newtonetworks
Member
Im very new to all this. A lot of my understanding here probably sounds really stupid, so bear with me. Im building a small virtual network using VMware. Im doing this to practice and learn about subdomains, group policy, and security. When I try to enforce group policy on clients from either the parent domain or the subdomain dcs- nothing happens. I took down all the firewalls, made sure all the accept connections settings are checked on everything, but still no group policy. When I run dcdiag from the parent domain dc I get this:
Microsoft Windows [Version 6.1.7601]
Copyright 2009 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = WIN-HQKARU70IMV
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WIN-HQKARU70IMV
Starting test: Connectivity
......................... WIN-HQKARU70IMV passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WIN-HQKARU70IMV
Starting test: Advertising
......................... WIN-HQKARU70IMV passed test Advertising
Starting test: FrsEvent
......................... WIN-HQKARU70IMV passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... WIN-HQKARU70IMV failed test DFSREvent
Starting test: SysVolCheck
......................... WIN-HQKARU70IMV passed test SysVolCheck
Starting test: KccEvent
......................... WIN-HQKARU70IMV passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... WIN-HQKARU70IMV passed test
KnowsOfRoleHolders
Starting test: MachineAccount
......................... WIN-HQKARU70IMV passed test MachineAccount
Starting test: NCSecDesc
......................... WIN-HQKARU70IMV passed test NCSecDesc
Starting test: NetLogons
......................... WIN-HQKARU70IMV passed test NetLogons
Starting test: ObjectsReplicated
......................... WIN-HQKARU70IMV passed test
ObjectsReplicated
Starting test: Replications
......................... WIN-HQKARU70IMV passed test Replications
Starting test: RidManager
......................... WIN-HQKARU70IMV passed test RidManager
Starting test: Services
......................... WIN-HQKARU70IMV passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000003F6
Time Generated: 11/02/2011 09:25:48
Event String:
Name resolution for the name _ldap._tcp.Default-First-Site-Name._sit
es.batman.wilsonsdomain.net timed out after none of the configured DNS servers r
esponded.
A warning event occurred. EventID: 0x000003F6
Time Generated: 11/02/2011 09:55:41
Event String:
Name resolution for the name 1.10.168.192.in-addr.arpa timed out aft
er none of the configured DNS servers responded.
A warning event occurred. EventID: 0x00001695
Time Generated: 11/02/2011 09:55:51
Event String:
Dynamic registration or deletion of one or more DNS records associat
ed with DNS domain 'wilsonsdomain.net.' failed. These records are used by other
computers to locate this server as a domain controller (if the specified domain
is an Active Directory domain) or as an LDAP server (if the specified domain is
an application partition).
......................... WIN-HQKARU70IMV passed test SystemLog
Starting test: VerifyReferences
......................... WIN-HQKARU70IMV passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : wilsonsdomain
Starting test: CheckSDRefDom
......................... wilsonsdomain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... wilsonsdomain passed test CrossRefValidation
Running enterprise tests on : wilsonsdomain.net
Starting test: LocatorCheck
......................... wilsonsdomain.net passed test LocatorCheck
Starting test: Intersite
......................... wilsonsdomain.net passed test Intersite
C:\Users\Administrator>
To check my roles I used netdom query fsmo:
C:\Users\Administrator>netdom query fsmo
Schema master WIN-HQKARU70IMV.wilsonsdomain.net
Domain naming master WIN-HQKARU70IMV.wilsonsdomain.net
PDC WIN-HQKARU70IMV.wilsonsdomain.net
RID pool manager WIN-HQKARU70IMV.wilsonsdomain.net
Infrastructure master WIN-HQKARU70IMV.wilsonsdomain.net
The command completed successfully.
C:\Users\Administrator>
I think that looks right so I figure its something with my DNS based on the Dcdiag errors. (Again, sorry if I sound stupid.) This is the way I have my IPs and DNS setup:
wilsonsdomain.net (parent domain) dc-
IP 192.168.10.1
Subnet Mask 255.255.255.0
Default Gateway 192.168.10.3
Preferred DNS 192.168.10.1
Alternate DNS Blank
batman.wilsonsdomain.net (child domain) dc-
IP 192.168.10.2
Subnet Mask 255.255.255.0
Default Gateway 192.168.10.3
Preferred DNS 192.168.10.1
Alternate DNS Blank
joker.batman.wilsonsdomain.net (client of child domain)-
IP 192.168.10.5
Subnet Mask 255.255.255.0
Default Gateway 192.168.10.3
Preferred DNS 192.168.10.2
Alternate DNS Blank
Any help as to how I have this set up wrong would be much appreciated.
