The
thing I want to address is that when they do this, they normally install the
Active Directory Domain Services role – along with DNS server.
What about
the DHCP role?
Nope.
They already got some internet connection delivered by their ISP, so the
clients are already connected to the internet.
Brilliant,
right?
For all
the other natural causes that I could use as arguments against this setup, I`d
rather want to mention a common error message that appear when they run their
LOB applications that uses Microsoft SQL server for their databases.
“Cannot
generate SSPI context”
This
error message occurs on clients attempting to connect to a SQL Server on the
network.
And this
message is purely related to DNS.
When you
have an Active Directory domain and the clients are using the “wrong” DNS,
which in these cases is the router/firewall (default gateway) or an external
DNS, they cannot use name lookups to verify the server name.
In
short, the DNS server from their ISP have very
little knowledge of the server who is responsible for their databases on their
local area network. Conclusion: If you`re running an Active Directory domain, whether you have one employee or 15, please use your internal DNS server so that name lookups and other AD-related stuff may occur.
No comments:
Post a Comment