Announcement

Collapse
No announcement yet.

AD Replication problems due to DNS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Replication problems due to DNS

    First let me start by saying I've used a lot of the tutorials on here to fix problems, and they have been very helpful

    At work we just bought a brand new server and had our old server and new server on the domain. It seems as if though when we initially replicated the active directory and added the new server as a domain controller, it failed.

    My boss wants me to get the old server offline as soon as we can, but there's a huge issue. When I ran a Dcpromo, it would tell me no domain controller was found...

    So I ran a dcdiag and this is what it came up with:
    Domain membership test . . . . . . : Failed [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.
    So at night I restarted the primary server to try and replicate the data... needless to say, I had a LOT of problems. In the DNS server for the primary server I encountered this message:
    The DNS server was unable to complete directory service enumeration of zone rdadomain.local. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
    and

    DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.

    If this DNS server does not have any DS-integrated peers, then this error
    should be ignored.

    If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.

    To ensure proper replication:
    1) Find this server's Active Directory replication partners that run the DNS server.
    2) Open DnsManager and connect in turn to each of the replication partners.
    3) On each server, check the host (A record) registration for THIS server.
    4) Delete any A records that do NOT correspond to IP addresses of this server.
    5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
    6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.
    So it is quite apparent the main DNS server (from the main server) is not communicating properly to the old server and failing to replicate the data. I've added the IP of the old server as a forwarder in the primary DNS server and I've still encountered problems.

    I have the primary DNS server set up in the domain for the new server, so I am wondering if that is causing an issue.

    If someone could help me in the right direction and let me know what I need to change for the DNS settings that would be greatly appreciated.

  • #2
    Re: AD Replication problems due to DNS

    Have you tried the suggestion given by microsoft?
    What more did you tried fixing it?
    Have you run Netdiag?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: AD Replication problems due to DNS

      Dumber,

      Which suggestion by M$ are you referring to?

      I've run netdiag and netdiag /fix to fix the DNS entries problem for the DC. I've set up forwarders in both DNS servers to speak to each other in case of any issues. I've also made sure there is no extra forest metadata by using ntsdutil.

      I'm thinking I should just remove AD from the new server, since all the logins are still processed by the old server. This way I can replicate the AD through a new dcpromo using the "from files" option, as opposed to replicating AD through the network.

      It just seems as if though when it originally replicated AD it didn't do it properly, and this is why I've encountered such a mess.
      Last edited by VPuccetti; 27th January 2009, 19:17.

      Comment


      • #4
        Re: AD Replication problems due to DNS

        From your own post:

        DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.

        If this DNS server does not have any DS-integrated peers, then this error
        should be ignored.

        If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.

        To ensure proper replication:
        1) Find this server's Active Directory replication partners that run the DNS server.
        2) Open DnsManager and connect in turn to each of the replication partners.
        3) On each server, check the host (A record) registration for THIS server.
        4) Delete any A records that do NOT correspond to IP addresses of this server.
        5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
        6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: AD Replication problems due to DNS

          The way the person had originally set this up before me, was the DNS was integrated into the AD.

          I've already deleted any extra A records in the DOMAINdnszones and FORESTdnszones.

          After being gone for a week, I decided to run more diagnostics and see what new messages I get and now this is a new message that was never there before.

          Starting test: VerifyReferences
          Some objects relating to the DC OLDRDASERVER have problems:
          [1] Problem: Missing Expected Value
          Base Object:
          CN=OLDRDASERVER,OU=Domain Controllers,DC=rdadomain,DC=local
          Base Object Description: "DC Account Object"
          Value Object Attribute Name: frsComputerReferenceBL
          Value Object Description: "SYSVOL FRS Member Object"
          Recommended Action: See Knowledge Base Article: Q312862

          [1] Problem: Missing Expected Value
          Base Object:
          CN=NTDS Settings,CN=OLDRDASERVER,CN=Servers,CN=Default-First-Site-Na
          me,CN=Sites,CN=Configuration,DC=rdadomain,DC=local
          Base Object Description: "DSA Object"
          Value Object Attribute Name: serverReferenceBL
          Value Object Description: "SYSVOL FRS Member Object"
          Recommended Action: See Knowledge Base Article: Q312862
          I read the article that Microsoft has provided in trying to repair references, but when trying to do "ntfrsutl sets" I get a lovely message saying "DOMAIN SYSTEM VOLUME (SYSVOL SHARE) in state STOPPED"

          I have tried doing a net stop ntfrs and then restarting. All these error messages occur on the OLD server.

          The only error message I get on the new server now is
          Starting test: Advertising
          Warning: DsGetDcName returned information for \\oldrdaserver.rdadomain.
          local, when we were trying to reach RDASERVER.
          Server is not responding or is not considered suitable.
          ......................... RDASERVER failed test Advertising
          Like I said, this has been a nightmare. This was a project that the prior IT person was suppose to do (who originally set things up) but he quit without any notice.

          Comment

          Working...
          X