DHCP DNS DualServer configuration error: Server is not authorized - dns

I'm currently using Dual DHCP DNS Server for my project to do replications and failover within my network system.
I followed the instructions clearly on doing Zone replications, but I keep getting an error message on "Server is not authorized". Thus I am unable to replicate my configurations from the primary sever to the secondary server.
This is the excerpt from my config.ini in the DUAL DHCP DNS Server folder.
[ZONE_REPLICATION]
Primary=192.168.20.1
Secondary=192.168.20.2
Does anyone know what this is caused by? Firewall/Wrong configurations, etc?

Under the section [DOMAIN_NAME] You should put the domain name as:-
[DOMAIN_NAME]
landed.com=168.192.in-addr.arpa
The second part (168.192.in-addr.arpa) is reverse zone, based on your subnet. Both these parts are required for an authorized operation and authorized servers can only do replication.

Related

Hostname not resolving to IP addresses for Linux computers in an AD Domain

I am joining Linux and Windows instances to an AD domain (). The machines are joining fine to the domain and I can use ssh/RDP using the AD credentials to login to the machines post domain join.
I can also get all the computer objects (host names) by running Get-ADComputer -Filter * on a windows server and providing the domain credentials. The issue is that, the host names for Linux based computers are not resolving to an IP address. Whereas all Windows hosts are resolving fine.
nslookup <windows-host> is returning host's FQDN and the IP address.
nslookup <linux-host> is returning Non-existent domain.
P.S: All these resources (windows and Linux hosts) are in the same network, using same DHCP/DNS server and can communicate to each other with no issues. Also I can resolve and connect to the AD domain from all these hosts
Any idea why this could be happening and how to resolve this ?
My use case is to get the IPs of all the computer objects in my AD domain.
Normally when using DHCP Windows will attempt to register its own A and possibly PTR records in the configured DNS, not sure about Linux. You may configure your DHCP server to update DNS for the clients (instead of leaving it to the clients themselves), i.e.:
To configure a DHCP server to register and to update client information with its configured DNS servers, follow these steps:
Open the DHCP properties for the server
Click DNS, click Properties, click to select the Enable DNS dynamic updates according to the settings below check box, and then click Always dynamically update DNS A and PTR records.
Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003

Remote Access Setup: The subject name of the network location server certificate does not resolve correctly

Doing a quick setup of DirectAccess on Server2k19.
One nic card, NAT'd behind a firewall.
Server is PDC and will act as all parts of DirectAccess (RAS, NLS, and Application Server).
In the Remote Access Setup, everything is configured but when trying to Finish and apply, its giving me "The subject name of the network location server certificate does not resolve correctly. Ensure that the name resolves to the IP address of the internal network adapter of the server".
Domain Forest is acme.local and the Network location server is set to use a self-signed certificate, which defaults to:
S=Texas, C=USA, O=Dell Inc., L=Round Rock, CN=SERVER.acme.local
The DNS Forward Lookup zone has a record for SERVER as SERVER.acme.local. and points to the internal local IP of the server 192.168.0.8
Ive also added the same A records in DNS for : directaccess-webprobehost and directaccess-corpconnectivityhost -- both pointing to the same 192.168.0.8 IP
What am I doing wrong? I'll answer any questions promptly if there's more to drill down to. Thanks in advance.
Just try to update the group policy by the following command and then try it's working.
gpupdate /force

Azure hybrid connections "No such host is known"

