Our secondary DNS server (Windows Server 2003) cannot see or connect to our primary DNS server (Windows Server 2008). (We can ICMP by name, but we cannot add in the DNS Manager GUI.) But our primary DNS server can talk to our secondary DNS server. We are trying to troubleshoot but are at a loss for what to do next. Here is what we know:
- Both servers have entries on the primary DNS server.
- In DNS Manager, when we click on actions and then connect to DNS server, we can connect from primary to secondary but not the other way around.
Any ideas of how we might further troubleshoot this issue? I'd be happy to provide as much more information as I am able.
Thanks!
Best Answer
I think it's a Windows authentication problem. You're trying to use an MMC console to access one server from another server where the two servers don't share a centralized user account database. If you want to be able to access one server from the other you'll need to configure a common user account and password on both servers and launch the DNS management console with that user account.
I've tested this on both of my DNS servers and it proves out. The only thing I can't explain is why you can't connect from the older OS to the newer OS but can from the newer OS to the older OS.
Both of my servers are W2K8R2 and when I changed the Administrator password on one server I got access denied when trying to add the other server to the DNS management console. When the Administrator password on both servers matches I can successfully add and connect to each server from each server in the DNS management console.
Note that in the case where I get access denied because of a password mismatch, it
DOES NOTprevent DNS record additions and deletions from propagating from the Primary to the Secondary server.