Hi everybody!

I'm studying on 70-291 MS Press self paced training kit book (v.1) and
practicing with MS Virtual PC.
In the last few days I've gone mad trying to get that "ipconfig
/registerdns" working between a DNS Client and a Server (each of them win
2003 ).
The problem was resolved only after decided to change the setting of the
client from the "obtain an IP address automatically" (requested by that
MSPress practice) to a static address.
Obviously I had previously set an "alternate configuration" with a valid IP
address in the same subnet of the DNS SRV and the correct DNS SRV IP.
The client was configured with the primary dns suffix of the same zone of
the DNS and the "register this connection's addresses to DNS" was checked
(as it is by default).
I even thought it was a problem of name resolution: I sniffed the traffic
and noticed that non DNS frames were exchanged between the client and the
server. So I decided to go straight through the problem and disable Netbios
resolution from WINS tab in advanced TCP/IP properties in both the VPCs (see
my other post..)

Anyway it worked only by setting up a dhcp on the DNS server or setting up
the static ip address in the client computer.

Is this problem due to something I've been missing/misconfigured, to MS
Virtual PC limitations or (just another) unaccuracy in the MS Press book
practices?

Thank for any reply!
Bye

MD

Well, since no reply has been posted at the time I'm writing, I would like
to simplify my question & try to troubleshoot this issue with your

First:

Scenario:
A machine is configured with "obtaining an IP address automatically" and an
alternate IP address in the 192.168.0.0 subnet (IP, S.M. and DNS).
Advanced configuration properties for DNS are at their defaults.
Another machine, the DNS server, is assigned the 192.168.0.1/24 static
address.
A.D. DC role has NOT been installed on the server yet but the 2 PCs have the
same DNS primary suffix.
In the DNS server properties I've allowed secure and non secure dynamic
updates for the zone the 2 PCs belong to.

First Troubleshooting Question:
Is it true that the DNS Client will be able to register and update its (A)
and PTR DNS records even when it is assigned the alternate address
configuration?

Please me

Thanks a lot to everybody!

Ciao
MD

"M D" <mdbl@NOSPAMinwind.it> wrote in message
news:ec8phVx0GHA.4176@TK2MSFTNGP06.phx.gbl...
> Well, since no reply has been posted at the time I'm writing, I would like
> to simplify my question & try to troubleshoot this issue with your

Likely your question/post didn't replicate around the
news servers for a while since it didn't popup for me
until about a week after your post. If you use the MS
servers direct your (apparently slow) local news server
won't be able to delay your posts.

> First:
>
> Scenario:
> A machine is configured with "obtaining an IP address automatically" and
> an alternate IP address in the 192.168.0.0 subnet (IP, S.M. and DNS).
> Advanced configuration properties for DNS are at their defaults.
> Another machine, the DNS server, is assigned the 192.168.0.1/24 static
> address.
> A.D. DC role has NOT been installed on the server yet but the 2 PCs have
> the same DNS primary suffix.

Is this set in the System Control Panel (where it belongs)?

Machines should NOT depend on the suffix settings in the
NIC->IP but FIRST set their full computer name, including
Domain in the System CP.

> In the DNS server properties I've allowed secure and non secure dynamic
> updates for the zone the 2 PCs belong to.

Think of this as "allow unsecure updates" (I really wish they
have never changed this label.) It's you only choice for dynamic
updates until you have a DC and put the zone into AD.

> First Troubleshooting Question:
> Is it true that the DNS Client will be able to register and update its (A)
> and PTR DNS records even when it is assigned the alternate address
> configuration?

Yes. Clients must be 'modern' (Win2000+) but since only
WinXP plus (includes Win2003 servers -- they are DNS clients
too) have the "Alternate Config" that requirement is automatically
met.

But you need to make sure they can find the dynamic server and
that they KNOW their full computer name including DNS domain/zone.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

> Please me
>
> Thanks a lot to everybody!
>
> Ciao
> MD
>

Hi Herb!

Thank you again for your kind reply.

> If you use the MS
> servers direct your (apparently slow) local news server
> won't be able to delay your posts.

Well I'm using news.microsoft.com as News Server because my provider doesn't
seem to download any message from this newsgroup...

>> A.D. DC role has NOT been installed on the server yet but the 2 PCs have
>> the same DNS primary suffix.
>
> Is this set in the System Control Panel (where it belongs)?

Yes indeed: the 2 PCs have same dns suffix and System properties states that
their FQDN are PC1.domain1.local and PC2.domain1.local

>
> Machines should NOT depend on the suffix settings in the
> NIC->IP but FIRST set their full computer name, including
> Domain in the System CP.

