[ITstudent2006]

OK. Here is the deal. As many of you may or may not have realized by now, I utilize the features of M$ VPC 2007. I currently have Windows Server 2003 installed and running. I have created a domain on this server and desiganted this VPC as the domain controller hence AD was installed. My domain name is house.com I am following the steps in my M$ 70-290 textbook and I have come to an issue the book doesn't guide me around.

I want to join a PC to my virtual domain. I want to do this to play around with groups, GPO's etc... I am attempting to join another virtual machine to this virtual domain. This other virtual machine is a Windows XP system. I realize in order for this to happen I must have a computer object in place and implemented in AD for that XP PC. I have did this already. The computer name is right and everything is as it should be. I then go into the XP PC and try and join my domain. It says no domain found (it says more but it's long LOL)

Here is what the book says

"If you see a message box informing you that the computer was unable to locate a domain controller for the domain you specified, the problem is most likely due to a network config. error. Most likely, the preferred DNS Server address in the computers TCP/IP config. is incorrect."

Here is what I'm thinking.

A. Either M$ VPC 2007 doesn't act like VMware and the app. Doesn't act like a switch and virtually connect these two machines, hence my XP machine can't see my Server, therefore it cannot communicate, it doesn't have access with the DNS Server that's hosting my domain.

B. I don't have a B actually LOL. I am out of ideas.

Here is my question, is there anyway I canget these two machines to see each other on the network. When I go into each of their network settings and I look at computers near me or whatever it's called each machine only recognizes itself and the host PC. Which tells me the VPC is not like VMware in the essence that it doesn't act as a virtual switch to allow communication between these two machines.

I have included a screenshot to help clear any Q's. I have blurred out some icons that imply illegal apps. And P2P software. (in case you're wondering what's blurred out LOL)

Let me know if you have anything to say, I'll take any opinions!

Thanks so much

Rick

[Curlyben]

Firstly, how are you dealing with IP's both the server and the client ?
Check all of the IP settings, DHCP, DNS etc.
Might even be worth adding the domain and server to the clients hosts file.

You don't need to have a client account on the server as when you join the domain the account will be created. This is done with a user in the Domain Admin group.
Right click My Comp > Comp name > Change > fill in the details.

I run TWO virtual domains on my site, admittedly not on the same box and using VMware ESX..

[chuckhole]

I also use ESX and not the M$ Virtual Server. I will will add one to my laptop just to see.

As far as not being able to join your PC to the domain, it is purely a connectivity and DNS issue. You do not need to put a placeholder for the PC in AD first.

Your PC MUST see your DNS server for AD since this is where the AD information resides. If your PC is getting its IP via DHCP, the DHCP server must be registered in AD for it to even hand out addresses and you must configure your Scope with the domain name, DNS and gateway address (although the gateway is not required).

Even in Workgroup mode, your PC should be able to see the netlogon share on your DC. Test this first by going to \\domain_name\netlogon and also test for \\domain_name\sysvol. You can use the netbios domain name where I have typed domain_name.

If you can not see these shares, check your Domain Controller. It must have these shares for it act in the capacity of a DC.

[ITstudent2006]

[QUOTE=Curlyben;1650380]Firstly, how are you dealing with IP's both the server and the client ?
Check all of the IP settings, DHCP, DNS etc.
Might even be worth adding the domain and server to the clients hosts file.
QUOTE]

My IP's are being dished by my router. I don't have the server set up as a DHCP Server. What do you mean check the IP's, DHCP, DNS, etc... check for what? And what is meant by the last line?

[Helljack6]

(Sucks in a deep breath of air)

Ok, here we go, Server 2003.

Got to ask the most common questions first. How did you install AD? Did you run dcpromo? I can only assuming that is how most people do it though I've been told that there are other ways to "skin the cat" as well.

Since you're running a VM Server 2003 for your house.com domain, your Server 2003 also needs to be running a DNS server unless you're going to auto forward requests directly from your VM machine (which will have to remain on and running all the time) to your physical machine which in turn points to your router for DHCP. Either case, your VM XP box needs to point to WHATEVER you DNS server is USING either your VM Server OR the phsycial machine's IP as the appropriate gateway. Was that too confusing?

IF Physical box is Server 2003 PDC, VM Server 2003 SDC, and VM XP WKST are all part of home.com, then depending on where the IP address is being assigned from, that's where you have to point your other VM XP for DNS servers using the next higher machine as the default gateway. So if your phsical machine is DHCPing from your router, then your VM Server needs to be running DNS Server. The reason why is because your subordinate systems won't "know" where to send internet traffic requests to. VM Server 2003 running DNS Server as well pointed to your router will autoforward internal requests so that your VM XP box and get to the net. Once you get to the internet, that's the sign that you got it set up right and you should have no problem joining it to your network.

