[ncjks]

I have two Win2K servers. Call them Server01 and Server02. Server01 runs a web host and Server02 is used for development and as a printer server.

I have a domain name call it, mydomain.com, and it's registered with register.com and it points to my static IP address that I get from my ISP.

Inside my ISP's modem, I have a the Linksys router and it sends all the web traffic to my web host server.

I have three other computers running WinXPPro. Call them Client01, Client02 and Client03. I could not get them to share the printer on the server so I set up Active Directory and made it a domain controller naming the domain mydomain.com.

Now, when I'm looking at Client01 and I try to join the domain mydomain.com I get the error "Cannot Connect to Domain Controller for mydomain.com"

Is the problem that Client01 is going to the internet to find mydomain.com, finds register.com which says mydomain.com is my web host and there's no domain controller there?

Is the fix a DNS record on Server02 that says mydomain.com is Server02?

Where do you go to learn how this works?

-ncjks

[Advertisements]

Add the DHCP role to your printer server. The role will enable it to issue dhcp addresses to all the active directory computers. Configure all the client computers to use the static ip of the DHCP server as their DHCP server. They will now ask for an address from this server everytime they are turned on. Enabling them to correctly use active directory.

-=jonnyrotten=-

[-=jonnyrotten=-]

Add the DHCP role to your printer server. The role will enable it to issue dhcp addresses to all the active directory computers. Configure all the client computers to use the static ip of the DHCP server as their DHCP server. They will now ask for an address from this server everytime they are turned on. Enabling them to correctly use active directory.

-=jonnyrotten=-

[ncjks]

Do I disable the dhcp on the linksys router?

and I presume I add the DHCP role in computer management somewhere like "services"

-ncjks

[-=jonnyrotten=-]

Oops, forgot about that. No you can leave that on and don't set it up on the domain controller. Did you make sure to join the client computers to the domain? Once you install active directory you have to make "computer" accounts on the server. These are different than "user" accounts. You need to go to "administrative tools" and "active directory users and computers". You can then right click on your domain controller (it will be in the left pane) and add users, computers, groups, etc.... Make computer accounts and user accounts. You should then be able to log in as any one of the user accounts you created from anyone of the client computers. Also before you do any of that I believe that once you "dcpromo" to active directory you must go to "active directory users and computers" and right click the new domain controller and "authenticate" it. Then you can make the computer accounts and so on.

-=jonnyrotten=-

[hueydok]

Here are a few real pointers for ncjks:

1) ALL computers on your network must have an IP address from the same network scope (i.e. 192.168.120.x) - including your Linksys router. In order to achieve this you either have to assign static IP's to all clients (you should have already given your domain controller a static IP), allow your Linksys router to act as a DHCP server, or you must install the DHCP server on the DC. You can turn off the DHCP function on the Linksys router - but if you do, you should configure the Windows 2000 DHCP server to assign IP addresses in the same subnet as the internal (LAN) IP address of the Linksys -or else the clients will not be able to browse the Internet. However - before you do that, see 2 below.

2) You must be able to resolve domain names to IP addresses (and vice versa) on your internal network. In Active Directory, this must be accomplished using DNS, which should also be installed on your Domain Controller. You will have to create a Forward Lookup Zone, the name of which should match whatever you are calling your domain. NOTE: The lack of a properly functioning DNS server is why your clients cannot find the Domain Controller - they are looking for a DNS record that informs them of the name, type and location of the Active Directory server (which in this case will be the same physical server, but the record must still exist).

3) If you choose to implement W2K DHCP, you must configure it with the network range you want to use, subnet mask, etc. You must also configure it to deliver a gateway address that is the same as the LAN address of your Linksys router - if not, they will not know how to access anything beyond your local network. Once DHCP is configured, you must then "authorize" the DHCP server after it is installed. This registers the server with Active Directory so that rogue servers cannot be introduced onto a network. This can be done using the DHCP MMC snap-in.

3.5) In reply to the other reply, note that you never have to tell your clients the IP address of the DHCP server - if configured for DHCP (the default) they will automatically broadcast and find any DHCP server on the network. Also, you do not 'authorize' the domain controller - only a DHCP server.

4) Once all of this is completed, your clients should be able to find the domain controller during an attempt to add them to the domain. Note that I do not recommend you create Computer accounts manually within Active Directory - let the account be automatically created when joining the computer to the domain.

Give these steps a shot and post your results...then we can address your printer needs.

[-=jonnyrotten=-]

I'm in agreement with Huey on this one. Nice explanation

-=jonnyrotten=-

[ncjks]

The Linksys router has an inside and an outside IP address.

The outside IP address is static.

Inside, it's 192.168.1.1

The Subnet mask is 255.255.255.0

DHCP is enabled with IP addresses starting at 192.168.1.100

The router forwards all ports to the web server, Server01, at it's IP address, 192.168.1.7

The domain controller, Server02 is 192.168.1.8.

