, with dcpromo or dcpromo /forceremoval and check the AD
>> database, DNS , AD sites and services etc. for old entries of it
>> according to: http://support.microsoft.com/kb/555846/en-us
>>
>> Please run "repadmin /showrepl" and post the output here from both
>> DCs.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Thanks a lot!
>>>
>>> The Win 2008 will NOT be a DC, just wanna join the Win 2003
>>> MyCom.com
>>> domain.
>>> 192.168.0.200 is WINS Server, not a DC.
>>> There are two DCs in my domain, 192.168.1.1(Primary) and 192.168.2.2
>>> (Secondary).
>>> These two DCs have problem to SYNC with each other, due to fail to
>>> sync over
>>> some time limit,
>>> and these two DCs has DNS server running, but the Secondary has not
>>> added
>>> any zone yet.
>>> Now these two DC's tcp/ip has to only 1 dsn: 192.168.1.1, and have
>>> done the ipconfig/flushdns.
>>> The 168.95.1.1 is the ISP's dns.
>>>
>>> And I have also removed some "(same as parent)" (host) A entries
>>> from
>>> the
>>> 192.168.1.1 DNS service,
>>> leaves only two "(same as parent)" (host)A entries: 192.168.1.1,
>>> 192.168.2.2.
>>> The reason that the DC 192.168.1.2 is multimhomed is because it is
>>> also
>>> working as the .Net web server,
>>> we assigned each .Net web application with a 192.168.2.x ip.
>>> We are planning to set up the the new Win 2008 Server as MS SQL
>>> Server
>>> DB server, and I wanna remote logging to the Win2008 from my Win XP
>>> which is logged on to my domain already.
>>> "Jorge Silva" <jorgesilva_pt@hotmail.com>
>>> ???????:209F094F-9988-49EA-853C-D3ED4D0DF115@microsoft.com...
Re: Win2008 Server join to Win2003 domain question [message #361746 is a reply to message #361571] Thu, 07 January 2010 06:39 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911dbdc08cc5d8e262e6182@msnews.microsoft.com...
> Hello Jason,
>
> A DC is the heart of the domain and should only run it's basic tasks, AD,
> DNS, GC and maybe DHCP. Any additional application requires additional
> performance or more important depending on the application/role lowers
> security setttings on a DC. Also if you have the need to demote the DC you
> have to be sure that the SQL instances will work after demoting or you
> have to move SQL to another server at that time.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

In addition, a DC once promoted, disables write-behind cache on the drive
controllers. SQL uses this feature for performance and transactional
logging. Same with Exchange. Disabling write-behind cache on the controller
affects performance as well, and impacts SQL and Exchange processes, besides
the fact that disabling this feature may hinder recovering emails or
database transactions during a power outage shutdown, but AD needs this
feature. And this feature cannot be enabled on a DC. If you change it, the
DC puts it back automatically within seconds. The only exception to the rule
is on SBS server, wihch was designed to deal with this condition.

Ace
Re: Win2008 Server join to Win2003 domain question [message #365359 is a reply to message #360558] Mon, 11 January 2010 14:09 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi
Is it ok, now?

