Cannot add a second domain controller.

[Guest]

Hi

I have upgraded our WinNT4 PDC server to Windows 2000 (Server1) mixed mode. The upgrade appeared to go through well, users were able to login to the network and work normally. However, when I tried to add a second domain controller (Server2), by running DCPROMO, I kept getting a message stating that "the domain could not be contacted or does not exist". The Win2000 server on which I am running DCPromo has succesfully joined the domain

I checked DNS on Server1 and found that all services are not installed. The only service installed is _tcp. This could be the problem. However, I have no idea how to go about installing the required services i.e. _msdcs, _sites, _udp. I am not sure if unstalling DNS from the only domain controller will destroy ADS and hence, loose all user account information. Users are probably using WINS for name resolution - I need WINS for the WinNT4 workstations

I would be greatful if someone could give me detailed instructions on how I could rectify the DNS problems so that I could add second domain controller. I cannot rebuild Server1 as it is the only domain controller on the network.

Your assistance is greatly appreciated

 

[Lanwench [MVP - Exchange]]

Are you using a single-label domain like DOMAIN instead of DOMAIN.COM ?

 

[Guest]

Thanks for your quick reply

The doamin name being used is of the format abc.nsw.gov.au. However, the NT 4 domain name is "abc". My server is running in mixed mode

Regards

Larr


----- Lanwench [MVP - Exchange] wrote: ----

Are you using a single-label domain like DOMAIN instead of DOMAIN.COM

Prepi wrote

 

[Ace Fekay [MVP]]

In

Hi,

I have upgraded our WinNT4 PDC server to Windows 2000 (Server1) mixed
mode. The upgrade appeared to go through well, users were able to
login to the network and work normally. However, when I tried to add
a second domain controller (Server2), by running DCPROMO, I kept
getting a message stating that "the domain could not be contacted or
does not exist". The Win2000 server on which I am running DCPromo
has succesfully joined the domain.

I checked DNS on Server1 and found that all services are not
installed. The only service installed is _tcp. This could be the
problem. However, I have no idea how to go about installing the
required services i.e. _msdcs, _sites, _udp. I am not sure if
unstalling DNS from the only domain controller will destroy ADS and
hence, loose all user account information. Users are probably using
WINS for name resolution - I need WINS for the WinNT4 workstations.

I would be greatful if someone could give me detailed instructions on
how I could rectify the DNS problems so that I could add second
domain controller. I cannot rebuild Server1 as it is the only domain
controller on the network.

Your assistance is greatly appreciated.

This comes up alot. Here's a repost from yesterday...i added stuff about not
being able to join a domain
==================================

SRV records creation is automatic. No other steps are required. If you can't
login or promote another machine as a DC in an existing domain, then you're
either pointing to the wrong DNS server (like your ISP's) or the SRVs don't
exist.

Several things can cause that. Such as:
1. Single label name AD domain and updated to SP4
2. Using wrong DNS server in IP properties. You must point to the current
DNS server that AD is using.


Guidelines:
1. Point ONLY to your internal DNS server. Do not use your ISP's in any AD
member machine (DCs or clients), or guranteed errors & failures will result.
If the IP is 127.0.0.1, change it to the actual IP of the machine.
2. In the zone, make sure updates are set to at least yes.
3. Primary DNS Suffix is set to the same name as AD's domain name and to the
same name as your zone name in DNS.
4. Your AD domain is NOT a single label name (should be in the form of
'domain.com' or domain.mike', etc).
5. If the machine is mutlihomed, other steps and administrative overhead is
necessary.
6. If the AD domain name is the same as your external domain name,
additional steps and administrative overhead is necessary.
7. If the Root zone (the dot) exists, and you want Internet access, delete
that zone, and configure a forwarder for efficient Internet name resolution.
This will show you how for this step:
http://support.microsoft.com/?id=300202
8. If trying to add a DC to an existing domain, set the Primary DNS suffix
first, then make sure DNS is only using the internal DNS, then run dcpromo.

Follow these guidelines very closely. After you've completed going thru
these steps and still have questions, please post back. If you are not sure
about any of these steps, please post:
1. An unedited ipconfig /all
2. The name of the AD domain name.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Guest]

I tried what you suggested but had no luck.

1) Here is the ipconfig/all for the Win 2000 domain controller and DNS server;


C:\>ipconfig/all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : svr_ads_01
Primary DNS Suffix . . . . . . . : opc.nsw.gov.au
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : opc.nsw.gov.au
nsw.gov.au
gov.au

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Netelligent 10/100TX PCI UTP Control
ler
Physical Address. . . . . . . . . : 00-08-C7-84-19-1A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.30.31.254
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . : 172.30.16.1
DNS Servers . . . . . . . . . . . : 172.30.31.254
Primary WINS Server . . . . . . . : 172.30.31.254

C:\>

C:\>
----------------------------------------------------
2) The name of the AD domain name is "opc.nsw.gov.au". - same as the external domain name.

Larry





----- Ace Fekay [MVP] wrote: -----

In

Hi,
mode. The upgrade appeared to go through well, users were able to
login to the network and work normally. However, when I tried to add
a second domain controller (Server2), by running DCPROMO, I kept
getting a message stating that "the domain could not be contacted or
does not exist". The Win2000 server on which I am running DCPromo
has succesfully joined the domain.
installed. The only service installed is _tcp. This could be the
problem. However, I have no idea how to go about installing the
required services i.e. _msdcs, _sites, _udp. I am not sure if
unstalling DNS from the only domain controller will destroy ADS and
hence, loose all user account information. Users are probably using
WINS for name resolution - I need WINS for the WinNT4 workstations.
how I could rectify the DNS problems so that I could add second
domain controller. I cannot rebuild Server1 as it is the only domain
controller on the network.

