|
|
Hi
I'm coming from a linux(Unix) world ( 13 years ), and very new to the
windows server world.
Can someone help me with that ?
My main Dc with active directory in on a windows server 2003 and also have a
backup server on windows server 2000.
The 2 are Dns.
My first dns point to itself as prefered DNS Server and to the other one as
Alternate DNS.
The second one point to itself as prefered DNS Server and to the first one
as Alternate DNS.
I'm right with that config ?
We dont and will never have an internet connection on that network .
So , what to I do with the .(root) in the Forward lookup zone ?
It appear on both server.
Can I just delete it ?
On both server ?
thanks
|
|
"saturnin" <saturnin[ at ]discussions.microsoft.com> wrote in message
news:9471124A-2E91-4C6C-904C-4E991A13F91D[ at ]microsoft.com...
[Quoted Text] > Hi
>
> I'm coming from a linux(Unix) world ( 13 years ), and very new to the
> windows server world.
> Can someone help me with that ?
>
> My main Dc with active directory in on a windows server 2003 and also have
> a
> backup server on windows server 2000.
> The 2 are Dns.
> My first dns point to itself as prefered DNS Server and to the other one
> as
> Alternate DNS.
Usually ok, some prefer this some recommend setting them to the opposite
server as preferred, self as alternate.
> The second one point to itself as prefered DNS Server and to the first one
> as Alternate DNS.
Ditto.
> I'm right with that config ?
It's ok, perhaps best, but you will get (spurious) errors during boot if you
use AD Integrated DNS (which most people SHOULD use) to to services
not being ready in time for providing the data.
> We dont and will never have an internet connection on that network .
> So , what to I do with the .(root) in the Forward lookup zone ?
If you will NEVER be connected to the Internet nor use OTHER zones
(on other DNS Servers) internally then you can just ignore and leave that
"." zone as it won't hurt nor help anything.
> It appear on both server.
> Can I just delete it ?
Yes, but if you aren't going to be connected to any other nets (no other
zones involved) then you can also just leave it.
> On both server ?
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
|
|
Yes I use AD Integrated DNS , so is it a better configuration to use.
I notice that my first DC take a very long time to boot, also having
the message: at least one service refuse to start!
Also i'm having a lot of stupid (spurious) errors log in the event viewer at
boot time.
those error regard the fact that it can't find the dns, the dc ,... but
everything is ok went the system is finaly up and running.
If I set the other dns as prefered, would it speed my boot time?
thanks
|
|
"saturnin" <saturnin[ at ]discussions.microsoft.com> wrote in message
news:E9700F1E-67BD-45C3-8614-016E2B35AC2D[ at ]microsoft.com...
[Quoted Text] > Yes I use AD Integrated DNS , so is it a better configuration to use.
Yes, in most all cases.
> I notice that my first DC take a very long time to boot, also having
> the message: at least one service refuse to start!
This is not exactly the (bogus) message, but the slowness may be related.
Problem is minor (it causes no real trouble).
> Also i'm having a lot of stupid (spurious) errors log in the event viewer
> at
> boot time.
> those error regard the fact that it can't find the dns, the dc ,... but
> everything is ok went the system is finaly up and running.
That sounds like the boot errors I indicated but this may not account
for ALL of your errors.
You should analyze EACH of them and post any you cannot fix or
at least relate to an unimportant issue.
Post event NUMBER, TEXT, and SOURCE.
You can hunt these yourself (most efficiently) at EventID.net, and of
course at the Microsoft site (but EventId.net is usually best and gives
refereces into the Microsoft KB.)
> If I set the other dns as prefered, would it speed my boot time?
Perhaps, at the expense of a some slowing for resolution, which is only
usually an issue across WANS (DCs in different sites) or when one
of the DCs is down.
There is nothing "WRONG" with either order -- there are minor issues
with both orders.
In any case, both the local DC and the "other DNS-DCs" should be listed,
and NO OUTSIDE DNS can be listed.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
|
|
Read inline please.
In news:E9700F1E-67BD-45C3-8614-016E2B35AC2D[ at ]microsoft.com,
saturnin <saturnin[ at ]discussions.microsoft.com> typed:
[Quoted Text] > Yes I use AD Integrated DNS , so is it a better configuration to use.
> I notice that my first DC take a very long time to boot, also having
> the message: at least one service refuse to start!
When you say, my first DC takes a very long time to boot" does that mean the
second DC is not running yet?
One of the reasons for having two DCs is so that at least one is always up
and running at all times.
It always take much longer for a member of an AD domain to start if it
cannot locate a DC to authenticate with.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
Hi,
No, when I reboot the first DC the second one is up and running.
"Kevin D. Goodknecht Sr. [MVP]" wrote:
[Quoted Text] > Read inline please. > > In news:E9700F1E-67BD-45C3-8614-016E2B35AC2D[ at ]microsoft.com, > saturnin <saturnin[ at ]discussions.microsoft.com> typed: > > Yes I use AD Integrated DNS , so is it a better configuration to use. > > I notice that my first DC take a very long time to boot, also having > > the message: at least one service refuse to start! > > When you say, my first DC takes a very long time to boot" does that mean the > second DC is not running yet? > > One of the reasons for having two DCs is so that at least one is always up > and running at all times. > It always take much longer for a member of an AD domain to start if it > cannot locate a DC to authenticate with. > > > > > > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/> http://support.wftx.us/> http://message.wftx.us/> =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/> =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oehelp.com/OEBackup/Default.aspx> =================================== > > > |
|
Read inline please.
In news:108923E8-A77C-4A2A-B449-8DDFF87957F8[ at ]microsoft.com,
saturnin <saturnin[ at ]discussions.microsoft.com> typed:
[Quoted Text] > Hi,
>
> No, when I reboot the first DC the second one is up and running.
>
Since you have a mix of Win2k and Win2k3 DCs, what zones do you have on each
DNS server?
If the Win2k3 was the first DC in the Forest, it will likely have two
Forward lookup zones, one for the Forest Root domain, and one
_msdcs.<ForestRootDomain>, the problem is that by default, the
_msdcs.ForestRootDomain> is in a Replication partition that does not
replicate to Win2k DCs.
IF you are not planning on upgrading the Wink2 DC, change the Replication on
the zone on the Win2k3 to replicate to all Domain controllers in the domain,
or add a secondary _msdcs.<ForestRootDomain> zone on the Win2k DNS.
Another way to resolve this would be to delete the _msdcs Delegation in the
ForestRootDomain zone and the _msdcs.<forestRootDomain> zone, then restart
the Netlogon service on both DCs. This should register the Netlogon records
in a _msdcs sub domain on both DCs.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|