Using GPOs is wicked fun and you can change so many things. If you haven't been told already, keep your GPOs simple, like one GPO for disabling Autorun, one GPO for customizing IE, one GPO for this and one for that. One of the predominate reasons computers take so long to load when they boot up and log into a network before the user logs on and even after the user begins the login process is the amount/size of all the GPOs being applied. The smaller they are, the faster they can process, period. Also utilize the GPO modeling tool, it can break down your GPO for you and show you exactly what's being applied at each level for that GPO.

Are you planning on running a WSUS Server too? Then you can auto download all the MS updates and then selectively decide which updates you want to push out to your VMs. You can also create a GPO just for that too! Be careful though, too many GPOs doing too many things causing even the fastest computer to come to a screeching halt.

[ITstudent2006]

OK, ( I say bewildered, confused but determined to fix this)

I installed AD by promoting the VServer as the domain controller and a DNS Server. On Server 2k3 when you designate the server as the DNS Server then it auto installs A.D. That is how I installed Active Directory.

Moving On... the second paragraph I understood. However, I have the VServer designated as a DNS Server. How do I go about pointing my VXP Machine to look at that?

Never mind... I'm a complete dumbass.

I never installed the driver on my XP machine therefore I never had internet therefore I was never connected to the network therefore I couldn't reach the DNS Server... I just was going over things and double-checking ping cmds and I wondered and wondered why I could ping the server from the host system but not the XP machine. Because I don't have my ethernet car enabled, I have to install the driver.

GEEEZ!!

Anwyasy, I will install the driver and then try again... I'll be back if I have more issues.

Thanks for the response though!


Curlyben:
My book says I have to create a computer object before I join the computer to the domain. I am not sure why, or if this is just a way of showing me how but that's what it said so that's what I said.

Thanks again, for all the responses!

Rick

[chuckhole]

Note: You DO NOT have to put a placeholder in AD for the PC to join the domain. If you do, then I have done a few thousand of them wrong... oops. By adding the placeholder, you can place it into the OU that you want instead of having to move the new machine account out of the default Computers OU. This can be helpful of you are applying Group Policies at the Domain and OU levels and it eliminates another reboot to update the machine settings. So if you are planning on using a WSUS server, then updates will process just a little faster.

Your computer MUST be able to contact your AD DNS server. Take a look at your DNS server and look at your zones. The Primary zones are AD integrated zones (located in the registry and not a text file) and will contain more than just host records, etc. It also contains the information for your Name Servers and Site topology. AD Integrated zones also follow your AD Replication rules with your other DC's throughout the domain. This can be important if you are using a multi-national topology. We use AD Integrated child domains and the other child domains are Secondary Zone copies so as to cut down on replication traffic.

So, with this in mind, DNS via your router or any other source than your AD DNS is not going to give your computer the complete picture it needs to join the domain. And if you are not running WINS then it won't get a full NetBIOS lookup either.

I will also add that Dynamic DNS registrations are intiated by your DHCP server when it assigns the address to your host. The host can also request a DDNS registration or update, but initially, it is first requested by your AD DHCP server.

Anyway, I would first suggest that you install DHCP on your DC and add a scope that is different from what your router uses. Then while you have your lab running with VM's, shut down DHCP on your router and use this only when required. Alternatively, you can disable DHCP in your router and add an Alternate IP configuration with a user configured static IP for when your VM running the DHCP server is down (look in the TCP/IP properties Alternate Configuration tab for your NIC).

Register your DHCP server with AD (right-click and register) and it will start handing out addresses. Add your DNS, gateway and domain name to your Scope Options.

Then, as Curly Ben suggested, check all of your settings with an IPCONFIG /ALL on the PC's.

[ITstudent2006]

OK... A couple Q's. I cannot get my Virtual XP system machine to use the Cd/Dvd Drive. I can't install the driver, obviosuly I cannot get on the internet. I lost my fricken thumbdrive UUUUGH!

Here is my second question, I also have 98SE on a virtual machine and that has internet access, but it still cannot connect to the domain.

So I have like three experts giving advice but I have never did this before so I need detailed advice. Tell me where to look in my DNS Server to make sure all is good. I can include screenshots so tell me what you need to see to guide me.

I am just getting confused when I read all of the advice from all the posters.