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
news:uk9B9apjKHA.4500@TK2MSFTNGP06.phx.gbl...
> Thanks a lot!
>
> The Win 2008 will NOT be a DC, just wanna join the Win 2003 MyCom.com
> domain.
> 192.168.0.200 is WINS Server, not a DC.
>
> There are two DCs in my domain, 192.168.1.1(Primary) and 192.168.2.2
> (Secondary).
> These two DCs have problem to SYNC with each other, due to fail to sync
> over some time limit,
> and these two DCs has DNS server running, but the Secondary has not added
> any zone yet.
>
> Now these two DC's tcp/ip has to only 1 dsn: 192.168.1.1, and have done
> the ipconfig/flushdns.
>
> The 168.95.1.1 is the ISP's dns.
>
> And I have also removed some "(same as parent)" (host) A entries from the
> 192.168.1.1 DNS service,
> leaves only two "(same as parent)" (host)A entries: 192.168.1.1,
> 192.168.2.2.
>
> The reason that the DC 192.168.1.2 is multimhomed is because it is also
> working as the .Net web server,
> we assigned each .Net web application with a 192.168.2.x ip.
>
> We are planning to set up the the new Win 2008 Server as MS SQL Server DB
> server, and I wanna remote logging to the Win2008 from my Win XP which is
> logged on to my domain already.
>
>
>
>
>
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com>
> ???????:209F094F-9988-49EA-853C-D3ED4D0DF115@microsoft.com...
>> This is starting to sound messy...
>> You said: I want to join a Windows 2008 server to a Domain that has 1 DC
>> that is running With Windows 2003. IS THIS Correct?
>> Assuming yes, I assume that the new Windows 2008 server does NOT have to
>> be an additional DC, correct?
>>
>> Then you said that your existing DC (that is running Windows 2003) has
>> the following configuration:
>> IP Address 192.168.1.1
>> Subnet Mask 255.255.0.0
>> Default Gateway 192.168.0.51
>> DNS Servers 192.168.1.1
>> 192.168.0.51
>> WINS Server 192.168.0.200
>>
>> - I also assume that this DC doesn't run any other services than "Active
>> Directory" and "DNS", if it does, please say which ones.
>> - What server is the "192.168.0.200"? Is it a DC or a dedicated WINS
>> server?
>>
>> - As already stated, you should NOT USE the "192.168.0.51" as secondary
>> DNS server. To remove it:
>> 1 - Remove the entry DNS entry "192.168.0.51" from IP adapter.
>> 2 - Go to command line and run the following command (without the quotes)
>> "ipconfig /flushdns"
>> 3 - Restart the DNS service on that DC.
>>
>> - The second step is to run the tests that I already mentioned in my
>> previous post (let me know if you need help with that).
>>
>> Assuming that everything is alright, now it's time to check the Server
>> (Windows 2008) to be added to your domain.
>>
>> According with your post, the windows 2008 server to be added has the
>> following configuration:
>> IPv4 Address 192.168.1.2
>> Subnet Mask 255.255.0.0
>> Default Gateway 192.168.1.1
>> DNS Servers 192.168.1.1
>> 168.95.1.1
>> Primary WINS Server 192.168.0.200
>>
>> - The first thing that comes into my head when I look at this
>> configuration, is that you're running these servers to lab purposes,
>> 16Bit mask address sounds pretty big for 2 servers only :) and can
>> complicate things.
>> Now:
>> - Where did the 168.95.1.1 come from?
>> - Again, What server is the "192.168.0.200"? Is it a DC or a dedicated
>> WINS server? Why it's in a different subnet?
>> - What is the purpose of that Windows 2008 new Server? Are you planning
>> RRAS for that server or something else?
>>
>> My opinion, is that you're trying to do something else than just adding
>> it to the domain, and that should explain the reason why you're adding it
>> so many addresses, perhaps if you explain your entire infrastructure and
>> your plans for that server we could better assist you with that.
>>
>>
>> --
>>
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>>
>>
>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>> news:FC491F9F-AD82-4703-A82C-C7F3A588FBCD@microsoft.com...
>>> Hi
>>> - Let's start with some basic testing.
>>> - First make sure that your existing DNS infrastructure is working
>>> correctly. To test that you may use some utilities like "nslint" or/and
>>> "dcdiag". Check the flag options for each tool, run the tests and search
>>> for errors in the output log.
>>> - Assuming that everything is ok, make sure that the DNS, allows dynamic
>>> records registration (this will be more secure if you've your DNS
>>> integrated with Active Directory "DNSAI" - and that is only possible
>>> when you have DNS configured in your DCs).
>>> - Then, check if you don't have any firewalls between or installed in
>>> the servers that may lock active directory and DNS port communications.
>>> - Use Nslookup on the server to be add to the domain, and test if it's
>>> correctly resolving the FQDN and DC.
>>> - After you check that DNS is working correctly and no communications
>>> issues exists, try the operation again. If it fails, take note of the
>>> error and post it here, additionally also check for errors in the event
>>> log.
>>>
>>> --
>>>
>>> I hope that the information above helps you.
>>> Have a Nice day.
>>>
>>> Jorge Silva
>>> MVP Directory Services
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>>
>>>
>>>
>>> "Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
>>> news:uvwoDfRjKHA.3792@TK2MSFTNGP02.phx.gbl...
>>>> Hi,
>>>>
>
>
Re: Win2008 Server join to Win2003 domain question [message #365624 is a reply to message #365359] Mon, 11 January 2010 19:46 Go to previous messageGo to next message
Jason Huang  is currently offline Jason Huang  Taiwan
Messages: 60
Registered: September 2009
Member
Thanks.
The Win2008 server has joined the domain MyCom.com as a member server
successfully, and the server 192.168.2.2 is now also a member server with
lots of IPs working as the .Net web server.

