Announcement

Collapse
No announcement yet.

Adding a new 2003 DC to a 2000 Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding a new 2003 DC to a 2000 Domain

    Hi everybody,

    In our office we have a Windows 2000 Domain in which the DC is also DNS server.

    Our intention is to add another DC to the domain with a new windows server 2003.

    Before adding the DC to the domain, I prepared the domain with either 'domainprep' and forestprep' commands.

    After I ran the 'dcpromo' on the new wannabe DC I get the following error:

    ---------------------------------------------------

    The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain domainxxxx.com:

    The error was: "DNS name does not exist."
    (error code 0x0000232B RCODE_NAME_ERROR)

    The query was for the SRV record for _ldap._tcp.dc._msdcs.domainxxxx.com

    Common causes of this error include the following:

    - The DNS SRV records required to locate a domain controller for the domain are not registered in DNS. These records are registered with a DNS server automatically when a domain controller is added to a domain. They are updated by the domain controller at set intervals. This computer is configured to use DNS servers with following IP addresses:

    ip xxx.x.xxx.xxx

    - One or more of the following zones do not include delegation to its child zone:

    domainxxxx.com
    com
    . (the root zone)

    For information about correcting this problem, click Help.

    ---------------------------------------------------

    I have revised the DNS configuration and all seems to be OK so far. Now here I am not sure about what are the next steps. My relation-ship with DNS was always very poor.

    What are my options now to get over this problem? What is the easiest way to let my current domain controller be registered in DNS, as far as I know it is already registered automatically bye AD. Isn't?
    If anybody had once a similiar case or knows how to resolve my problem I would be very thankfull.

    Any help??

    Thank you very much!

    Have a nice day. Take care
    Last edited by Zyxser; 16th April 2008, 12:29.

  • #2
    Re: Adding a new 2003 DC to a 2000 Domain

    is your 2003 server set to use the 2000 server as its primary dns in the network card properties?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Adding a new 2003 DC to a 2000 Domain

      Yes, it is pointing to its primary DNS server which is also DC, in this case.
      Cheers!

      Comment


      • #4
        Re: Adding a new 2003 DC to a 2000 Domain

        When you say you "revised" the DNS. It should be there automatically. If you run dcdiag does it output any errors for the 2000 box? I think you can run dnslint as well.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Adding a new 2003 DC to a 2000 Domain

          Dear Andy,
          First of all thank you for replying me back.
          I have some testing with dcdiag and dnslist, these are the results:

          Please check screenshots.

          In regards the dnslist command, do not understand when I see 3 outside DNS servers from our ISP. Is that normal?

          Regards,
          Attached Files

          Comment


          • #6
            Re: Adding a new 2003 DC to a 2000 Domain

            Your 2000 server only has a single NIC connected and has itself as primary DNS?

            If so, restart netlogon and see if these errors are fixed, You can also run dcdiag and netdiag with /fix
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment


            • #7
              Re: Adding a new 2003 DC to a 2000 Domain

              Hello again,

              Sorry not to give you before all details but I really don't remember all the testings I have made to have it fixed.

              All those things you mention (net start netlogon, dcdiag, netdiag /fix, etc.) are already done with no success. I will post here the results so the people can understand with more details what my problems are configuring an extra DC.

              Please be patience with me

              See ya!!

              Comment


              • #8
                Re: Adding a new 2003 DC to a 2000 Domain

                No problem, sometimes understanding the whole situation can help with a specific problem. Will wait for the info

                Can I just confirm the 2000 DC is the only DC in its domain/forest
                cheers
                Andy

                Please read this before you post:


                Quis custodiet ipsos custodes?

                Comment


                • #9
                  Re: Adding a new 2003 DC to a 2000 Domain

                  Good Morning all,

                  Well, as promised, hereby I enclosed some outputs from the following commands:

                  C:\>net stop netlogon
                  The Net Logon service is stopping.
                  The Net Logon service was stopped successfully.


                  C:\>net start netlogon
                  The Net Logon service is starting........
                  The Net Logon service was started successfully.


                  C:\>netdiag /fix


                  .......................................