Rick

[ITstudent2006]

OK, I am not sure if I setup the DHCP scope right. I set the scope at 1.1-1.254 (192.168 of course) I set exclusions from 1.1-1.5. It asked me about a router/default gateway I set that to 1.1 the DNS Server to 1.2 and the WINS server at 1.3.

THis was all just a guess though. I don't have a book to look at. This is beyong the scope of my book LOL

I have included a pic for you


I just realized something. I gave the same IP to my DHCP Server as my default gateway OOOPS! I'll change that
Rick

[Helljack6]

Note: You DO NOT have to put a placeholder in AD for the PC to join the domain. If you do, then I have done a few thousand of them wrong.......oops. By adding the placeholder, you can place it into the OU that you want instead of having to move the new machine account out of the default Computers OU. This can be helpful of you are applying Group Policies at the Domain and OU levels and it eliminates another reboot to update the machine settings. So if you are planning on using a WSUS server, then updates will process just a little faster.

Your computer MUST be able to contact your AD DNS server. Take a look at your DNS server and look at your zones. The Primary zones are AD integrated zones (located in the registry and not a text file) and will contain more than just host records, etc. It also contains the information for your Name Servers and Site topology. AD Integrated zones also follow your AD Replication rules with your other DC's throughout the domain. This can be important if you are using a multi-national topology. We use AD Integrated child domains and the other child domains are Secondary Zone copies so as to cut down on replication traffic.

So, with this in mind, DNS via your router or any other source than your AD DNS is not going to give your computer the complete picture it needs to join the domain. And if you are not running WINS then it won't get a full NetBIOS lookup either.

I will also add that Dynamic DNS registrations are intiated by your DHCP server when it assigns the address to your host. The host can also request a DDNS registration or update, but initially, it is first requested by your AD DHCP server.

Anyway, I would first suggest that you install DHCP on your DC and add a scope that is different from what your router uses. Then while you have your lab running with VM's, shut down DHCP on your router and use this only when required. Alternatively, you can disable DHCP in your router and add an Alternate IP configuration with a user configured static IP for when your VM running the DHCP server is down (look in the TCP/IP properties Alternate Configuration tab for your NIC).

Register your DHCP server with AD (right-click and register) and it will start handing out addresses. Add your DNS, gateway and domain name to your Scope Options.

Then, as Curly Ben suggested, check all of your settings with an IPCONFIG /ALL on the PC's.

-chuckhole's the man, he got to it before I did. I realize that you're using the MS virtual software, and I apologize because frankly, I hate it and this is specifically one of the reasons I use VMWare, if it's attached to the machine, VMWare installs it with conditions that you select.

Anyway, the easiest way to install AD in Server 2003 is by running DCPROMO from the run box. When you do this, it goes through and sets EVERYTHING else up for you that's needed. Something else that you might want to look at if you're "going by the book" is using FQDN convention as that's what server 2003 was designed to take advantage of when incorporating AD and a few other administrative tools.

Ok, so let's see if I can break it down further for you, I'm sure Chuckhole will correct me if I stray:

Physical Box = P
VM PDC = Server
VM XP = WKST
VM W98 = WK98

Ok, for starters, let's look at WK98, view it's IP addy settings, what you're going to find is that your default gateway and your DNS servers are one of two setups, either statically assigned by you, or auto detected. Obviously. Point being is this, WK98 is set up HALF right. The alternative way to setting up the way Chuckhole suggested is to statically assign everything, a bit more time consuming, but in this case, it might be easier and tracking down where you went wrong will take less time. I normally don't run WINS so I can't help you there.

SO, if Server is running AD/DNS servers, then WKST/WK98 should have statically assigned IP within the same scope as the rest of your network as well as your subnet mask. Your Default Gateway and DNS assignments need to point to Server (Remember Server needs to be on and Running in order for this to work correctly) which in turns resolves to your Router. This is another reason why this set up works BETTER is the physical box starts as Server 2003 PDC running AD/DNS because it's almost never off.

[ITstudent2006]

OK... I type ipconfig /all in the command prompt and this is what I see
Ip address-
Default gateway-192.168.1.1
Subnet mask-255.255.255.0
DHCP server-192.168.1.1
DNS server-24.247.15.53
24.247.24.53

Does this look right? The DNS Server isn't what I specified in my scope. It's 192.168.1.2 in my scope but it's not here!

Rick

[ITstudent2006]

OK, I went back and reread what chuckhole (I think) wrote. This what I was doing
"Register your DHCP server with AD (right-click and register) and it will start handing out addresses. Add your DNS, gateway and domain name to your Scope Options." How do I register my DHCP with AD. How do I add the DNS, Gatewa and domain to scope options? Didn't I do that when I setup my DHCP scope, LOOK AT PIC I INCLUDED two or three posts ago,is that right?

