Can not add second DC to active directory domain

  • Thread starter Thread starter Stephen E. Weber
  • Start date Start date
S

Stephen E. Weber

When I attempt to add a second domain controller to our Windows 2000 Active
Directory Domain I receive and error, that the domain controller can not be
contacted.
This is what I did leading up to this point.
I had and existing NT domain, with a primary and a backup domain controller,
I promoted the backup domain controller to the primary domain controller, I
had applications on the PDC which I did not want to risk during the upgrade
process. I installed Windows 2000 on the PDC, installed active directory,
all appeared operational.
Then I setup a new windows 2000 server, added to the domain, then ran
DCpromo, when I run this I get an error, that the domain can not gain access
to the list of domains in the forest, its says that it may be a domain
lookup problem.
I checked the DNS server on the DC, there are just 2 entrys, one for the
start of athority and the other for the name server, there are not host
record. I setup several computers in the domain to use the DCs DNS server as
there DNS server, and had expected them to update this server, which they
have not.
The users have no trouble accessing the internet, and I can ping the DC from
the computer which I am attempting to promote.
Thanks
Steve
 
This is the result of the netdiag

These are the results of the netdiag
.......................................

Computer Name: TOSMAINBAC
DNS Host Name: tosmainbac.tosgov.com
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 4, GenuineIntel
List of installed hotfixes :
KB842773
KB893803v2
Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : tosmainbac.tosgov.com
IP Address . . . . . . . . : 10.0.1.247
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.0.1.1
Primary WINS Server. . . . : 10.0.1.247
Dns Servers. . . . . . . . : 10.0.1.247
209.87.79.23
209.87.64.70


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 00105a1345f8
Frame type . . . . . . : 802.2



Adapter : IPX Internal Interface

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II



Adapter : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 1234cdef
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2



Adapter : NDISWANIPX

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 783420524153
Frame type . . . . . . : Ethernet II




Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{69AAC0AC-A672-4144-B244-99ECB8F60227}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry TOSMAIN.local.
re-registeration on DNS server '10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.TOSMAIN.local. re-registeration on DNS server '10.0.1.247'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._sites.TOSMAIN.local. re-registeration on
DNS server '10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.pdc._msdcs.TOSMAIN.local. re-registeration on DNS server
'10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.gc._msdcs.TOSMAIN.local. re-registeration on DNS server
'10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.TOSMAIN.local.
re-registeration on DNS server '10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.764d1f7a-50cb-4fa1-9914-d11c17d7e5bd.domains._msdcs.TOSMAIN.local.
re-registeration on DNS server '10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry gc._msdcs.TOSMAIN.local.
re-registeration on DNS server '10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
999d29c8-b7cb-47e8-b9f2-818c5f81c0bf._msdcs.TOSMAIN.local. re-registeration
on DNS server '10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.dc._msdcs.TOSMAIN.local. re-registeration on DNS server
'10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.TOSMAIN.local.
re-registeration on DNS server '10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.dc._msdcs.TOSMAIN.local. re-registeration on DNS server
'10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.TOSMAIN.local.
re-registeration on DNS server '10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.TOSMAIN.local. re-registeration on DNS server '10.0.1.247'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._sites.TOSMAIN.local.
re-registeration on DNS server '10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _gc._tcp.TOSMAIN.local.
re-registeration on DNS server '10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_gc._tcp.Default-First-Site-Name._sites.TOSMAIN.local. re-registeration on
DNS server '10.0.1.247' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._udp.TOSMAIN.local. re-registeration on DNS server '10.0.1.247'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kpasswd._tcp.TOSMAIN.local. re-registeration on DNS server '10.0.1.247'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kpasswd._udp.TOSMAIN.local. re-registeration on DNS server '10.0.1.247'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Fix Failed: netdiag failed to re-register missing
DNS entries for this DC on DNS server '10.0.1.247'.
[FATAL] No DNS servers have the DNS records for this DC
registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{69AAC0AC-A672-4144-B244-99ECB8F60227}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{69AAC0AC-A672-4144-B244-99ECB8F60227}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully
 
I beleive that I have a disjointed name space, the suffix on the DC does not
match the suffix on the domain. Which maybe causing the dns issue which
maybe causig the dns issue which is preventing me from adding a second DC in
this domain.

I read that the only "supported" way is to demote the dc, then promote the
DC with the correct domain name suffix. This network is an AD Mixed, the NT
backup domain controller is online, but there are no other DC's, I was in
the process of adding the second dc, which started this situations, what can
I do to repair this disjointed domain, there are 200 users on the network,
with many multi vendor products which may be effected if I have to create a
new domain.
 
I would make sure the second DC is pointing to first.

Remove you ISP's DNS servers from the first DC's NIC and set them as
forwarders.

The ONLY place on your AD domain that your ISP's DNS servers should be
listed is as forwarders. AD clients MUST point to the DNS server set up for
the AD domain ONLY.

See:
http://support.microsoft.com/kb/291382/en-us
http://support.microsoft.com/kb/237675/en-us
http://support.microsoft.com/kb/825036/en-us
http://support.microsoft.com/kb/300202/en-us

hth
DDS W 2k MVP MCSE
 
Back
Top