MS - Setting a Child Domain - DNS issue

I have a Primary DC setup running Windows 2003 Server, and I have a two Child
domains also running Windows 2003 server. One of the Child domains works
just fine, the other has some DNS issues.
I've reinstalled several times, and reloaded DNS several times. I cannot
load the forward lookup zone from the PDC, I can from the secondary.
I get no errors.

I can log on to the PDC, and they see each other on the network, I can ping
each other.

It's like the DNS isn't working properly.

--
Dave

There is no PDC or BDC. That idea died with NT4.0
There is a PDC FSMO "Role" but it is not the same thing.

I assume by the description that the Child Domain has two DCs? If
not,..make one,...out of junk hardware if you have to, or create on in
VirtualPC/VirtualServer on a solid machine.

Make the "good" one the GC.
Run DCPromo on the bad one and make it a member server.
Uninstall DNS on it.
Reinstall DNS on it.
Do not configure DNS on it beyond just installing it,..stay away from the
DNS MMC
Run DCPromo on it to make it a DC again
Transfer whatever FSMO Roles to it you want or just leave it as is.
You can make it a CG if you want, but not required.
If your second DC was a "temp" one made from "junk" hardware or a VM, then
DCPromo it down to a member server,..then standalone, then remove it. The
DCPromo should transfer all FSMO Roles (except CG) to the remaining DC.

General DNS stuff:
The DCs in a Domain (or Child Domain) have the TCP/IP DNS specs point to
themself first and then each other (assuming you're running more than one).
They do not point to any other DNS Server. Active Directory Replication
already makes every DC in the Forest "aware" of all the Zones from the other
DCs in the Forest.
The ISP's DNS goes in the Forwarders List in the DNS Config (in the DNS
MMC). The firewall needs to allow the DC to make outbound DNS queries.

All Clients use only their own DCs in their own Domain (or Child Domain) for
DNS resolution and should not use anything else.

Anyone is welcomed to chime in if I left something out or screwed something
up,...I do that sometimes.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


"Dave" <(E-Mail Removed)> wrote in message
news:E23667C1-07A8-4220-BBB6-(E-Mail Removed)...
>I have a Primary DC setup running Windows 2003 Server, and I have a two
>Child
> domains also running Windows 2003 server. One of the Child domains works
> just fine, the other has some DNS issues.
> I've reinstalled several times, and reloaded DNS several times. I cannot
> load the forward lookup zone from the PDC, I can from the secondary.
> I get no errors.
>
> I can log on to the PDC, and they see each other on the network, I can
> ping
> each other.
>
> It's like the DNS isn't working properly.
>
> --
> Dave

Thanks, I think I'm following what you are saying, I can't make another junk
DC, don't have the resources, nor do I have an VM software.

What is GC?

I'm just trying to get the two Child Domains to join the Main, Primary,
whatever you want to call the top dog's domain.


--
Dave


"Phillip Windell" wrote:

> There is no PDC or BDC. That idea died with NT4.0
> There is a PDC FSMO "Role" but it is not the same thing.
>
> I assume by the description that the Child Domain has two DCs? If
> not,..make one,...out of junk hardware if you have to, or create on in
> VirtualPC/VirtualServer on a solid machine.
>
> Make the "good" one the GC.
> Run DCPromo on the bad one and make it a member server.
> Uninstall DNS on it.
> Reinstall DNS on it.
> Do not configure DNS on it beyond just installing it,..stay away from the
> DNS MMC
> Run DCPromo on it to make it a DC again
> Transfer whatever FSMO Roles to it you want or just leave it as is.
> You can make it a CG if you want, but not required.
> If your second DC was a "temp" one made from "junk" hardware or a VM, then
> DCPromo it down to a member server,..then standalone, then remove it. The
> DCPromo should transfer all FSMO Roles (except CG) to the remaining DC.
>
> General DNS stuff:
> The DCs in a Domain (or Child Domain) have the TCP/IP DNS specs point to
> themself first and then each other (assuming you're running more than one).
> They do not point to any other DNS Server. Active Directory Replication
> already makes every DC in the Forest "aware" of all the Zones from the other
> DCs in the Forest.
> The ISP's DNS goes in the Forwarders List in the DNS Config (in the DNS
> MMC). The firewall needs to allow the DC to make outbound DNS queries.
>
> All Clients use only their own DCs in their own Domain (or Child Domain) for
> DNS resolution and should not use anything else.
>
> Anyone is welcomed to chime in if I left something out or screwed something
> up,...I do that sometimes.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
> "Dave" <(E-Mail Removed)> wrote in message
> news:E23667C1-07A8-4220-BBB6-(E-Mail Removed)...
> >I have a Primary DC setup running Windows 2003 Server, and I have a two
> >Child
> > domains also running Windows 2003 server. One of the Child domains works
> > just fine, the other has some DNS issues.
> > I've reinstalled several times, and reloaded DNS several times. I cannot
> > load the forward lookup zone from the PDC, I can from the secondary.
> > I get no errors.
> >
> > I can log on to the PDC, and they see each other on the network, I can
> > ping
> > each other.
> >
> > It's like the DNS isn't working properly.
> >
> > --
> > Dave
>
>
>