The WinXP clients report IP address of 192.168.1.100, 101 and 102 as expected which means the router's DHCP is working as expected.

I have installed AD and DNS on Server02.

When I installed DNS, it already had a forward lookup zone mydomain.com.

In it, it had a couple folders that all started with _ like _msdc, _sites, _tpc and _udp. It also had Server02 with the correct 192.168.1.8 and client01 with the correct 192.168.1.100. I had already created the computer account for Client01 in AD. The other two clients are not listed in DNS.

I go to Client01 and right click on MyComputer and select Properties. I click on the Network Identification tab. I click on NetworkID to run the wizard. I enter user name and password as listed in AD. I enter the domain name mydomain.com. It stops and tells me "Windows cannot find an account for your computer on mydomain.com." and it asks me for my computer name and domain and I tell it Client01 and mydomain.com and it tells me:

Domain Controller for mydomain.com could not be contacted.

It gives me details as follows:

An error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain mydomain.com.

The error was: "No records found for given DNS query."
(error code 0x0000251D DNS_INFO_NO_RECORDS)

The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomin.com

For more information, click Help.

I click Help and it tells me to run nslookup.

I run nslookup and I get this:

Default Server: ns.myisp.com
Address: 205.xxx.xxx.xxx

So it would seem that Client01 has not been told to look at Server02 for DNS. The router owns DHCP but I do not see a preferred DNS setting in it's configuration utility. I could assign preferred DNS statically to Client01 using 192.168.1.8 first and then my isp's dns servers after that or I can disable DHCP on the router and install DHCP on the server.

Questions: These domain names and such are not case sensitive are they? I know the passwords are.

What about the default gateway on the clients? They point to the router and, I presume the router sends them on to the internet via my ISP. If I disable DHCP on the router and install it on Server02, how do the clients know to ask Server02 for an IP address when it boots up?

Thanks for helping!
ncjks

[-=jonnyrotten=-]

DHCP should be installed on the domain controller. When a computer is configured to obtain an IP via DHCP it sends out a DHCP broadcast packet. This means it is sending a request out over the network for an IP and the DHCP server will answer that request and assign an IP. Disabling the DHCP service on the router is definitely the correct procedure. You must then enable it on the domain controller. Make sure all the clients are configured to use DHCP and the rest will be taken care of when they broadcast for an IP.

-=jonnyrotten=-

[ncjks]

Thanks for that nudge JR. I was beginning to realize that I'd have to move DHCP to the server. I'd be even more grateful if you could help me understand these issues:

I think the dcpromo thing is moot since, when I created the Domain Controller, I created it as the "first" in the domain and it's got a Start of Authority record in the DNS and I've created a user record for myself and a computer record for Client01.

Assume I disable DHCP on the router and enable DHCP on Server02. When Client01 boots, you say its going to scream for an IP address and if the router DHCP is turned off, Server02 will hear the scream and provide an IP address. That'll be great because then the server can also tell Client01 that it, i.e. Server02 is also a DNS server and Domain Controller and then it can authenticate the computer and the user. But, how is it, when Client01 pings, say, www.yahoo.com, he can find a DNS server that will tell him where to look?

Finally, I presume Server01, the web server, will not have any trouble if it wants a static IP. How is it that when Client01 authenticates with MyDomain.com it will find the domain controller on Server02 but when it puts MyDomain.com in the browser address, it will find the web server on Server01?

Thanks again fof helping. I'll get the DHCP thing done tonight and then, maybe, I'll be able to get my printer to work.

ncjks

[hueydok]

Yoiu can do this a couple of ways. It is not necessary to remove DHCP from the Linksys router but you will have to manually add DNS static entries to your clients (they will not be overwriten by the DHVP assignments). I would make one of them point to your internal DNS server and the other point to the external (whichever one the Linksys is trying to assign).

Or, you could remove DHCP from the Linksys and install it on the server. You will have to authorize the server with AD and then configure the server with various scope options (IP address range (which must match the internal on the Linksys), DNS server addresses, gateway or router address (which should be the internal LAN address of the Linksys), etc.). When a client picks up a DHCP address from the server it will also pick up the internal DNS addresses. I suggest you concentrate on getting your internal network running properly at first. I would also delete the computer account that you manually created for the client - when you add it to the domain it will automatically create a new computer account in AD.

Also - when adding the client to the domain, be sure you are using the user name and password of the domain or enterprise administrator.

Once the internal network is working OK, go back to your DNS server and configure FORWARDING to send all requests to the public DNS server(s) (as assigned by your ISp and listed in your Linksys). This will then allow internal clients to always look to your server for DNDS resolution - and if the address is one that it does not know it will forward the request to the external DNS servers.

To answer your one question regarding using the same mydomain.com for both authentication and a web server: the address is the same but the queried data is not. The authentication traffic is looking for the domain name prefaced by unique identifiers in DNS. The web server address is simply wanting to resolve a name to an IP address.

Good luck!