Rick

[ITstudent2006]

OK.. I shut-off DHCP on my router last night in efforts to get closer to resolving this issue. I shut the PC off when I when to bed. I woke up turned it on and I can't connect to the internet, it says I'm local only. (obviously DHCP is still off) Even though I'm local only I should still be able to connect to the router interface and change it back so I can use the net to do some homework but it won't let me. I type the default gateway into the address bar and it does nothing, usually it brings up the login prompt.

I am using the internet on my virtual server right now, that works fine LOL. WEIRD!
Why does this work because it's setup as a DHCP server so it got it's IP and ready to go?

Rick

[chuckhole]

You shut down your DHCP on your router before I had an opportunity to ask you you to do so. Good.

Assign a static address to your server that is running AD, DHCP, DNS, etc. It should be something like 192.168.1.11 IP, 255.255.255.0 mask, 192.168.1.1 gateway.

For your DHCP Scope:
Set the Scope to something like 192.168.1.100 to 192.168.1.254. This will reserve 1-99 for your static IP's (printers, servers, etc.).

Set your lease time to somewhere between 3 and 7 days.

For your DHCP server options:
003 Router 192.168.1.1 (ip of your router)
006 DNS Servers 192.168.1.11 (ip of your server)
015 Domain Name house.com
044 WINS/NBNS Servers 192.168.11.1
046 WINS/NBT Node Type 0x4 (change from 0x8, 0x4 is a mixed node that works well with older Win OS's)

Go into your DNS configuration and add a DNS Forwarder for all other domains other than house.com. Add 192.168.1.1 as your DNS Forwarder. This will forward all requests to your router.

In your router configuration, set your DNS1 and DNS2 to your ISP DNS server addresses.

Then once your client renews its lease, ping an Internet address like yahoo.com. You will probably not get a reply but it should resolve the IP address.

[chuckhole]

As far as using your CD-ROM:

Using the local device is not always a good option. Only one virtaul machine at a time can use it. It is better to make an ISO of your installation CD's. Then point your CD-ROM device to the ISO file and it will boot from the ISO (if it was bootable to begin with) to run the installation.

We keep a volume on our SAN just for ISO images. Unfortunately, the Windows 2008 Server DVD ISO does not like to boot.

[ITstudent2006]

OK, I am at school right now. I will do what you said when I get home. The only reason this is confusing is because I am asking everyone here for advice, my instructor some classmates and my brother who is a network admin.

I would just ask him but he lives 3 hours away so it's just as easy to ask you guys.

I will follow the steps in your thread Chuckhole and reply with the results!

Thanks for taking the time and trying to help me through this!

Rick

[ITstudent2006]

Chuckhole:

Ok I have tried to do as you said! Here is what I see when I look at my scope options!

Option Name... Vendor... Value
003 Router... Standard... 192.168.1.1
006 DNS Servers... Standard... 192.168.1.2
015 DNS Domain... Standard... house.com
044 WINs/NBNS... Standard... 192.168.1.3
046 WINs/NBT... Standard... 0x4

I set the Servers static IP to 1.3. My scope is 1.1-1.254 with exceptions of 1.1-1.10 can I do this or should I just make my scope 1.100-1.254 leaving my 99 IP's for static without worrying about exceptions? Also I am not sure what I have to so with the NBNS Server. You put the IP as 192.168.11.1 above(I am unsure if this was a mistake or what) I am sure it was supposed to be 1.11 one after 1.10 (your projected Static IP) so when I get 1.3 after I set my Server to 1.2. Long Story short I think it's right!

I did the DNS forwarder but I didn't understand the router config directions, if you could explain further!

Let me know!

Rick

[ITstudent2006]

OK, does this mean it all works.

I turned off DHCP on my router, I enabled the automatic config on my Vista PC to dynamically receive an IP. I set my preferred DNS Server to 1.2 (the IP of my virtual server) I authorized the DHCP server to start dishing and it dished the host Vista machine an IP of 192.168.1.11 Which is the first IP in the scope. I am able to connect to house.com and browse the internet. However I cannot find the option to join my Vista machine to my virtual domain, I went to
Control panel>system>computer name
But to no avail, the option isn't listed where it is on other OS'

Rick


P.S. Does this sound like it worked?

[chuckhole]

The Home versions of the OS will not join a domain. It must be the Professional version.

[chuckhole]

Why is your DNS server address different than your address assigned to your server IP?