"Jorge Silva" <jorgesilva_pt@hotmail.com>
???????:1F09260B-38FA-4CD2-8C23-5581D617504C@microsoft.com...
> Hi
> Is it ok, now?
>
> --
>
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
>
> "Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
> news:uk9B9apjKHA.4500@TK2MSFTNGP06.phx.gbl...
>> Thanks a lot!
>>
>> The Win 2008 will NOT be a DC, just wanna join the Win 2003 MyCom.com
>> domain.
>> 192.168.0.200 is WINS Server, not a DC.
>>
>> There are two DCs in my domain, 192.168.1.1(Primary) and 192.168.2.2
>> (Secondary).
>> These two DCs have problem to SYNC with each other, due to fail to sync
>> over some time limit,
>> and these two DCs has DNS server running, but the Secondary has not added
>> any zone yet.
>>
>> Now these two DC's tcp/ip has to only 1 dsn: 192.168.1.1, and have done
>> the ipconfig/flushdns.
>>
>> The 168.95.1.1 is the ISP's dns.
>>
>> And I have also removed some "(same as parent)" (host) A entries from the
>> 192.168.1.1 DNS service,
>> leaves only two "(same as parent)" (host)A entries: 192.168.1.1,
>> 192.168.2.2.
>>
>> The reason that the DC 192.168.1.2 is multimhomed is because it is also
>> working as the .Net web server,
>> we assigned each .Net web application with a 192.168.2.x ip.
>>
>> We are planning to set up the the new Win 2008 Server as MS SQL Server DB
>> server, and I wanna remote logging to the Win2008 from my Win XP which is
>> logged on to my domain already.
>>
>>
>>
>>
>>
>>
>> "Jorge Silva" <jorgesilva_pt@hotmail.com>
>> ???????:209F094F-9988-49EA-853C-D3ED4D0DF115@microsoft.com...
>>> This is starting to sound messy...
>>> You said: I want to join a Windows 2008 server to a Domain that has 1 DC
>>> that is running With Windows 2003. IS THIS Correct?
>>> Assuming yes, I assume that the new Windows 2008 server does NOT have to
>>> be an additional DC, correct?
>>>
>>> Then you said that your existing DC (that is running Windows 2003) has
>>> the following configuration:
>>> IP Address 192.168.1.1
>>> Subnet Mask 255.255.0.0
>>> Default Gateway 192.168.0.51
>>> DNS Servers 192.168.1.1
>>> 192.168.0.51
>>> WINS Server 192.168.0.200
>>>
>>> - I also assume that this DC doesn't run any other services than "Active
>>> Directory" and "DNS", if it does, please say which ones.
>>> - What server is the "192.168.0.200"? Is it a DC or a dedicated WINS
>>> server?
>>>
>>> - As already stated, you should NOT USE the "192.168.0.51" as secondary
>>> DNS server. To remove it:
>>> 1 - Remove the entry DNS entry "192.168.0.51" from IP adapter.
>>> 2 - Go to command line and run the following command (without the
>>> quotes) "ipconfig /flushdns"
>>> 3 - Restart the DNS service on that DC.
>>>
>>> - The second step is to run the tests that I already mentioned in my
>>> previous post (let me know if you need help with that).
>>>
>>> Assuming that everything is alright, now it's time to check the Server
>>> (Windows 2008) to be added to your domain.
>>>
>>> According with your post, the windows 2008 server to be added has the
>>> following configuration:
>>> IPv4 Address 192.168.1.2
>>> Subnet Mask 255.255.0.0
>>> Default Gateway 192.168.1.1
>>> DNS Servers 192.168.1.1
>>> 168.95.1.1
>>> Primary WINS Server 192.168.0.200
>>>
>>> - The first thing that comes into my head when I look at this
>>> configuration, is that you're running these servers to lab purposes,
>>> 16Bit mask address sounds pretty big for 2 servers only :) and can
>>> complicate things.
>>> Now:
>>> - Where did the 168.95.1.1 come from?
>>> - Again, What server is the "192.168.0.200"? Is it a DC or a dedicated
>>> WINS server? Why it's in a different subnet?
>>> - What is the purpose of that Windows 2008 new Server? Are you planning
>>> RRAS for that server or something else?
>>>
>>> My opinion, is that you're trying to do something else than just adding
>>> it to the domain, and that should explain the reason why you're adding
>>> it so many addresses, perhaps if you explain your entire infrastructure
>>> and your plans for that server we could better assist you with that.
>>>
>>>
>>> --
>>>
>>> I hope that the information above helps you.
>>> Have a Nice day.
>>>
>>> Jorge Silva
>>> MVP Directory Services
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>>
>>>
>>>
>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>>> news:FC491F9F-AD82-4703-A82C-C7F3A588FBCD@microsoft.com...
>>>> Hi
>>>> - Let's start with some basic testing.
>>>> - First make sure that your existing DNS infrastructure is working
>>>> correctly. To test that you may use some utilities like "nslint" or/and
>>>> "dcdiag". Check the flag options for each tool, run the tests and
>>>> search for errors in the output log.
>>>> - Assuming that everything is ok, make sure that the DNS, allows
>>>> dynamic records registration (this will be more secure if you've your
>>>> DNS integrated with Active Directory "DNSAI" - and that is only
>>>> possible when you have DNS configured in your DCs).
>>>> - Then, check if you don't have any firewalls between or installed in
>>>> the servers that may lock active directory and DNS port communications.
>>>> - Use Nslookup on the server to be add to the domain, and test if it's
>>>> correctly resolving the FQDN and DC.
>>>> - After you check that DNS is working correctly and no communications
>>>> issues exists, try the operation again. If it fails, take note of the
>>>> error and post it here, additionally also check for errors in the event
>>>> log.
>>>>
>>>> --
>>>>
>>>> I hope that the information above helps you.
>>>> Have a Nice day.
>>>>
>>>> Jorge Silva
>>>> MVP Directory Services
>>>>
>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>>
>>>>
>>>>
>>>> "Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
>>>> news:uvwoDfRjKHA.3792@TK2MSFTNGP02.phx.gbl...
>>>>> Hi,
>>>>>
>>
>>
Re: Win2008 Server join to Win2003 domain question [message #367343 is a reply to message #365624] Wed, 13 January 2010 14:06 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Ok, excellent.

