So our network was just fine... The router was doing DHCP, and gave out DNS as 1)our test server dns 2) isp's dns1 3) isp's dns2 Our test server, which is not on all the time, has numerous test websites, and DNS and IIS all setup nicely. People all over the building (with IPs set to auto config) could access the test sites when the test server was on. Everyone could access the Internet *all* the time. So now we put Active Directory on our test server because we needed WDS. And what a nightmare it has been. If it wasnt for needing WDS i would have thrown this $%^$% out the window hours ago. (mapped drives dont work, shares are inaccessible, everythings slow - a few warnings about having to spend days getting back to where we were, would have been nice). we finally did pretty much a rebuild of the server with AD and DNS from scratch. And i'm pretty sure its all done correctly. On the server we can browse test sites, and the internet. But no-one else can browse the test-sites. The computer i'm at right now, i tried to join to the domain, but could not. message was... oh wait its doing it this time. I guess all i had to do was wait for 2 hours. Why? Will i have to *try* to join and wait 2 hours with every pc. we'll see... But this 'can not browse test sites' is still not working, anyone please some ideas...If I am all here, does that mean I am not all there?

Hello, please understand that AD highly relies on DNS, so for starting please post an unedited ipconfig /all from the DC/DNS server, one problem client and your webserver so we can compare sime settings. Also ASSURE that no machine use any external DNS server on the NIC, as the router or the ISPs DNS server. In a domain ONLY the domain DNS servers are to use and on the DNS servers FORWARDERS should be enabled to the ISPs DNS server.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hello, please understand that AD highly relies on DNS, so for starting please post an unedited ipconfig /all from the DC/DNS server, one problem client and your webserver so we can compare sime settings. Also ASSURE that no machine use any external DNS server on the NIC, as the router or the ISPs DNS server. In a domain ONLY the domain DNS servers are to use and on the DNS servers FORWARDERS should be enabled to the ISPs DNS server.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\Jonny>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : JonsWin7x64 Primary Dns Suffix . . . . . . . : comp.hq Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : comp.hq local.lan Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : local.lan Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) Physical Address. . . . . . . . . : 90-2B-34-30-D6-E6 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::11cb:8ee2:73e6:4309%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.2.33(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 20 July 2012 08:45:45 Lease Expires . . . . . . . . . . : 20 July 2012 13:05:46 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DHCPv6 IAID . . . . . . . . . . . : 244329268 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-44-02-FD-90-2B-34-30-D6-E6 DNS Servers . . . . . . . . . . . : 192.168.2.222 80.58.61.250 80.58.61.254 NetBIOS over Tcpip. . . . . . . . : Enabled Most importantly!! Everyone needs to see the "TestingServer" and its websites when it is ON. AND be able to continue accress/browse internet when it is OFF. This was working nicely before AD. If I am all here, does that mean I am not all there?

Hi, Please post the ipconfig /all from your testserver also to verify the settings.Regards, Rafic If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

Hello, please remove the public ip addresses from the NIC as DNS server, 80.58.61.250 and 80.58.61.254. This should be configured as FORWARDER in the DNS management console under the DNS server properties. After the changes run ipconfig /flushdns and ipconfig /registerdns and restart the netlogon service on the DC. If workstations use them also on the NCI remove them also run ipconfig /flushdns and ipconfig /registerdns and reboot.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hello, please remove the public ip addresses from the NIC as DNS server, 80.58.61.250 and 80.58.61.254. This should be configured as FORWARDER in the DNS management console under the DNS server properties. After the changes run ipconfig /flushdns and ipconfig /registerdns and restart the netlogon service on the DC. If workstations use them also on the NCI remove them also run ipconfig /flushdns and ipconfig /registerdns and reboot.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

i'm sorry i must be very tired and being a total moron. I do not see how our users will be able to navigate the internet without any DNS servers listed on their NICs. Our router doesn not have any "DNS forwarding" option - the only place i can fiddle is in the DHCP settings, where i specify DNS1, DNS2, DNS3, etc... As clearly stated many times above, the TestServer will not be always on, so obviously you're not referring to that. So i'm not sure what you do mean... If I am all here, does that mean I am not all there?

Hello, Please make the server points to its private IP address as primary DNS server and 127.0.0.1 as secondary one. Like Meinolf already mentioned, the public DNS servers should not be set as DNS servers in your adapter properties but should be set as forwarders. To configure forwarders: http://support.microsoft.com/kb/323380 Once the router itself, there is no configuration except the fact that it should allow DNS traffic to external network from the DC server. If we misunderstood you, please give more details about your environment. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

Hello, Please make the server points to its private IP address as primary DNS server and 127.0.0.1 as secondary one. Like Meinolf already mentioned, the public DNS servers should not be set as DNS servers in your adapter properties but should be set as forwarders. To configure forwarders: http://support.microsoft.com/kb/323380 Once the router itself, there is no configuration except the fact that it should allow DNS traffic to external network from the DC server. If we misunderstood you, please give more details about your environment. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

Hi, I think you mentioned that the test server (192.168.2.222) is on some of the time and off other times. True? If true, then you can't remove the ISP DNS servers from the client NIC configuration. You can still configure the ISP DNS servers as forwarders, but it isn't an ideal configuration to have the primary DNS server for client computers turned off some of the time. The clients will still try to use it and fail over to the secondary and tertiary server after a timeout. You could consider doing the following: 1. Add the ISP DNS servers as forwarders on the test server. 2. Re-configure the client DHCP settings to have the ISP DNS servers first and the test DNS server last. 3. Add static IP entries in the client HOSTS file to point to the test server sites. In this way, when the test server is on the clients will still be able to browse the test server sites. When it is off, they won't have to wait to fail over to the ISP DNS server. My thought on why the clients are not able to browse the test sites is that the test server is not responding in time. If you want to check this, run ipconfig /displaydns on a client computer and see if the test sites are timing out with no answer. -Greg

HI , The best practice is to install DNS with AD. if you already install DNS earlier than you need to reconfigure forward dns with dc name. after that it can take all secure update and it will work fine. Thanks Ashish Dubey

Hello, "I do not see how our users will be able to navigate the internet without any DNS servers listed on their NICs." This is the reason about using the FORWARDERS in the DNS management console on the WINDOWS DNS SERVER. As a domain highly relies on DNS using routers as DNS server is BAD PRACTICE and should NEVER be used. All required SRV records can not be built/registered on this. So install the DNS server role on the DC and use that one, disable the DNS on the router. As another option do NOT work with a DC for your network. "As clearly stated many times above, the TestServer will not be always on, so obviously you're not referring to that." A DC is NOT built to be shutdown it has to run, as a domain MUST be available for user logon and using the domain services, otherwise demote the DC and use it as normal workgroup server instead with local user accounts to access it. Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

WDS demands an AD ! So we have to have an AD on our network. (and as we paid for the full server 2008 we're not going to buy 3rd party software aswell) So now there is an AD on a DC with WDS, DNS, and IIS. As of now its been working as we set it up for a few days. I'll be back if it stops or becomes unreliable again... And Rick Tan - would you PLEASE stop marking comments as answers when the commenter has clearly not read the question. If I am all here, does that mean I am not all there?

Thanks for the reply, its most helpful. But everything has been working fine for a few days. Maybe i ask you for help again, if it stops working again. Thanks.If I am all here, does that mean I am not all there?