August 4th, 2004, 12:26 PM
Windows 2003 & NAT without hardware
Just installed AD again and have come up with a few interesting problems. The main on is...
The DNS proxy agent encountered a network error while attempting to receive messages on the interface with IP address 184.108.40.206. The data is the error code.
The thing is there is no real official NAT hardware installed just a couple of NIC's but then when using Routing I would prefer to try and use the NAT for firewalling instead of just the basic firewall.
August 4th, 2004, 14:35 PM
I still haven't been able to figure out the problem above, but then I probably shouldn't try running the NAT without hardware i guess.
There is however another problem i've encountered which is kidna not on the same subject but its bascally that my DHCP server which is based on the same machine (after installing AD), now shows the DNS name as <comp>.mshome.net , DNS seems to be working fine appart from that, although the name I use isn't registered on any other DNS severs and the ext. is .net
The root zone wasn't removed in the first place because it didn't appear, not sure if thats gonna cause a big mess at all.
It's a pretty melting hot day, & i'm not wanting to try n think too much so any thoughts or help on this problem would be so greeeatly appreciated.
August 4th, 2004, 19:54 PM
Hmm, I still seem to be answering my own questions but ive found a fix for the DHCP Server problem... http://www.sbslinks.com/mshome.htm
August 5th, 2004, 03:56 AM
Succeded in braking Windo
Sorry Coffee, you have some weird issues there
The DNS name is because W2K3 uses DNS as internet format names, since you probably didn't specify one, it created one for you. You could have put (and still can) any DNS name, as long as it resembles a DNS entry, for example coffeedomain.int (using int for internal, since it is not a Internet DNS)
This is as example. not sure about the steps for changing the DNS, but I am guessing you could just change the name, delete the database and force an update, or just change the name and ask for a new harvest (update)
NAT on the same server as AD...humm, not sure if you want to do that, unless you are experimenting and trying new things. With time it would slow down the computer. Get an old PC and install NAT there. There are lots of solutions using Linux which are pretty good, more advance, and feature packed. One recomendation to look at Linux Enbeded Appliance Firewall
It took me a long time to find this I couldn't remember how it was called and had to go thru THG archive
Since I did that, I also recomend Auditor Security Collector A lot easier to install (no installation)
THG also has a 2 part (so far) guide for installing W2K3. I haven't read them yet, but you might want to take a look to see if there is any usefull info.
August 5th, 2004, 10:46 AM
Thanks for the reply. Will certainly look at the links, sounds like some good stuff. Always wanted to get into Linux but never really had a good enough reason but for a firewall i'm almost not thinking twice
There was a problem with the DNS but seems to have now been completely resolved, I had to make sure that the server's DNS IP's were registerd on both NIC's as pointing to themselves and then the DNS server would take care of forwarding the requests, then flushed the DNS cache. After that the DHCP server turned out to be a weird one to sort out. The fix posted above doesn't always actually correct the problem by just ticking or unticking the box mentioned. I had to take the DHCP server offline & remove the NAT configuration from RRAS, then reset the DHCP, reconfigure the NAT and now it seems to be ok
However this has unlocked yet another problem! Which I may post in a different topic but, the Domain GPO cannot be accessed even after adding permissions to all files, delegating control & even booting up in safe mode.
Maybe something got seriously messed up when moving to AD but wanting to be able to sort things out without reinstalling the entire OS.
August 5th, 2004, 11:54 AM
Succeded in braking Windo
That is an interesting problem, if you cannot access the domain GPO you cannot access AD Small problem, right?
Just out of curiosity, did you try creating a couple of users. A regular user (and use "run as.." to open the mmc console) and a user with admin rights that is not admin (copy of domain administrator) and use those 2 accounts to see if you can access the GPOs. Remember that the account has to have domain admin. A coworker of mine created a admin account and thought it could change the AD with he forgot the domain admin rights and hence, he couldn't.
Other than that I can't suggest anything right now
August 5th, 2004, 12:11 PM
Thanks once again for your reply. I downloaded MS's GPMC.msi and installed to have a look at whats going on but still came back with not a great deal, I also tried your suggestion but the same problems still occur. The GPMC looked as though things were a lil messed up and i checked sharing & security permissions on the SYSVOL share with a surprise... the shares were only to the system itself. So I tried manually adding permissions but still had not effect.
I found there have been soooo many articles on this subject before thats someone should release a whole new service pack for just this problem ;-P And as i've found no real solution to the problem I guess I should try reinstalling AD. :-\