DNS/Domain Trouble

Arrow2012 · ‎06-07-2012

Hello,

I'm attempting to build a test environment within WMware Workstation 8. I have two virtual machines in the VMware envrionment, one setup as a domain controller (DNS) and the other as just a server. However I'm having trouble adding the second machine to the domain I've created on the first machine. Perhaps someone can point out what I've got jumbled up?

I have two virtual machines. Both VM's are setup as follows:

Windows 2008 R2 64bit SP1 (fully patched)
Network Adapter - NAT
Network Adapter - VMnet5

The first VM is called "DC01" and is intended to be my domain controller. I created a domain called testlab.com.

The second machine is called "box1".

I have given each the following configurations in their network adapters:

For both machines I have IPv6 turned off.

Both VM's NAT adapter is set to obtain IP addresses and DNS automatically. I'm using this to allow internet connection through my host machine.

Both VM's vmnet5 adapter is set with the following static configurations:

DC01:
IP Address: 192.168.174.140
Subnet mask: 255.255.255.0
Default Gateway: blank
Preferred DNS: 127.0.0.1
Alternate: blank

box1:
IP Address: 192.168.174.145
Subnet mask: 255.255.255.0
Default Gateway: 192.168.174.140
Preferred DNS: 192.168.174.140
Alternate: blank

Both machines can ping each other on the above IP's.

On DC01, in Active Directory for DC01.testlab.com, I have added box1 into Computers for testlab.com.

On DC01, in DNS, under DC01 Forward Lookup Zones, testlab.com, I've added a host entry for box1 using the static IP: 192.168.174.145

Rebooted both machines to cement everything.

When I get onto box1 and try to add it to the testlab.com domain,it fails with the following response:

"An Active Directory Domain Controller for the domain "testlab.com" could not be contacted."

Details:
----------------
DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "testlab.com":

The query was for the SRV record for _ldap._tcp.dc._msdcs.testlab.com

The following domain controllers were identified by the query:
dc01.testlab.com

However no domain controllers could be contacted.

----------------

Can someone help me out? I'm a bit new to setting up domains and working DNS, so I'm sure it's probably something little and dumb that I've overlooked or messed up.

Thanks!.

a_p_ · ‎06-07-2012

Welcome to the Community,

if I understand this correctly you configured 2 virtual NICs for each of the guests!? This network setup may cause the issue you see. Some time ago I posted an example for such a configuration with access to the Internet,

(see Re: Need help with virtual Dev enviroment network that requires a domain controller.)

It should be easy to modify your setup accordingly. Disable DHCP on vmnet05 in the Virtual Netwoek Editor and remove the NAT virtual NIC from the guests, then configure networking, on the guests and DNS/DHCP on DC01.

Btw. the default gateway and DNS forwarder address in your case is 192.168.174.2

André

Message was edited by: a.p. - added ...DNS forwarder address ....

Arrow2012 · ‎06-07-2012

Okay, a little too fast for me, but let me see if I can follow. I'm pretty new to a lot of this.

My DNS box, DC01, doesn't have DHCP added, so I'm assuming this means I'll have to.

First, I noticed that there was no entry for vmnet5 in my Virtual Network Editor.

I added in (add network) for vmnet5, setting it to Host-only. You're saying I should turn off DHCP on this? Is there a reason why the vmnet DHCP won't work?

What should the Subnet IP be set to?

Also, you mentioned setting up DNS forwarding to enable Internet access. Can you explain that a bit more?

Also, how did you come up with 192.168.174.2?

a_p_ · ‎06-07-2012

My DNS box, DC01, doesn't have DHCP added, so I'm assuming this means I'll have to.

There are certainly other ways to setup a test domain. However, if you want to be able to later also connect e.g. Clients with DHCP configuration to your virtual domain you will need the DHCP server on the DC.

First, I noticed that there was no entry for vmnet5 in my Virtual Network Editor.
I added in (add network) for vmnet5, setting it to Host-only. You're saying I should turn off DHCP on this? Is there a reason why the vmnet DHCP won't work?

