Windows 2000 DC + local DNS + Windows 2003 member server

Tue, 2006.01.17 - 11:46 — müzso

I just found out that if you've got a Windows 2000 domain controller with a DNS service running and integrated with Active Directory ... and you wan't to add a Windows 2003 server to your domain, then you have to set "allow dynamic updates?" in your domain-zone properties either to "yes" or to "Only secure updates".

If you disable dynamic DNS updates in your domain-zone, then your member servers will most probably not find your domain controller ... since they rely on special "SRV" records in the DNS to find the DC.

If you run the DCDIAG tool on your domain controller in such a situation, then you get something like the following:

Testing server: Default-First-Site-Name\YOUR-DC
      Starting test: Connectivity
         The host e44c29e4-4272-4054-8c56-7a190027454f._msdcs.your-domain.com could not be resolved to an IP address.  Check the DNS server, DHCP, server name, etc.
         Although the Guid DNS name (e44c29e4-4272-4054-8c56-7a190027454f._msdcs.your-domain.com) couldn't be resolved, the server name (your-dc.your-domaincom) resolved to the IP address (192.168.0.10) and was pingable.  Check that the IP address is registered correctly with the DNS server.
         ......................... YOUR-DC failed test Connectivity

Running "dcdiag /fix" cannot help in this case, you have to manually edit you DNS zone properties to allow dynamic updates.