server2k3 R2 Domain Setup problem

[G-Stress]

Hey guys, got a ? I'm in the process of setting up a domain using Windows Server 2003 R2. Everything seems okay as far as the server machine, but when I try to add a workstation to the domain it can't find the domain. Also the server machine is not issuing out ip addresses.

my ip settings are as follows:

Server

=====

10.0.0.21

255.0.0.0

10.0.0.1 (Linksys Router static with DHCP disabled in the router)

DNS

===

127.0.0.1

10.0.0.21 <--- (also tried 10.0.01)

What I want is this server machine to give out ip addresses and be the dns server I don't want the router to do so. I am also doin a VTC course as I go along following directions as I watch the video's, but I think I'm missing something.

The router is now

10.0.0.1

255.255.255.0 (also tried 255.0.0.0)

I'm still also learning how to subnet it seems a bit complicated, but i'm trying.

I followed these links to first set it up

http://www.microsoft.com/technet/pro.../addomcon.mspx

http://www.microsoft.com/technet/pro.../domxppro.mspx

I posted a thread not too long ago about not being able to access the shares on this server machine also and I still cannot do that. However I can ping the machine. So weird, yet confusing.

I also tried with the class C address 192.168.1.x subnet 255.255.255.0 and still no luck.

My goal is just to join about 2-5 computers to this domain and setup and e-mail server for experience. Really looking to get my feet wet, this way I'll have a better understanding of how domains work.

[Sparda]

Did you enable the DNS service on the server?

[kickarse]

If your server is internal you should not have an ip of 10.X.X.X

If you have a small network your internal IP should be a class C IP.

You also should setup DHCP to assign addresses within the same subnet/ip range.

Simple setup for CORP.local AD domain

---> Router - External IP of 10.X.X.X - Internal IP 192.168.1.1

---> W2K3 R2 - Internal IP of 192.168.1.2 |Subnet 255.255.255.0 |Gateway 192.168.1.1 | DNS to 192.168.1.2

---> DHCP Scope of 192.168.1.3-254 | DNS Domain of CORP.local | DNS Server is 192.168.1.2 | Gateway 192.168.1.1 | Subnet 255.255.255.0

---> DNS - Forward lookup of your CORP.local domain and Reverse lookup of 192.168.1 | Forwarders to the Router IP I believe

---> Set your workstations to use the NETBios name CORP.local and be on DHCP. Make sure your workstations are Windows XP Professional or 2000 Pro. Home will not join a domain.

A good place for tutorials is www.petri.co.il

[G-Stress]

Guys thanks alot :D

@ Sparda, yes I did enable the DNS service, but not sure if it's configured properly. I do believe it's one problem as far as the clients connecting to the domain, because when I try to join, it gives me some type of DNS error like it couldn't find the srv records or something.

@ kickarse, so I should not use an 10. IP range for the domain? I thought the external IP should be the IP from my ISP?

I first started with a 2wire dsl modem/router. I had the router DHCP disabled with the router a staticly assigned IP of

10.0.0.1

255.0.0.0

Then I have the DHCP enabled on the server with a scope of

10.0.0.2 - 10.0.0.21 (.21 being the server staticly assigned IP)

I think I tried to set a scope of

10.0.0.1 - 10.0.0.21 but it gave me some type of error so I started with .2

This subnetting can get confusing. I'm doin a VTC server 2003 management course as I go along and configuring the server at the same time to learn and get hands on also. One thing that confuses me is what does a "Domain Controller" actually consist of? To my understanding from what I've studied so far it seems like it's just Active Directory?

Also kickarse your small tutorial here gives me a much better understanding of how to setup the routing part of the domain at least.

:D One thing just to make sure I understood right, is CORP.local the name of the domain? Also is it possible to change the name of the domain the options are greyed out as far as my computer, properties, computer name :?

Thanks again guys.

[G-Stress]

Oh forgot a bit of info:

How it's setup right now it's just the server machine, I have a linksys vonage router, or I can use the 2wire router and im just tryin to join one client machine with XP Pro SP2 then I'll go from there.

