Active Directory setup issues

[Bruno_A]

Hello, I am setting up a home lab, where I'll have a couple webservers hosting actual websites, and an active directory domain, as that is a requirement for something I want to do, which is an Exchange Server. I started setting up the AD earlier, but came accross an issue. "SERVER1" is the main server, the only domain controller, so far, as all the other servers cannot ping the domain, and therefore, cannot join, or be promoted to domain controllers. I have made a Visio diagram of the piece of my network that matters for this, and it is as follows:

Spoiler

Basically, I can ping the domain from the domain controller, but not from any other machine in the network. Any machine can ping the Domain Controller, but not the domain, and also, as you can see, the router has been set up to give the IP address of the domain controller as the primary DNS server. Any ideas?

[Electronics Wizardy]

Try setting the dns manually, or using the dc as the dns server. THis is a dns issue.

[Bruno_A]

4 minutes ago, Electronics Wizardy said:

Try setting the dns manually, or using the dc as the dns server. THis is a dns issue.

did this on the client machine. Set up 10.230.0.240 as the primary and only DNS server, and flushed the DNS. Still cannot ping the domain.

[Juular]

DNS are irrelevant here, try disabling firewall on DC temporarily to see if that'll fix it, check it's rules if it will.

Also, do all networks clients get IPs through DHCP or it's configured manually ?

[Bruno_A]

3 minutes ago, Juular said:

DNS are irrelevant here, try disabling firewall on DC temporarily to see if that'll fix it, check it's rules if it will.

Still didn't work.

[Juular]

1 hour ago, Bruno_A said:

Still didn't work.

Hmm, so you can't ping DC from any machine, right ? Can you try to connect to it directly with laptop or smth to try ping it without the router involved ?

[Bruno_A]

24 minutes ago, Juular said:

Hmm, so you can't ping DC from any machine, right ? Can you try to connect to it directly with laptop or smth to try ping it without the router involved ?

I can ping the DC. I renamed it to DC1, and if I do "ping dc1", I get replies. If I try and ping it as "ping dc1.domain.com" (example), I do not get a reply.

[Juular]

5 minutes ago, Bruno_A said:

I can ping the DC. I renamed it to DC1, and if I do "ping dc1", I get replies. If I try and ping it as "ping dc1.domain.com" (example), I do not get a reply.

So it's really a DNS issue then. Check DNS server on DC, maybe it has assigned incorrect IP to these domain names.

[Bruno_A]

9 minutes ago, Juular said:

So it's really a DNS issue then. Check DNS server on DC, maybe it has assigned incorrect IP to these domain names.

This is what the DNS looks like on the DC1:

Spoiler

 

PS: I couldn't think of a name for the domain, so I just used ecorp, from Mr Robot.

[Juular]

Okay, what IP it tries to ping on dc1.ecorp.local anyway ?

[Bruno_A]

6 minutes ago, Juular said:

Okay, what IP it tries to ping on dc1.ecorp.local anyway ?

From a client machine on the same network, using the DC1 as the primary DNS server, I get this:

Spoiler

Same with the domain. I added the hostname for ecorp.local in my router, and obviously, I could ping it, but when I remove it from the router, which is not the main DNS server being given out by DHCP, it doesn't work.

[Juular]

try nslookup dc1.ecorp.local 10.230.0.240

[Bruno_A]

1 minute ago, Juular said:

try nslookup dc1.ecorp.local 10.230.0.240

This is what I get. I used 10.230.0.241, as I started over by creating a new domain and used a different server as the domain controller:

Spoiler

 

[Juular]

No, nslookup [domain name to lookup] [DNS server to use]

4 minutes ago, Bruno_A said:

This is what I get. I used 10.230.0.241, as I started over by creating a new domain and used a different server as the domain controller:

So DNS server is now 10.230.0.241 ?

[Bruno_A]

Just now, Juular said:

No, nslookup [domain name to lookup] [DNS server to use]

So DNS server is now 10.230.0.241 ?

Yes, it is. It's being given by DHCP server which is the router (10.230.0.1)

[Juular]

Okay

4 minutes ago, Juular said:

nslookup [domain name to lookup] [DNS server to use]

 

12 minutes ago, Juular said:

nslookup dc1.ecorp.local 10.230.0.241

 

[Bruno_A]

2 minutes ago, Juular said:

Okay

 

 

Sorry, didn't read that.

Spoiler

 

[Juular]

15 minutes ago, Bruno_A said:

Oh, i see, your main DNS server is your router, not DC. What DHCP settings you get exactly ? ipconfig /all

[Bruno_A]

Just now, Juular said:

Oh, i see, your main DNS server is your router, not DC. What DHCP settings you get exactly ? ipconfig /all

Here they are:

Spoiler

 

[Juular]

That's strange, it should try other DNS if it can't find requested entry on primary one but i guess it's just Windows being Windows, look at DHCP server settings at your router and move the IP for DC on top to make it primary.

[Tzomb1e]

I may have missed something in the replies, but do you have your DHCP server assigning the DNS suffix for your domain and do you have it added to your DC? Based on the results below, the FQDN for the DC is still using .local and your DNS is only checking .local. 

 

22 minutes ago, Bruno_A said:

This is what I get. I used 10.230.0.241, as I started over by creating a new domain and used a different server as the domain controller:

  Hide contents

 

 

[Bruno_A]

3 minutes ago, Juular said:

That's strange, it should try other DNS if it can't find requested entry on primary one but i guess it's just Windows being Windows, look at DHCP server settings at your router and move the IP for DC on top to make it primary.

This is the results when I use DHCP instead of a manual address. I can set the DC1 as the only DNS server in Windows, but I still wouldn't be able to join the domain.

[Bruno_A]

3 minutes ago, Tzomb1e said:

I may have missed something in the replies, but do you have your DHCP server assigning the DNS suffix for your domain and do you have it added to your DC? Based on the results below, the FQDN for the DC is still using .local and your DNS is only checking .local. 

 

 

I am sorry, but I'm not sure I understand what you're trying to say.

[Juular]

FQDN is the full domain name, like dc1.ecorp.local, if you set DNS suffix in router's DNS server for .ecorp.local it'll find DNS entry for dc1.ecorp.local even if you request just dc1. But i still don't see why it doesn't find the entry for FQDN when you specifially request it, might be that router itself doesn't use DC as DNS server.

10 minutes ago, Bruno_A said:

This is the results when I use DHCP instead of a manual address. I can set the DC1 as the only DNS server in Windows, but I still wouldn't be able to join the domain.

Which results ?

[Bruno_A]

2 minutes ago, Juular said:

FQDN is the full domain name, like dc1.ecorp.local, if you set DNS suffix in router's DNS server for .ecorp.local it'll find DNS entry for dc1.ecorp.local even if you request just dc1. But i still don't see why it doesn't find the entry for FQDN when you specifially request it, might be that router itself doesn't use DC as DNS server.

Which results ?

If I add a DNS entry in the DC, and use the DC as the ONLY DNS server, I could probably find out whether the router is actually using the DC as the DNS server?