Error joining Win Server 2008's domain (possible DNS issue)

Jerry_03

Weaksauce
Joined
Oct 12, 2009
Messages
92
Just got Win Server 2008 running on my ESXi server, with the intentions of running it as a 24x7 DC for my home network.

I followed this guide to setting up my domain:
https://support.cloudshare.com/hc/e...a-Domain-Controller-on-Windows-Server-2008-R2

I installed the role as Active Directory Domain Services. I unchecked the option to install the DNS server with it, because I want to use my ISP's DNS servers. my FQDN is home.smithnet.com

However when I tried to connect my first host to the domain, I get this error:

domainerror-1.jpg


At first i figured this was because I didnt install the DNS role. So i went back and installed the DNS role to my server then added DNS fowarder to point to my ISP's DNS servers.

I tried connecting my host to the domain again but I still get the same error.

any ideas?
 

gimp

[H]F Junkie
Joined
Jul 25, 2008
Messages
10,470
Best practice is to usually use either a non-public FQDN, or at least use one that isn't already in use out on the interwebs.
Unless you actually own home.smithnet.com ?

Pinging home.smithnet.com [184.168.221.96] with 32 bytes of data:
Reply from 184.168.221.96: bytes=32 time=67ms TTL=48

And yes, you need the DC to be running DNS.
Your ISP's DNS won't have your domain controller registered, therefore your workstations will not know how to contact the DC.
 

Jerry_03

Weaksauce
Joined
Oct 12, 2009
Messages
92
no i dont own smithnet.com. I just intend it be used in my home network. is there a naming convention for non-public FQDN? like .local instead of .com??
 

klank

Killer of Killer NIC Threadz
Joined
Aug 22, 2011
Messages
2,177
Remove the DNS and AD roles reboot then re-add the AD role with the stock options (including DNS). When it comes time to setting it up best practice for a home or lab would be to use smithnet.local

When it comes time to setting up clients change their DNS to the DC ip and join away. It would be better and easier to set custom DNS IPs on your DHCP pool in your router so it just hands out the DC IP.
 

k1pp3r

[H]F Junkie
Joined
Jun 16, 2004
Messages
8,209
Remove the DNS and AD roles reboot then re-add the AD role with the stock options (including DNS). When it comes time to setting it up best practice for a home or lab would be to use smithnet.local

When it comes time to setting up clients change their DNS to the DC ip and join away. It would be better and easier to set custom DNS IPs on your DHCP pool in your router so it just hands out the DC IP.

2012 they don't want you to use .local anymore :)
 

klank

Killer of Killer NIC Threadz
Joined
Aug 22, 2011
Messages
2,177
2012 they don't want you to use .local anymore :)

LOL. Opps

I am a long time nix guy that just started playing with AD. In the last week I have setup and tore down about half dozen AD severs playing with everything from AD itself, GPO to WSUS and Exchange.
 

Database

Detroit Redbirds!!!
Joined
Jan 22, 2009
Messages
2,537
You need to install DNS on the domain controller.

You also need to set the machine you are trying to join to the domain to use the domain controller as it's DNS server. If you don't do this, it won't join because it can't find the domain.
 

gimp

[H]F Junkie
Joined
Jul 25, 2008
Messages
10,470
2012 they don't want you to use .local anymore :)

That's debatable. Microsoft contradicts itself all over the place.

2012 R2 Essentials defaults to .local

The domain is created with a .local domain suffix

http://richardjgreen.net/windows-server-2012-essentials-initial-admin-thoughts/

Here it specifically recommends AGAINST a .net/com/org/etc
Using the .local label for the full DNS name for the internal domain is a more secure configuration because the .local label is not registered for use on the Internet. This separates your internal domain from your public Internet domain name. It is recommended that you not use the extension of your registered Internet domain name (for example, .com, .net, and .biz) as this can result in name resolution issues.

http://technet.microsoft.com/en-us/library/cc708159(v=ws.10).aspx/

But then here they say to NOT use .local or an unregistered suffix
Also, we do not recommend using unregistered suffixes, such as .local.
http://technet.microsoft.com/en-us/library/cc726016(v=ws.10).aspx/

Doing some reading it looks like the downside to .local is if you're presenting data to the internet and need SSL certificates to be issued by 3rd party roots, Mac's, and some integration that is more business-oriented (ie Office365)

On the flip-side, the recommended TLD would be one you OWN. Not some random made-up TLD.
 

Biznatch

2[H]4U
Joined
Nov 16, 2009
Messages
2,224
Use a sub domain of a domain you actually own. Microsoft does not recommend .local anymore.

Got any documentation on why that is? Not much has changed between 2k8 and 2k12, so I can't see any reason why they would suddenly recommend against it.
 

Nate7311

2[H]4U
Joined
Jan 11, 2001
Messages
3,320
I think it boils down to a change in MSs AD design philosophy and Internet connectivity and design and that ICANN has effectively outlawed non-TLD or Non-FQDN host names in Public SSLs moving forward. The latter really only affects SAN-type certs but it is a big change.

As far as the OP goes. Especially just for learning as this it obviously his 1st domain, just use a .local. Safer than a made-up TLD and not as complicated as a subdomain of a TLD that I'm assuming the OP doesn't have.
 
Top