[G-Stress]

Ok kickarse, I just re-configured the server settings exactly as you specified except the domain name part "COPR.local" but it's still not seeing the DHCP server for some reason. Still gettin the APIPA addresses:( unless i configure it manually.

I am seriously startin to think this version of server is limited or someone modified it and re-created an iso. I'm gonna try probably using just 2k3 enterprise edition standard and hopefully i'll be good.

[kickarse]

The router always supplies an external address that can be forwarded to the internal IP of the server.

Easier way for now..

---- > Router External IP and DNS assigned by ISP

----------------

---- > Windows 2003 Enterprise or Business Server named "Server1" with a DNS suffix of your AD Domain CONTOSO.local (the tutorials from Microsoft says CONTOSO.local), IP 192.168.1.2

------- > DHCP with scope of 192.168.1.10-192.168.1.100, Subnet 255.255.255.0, Gateway 192.168.1.1 (Router), DNS 192.168.1.2 (Itself)

------- > Primary DNS Suffix should be whatever you setup your AD Domain as

------- > DNS (on 192.168.1.2) setup with a Forwarder of whatever your ISP provided for DNS | Forward (CONTOSO.local) and Reverse (192.168.1) lookup Zones should have been created when you installed AD

----------------

---- > Workstations should have the Primary DNS suffix of whatever your domain is | Workstation name "workstation1" DNS suffix "CONTOSO.local" ------- > Assigned IP by DHCP, should show up in the MMC Snap-In on the server for DHCP

------- > The DNS Snap-In on the server should show that "workstation1.CONTOSO.local" has been resolved in the Forward/Reverse Zone and the server itself has been resolved

------------------------------

hmmm... that site really helps though explain it much better than I can. Hope it helps.

[G-Stress]

:D Thanks again kickarse, I think the primary DNS suffix is where I have been messing up on. They haven't mentioned that in the VTC modules yet, but of course i'm only about 1/4 into it, cause everytime I tried to add my client it gave me a DNS error:

A domain controller for mydomain.com could not be contacted, then in the more details, gives me a hex error code and "DNS name does not exsist".

However I was finally able to access my network shares, I installed a different version of 2k3 last night Enterprise Edition. It's an evaluation copy and what's weird is when you let it autorun or during setup it said Windows 2003 Server Family, but it's Enterprise.

Another weird thing is I created my scope and static IP's as you specified above exactly and disabled DHCP in both routers and staticly assigned 192.168.1.1 to the router, but for some reason it is still givin me an IP. I thought Everything worked fine but the router has to be givin me an IP cause I unplugged the server from the router and I still had net access and a good IP. I figured it'd go to an APIPA address without the server being plugged in if it was all correclty setup.

I'm gonna try the steps you just mentioned right now and I think I might be arlight, i hope:)

2 ?'s

1. Is it possible I can change the domain name on the server without reinstalling AD

2. To join the domain from the client machine I just right click my computer, computer name, change, select join a domain and enter it in as: mydomain.com

just want to make sure I'm doin it correctly :) Thanks again man.

[kickarse]

Happy to help...

For 1... yes it's possible, but you don't want to do it. It really messes things up. Actually Win2k3 is the only version of windows server that's allowed changing of the domain name.

For 2... yes that's correct :)

[G-Stress]

hmmm... :? I followed your recently mentioned steps and still got the same issue. 2 things, I still cannot join the domain im still gettin the DNS error, I think I added the suffix right, in the TCP/IP properties in the advanced button and DNS tab at the bottom I added the DNS suffix server.mydomain.org

I can't reach the DHCP server for some reason, but staticly assigned on my client

192.168.1.4

255.255.255.0

192.168.1.1

192.168.1.2

I can talk to the server and view shares, but no net access. I'm sure it's a DNS thing as far as net access, but im not worried about net right now.

server

192.168.1.2

255.255.255.0

192.168.1.1

127.0.0.1

192.168.1.2

I'm not sure I have DNS configured properly on the server i'm gonna mess with it probably all night. I just don't understand why the DHCP isn't given me an IP

with my scope of

192.168.1.3/254 :(

DHCP disabled in the router and i even tried setting scope and server options and checking the router box and listing the router IP there and the DNS box and listing the dns, 192.168.1.2 there:(

[G-Stress]

This right here sounds like this might be my biggest problem preventing me from joining the domain: http://www.petri.co.il/active_directory_srv_records.htm

but im not sure how to edit that netlogon.dns to add entries to it if that's what I need to do.

