Frustration, thine name is Active Directory

OK, I’m an uber geek. Everyone who knows me knows that. So I don’t need to justify why I’m doing what I’m doing in this article, just take it from me – I’m an uber-geek. There.
Alright, so here is my issue, and resolution. Maybe someone will benefit from this being out on ye olde internets someday.
I own a small business, we have a dedicated server. Our dedicated server is a domain controller, and it’s at a data center far far away.
I own a home, and have a fileserver at said home. My fileserver needs to be replaced, and I like to have a domain setup to ease file sharing.
I wanted to only have 1 domain to manage, the one on my businesses dedicated server
Solution: Make my home server a domain controller for the same domain as my business server lives on.
Steps:
1. Establish VPN connection over some sort of secure protocol (L2TP/IpSec)
2. Run DCPromo, make domain controller.
Step 1 went fine, step 2 was the problem.  I kept getting an error stating that “The specified server cannot perform the requested operation”, which was highly
suspicious since I was pretty sure my DNS setup was correct. However, here was the root of the problem (and weeks of frustration on-and-off)
My server at work has 2 NICs in it, an internal card and an external. The external uses an internet routable address (for the sake of argument, we’ll say it’s 130.101.5.4 (Which it isn’t, so don’t play hackorz with the addy)), the internal uses a private IP (10.0.0.2). Upon examining the DNS records, I find that in many places, both the public (130.101.5.4) addy and the private addy (10.0.0.2) are registered. They’re both in under the A record for the domain, they’re both in the global catalog records. They’re both everywhere.  So I removed the public entries. And what do ya know – dcpromo worked.
The moral of the story? Active directory really hates having multiple addresses for things like the global catalog server or the A record of the domain. It doesn’t try all of them until one works, it fails if one fails. Ugh. Since the DNS for my server is handeled by my ISP, the DNS running on the actual box is purely of internal interest, and thus does not need these public entries.
If this is of help to you in your quest to setup a domain, drop me a comment on this blog entry (Anonymous is fine). I’d love to hear your horror story!

Leave a Reply

Your email address will not be published. Required fields are marked *