Microsoft Windows [Version 6.1.7601]
Copyright 2009 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = WIN-HQKARU70IMV
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WIN-HQKARU70IMV
Starting test: Connectivity
......................... WIN-HQKARU70IMV passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WIN-HQKARU70IMV
Starting test: Advertising
......................... WIN-HQKARU70IMV passed test Advertising
Starting test: FrsEvent
......................... WIN-HQKARU70IMV passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... WIN-HQKARU70IMV failed test DFSREvent
Starting test: SysVolCheck
......................... WIN-HQKARU70IMV passed test SysVolCheck
Starting test: KccEvent
......................... WIN-HQKARU70IMV passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... WIN-HQKARU70IMV passed test
KnowsOfRoleHolders
Starting test: MachineAccount
......................... WIN-HQKARU70IMV passed test MachineAccount
Starting test: NCSecDesc
......................... WIN-HQKARU70IMV passed test NCSecDesc
Starting test: NetLogons
......................... WIN-HQKARU70IMV passed test NetLogons
Starting test: ObjectsReplicated
......................... WIN-HQKARU70IMV passed test
ObjectsReplicated
Starting test: Replications
......................... WIN-HQKARU70IMV passed test Replications
Starting test: RidManager
......................... WIN-HQKARU70IMV passed test RidManager
Starting test: Services
......................... WIN-HQKARU70IMV passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000003F6
Time Generated: 11/02/2011 09:25:48
Event String:
Name resolution for the name _ldap._tcp.Default-First-Site-Name._sit
es.batman.wilsonsdomain.net timed out after none of the configured DNS servers r
esponded.
A warning event occurred. EventID: 0x000003F6
Time Generated: 11/02/2011 09:55:41
Event String:
Name resolution for the name 1.10.168.192.in-addr.arpa timed out aft
er none of the configured DNS servers responded.
A warning event occurred. EventID: 0x00001695
Time Generated: 11/02/2011 09:55:51
Event String:
Dynamic registration or deletion of one or more DNS records associat
ed with DNS domain 'wilsonsdomain.net.' failed. These records are used by other
computers to locate this server as a domain controller (if the specified domain
is an Active Directory domain) or as an LDAP server (if the specified domain is
an application partition).
......................... WIN-HQKARU70IMV passed test SystemLog
Starting test: VerifyReferences
......................... WIN-HQKARU70IMV passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : wilsonsdomain
Starting test: CheckSDRefDom
......................... wilsonsdomain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... wilsonsdomain passed test CrossRefValidation
Running enterprise tests on : wilsonsdomain.net
Starting test: LocatorCheck
......................... wilsonsdomain.net passed test LocatorCheck
Starting test: Intersite
......................... wilsonsdomain.net passed test Intersite
C:\Users\Administrator>
To check my roles I used netdom query fsmo:
C:\Users\Administrator>netdom query fsmo
Schema master WIN-HQKARU70IMV.wilsonsdomain.net
Domain naming master WIN-HQKARU70IMV.wilsonsdomain.net
PDC WIN-HQKARU70IMV.wilsonsdomain.net
RID pool manager WIN-HQKARU70IMV.wilsonsdomain.net
Infrastructure master WIN-HQKARU70IMV.wilsonsdomain.net
The command completed successfully.
C:\Users\Administrator>
I think that looks right so I figure its something with my DNS based on the Dcdiag errors. (Again, sorry if I sound stupid.) This is the way I have my IPs and DNS setup:
wilsonsdomain.net (parent domain) dc-
IP 192.168.10.1
Subnet Mask 255.255.255.0
Default Gateway 192.168.10.3
Preferred DNS 192.168.10.1
Alternate DNS Blank
batman.wilsonsdomain.net (child domain) dc-
IP 192.168.10.2
Subnet Mask 255.255.255.0
Default Gateway 192.168.10.3
Preferred DNS 192.168.10.1
Alternate DNS Blank
joker.batman.wilsonsdomain.net (client of child domain)-
IP 192.168.10.5
Subnet Mask 255.255.255.0
Default Gateway 192.168.10.3
Preferred DNS 192.168.10.2
Alternate DNS Blank
Any help as to how I have this set up wrong would be much appreciated.