I have a simple Asp.Net Core Azure Web App that needs to make a http get request to an on-premise Rest service. This Rest service is hosted on IIS with bindings set only for port 443. I've setup a new Hybrid Connection in Azure and added it to the Web App. At the on-prem side, I've installed Hybrid Connection Manager and entered the connection string for the Hybrid Connection - this now shows as "Connected".
Problem is, when executing the line of code that makes the get request, the following error is thrown:
System.AggregateException: One or more errors occurred. (No such host is known) ---> System.Net.Http.HttpRequestException: No such host is known ---> System.Net.
There's an interesting blog post here: Microsoft Blog which states that the connections should be setup without using the fully qualified domain name (FQDN) - server name suffixed with organisation.co.uk. However, as far as I can tell, the SSL certificate for the Rest service requires the FQDN - otherwise it presents the error
There is a problem with this website’s security certificate
Does anyone know how to troubleshoot and work around this problem?
The first error is probably a DNS issue. As that blog mentioned
If you are using a fully-qualified domain name, you need to ensure
that it’s a name that can be resolved within your local network. (In
some cases, customers are running DNS in the local network, and it’s
that local DNS service that resolves the name.)
So, If you have to use FQDN in the connection string for the Hybrid Connection. You could use an FQDN which only could be resolved by local DNS service.
Alternatively, you could try to edit the hosts file to make DNS lookup preferably inside the on-premise network. Add a line in Rest service server hosts file (located in %WINDIR%\system32\drivers\etc) mapping the IIS server's IP to a name.
For example:
192.168.0.50 serverFQDN
More details, Refer to this.

How do I connect to an AD domain controller in Azure?

I'm working through an Azure tutorial on MSDN as suggested by #BrentDaCodeMonkey. Basically, I'm trying to learn how to set up a Windows domain, so I can use it for a some other SQL Server tutorials. See my previous question here.
I'm running into a problem where I cannot connect my servers to my Active Directory Name Controller. When I try to add my domain name to the server in System Properties, I get an error message instead of the Windows Security popup dialog.
An Active Directory Name Controller (AD DC) for the domain "corp.ejm.com" could not be contacted. Ensure that the domain name is typed correctly. [...] The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Name Controller (AD NC) for domain "corp.ejm.com"; The error was: "This operation returned because the timeout period expired."
Note that I am able to verify the DC's IP address, with nslookup in the command prompt.
Complicating this issue is that the tutorial instructions don't exactly match what I'm seeing in Azure. For example, I'm not allowed to use Windows Server 2008 R2 SP1 when setting up SQL Server virtual machines. I had to use Windows Server 2012 for those, but still used 2008 for the DC. I thought that the problem might be a conflicting operating systems, so I tried running the tutorial again using Windows Server 2012 for everything. Same error message.
Also note: the tutorial says that I should use the example domain, corp.contoso.com. I used my own example domain instead, corp.ejm.com. I'm wondering if this has something to do with it. My example domain is not registered on the Internet.
Connect to the DC VM and find out its IPAddress (10.*).
Go to the virtual network configuration and set the DNS server IP Address to that.
Also make sure you use this IP Address during step #8 in install SQL VMs section.
Now try joining the SQL VMs to the domain.
Hope this helps.

DHCP Server not Authorized

I have two Active Directory servers performing both authentication and DNS.
One server is 2003 and the other is 2008. It is my understanding that there is no primary Domain server in this scenario and that everything will replicate from 2003 to 2008 without issue.
I have a 3rd virtual 2008 server which has been preforming DHCP for over 2 years without a problem.
It is now appearing that I cannot properly authorize DHCP (Red downward arrow).
When I attempt authorization, I do not get an error. It simply does not function and appears to not be authorized. I also tried netsh for authorization.
I have an error in the logs of the DHCP stating:
"The DHCP Service failed to see a directory server for Authorization"
One change that was made recently was that I tried to revive the old physical DHCP server for performing another service. I changed the IP and the Computer name before I networked it. I have since turned it off, but I believe that this is when the problem began.
What is the problem?
Additionally, are one of the AD servers more primary in the authorization of DHCP, or are they of equal authority?
Thanks
Note: I have removed all outdated entries regarding DHCP from DNS.
Also, forest functionality level is set to Windows 2000, though we have nothing on our network older than XP.
Your first domain controller in your network is the "primary" domain controller. The primary domain controller keeps 5 FSMO roles of the entire Active Directory forest.
In your case, I think there might be some problems with DNS. Most of these types of problems were caused by DNS. You can try to use DCDiag utility to test the connection and DNS configuration from both domain controllers.
After fixing your DNS, you might want to restart the Net Logon service on both Domain Controller to refresh the SRV Record.
In the worst case that it happens to me, I had to dis-join the DHCP server (standalone server) from the domain, and join it back it, re-authorize it with AD.

Resources