DHCP Server not Authorized - dns

I have two Active Directory servers performing both authentication and DNS.
One server is 2003 and the other is 2008. It is my understanding that there is no primary Domain server in this scenario and that everything will replicate from 2003 to 2008 without issue.
I have a 3rd virtual 2008 server which has been preforming DHCP for over 2 years without a problem.
It is now appearing that I cannot properly authorize DHCP (Red downward arrow).
When I attempt authorization, I do not get an error. It simply does not function and appears to not be authorized. I also tried netsh for authorization.
I have an error in the logs of the DHCP stating:
"The DHCP Service failed to see a directory server for Authorization"
One change that was made recently was that I tried to revive the old physical DHCP server for performing another service. I changed the IP and the Computer name before I networked it. I have since turned it off, but I believe that this is when the problem began.
What is the problem?
Additionally, are one of the AD servers more primary in the authorization of DHCP, or are they of equal authority?
Thanks
Note: I have removed all outdated entries regarding DHCP from DNS.
Also, forest functionality level is set to Windows 2000, though we have nothing on our network older than XP.

Your first domain controller in your network is the "primary" domain controller. The primary domain controller keeps 5 FSMO roles of the entire Active Directory forest.
In your case, I think there might be some problems with DNS. Most of these types of problems were caused by DNS. You can try to use DCDiag utility to test the connection and DNS configuration from both domain controllers.
After fixing your DNS, you might want to restart the Net Logon service on both Domain Controller to refresh the SRV Record.
In the worst case that it happens to me, I had to dis-join the DHCP server (standalone server) from the domain, and join it back it, re-authorize it with AD.

Related

Can local workstations connect to a Azure-hosted domain controller over the internet?

Can I migrate my domain into Azure and still allow local workstations to join that domain? I currently have a setup of 7 workstations and 1 server. I'd like to move the server into Azure. It's the domain controller, DNS, AD, and file server. Is my scenario possible? I would just like to make it seem as if the workstation doesn't know the difference other than its now connecting to a different server. The end user would still work as they used to as well. I've found a lot of info on joining other Azure VMs to a Azure-hosted domain controller, but nothing like I'm looking for. It's for a small business setup and I'm new to Azure, but instead of replacing aging server hardware, I'd rather move it to the cloud. If only certain services are possible, that's fine, the minimum requirement would be just being able to setup a domain. I can setup file services through other methods if need be. Thanks!
According to the Description of support boundaries for Active Directory over NAT
The Microsoft statement regarding Active Directory over NAT is:
Active Directory over NAT has not been tested by Microsoft.
We do not recommend Active Directory over NAT.
Support for issues related to
Active Directory over NAT will be very limited and will reach the
bounds of commercially reasonable efforts very quickly.
The problem is that as part of the connection sequence the AD server will send its local IP Address for the client to connect to, so the client will attempt to connect to the address behind NAT.
The only way you can connect a client to an AD VM is to go through a virtual network. So as long as you had a site to site VPN your clients wouldn't notice any difference.

Intranet Domain name without domain

We have an internal webserver, I made a user on this server (Openlogic 6.6, Centos Web Panel installed).
the domain : testnet.company.local
In the dns I have a record testnet which resolves to the ip of the server.
In a browser when you go to "http://testnet.company.local/application" it works.
But if I want users to be able to go to testnet/application or just to "http://application" what are the steps I need to take? Is this possible? Our DNS server is a Windows Server 2012.
Do the users have a common search list on their machines? I don't suggest using barewords as DNS names without some serious investigation.
However, say, for example, that all of your users have company.local in their searchlist. You can then add "testnet" to the company.local DNS zone and it will resolve because the user's machines will automatically add "company.local" to the request.

How do I connect to an AD domain controller in Azure?

I'm working through an Azure tutorial on MSDN as suggested by #BrentDaCodeMonkey. Basically, I'm trying to learn how to set up a Windows domain, so I can use it for a some other SQL Server tutorials. See my previous question here.
I'm running into a problem where I cannot connect my servers to my Active Directory Name Controller. When I try to add my domain name to the server in System Properties, I get an error message instead of the Windows Security popup dialog.
An Active Directory Name Controller (AD DC) for the domain "corp.ejm.com" could not be contacted. Ensure that the domain name is typed correctly. [...] The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Name Controller (AD NC) for domain "corp.ejm.com"; The error was: "This operation returned because the timeout period expired."
Note that I am able to verify the DC's IP address, with nslookup in the command prompt.
Complicating this issue is that the tutorial instructions don't exactly match what I'm seeing in Azure. For example, I'm not allowed to use Windows Server 2008 R2 SP1 when setting up SQL Server virtual machines. I had to use Windows Server 2012 for those, but still used 2008 for the DC. I thought that the problem might be a conflicting operating systems, so I tried running the tutorial again using Windows Server 2012 for everything. Same error message.
Also note: the tutorial says that I should use the example domain, corp.contoso.com. I used my own example domain instead, corp.ejm.com. I'm wondering if this has something to do with it. My example domain is not registered on the Internet.
Connect to the DC VM and find out its IPAddress (10.*).
Go to the virtual network configuration and set the DNS server IP Address to that.
Also make sure you use this IP Address during step #8 in install SQL VMs section.
Now try joining the SQL VMs to the domain.
Hope this helps.

Windows Server 2008 DNS under router

so I did an install of Windows Server 2008 Enterprise on a spare system i have and configured it for a local domain (xxxx.local). Now my issue is, if I use my home router (192.168.1.1) for a default DNS, it does not pick up the domain controller. But if i configure the IP of the system for the DNS to be the DC (192.168.1.15) it picks up the domain and everything works like candy and puppies. But now I have another issue, I cannot connect to any other system on the network (which is a problem considering I have another machine that houses my SQLServer 2012 for my testing), which I need to be able to do. Is there a way to configure the DNS of the router to pick up on the domain controller instead of using the domain controller as a DNS within itself? Or at least get the DNS service on the DC to show other systems on the network?
I never set a secondary DNS for the server, so it could never reach out to the local network. After setting a loopback for the primary and the router's ip address as the secondary dns, i can now see all the other computers on the network.

Point/Send domain name to website on Windows Server 2008 R2

Okay, can't seem to find a great article or info on this. My client purchased a domain for his company (domain.com) through Network Solutions. He has a local server running Windows 2008 R2 that he wants to host his company's website on. I've created the website and have it running with Apache on localhost. The server does have a static IP, but when I visit it, I'm prompted for credentials (user, password) which is expected as it's meant to be protected.
My question:
How would I point the domain to the website on his server?
From what I've researched, I have options that include:
Pointing the domain to the static IP (what about the credentials?)
Creating A and CNAME records for the DNS server on Network Solutions
Setting up a local DNS server w/ Active Directory on the Windows machine
Creating a couple name servers that would tell Network Solutions
where to send the domain
It's safe to say I'm effectively confused, so any help would be very much appreciated.
So basically you have to associate the domain name to the IP address, and that is done using DNS.
I'd suggest option 2 where you let Network Solutions manage the DNS, and you create an A record for www.domainname.com that points to the IP address on your server. Keep in mind it might take 24-48 hours for this new record to propagate across the internet. Take a look at http://www.networksolutions.com/support/dns-manager-advanced-tools/ and http://www.networksolutions.com/support/a-records-ip-addresses/
Regarding the credentials prompt, I assume you are using IIS and so you'd want to check the Authentication settings for the site. If you want anonymous access to the site, you would enable it there.

Resources