[G-Stress]

I'm thinkin this could also be a router config issue. One thing i'm sure will help me understand things alot better, is how can the client machine see the DHCP server and DNS server when going through the router?

Of course DHCP is disabled in the router with the .1.1 statically assigned address, but don't see know DNS config options unless I need to add static DNS and actually I think I tried that last night.

I just tried something with forwarders and I listed my ISP DNS addresses cause it sounded as if the DNS queries sent to the server will get forwarded to the ISP servers to return net results.

what would be nice is a more user friendly segment, possibly with a setup of

Server: 2k3 Enterprise

Commonly linksys, etc. router

and a few clients with different OS's.

Anybody else think so?

[kickarse]

Easiest thing to do is let your router give DHCP addresses for your internal lan for that scope.

Give your Win2k3 box an IP, subnet, and gateway that is correct for you to be able to get on the internet with the Win2k3 box.

Setup a workstation (do not join a domain, just a workgroup) that gets DHCP from the router and check that you can get on the internet. Make sure it's IP is in the same subnet and IP range of the Win2k3 box.

Setup a new install of Win2k3 Enterprise of Business Editions. Setup AD as described in the following...

http://www.petri.co.il/how_to_install_acti...indows_2003.htm

Make sure you have an administrator account that's a domain admin. One that has the ability to add computers to the network.

Then on the workstation go into where you change of the name of the computer. Go into the "more" button and change the Primary DNS suffix to the domain name you have, like CONTOSO.local. Because it wasn't an NT4 domain at one point you will join to the domain CONTOSO.local not CONTOSO, I believe.

Have fun!

[G-Stress]

Thanks kickarse, for all your help/advice. I'm gonna get deep into it this weekend and try a few different things and i'm sure from what you've told me and after finishing the module I should be able to figure it out :D

[G-Stress]

I got a ? about FTP if ya don't mind. What i'm tryin to avoid is using a 3rd. party app, but if it'd be better i'll go that route.

My ? is, i'm running an FTP server of course, everything is fine, but what I want is only one user to have write access. What I did was create a directory on the FTP server and made it hidden that way only I know it's there. I added one specific user full access to that directory and there is no NTFS deny permissions at all on this directory.

I can access it just fine, but in order to write to it I need to enable write access in IIS. What I liks is that I specified a user account to access the server in which I give to trusted persons, but I can also access it with any user account on that box. I would just like to know is there a specific setting that needs to be applied for only 1 user to have write access cause if I enabled it in IIS then all users who know the username and pass can write. Also I'm not allowing anonymous connections.

I may be able to figure it out I didn't mess with that too much, but I figured it wouldn't hurt to ask :)

[kickarse]

I don't remember how to setup IIS's FTP. What I do remember is that it wasn't very robust and we ended up going with a 3rd party program.

Make sure that Anonymous FTP authentication is OFF. Create a user group that has access to that resource only, through the IIS Snap-In.

http://www.microsoft.com/technet/prodtechn...0.mspx?mfr=true

http://technet2.microsoft.com/WindowsServe...3.mspx?mfr=true

http://technet2.microsoft.com/WindowsServe...3.mspx?mfr=true

http://support.microsoft.com/kb/812614

We did use only IIS FTP for a while successfully. But, I don't remember how we set it up.

Just found this

http://www.whenpenguinsattack.com/2006/02/...-6-ftp-service/

[G-Stress]

Thanks man :D Also I think I got the domain part finally figured out, there was one setting off in the DNS, it was set to allow on Secure updates in which I changed to Nonsecure and secure and I re-installed AD. Then when joining the domain instead of mydomain.org I just put mydomain and it prompted me for username and pass so I know I got something right. Still haven't gotten the DHCP server to give ip's out and I went back to s2k3 R2 I'm determined now :D I shall figure it out then come up with a plan to conquer the world