                  Computer Name: DOMAINSERVER
                  DNS Host Name: DomainServer.domain-name.com
                  System info : Windows 2000 Server (Build 2195)
                  Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
                  List of installed hotfixes :
                  KB822343
                  KB823182
                  KB823559
                  KB823980
                  KB824105
                  KB824151
                  KB825119
                  KB826232
                  KB828035
                  KB828741
                  KB828749
                  KB830352
                  KB832353
                  KB832359
                  KB835732
                  KB837001
                  KB839643
                  KB839645
                  KB840315
                  KB840987
                  KB841356
                  KB841533
                  KB841872
                  KB841873
                  KB842526
                  KB842773
                  KB870763
                  KB871250
                  KB873333
                  KB873339
                  KB885250
                  KB885834
                  KB885835
                  KB885836
                  KB888113
                  KB890046
                  KB890175
                  KB890859
                  KB891781
                  KB893066
                  KB893086
                  KB893756
                  KB893803v2
                  KB894320
                  KB896358
                  KB896422
                  KB896423
                  KB896424
                  KB899587
                  KB899588
                  KB899589
                  KB899591
                  KB900725
                  KB901017
                  KB901214
                  KB902400
                  KB904706
                  KB905414
                  KB905749
                  KB908519
                  KB908523
                  KB908531
                  KB911280
                  KB911564
                  KB912919
                  KB913580
                  KB914388
                  KB914389
                  KB917008
                  KB917159
                  KB917422
                  KB917537
                  KB917736
                  KB917953
                  KB918118
                  KB920213
                  KB920670
                  KB920683
                  KB920685
                  KB920958
                  KB921398
                  KB921503
                  KB921883
                  KB922582
                  KB922616
                  KB923414
                  KB923810
                  KB923980
                  KB924191
                  KB924270
                  KB924667
                  KB925902
                  KB926121
                  KB926122
                  KB926247
                  KB926436
                  KB927891
                  KB928843
                  KB930178
                  KB931784
                  KB933729
                  KB935839
                  KB935840
                  KB936021
                  KB937894
                  KB938827
                  KB938829
                  KB941568
                  KB941644
                  KB941672
                  KB942831
                  KB943055
                  KB943484
                  KB943485
                  Q147222
                  Q828026
                  Update Rollup 1


                  Netcard queries test . . . . . . . : Passed



                  Per interface results:

                  Adapter : Local Area Connection

                  Netcard queries test . . . : Passed

                  Host Name. . . . . . . . . : DomainServer
                  IP Address . . . . . . . . : xx.x.xxx.xxx
                  Subnet Mask. . . . . . . . : 255.255.0.0
                  Default Gateway. . . . . . :
                  Primary WINS Server. . . . : xx.x.xxx.xxx
                  Dns Servers. . . . . . . . : xx.x.xxx.xxx
                  xxx.xxx.xx.x
                  xxx.xxx.xxx.xxx


                  AutoConfiguration results. . . . . . : Passed

                  Default gateway test . . . : Passed

                  NetBT name test. . . . . . : Passed

                  WINS service test. . . . . : Failed
                  The test failed. We were unable to query the WINS servers.


                  Global results:


                  Domain membership test . . . . . . : Passed


                  NetBT transports test. . . . . . . : Passed
                  List of NetBt transports currently configured:
                  NetBT_Tcpip_{61FDF1CD-7873-4EFF-8B69-DA0654500AA7}
                  1 NetBt transport currently configured.


                  Autonet address test . . . . . . . : Passed


                  IP loopback ping test. . . . . . . : Passed


                  Default gateway test . . . . . . . : Passed


                  NetBT name test. . . . . . . . . . : Passed


                  Winsock test . . . . . . . . . . . : Passed


                  DNS test . . . . . . . . . . . . . : Failed
                  [FATAL] Failed to fix: DC DNS entry domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry gc._msdcs.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.444dfd3a-944f-46df-844b-ace3d42b353b.domains._msdcs.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry 320b31cc-9fc5-4ed1-84ea-837c24418b63._msdcs.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _gc._tcp.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _kerberos._udp.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._sites.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.domain-name.com. re-registeration on DNS server 'xx.x.xxx.xxx' failed.
                  DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
                  [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for this DC on DNS server 'xx.x.xxx.xxx'.
                  [FATAL] No DNS servers have the DNS records for this DC registered.


                  Redir and Browser test . . . . . . : Passed
                  List of NetBt transports currently bound to the Redir
                  NetBT_Tcpip_{61FDF1CD-7873-4EFF-8B69-DA0654500AA7}
                  The redir is bound to 1 NetBt transport.

                  List of NetBt transports currently bound to the browser
                  NetBT_Tcpip_{61FDF1CD-7873-4EFF-8B69-DA0654500AA7}
                  The browser is bound to 1 NetBt transport.