Ok. I did it that way

>
>> In the DNS server properties I've allowed secure and non secure dynamic
>> updates for the zone the 2 PCs belong to.
>
> Think of this as "allow unsecure updates" (I really wish they
> have never changed this label.) It's you only choice for dynamic
> updates until you have a DC and put the zone into AD.
>

Ok.

>> First Troubleshooting Question:
>> Is it true that the DNS Client will be able to register and update its
>> (A) and PTR DNS records even when it is assigned the alternate address
>> configuration?
>
> Yes. Clients must be 'modern' (Win2000+) but since only
> WinXP plus (includes Win2003 servers -- they are DNS clients
> too) have the "Alternate Config" that requirement is automatically
> met.

Well the fact is I'm practicing DNS with VPC 2004 SP1 with 2 Win 2003 E.E.
and the dynamic updates work only with the IP statically assigned to the
client server (or assigned automatically by a DHCP server). The dynamic
registration doesn't work with the alternate configuration.

I've tried to troubleshoot this problem for a couple of days:
- There is connectivity between the 2 srvs
- The DNS server IP address was set in the client IP properties
configuration (in the advanced section of the TCP/IP properties)
- Ping worked but, as what I recall from last week troubleshooting,
analyzing the traffic between the 2 srvs, I noticed that NBT resolution was
preferred over DNS.
- Even trying to force DNS registration (rebooting the client PC or
executing the ipconfig /registerdns) nothing happened and event logs were
not of much (I looked into the system logs of the Client and the DNS
event log of the srv).

>
> But you need to make sure they can find the dynamic server and
> that they KNOW their full computer name including DNS domain/zone.

Those seemed to be working:
from each of the srvs, launching ping -a localhost they responded with their
correct FQDN. But when I tried to ping the Client hostname from the srv, the
reply was not headed with the Client FQDN...

I eventually thought of a Microsoft VPC limitation but I'm still not sure it
wasn't my fault

If you've any further advice please do, I will likely reproducing the same
environment for other tests the next days.

Thank again for your reply, your is highly apprecated.

Bye

MD

"M D" <mdbl@NOSPAMinwind.it> wrote in message
news:%23ficRLy1GHA.4796@TK2MSFTNGP06.phx.gbl...
> Hi Herb!
>
> Thank you again for your kind reply.
>
>> If you use the MS
>> servers direct your (apparently slow) local news server
>> won't be able to delay your posts.
>
> Well I'm using news.microsoft.com as News Server because my provider
> doesn't seem to download any message from this newsgroup...

Well, then maybe it is MY news CLIENT but since no one answered
you it seemed more likely a problem on your end.

My Outlook Express has been pretty hosed up for quite some time but
I really just cannot stand any other news client.

>>> A.D. DC role has NOT been installed on the server yet but the 2 PCs have
>>> the same DNS primary suffix.
>>
>> Is this set in the System Control Panel (where it belongs)?
>
> Yes indeed: the 2 PCs have same dns suffix and System properties states
> that their FQDN are PC1.domain1.local and PC2.domain1.local

Then that is correct. Many people leave this blank (or wrong)
and try to correct it on the NIC properties which are mostly to
be used for machine with multiple interfaces.

>> Machines should NOT depend on the suffix settings in the
>> NIC->IP but FIRST set their full computer name, including
>> Domain in the System CP.
>
> Ok. I did it that way
>
>>
>>> In the DNS server properties I've allowed secure and non secure dynamic
>>> updates for the zone the 2 PCs belong to.
>>
>> Think of this as "allow unsecure updates" (I really wish they
>> have never changed this label.) It's you only choice for dynamic
>> updates until you have a DC and put the zone into AD.
>>
>
> Ok.
>
>>> First Troubleshooting Question:
>>> Is it true that the DNS Client will be able to register and update its
>>> (A) and PTR DNS records even when it is assigned the alternate address
>>> configuration?
>>
>> Yes. Clients must be 'modern' (Win2000+) but since only
>> WinXP plus (includes Win2003 servers -- they are DNS clients
>> too) have the "Alternate Config" that requirement is automatically
>> met.
>
> Well the fact is I'm practicing DNS with VPC 2004 SP1 with 2 Win 2003 E.E.
> and the dynamic updates work only with the IP statically assigned to the
> client server (or assigned automatically by a DHCP server). The dynamic
> registration doesn't work with the alternate configuration.

Well, go through the same questions for the Server -- is it's full
name properly set in the System Control Panel.

What DNS server is it set to use on it's NIC-> IP properties?

Can it reach the DNS server?

(If this doesn't lead to a fix, then send me the IPConfig /all
output to a file -- use text and don't edit it.)

Which is the DNS server? (Usually people practicing or testing
put the DNS on the SAME server as the DC.)

