Attempt to resolve DNS Name Failed
-
I am using PF sense as router for NAT and windows server 2008 for DHCP Service only but i am getting this error while joining a computer on server :- "an attempt to resolve the dns name in the domain being joined failed"
can anybody help me in this
-
And that is a horrific choice for AD domain for one. You should use fqdn, something like value.tld
http://support.microsoft.com/kb/300684
Deployment and operation of Active Directory domains that are configured by using single-label DNS namesFor the following reasons, the best practice is to create new Active Directory domains that have fully qualified DNS names:
Single-label DNS names cannot be registered by using an Internet registrar.
Client computers and domain controllers that are joined to single-label domains require additional configuration to dynamically register DNS records in single-label DNS zones.
Client computers and domain controllers may require additional configuration to resolve DNS queries in single-label DNS zones.
Some server-based applications are incompatible with single-label domain names. Application support may not exist in the initial release of an application, or support may be dropped in a future release.
Transitioning from a single-label DNS domain name to a fully qualified DNS name is non-trivial and consists of two options. Either migrate users, computers, groups, and other states to a new forest. Or, perform a domain rename of the existing domain. Some server-based applications are incompatible with the domain rename feature that is supported in Windows Server 2003 and newer domain controllers. These incompatibilities either block the domain rename feature or make the use of the domain rename feature more difficult when you try to rename a single-label DNS name to a fully qualified domain name.
The Active Directory Installation Wizard (Dcpromo.exe) in Windows Server 2008 warns against creating new domains that have single-label DNS names. Because there is no business or technical reason to create new domains that have single-label DNS names, the Active Directory Installation Wizard in Windows Server 2008 R2 explicitly blocks creating such domains.Secondly - where are you pointing for dns? Pfsense - how does pfsense know to resolve your AD dns? Do you have a forwarder setup? Pretty much the answer to using AD, is all members should ONLY Point to AD dns.. While using other name servers is possible. The dns you point to needs to be able to resolve your AD records.. Highly doubt pfsense can do this, and if forwarding to your ISP they for sure can not, etc.
Point your members or want to be members of your domain to your DNS for your domain. This is normally the DC in a simple soho AD setup.
-
buddy i understand
see first time i tried to install all this on VMWARE ESXiMy DHCP server has only one LAN connection and i am using PFsense for NAT and Internet
IP address and VM network diagram is attached please have a look till that time i try above resolution provided by u
-
Sure looks like your pointing to pfsense 10.10.10.2 for dns - how is pfsense going to resolve your AD??
Have you ever setup/run AD before?
-
No could you please help me in that
-
heheh - what do you not understand about using your AD for dns?
Your using it for dhcp.. Point your clients to 10.10.10.3 (your AD server) for dns.
You ran DC promo right - it walked you through setting up DNS for your AD.. Now point to that computer (DC) that you ran dc promo on. Members of an AD should ONLY have the AD dns.. You then setup your AD dns to forward to external or other DNS.
-
buddy i am using it for first time thats why i am so much confuse
Server 2008 is acting as DHCP, AD and also DNS is installed in that.so what should i do please help me i m stuck completely
-
So your clients that you want to join the domain need to point to the server 2008 IP for DNS. So they can resolve the AD dns entries. you then can setup DNS on your 2k8 server to use pfsense as its forwarder. So your AD clients can then resolve say google.com
Your clients ask your AD dns, which in turn asks pfsense - which in turn asks your isp or public dns for say www.google.com
pfsense or the internet has no idea about your AD.. This is why you have to point your clients to AD dns. They should ONLY Point to this - nothing else.