"Dave" <(E-Mail Removed)> wrote in message
news:87AFE427-52CB-4008-AB5D-(E-Mail Removed)...
> Thanks, I think I'm following what you are saying, I can't make another
> junk
> DC, don't have the resources, nor do I have an VM software.

VirtualPC and Virtual Server are free and cam be downloaded from MS.

> What is GC?

Global Catalog Server "role".

> I'm just trying to get the two Child Domains to join the Main, Primary,
> whatever you want to call the top dog's domain.

You don't.
It is done when the first Child DC is made a DC during DCPromo.
Consider what you are calling your current "child domain" to be *dead*.

The first one needs to use the DC in the master domain as its DNS server.
Install DNS on the box but don't configure DNS.
Run DC Promo
Choose New Domain,...then Child Domain in an existing Domain Tree.
Change its DNS to point to itself when finished

If there is a second DC.....
The second one needs to use the previous child DC as its DNS
Install DNS on the box but don't configure DNS.
Run DC Promo
Choose DC in a existing domain,...choose the correct child domain.
Change its DNS to point to itself when finished
Change the DNS on both to point to each other as the second DNS entry

Follow the rest of what I said in the other post.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/p...s/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------

Thanks, I'll give it a go
--
Dave


"Phillip Windell" wrote:

> "Dave" <(E-Mail Removed)> wrote in message
> news:87AFE427-52CB-4008-AB5D-(E-Mail Removed)...
> > Thanks, I think I'm following what you are saying, I can't make another
> > junk
> > DC, don't have the resources, nor do I have an VM software.
>
> VirtualPC and Virtual Server are free and cam be downloaded from MS.
>
> > What is GC?
>
> Global Catalog Server "role".
>
> > I'm just trying to get the two Child Domains to join the Main, Primary,
> > whatever you want to call the top dog's domain.
>
> You don't.
> It is done when the first Child DC is made a DC during DCPromo.
> Consider what you are calling your current "child domain" to be *dead*.
>
> The first one needs to use the DC in the master domain as its DNS server.
> Install DNS on the box but don't configure DNS.
> Run DC Promo
> Choose New Domain,...then Child Domain in an existing Domain Tree.
> Change its DNS to point to itself when finished
>
> If there is a second DC.....
> The second one needs to use the previous child DC as its DNS
> Install DNS on the box but don't configure DNS.
> Run DC Promo
> Choose DC in a existing domain,...choose the correct child domain.
> Change its DNS to point to itself when finished
> Change the DNS on both to point to each other as the second DNS entry
>
> Follow the rest of what I said in the other post.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Troubleshooting Client Authentication on Access Rules in ISA Server 2004
> http://download.microsoft.com/downlo...7/ts_rules.doc
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/p...s/default.mspx
>
> Microsoft ISA Server Partners: Partner Hardware Solutions
> http://www.microsoft.com/forefront/e...epartners.mspx
> -----------------------------------------------------
>
>
>