You can check for DNS "connectivity" by using:

nslookup somename.domain.com IP.of.DNS.Server

This will prove that DNS can be answered. (You cannot
update it if you cannot even query it.)

Ping and Tracert can of course check routing but this is
specific to DNS traffic so avoids firewall discrepancies.

One common mistake people make with DNS clients is
to set the "DNS Server" in their IP properties to a MIXTURE
of both internal and external DNS servers.

That is INCORRECT and UNRELIABLE.

> I've tried to troubleshoot this problem for a couple of days:
> - There is connectivity between the 2 srvs
> - The DNS server IP address was set in the client IP properties
> configuration (in the advanced section of the TCP/IP properties)

Why advanced? For a single DNS server you can do it on the
main (first) page of the IP configuration dialog.

You only need Advanced settings if you use more than two? DNS
servers or wish to much with other settings. Make sure you left
the checkbox for register this interface checked and don't bother
with any of that suffix stuff SINCE you set the System Control
Panel correctly.

> - Ping worked but, as what I recall from last week troubleshooting,
> analyzing the traffic between the 2 srvs, I noticed that NBT resolution
> was preferred over DNS.

How did you determine this? Most likely you have a DNS problem
(could be routing but DNS directly sounds more likely.)

I will append my general DNS for AD instructions below.

> - Even trying to force DNS registration (rebooting the client PC or

This is overkill and wasting your time.

> executing the ipconfig /registerdns) nothing happened and event logs were
> not of much (I looked into the system logs of the Client and the DNS
> event log of the srv).

/registerDNS is only useful for client (or normal server) registration
and will NOT work for DCs so be aware of that. For DCs we use
other methods (see below in DNS stuff.)

>> But you need to make sure they can find the dynamic server and
>> that they KNOW their full computer name including DNS domain/zone.
>
> Those seemed to be working:
> from each of the srvs, launching ping -a localhost they responded with
> their correct FQDN. But when I tried to ping the Client hostname from the
> srv, the reply was not headed with the Client FQDN...
>
> I eventually thought of a Microsoft VPC limitation but I'm still not sure
> it wasn't my fault

No, probably not a VPC limitation which generally works really well
and does route if you set it up correctly.

This could be just a routing problem. Better send IPConfig /all from
both the VPC Virtual Machine AND the VPC Host computer.

Are they on different subnets or the same?

> If you've any further advice please do, I will likely reproducing the same
> environment for other tests the next days.
>
> Thank again for your reply, your is highly apprecated.
>

We try to .

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


> Bye
>
> MD
>
>
>

Hey Herb, I see I grab you a lot of time again! Thank you.

> Well, then maybe it is MY news CLIENT but since no one answered
> you it seemed more likely a problem on your end.

BTW I usually check google groups to see if my post are ok, and that was
about 10 minutes after I sent it... Perhaps it's a problem of one news
server .. Nevermind.

Here are some clarifications on what it was the scenario:

I use 1 PC with VPC running 2 Win 2003 EE virtual machines used as training
networking environment.
One machine ("PC1") has only DNS installed with a static ip 192.168.0.1/24,
no default gtw.
The other ("PC2") has still no role installed and IP configuration is set to
obtain an IP address automatically with an alternate configuration of
192.168.0.2/24, no other info.
The test lab I was doing didn't mention to add the DNS on the alternate tab,
so I decided to insert the DNS IP in the DNS tab in the advanced TCP/IP
settings.

The 2 VM have been configured with the same dns suffix ("Domain1.local")
from Control Panel -> System Properties -> Computer Name -> More.

AD hasn't been installed yet so there is no "AD Domain".

DNS has been configured with a forward "domain1.local" and a standard lookup
zone for the subnet 192.168.0.0 .

Tomorrow morning I plan to re-build that scenario and try to get things
working.
and post the additional info you requested If not resolving this issue.

Thanks a lot for your suggestions!

Bye for now

MD

> I use 1 PC with VPC running 2 Win 2003 EE virtual machines used as
> training networking environment.
> One machine ("PC1") has only DNS installed with a static ip
> 192.168.0.1/24, no default gtw.
> The other ("PC2") has still no role installed and IP configuration is set
> to obtain an IP address automatically with an alternate configuration of
> 192.168.0.2/24, no other info.
> The test lab I was doing didn't mention to add the DNS on the alternate
> tab, so I decided to insert the DNS IP in the DNS tab in the advanced
> TCP/IP settings.
>
> The 2 VM have been configured with the same dns suffix ("Domain1.local")
> from Control Panel -> System Properties -> Computer Name -> More.
>
> AD hasn't been installed yet so there is no "AD Domain".
>
> DNS has been configured with a forward "domain1.local" and a standard
> lookup zone for the subnet 192.168.0.0 .
>
> Tomorrow morning I plan to re-build that scenario and try to get things
> working.
> and post the additional info you requested If not resolving this issue.

