1

I setup a small network @ home as a small business to provide a testbed for learning and keeping my computer skills reasonable current. The main pieces of the network are a smallish linux server w/a NUMA memory layout and a couple of RAID10's w/about 60T that I divvy up for file system testing, virtual machines that I use to maintain current skills and learn new ones for consulting opportunities. Having an engineering degree in Computer Science as a basis, I'm constantly working new configurations and optimizations. I have a business account w/my ISP and manage my internal site DNS as a subsite of my public domain name.

For purposes of discussion say my DNS domain = dnsdom.org. The linux server is my gateway to the outside, and have a few win-7 workstations as well as miscellaneous appliances (laser printer/scanner/fax, BR-player, audio-system + ip's for the UPS's, etc..). I have my primary workstation setup as the "console" for the server (the server isn't exactly headless, but the onboard graphics on the server aren't worth running an X-server or desktop on. Initially I had only 1 sub-domain for my internal systems (a 192.168 net) that I put under "sc.dnsdom.org" (sc being a city abbreviate where I live). When I updated my main workstation's server connect to 10Gb, I added a 2nd subdomain for the 10Gb net (initially only between the server and main workstation. This allows me to use the server as a router to the slower net and still access all the peripherals on the 1Gb net.

Apart from the above I setup the server as a NT4-style domain server w/samba so I could use same authentication on server and the two win7 clients (also part of my continuing education). Back when I created my NT-Domain, I gave my Windows domain the name 'Bliss' (as an internal joke, [NOT] describing my feelings on working w/WinXP+w/Win7 and getting them both integrated into the domain) -- didn't trust Win7, and I keep all the data on the server, where I back it up daily.

Sometime in the past month or two I've started having probs. I had the ip-domain set under the Computername->More->Primary DNS suffix of this computer, and the NT-domain set under the "Member of Domain" (right above where one could set a workgroup).

Somehow the ip-domain got zeroed, somewhere, and now I see (using Process Monitor) connects from win7station.BLISS<-->win7station.BLISS). My DNS server (I have "named" (Bind) running on the server with dual namespaces (for in and out) doesn't have a DNS-domain for 'Bliss' -- so it goes off and tries to resolve it externally (hs.domnam.org & sc.domnam.org both are resolved to internal clients).

I'm trying to set the DNS-domain back to hs.domnam.org, but when I try, windows tries to resolve it as a NT-domain and I get an error:

Changing the Primary Domain DNS name of this computer to "hs.domnam.org"
failed. The name will remain "BLISS".

 The specified domain either does not exist or could not be contacted.

!!!! I've tried looking through command line tools (netsh primarily) w/no luck.

I'm not running ipv6, deliberately, so as to not complicate things (have ipv6 unchecked on my net interfaces on windows and the linux box has a kernel built w/o ipv6.

I have maybe 1 more thing to try, which would be trying to unjoin the NT-domain -- then reset the DNS-Domain, then try to rejoining the NT-Domain -- but I don't like joining/unjoining the NT-dom, as about 75% of the time after an unjoin, I have problems rejoining -- with that taking sometimes days to fix.

I also tried setting the per-connection DNS name -- but that doesn't seem to have much effect.

NOTE: for some unknown reason, my "checkpoint/restore" stuff stopped working in the past 1-2 months. It always fails with a message about the restore failing as it extracted the registry but noting it was corrupted, so it tried to put things back the way they were before. It's likely a permissions problem, but that's another side problem I need to eventually track down.

Of some minor fortune, image backups, that are scheduled to dump weekly for the Win7-stations can be used (with some pain) to restore a system.

So anyone know why my DNS-domain is now being confused with with the NT-domain and how to correct it? I'm under the impression that NT5+ domains, using active directory, will want full DNS domains so haven't switched to an AD-based domain.

Anyone have any ideas why a DNS-domain would be confusing my NT4-domain setup?

I'm wondering if ongoing updates from MS, might be "fixing things" in an AD context, that might not be getting tested very thoroughly for the older NT4 doms.

Any hints here would be appreciated...

thanks

Astara
  • 109
  • 1
  • 6
  • Please always use RFC 2606 example domains when using examples, e.g. `example.com`. – Sven Apr 24 '15 at 00:26
  • The answer for this comes from an MS article applying to Windows 2000-based or Windows Server 2003-based domain controllers. If this was a home or end user question, then why is the answer only published as applicable to Windows Domain Server products? By definition, if you talk to MS, Domain users are excluded from the definition of Home Users. If you try to ask questions in MS forums in a situation where you mention you are part of domain, they will tell you to ask it on the professional site as Domain usage isn't a normal home function. – Astara Apr 24 '15 at 22:07
  • This question is very difficult to follow as you've presented a lot of irrelevant information. But some things you should be aware of: Disabling IPv6 is an unsupported configuration from Vista/Server 2008 and later. Second, you should [review the basics of Active Directory](http://serverfault.com/q/402580/126632). Finally if you're determined to use Samba as a domain controller you should try to use a modern version, 4 or higher, which can support more recent functional levels. – Michael Hampton Apr 25 '15 at 05:07
  • I've *been* using Samba as a DC since Win7 came out. At the time, I was supporting shared roaming profiles between WinXP and Win7 (even though they didn't store everything in the same place, it still synchronized the appdata. I simply unchecked the ipv6 proto from the per-net-interface settings. At the time I had an IPv4 firewall and was surprised to see MS had config'd teredo by default to give ipv6 connectivity through socks and http routers. Wonderful!... Changing the registry 'NVDomain'->DNS dom, and using the NTDom in 'Domain (tcpip/parameters), seemed to fix some of the probs... – Astara Apr 26 '15 at 13:17
  • @Michael Hamptom -- I added alot of the irrelevant information to describe my setup from my small business perspective, that was required in order to post this in a forum that used domains. (most home users don't, but since I had my testbed setup @ home I was told I should move the Q to a home-user forum (where most home users know nothing about domains or running DNS). So sorry about the added material, it wasn't my first choice. – Astara Apr 26 '15 at 13:26
  • I intend to upgrade to Samba4 (will have to since 3.6.22 is the last of the '3' series). Right now I have it setup so my GUIDS resolve to my unix logins and I have unix logins setup w/user=group and use the UID/GID (equal) to determine a rid in my domain. I am very unsure what will happen when I upgd to 4, have heard of many problems (on samba list for years). Did this to sync XP & win 7 profiles -- at least for the applications -- worked for a while, but roaming profiles just keep getting too big. Anyway.. I don't know why it worked, but reducing client auth from ntlmv2 -> ntlm worked. – Astara Aug 05 '15 at 22:40

0 Answers0