Sorry, I missed that VMnet5 is Host-Only. To make the example configuration work,you need a virtual NAT network with DHCP disabled.

What should the Subnet IP be set to?

Choose anything you like. The current 192.168.174.x subnet is fine though.

Also, you mentioned setting up DNS forwarding to enable Internet access. Can you explain that a bit more?

With the setup I mentioned, all DNS queries are sent to the DC. In order to resolve URL's other than the ones for the own domain, you need to configure DNS forwarding on the DNS server.

Also, how did you come up with 192.168.174.2?

For a virtual NAT network the gateway and DNS address is x.x.x.2 by default. So this is the address to which the DC has to forward DNS queries it cannot resolve by itself.

André

Arrow2012 · ‎06-07-2012

Nope, my fault for not mentioning the Virtual Network Editor settings. Completely forgot about that bit myself.

I'll switch vmnet5 to be NAT and setup DHCP (I think I'm okay with setting up DHCP).

Let me give your suggestions a try and I'll report back.

Thanks!

Arrow2012 · ‎06-07-2012

Okay, I think I got things to work (thanks to your help!).

I set in the IP's and changed the vmnet5 to NAT with no DHCP. Rebooted, and I was able to add box1 to the domain, and get some domain users going.

Thanks!

I need to sort out getting Internet to work on these boxes, though. Still poking at the DNS forwarding suggestion.

a_p_ · ‎06-07-2012

DNS forwarding is nothing magic. Just right click the DNS Server and open its settings. Then click the "Forwarding" tab, select "All other Domains" (should be the only entry at this point) and add 192.168.174.2 as the forwarding IP address.

André

Arrow2012 · ‎06-07-2012

Sorry, I'm not seeing that path of options.

If I open DNS Manager, and right-click on DC01, and go to properties, then the "Forwarders" tab, it has a box for IP addresses and a timeout (3 seconds).

Am I in the wrong place?

Edit: searching around, I see that this may have been broken out into "Conditional Forwarders" in server 2008?

Message was edited by: Arrow2012

Arrow2012 · ‎06-07-2012

Wait, I may have resolved the issue through one of those checkbox miracles...

In the VM settings, Options tab, in Geust Isolation...I turned on "Enable VMCI" and suddenly I have Internet. lol

I'm confirming things now with a full reboot of the environment.

a_p_ · ‎06-07-2012

I turned on "Enable VMCI" and suddenly I have Internet

That's interesting. Anyway, I'm thought about the Windows 2003 DNS when I told you how to setup forwarding. With 2008 R2 this should (I can't reproduce it at the moment) actually work out of the box using the Root Hints or by adding the IP address as a server forwarder (in the dialog you mentioned).

It's also important that the VM's have the correct gateway configured, which is also 192.168.174.2 in your case. This is because only the DNS requests are sent to the DC, but Internet communication is done directly.

André

Arrow2012 · ‎06-07-2012

Okay, I have domain connectivity across both boxes still, but Internet only on box1, and not on DC01.

Sorry, which IP do I add to the dialog box? I currently have:

192.168.174.0

192.168.174.2

a_p_ · ‎06-07-2012

I just rolled the dice and ended up with 192.168.174.2

For a virtual NAT network the x.x.x.2 address is used as the gateway as well as the DNS address.

André

Arrow2012 · ‎06-07-2012

Alright, my environment has 3 boxes total (all I need), with DC01, box1 and box2 (simple I know, but it's just a test environment ).

DC01 still doesn't have Internet, but the other two boxes do. I don't really know of any reason why my DC needs Internet access, so although that part of the puzzle is unresolved, I'm going to ignore it for the time being. (Is it possible that a default policy is blocking Internet connectivity on the DC?)

Anyway, thanks for all the help! This is awesome!

Now I have something I can test with (and do some DNS/DHCP/AD playing on the side).