Generally it is better to fix problems than to try re-installing.
You learn more and by re-installing you may just re-create
the original issue or learn nothing.

If this isn't installed currently I don't want to waste time on something
than cannot even be tested or fixed.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"M D" <mdbl@NOSPAMinwind.it> wrote in message
news:eE$Fdt31GHA.4908@TK2MSFTNGP02.phx.gbl...
> Hey Herb, I see I grab you a lot of time again! Thank you.
>
>> Well, then maybe it is MY news CLIENT but since no one answered
>> you it seemed more likely a problem on your end.
>
> BTW I usually check google groups to see if my post are ok, and that was
> about 10 minutes after I sent it... Perhaps it's a problem of one news
> server .. Nevermind.
>
> Here are some clarifications on what it was the scenario:
>

> Thanks a lot for your suggestions!
>
> Bye for now
>
> MD
>
>

Hi Herb!

> Generally it is better to fix problems than to try re-installing.
> You learn more and by re-installing you may just re-create
> the original issue or learn nothing.
>
> If this isn't installed currently I don't want to waste time on something
> than cannot even be tested or fixed.

The fact is that following my 70-291 learning guide that initial scenario
has now changed to a more complex A.D. infrastructure with 1 DHCP and
DNSs...
That's why, on my last check before taking the exam, I can sped some time to
give it another try...
Thanks a lot
MD

Hi everybody:

As I'm still in trouble with this anonaly with dynamic updates in VPC 2004
SP1 and an alternate configured server, here I come with another post...

(Resume: In a virtual PC secnario compoised of only 1 dns srv and a client
(win2003 EE), dynamic updates work successfully only when I set up the
client with static IP address or when I install a DHCP srv on the DNS srv)

here is a full report of answers to Herb's questions!

> What DNS server is it set to use on it's NIC-> IP properties?

Here are the results of IPCONFIG /ALL run from the "client" PC:


Windows IP Configuration



Host Name . . . . . . . . . . . . : COMPUTER2

Primary Dns Suffix . . . . . . . : domain1.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain1.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
Adapter (Generic)

Physical Address. . . . . . . . . : 00-03-FF-AF-EB-D9

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DHCP Class ID . . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 192.168.0.1

-----------------------------------------------------------------------------

Here are the results of IPCONFIG /ALL run from the "server" PC:


Windows IP Configuration



Host Name . . . . . . . . . . . . : COMPUTER1

Primary Dns Suffix . . . . . . . : domain1.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain1.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
Adapter (Generic)

Physical Address. . . . . . . . . : 00-03-FF-6D-42-7D

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 192.168.0.1



> Can it reach the DNS server?

From the client computer, "ping computer1" returns:



Pinging computer1.domain1.local [192.168.0.1] with 32 bytes of data:



Reply from 192.168.0.1: bytes=32 time=9ms TTL=128

Reply from 192.168.0.1: bytes=32 time=7ms TTL=128

Reply from 192.168.0.1: bytes=32 time=5ms TTL=128

Reply from 192.168.0.1: bytes=32 time=9ms TTL=128



Ping statistics for 192.168.0.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 5ms, Maximum = 9ms, Average = 7ms


> Which is the DNS server? (Usually people practicing or testing
> put the DNS on the SAME server as the DC.)

Actually there's no DC, computer1.domain1.local is the DNS server

> You can check for DNS "connectivity" by using:
>
> nslookup somename.domain.com IP.of.DNS.Server
> This will prove that DNS can be answered. (You cannot
> update it if you cannot even query it.)
>

and "nlookup computer1.domain1.local 192.168.0.1" returns:

Server: computer1.domain1.local
Address: 192.168.0.1

Name: computer1.domain1.local
Address: 192.168.0.1

no external connectivity is enabled so:

nslookup www.microsoft.com 192.168.0.1

Server: computer1.domain1.local
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.

>> I eventually thought of a Microsoft VPC limitation but I'm still not sure
>> it wasn't my fault
>
> No, probably not a VPC limitation which generally works really well
> and does route if you set it up correctly.
>
> This could be just a routing problem. Better send IPConfig /all from
> both the VPC Virtual Machine AND the VPC Host computer.
>
> Are they on different subnets or the same?

The host PC (the one that has instaled VPC) is not connected to the 2 VMC.
I mean: there is no connectivity between the 2 Virtual machines that have
been configured with the "local only" network; moeover host PC has no
physical network adapter connected to Inernet.

Thanks a lot for any further hint!

Bye

MD