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
news:OzV0xFzkKHA.2160@TK2MSFTNGP02.phx.gbl...
> Thanks.
> The Win2008 server has joined the domain MyCom.com as a member server
> successfully, and the server 192.168.2.2 is now also a member server with
> lots of IPs working as the .Net web server.
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com>
> ???????:1F09260B-38FA-4CD2-8C23-5581D617504C@microsoft.com...
>> Hi
>> Is it ok, now?
>>
>> --
>>
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>>
>>
>> "Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
>> news:uk9B9apjKHA.4500@TK2MSFTNGP06.phx.gbl...
>>> Thanks a lot!
>>>
>>> The Win 2008 will NOT be a DC, just wanna join the Win 2003 MyCom.com
>>> domain.
>>> 192.168.0.200 is WINS Server, not a DC.
>>>
>>> There are two DCs in my domain, 192.168.1.1(Primary) and 192.168.2.2
>>> (Secondary).
>>> These two DCs have problem to SYNC with each other, due to fail to sync
>>> over some time limit,
>>> and these two DCs has DNS server running, but the Secondary has not
>>> added any zone yet.
>>>
>>> Now these two DC's tcp/ip has to only 1 dsn: 192.168.1.1, and have done
>>> the ipconfig/flushdns.
>>>
>>> The 168.95.1.1 is the ISP's dns.
>>>
>>> And I have also removed some "(same as parent)" (host) A entries from
>>> the 192.168.1.1 DNS service,
>>> leaves only two "(same as parent)" (host)A entries: 192.168.1.1,
>>> 192.168.2.2.
>>>
>>> The reason that the DC 192.168.1.2 is multimhomed is because it is also
>>> working as the .Net web server,
>>> we assigned each .Net web application with a 192.168.2.x ip.
>>>
>>> We are planning to set up the the new Win 2008 Server as MS SQL Server
>>> DB server, and I wanna remote logging to the Win2008 from my Win XP
>>> which is logged on to my domain already.
>>>
>>>
>>>
>>>
>>>
>>>
>>> "Jorge Silva" <jorgesilva_pt@hotmail.com>
>>> ???????:209F094F-9988-49EA-853C-D3ED4D0DF115@microsoft.com...
>>>> This is starting to sound messy...
>>>> You said: I want to join a Windows 2008 server to a Domain that has 1
>>>> DC that is running With Windows 2003. IS THIS Correct?
>>>> Assuming yes, I assume that the new Windows 2008 server does NOT have
>>>> to be an additional DC, correct?
>>>>
>>>> Then you said that your existing DC (that is running Windows 2003) has
>>>> the following configuration:
>>>> IP Address 192.168.1.1
>>>> Subnet Mask 255.255.0.0
>>>> Default Gateway 192.168.0.51
>>>> DNS Servers 192.168.1.1
>>>> 192.168.0.51
>>>> WINS Server 192.168.0.200
>>>>
>>>> - I also assume that this DC doesn't run any other services than
>>>> "Active Directory" and "DNS", if it does, please say which ones.
>>>> - What server is the "192.168.0.200"? Is it a DC or a dedicated WINS
>>>> server?
>>>>
>>>> - As already stated, you should NOT USE the "192.168.0.51" as secondary
>>>> DNS server. To remove it:
>>>> 1 - Remove the entry DNS entry "192.168.0.51" from IP adapter.
>>>> 2 - Go to command line and run the following command (without the
>>>> quotes) "ipconfig /flushdns"
>>>> 3 - Restart the DNS service on that DC.
>>>>
>>>> - The second step is to run the tests that I already mentioned in my
>>>> previous post (let me know if you need help with that).
>>>>
>>>> Assuming that everything is alright, now it's time to check the Server
>>>> (Windows 2008) to be added to your domain.
>>>>
>>>> According with your post, the windows 2008 server to be added has the
>>>> following configuration:
>>>> IPv4 Address 192.168.1.2
>>>> Subnet Mask 255.255.0.0
>>>> Default Gateway 192.168.1.1