                  DC discovery test. . . . . . . . . : Passed


                  DC list test . . . . . . . . . . . : Passed


                  Trust relationship test. . . . . . : Skipped


                  Kerberos test. . . . . . . . . . . : Passed


                  LDAP test. . . . . . . . . . . . . : Passed
                  [WARNING] Failed to query SPN registration on DC 'DomainServer.domain-name.com'.


                  Bindings test. . . . . . . . . . . : Passed


                  WAN configuration test . . . . . . : Skipped
                  No active remote access connections.


                  Modem diagnostics test . . . . . . : Passed

                  IP Security test . . . . . . . . . : Passed
                  IPSec policy service is active, but no policy is assigned.


                  The command completed successfully

                  ----------------------------------------------

                  The DC registration on DNS failed. How can I fix that? What more commands can I use to test DNS? This is as far as I can get.

                  Greetings!

                  Comment


                  • #10
                    Re: Adding a new 2003 DC to a 2000 Domain

                    Dns Servers. . . . . . . . : xx.x.xxx.xxx
                    xxx.xxx.xx.x
                    xxx.xxx.xxx.xxx


                    What are all of these DNS servers?
                    You should only have 1 in there for this scenario, the 2000 servers local address
                    cheers
                    Andy

                    Please read this before you post:


                    Quis custodiet ipsos custodes?

                    Comment


                    • #11
                      Re: Adding a new 2003 DC to a 2000 Domain

                      Hello Andy,

                      As always, thanks for your continuous support. This helps me out reviewing all the steps I have done to get here.

                      In regards your question; that other two DNS adresses are external public DNS servers. Is that the cause of the problems??? I removed them both (the two alternate dns addresses) but I need to reboot the domain controller domainserver, as this is a production system I have programmed the reboot for tomorrow morning. First hour of the morning I can check if that is the cause of the problem but I doubt it. Am I wrong?? If that is the solution I will suicide myself, hehe.

                      What more could it be if tomorrow's reboot won't fix the problem? I am out of ideas.

                      Anyone out there who dares to imagine the root cause of the problem? I am not capable so far.

                      Well, let's see tomorrow what happend. I'm quite excited to come tomorrow morning to the office and check what happened (never thought I would say that ahha)

                      Thanks!!! Byeeee

                      Comment


                      • #12
                        Re: Adding a new 2003 DC to a 2000 Domain

                        Your server should have itself as the primary DNS and no internet DNS servers. This should mean it will talk to DNS locally and youthen setup forwarders (or use root hints) for anything it doesn't understand. This explains why you have some of the errors you see in netdiag etc. If your internal domain name is public ie domain.com not something like domain.local then you may find your primary dns responds that the server doesn't exist.

                        If you have more than one server (with DNS) then you would use another servers IP as primary and your server as secondary. This is because AD tries to start before DNS and may take a bit longer to work when it boots. There are fixes for this.

                        If you restart netlogon it should re-register missing records in your local DNS so I would let your server reboot then wait 5 mins at logon, restart netlogon and see if we have any changes.

                        If you manually added the entries then I believe the server cannot change them therefore I would delete the ones you added and restart netlogon as above.

                        I assume the 2000 box is up to date with patches etc?

                        Fingers crossed.
                        cheers
                        Andy

                        Please read this before you post:


                        Quis custodiet ipsos custodes?

                        Comment


                        • #13
                          Re: Adding a new 2003 DC to a 2000 Domain

                          Dear Andy,

                          OK, the DC Server has been reboot with only one DNS IP address configured. Then issued the Netlogon stop/start and retried to join other member server as an extra DC with dcpromo with no success. Please check screenshot.

                          Now I have added the other external DNS public servers as Forwarders.

                          My DC server is updated with most recently updates.

                          When issuing netdiag /fix command I get again:

                          DNS test . . . . . . . . . . . . . : Failed
                          [FATAL] Failed to fix: DC DNS entry presenceco.com. re-registeration on DNS server '89.1.250.252' failed.

                          This is not fair...

                          Let us see if I can get something new on next week. I really appreciate all your help on this subject. Thanks!!!

                          Ciao
                          Attached Files

                          Comment


                          • #14
                            Re: Adding a new 2003 DC to a 2000 Domain

                            89.1.250.252 is not a private address.
                            What is your 2000 servers IP address??
                            cheers
                            Andy

                            Please read this before you post:


                            Quis custodiet ipsos custodes?

                            Comment


                            • #15
                              Re: Adding a new 2003 DC to a 2000 Domain

                              Hi Andy,

                              That is the first DC server ip address and also DNS server. Why??

                              Kind regards,

                              Comment

                              Working...
                              X