One additional thought is that if the DNS seems to be correct, and you can verify it on the Exchange server, then you have to isolate and verify that ISA is not causing your issues. It wouldn't be a stretch to think that ISA could be interfering with the LDAP communications and that DNS is still functioning (I'm guessing it resides elsewhere and is not integrated, but the theory still works) Remember that they could make it start at some point else they wouldn't have Exchange in the environment at all.
One thing that may have changed was when they added ISA, they may have made changes that allow ISA to see the external DNS world allowing it to get confused about where it's domain resides and how to route requests. Just a theory though. ISA doesn't belong on the GC/DC and when you add in that kind of DNS configuration it could get ugly. Split-brain-DNS (Aka schizophrenic name resolution) can work, it's just not advisable. -ajm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Thursday, September 16, 2004 8:04 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Other people's public domain names in internal Active Directories Do you get any further information if you run ipconfig /displaydns to show the contents of the local cache on the Exchange server? I'm guessing probably not if the DC/GC resolves by name, but it's worth a try. Quite a while back Stuart Kwan posted on the list suggesting that all AD implementations should use properly registered DNS names, even if only used internally. I guess to avoid the potential problems you hint at, but also in the case of mergers and acquisitions. Can you post some of the ADC event log errors? Tony ---------- Original Message ---------------------------------- From: "Ben Schorr" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Wed, 15 Sep 2004 21:54:05 -1000 Ran into an interesting situation this week, a client who had a previous consultant set up their small AD and the previous guy assigned it the domain name "honolulu.com" which is, of course, a domain name out in the world. Problem is...it's not their domain name. They have two servers - 1 Exchange server and a GC/DC which also (against my advice) is their ISA server. The GC/DC is Win2000, the Exchange runs Win2K3. Their Exchange server is having difficulty starting up, LDAP errors that hint at DNS problems and I'm wondering if the issue is that internal domain name. The event viewer is full of MSADC errors that say the LDAP server is down. I suspect that maybe it's trying to connect to the LDAP server at the public honolulu.com domain. Their internal DNS seems properly configured and does correctly list their DC/GC server. We can ping the DC/GC from the Exchange server by name or IP address. But Netdiag's DNS tests fail when run on the DC/GC server. If we start the Exchange server it basically hangs at the "Applying Computer Settings" stage. None of the Exchange services start up, due to the LDAP errors, apparently. I've been Googling but I have a feeling I'm looking in the wrong places. Any thoughts? -Ben- Ben M. Schorr Operations Coordinator Stockholm/KSG - Honolulu Phone: (808) 535-1500 Mobile: (808) 351-5084 ________________________________________________________________ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