>>>> DNS Servers 192.168.1.1
>>>> 168.95.1.1
>>>> Primary WINS Server 192.168.0.200
>>>>
>>>> - The first thing that comes into my head when I look at this
>>>> configuration, is that you're running these servers to lab purposes,
>>>> 16Bit mask address sounds pretty big for 2 servers only :) and can
>>>> complicate things.
>>>> Now:
>>>> - Where did the 168.95.1.1 come from?
>>>> - Again, What server is the "192.168.0.200"? Is it a DC or a dedicated
>>>> WINS server? Why it's in a different subnet?
>>>> - What is the purpose of that Windows 2008 new Server? Are you planning
>>>> RRAS for that server or something else?
>>>>
>>>> My opinion, is that you're trying to do something else than just adding
>>>> it to the domain, and that should explain the reason why you're adding
>>>> it so many addresses, perhaps if you explain your entire infrastructure
>>>> and your plans for that server we could better assist you with that.
>>>>
>>>>
>>>> --
>>>>
>>>> I hope that the information above helps you.
>>>> Have a Nice day.
>>>>
>>>> Jorge Silva
>>>> MVP Directory Services
>>>>
>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>>
>>>>
>>>>
>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>>>> news:FC491F9F-AD82-4703-A82C-C7F3A588FBCD@microsoft.com...
>>>>> Hi
>>>>> - Let's start with some basic testing.
>>>>> - First make sure that your existing DNS infrastructure is working
>>>>> correctly. To test that you may use some utilities like "nslint"
>>>>> or/and "dcdiag". Check the flag options for each tool, run the tests
>>>>> and search for errors in the output log.
>>>>> - Assuming that everything is ok, make sure that the DNS, allows
>>>>> dynamic records registration (this will be more secure if you've your
>>>>> DNS integrated with Active Directory "DNSAI" - and that is only
>>>>> possible when you have DNS configured in your DCs).
>>>>> - Then, check if you don't have any firewalls between or installed in
>>>>> the servers that may lock active directory and DNS port
>>>>> communications.
>>>>> - Use Nslookup on the server to be add to the domain, and test if it's
>>>>> correctly resolving the FQDN and DC.
>>>>> - After you check that DNS is working correctly and no communications
>>>>> issues exists, try the operation again. If it fails, take note of the
>>>>> error and post it here, additionally also check for errors in the
>>>>> event log.
>>>>>
>>>>> --
>>>>>
>>>>> I hope that the information above helps you.
>>>>> Have a Nice day.
>>>>>
>>>>> Jorge Silva
>>>>> MVP Directory Services
>>>>>
>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>> rights.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> "Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
>>>>> news:uvwoDfRjKHA.3792@TK2MSFTNGP02.phx.gbl...
>>>>>> Hi,
>>>>>>
>>>
>>>
>
>
Re: Win2008 Server join to Win2003 domain question [message #367413 is a reply to message #365624] Wed, 13 January 2010 14:51 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Jason Huang" <JasonHuang8888@hotmail.com> wrote in message
news:OzV0xFzkKHA.2160@TK2MSFTNGP02.phx.gbl...
> Thanks.
> The Win2008 server has joined the domain MyCom.com as a member server
> successfully, and the server 192.168.2.2 is now also a member server with
> lots of IPs working as the .Net web server.
>


Good to hear. :-)

Ace
Previous Topic:need some help
Next Topic:Windows 2008 Upgrade
Goto Forum:
  


Current Time: Wed Jan 17 04:13:57 MST 2018

Total time taken to generate the page: 0.05031 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software