This comes up alot. Here's a repost from yesterday...i added stuff about not
being able to join a domain
==================================

SRV records creation is automatic. No other steps are required. If you can't
login or promote another machine as a DC in an existing domain, then you're
either pointing to the wrong DNS server (like your ISP's) or the SRVs don't
exist.

Several things can cause that. Such as:
1. Single label name AD domain and updated to SP4
2. Using wrong DNS server in IP properties. You must point to the current
DNS server that AD is using.


Guidelines:
1. Point ONLY to your internal DNS server. Do not use your ISP's in any AD
member machine (DCs or clients), or guranteed errors & failures will result.
If the IP is 127.0.0.1, change it to the actual IP of the machine.
2. In the zone, make sure updates are set to at least yes.
3. Primary DNS Suffix is set to the same name as AD's domain name and to the
same name as your zone name in DNS.
4. Your AD domain is NOT a single label name (should be in the form of
'domain.com' or domain.mike', etc).
5. If the machine is mutlihomed, other steps and administrative overhead is
necessary.
6. If the AD domain name is the same as your external domain name,
additional steps and administrative overhead is necessary.
7. If the Root zone (the dot) exists, and you want Internet access, delete
that zone, and configure a forwarder for efficient Internet name resolution.
This will show you how for this step:
http://support.microsoft.com/?id=300202
8. If trying to add a DC to an existing domain, set the Primary DNS suffix
first, then make sure DNS is only using the internal DNS, then run dcpromo.

Follow these guidelines very closely. After you've completed going thru
these steps and still have questions, please post back. If you are not sure
about any of these steps, please post:
1. An unedited ipconfig /all
2. The name of the AD domain name.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

I tried what you suggested but had no luck.

1) Here is the ipconfig/all for the Win 2000 domain controller and
DNS server;


C:\>ipconfig/all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : svr_ads_01
Primary DNS Suffix . . . . . . . : opc.nsw.gov.au
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : opc.nsw.gov.au
nsw.gov.au
gov.au

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Netelligent 10/100TX PCI
UTP Control
ler
Physical Address. . . . . . . . . : 00-08-C7-84-19-1A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.30.31.254
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . : 172.30.16.1
DNS Servers . . . . . . . . . . . : 172.30.31.254
Primary WINS Server . . . . . . . : 172.30.31.254

C:\>

C:\>
----------------------------------------------------
2) The name of the AD domain name is "opc.nsw.gov.au". - same as the
external domain name.

Larry

Hi Larry,

Thanks for posting that data. You know what's funny, you're the first that
I've seen using this private address range to actually get the subnet
correct for this private range! Cool...

Anyway...
Is your zone name in DNS called: opc.nsw.gov.au ?
Dynamic updates on the zone set to at least Yes?

You said the only SRV record you see is the _tcp SRV? Are there any errors
in the Event logs?

I'm assuming based on what you replied with that the 2nd machine you're
trying to promote is only using this machine for DNS. Did you also set the
Prmary DNS Suffix prior to trying to promote it? (that won't cause any
problem prior to promotion, but afterwards since the netlogon service uses
that name to register into the zone).

Oops, also see another potential issue, the underscores in the hostname.
That causes issues with DNS as well. Underscores and spaces are illegal
hostname characters with DNS. You may see 5004 errors based on that (I think
that was the event ID number for it).

Are there any services turned off, such as the DHCP Client Service or the
NetBios Helper service? They are actually required believe it or not,
whether DHCP or not, or even if you have NetBIOS disabled on the NIC.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Guest]

Hi Ace

1) Yes the zone name in DNS is opc.nsw.gov.au and dynamic updates is set to Yes

2) There are no errors in event log. There are, however, some warnings. Here is a copy of the warning

Event Type: Warnin
Event Source: DN
Event Category: Non
Event ID: 706
Date: 06/03/200
Time: 10:50:29 A
User: N/
Computer: SVR_ADS_0
Description
The DNS server encountered a packet addressed to itself -- IP address 172.30.31.254.

The DNS server should never be sending a packet to itself. This situation usually indicates a configuration error.

Check the following areas for possible self-send configuration errors:
1) Forwarders list. (DNS servers should not forward to themselves).
2) Master lists of secondary zones.
3) Notify lists of primary zones.
4) Delegations of subzones. Must not contain NS record for this DNS server unless subzone is also on this server.

Example of self-delegation:
-> This DNS server dns1.foo.com is the primary for the zone foo.com.
-> The foo.com zone contains a delegation of bar.foo.com to dns1.foo.com,
(bar.foo.com NS dns1.foo.com)
-> BUT the bar.foo.com zone is NOT on this server.

Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result. If found, the subzone DNS server admin should remove the offending NS record

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp
Data
0000: 50 25 00 00 P%..
----------------------------------------------------------------

When I tried to remove the NTDS entry in Active Directory Sites and Services, a screen popped up asking me if I wanted to demote this domain controller - I clicked cancel

3) The second machine is trying to use the primary DNS server.
Regarding the second part of this question, the Primary DNS Suffix was entered during the upgrade from WinNT4 (I may have misunderstood your question)

4) Is it now possible to change the host name? i.e. get rid of the underscores?

5) The services mentioned are up and running

Larr


----- Ace Fekay [MVP] wrote: ----

In

I tried what you suggested but had no luck
Primary DNS Suffix . . . . . . . : opc.nsw.gov.a
Node Type . . . . . . . . . . . . : Hybri
IP Routing Enabled. . . . . . . . : N
WINS Proxy Enabled. . . . . . . . : N
DNS Suffix Search List. . . . . . : opc.nsw.gov.a
nsw.gov.a
gov.a
Description . . . . . . . . . . . : Netelligent 10/100TX PC
UTP Contro
le
Physical Address. . . . . . . . . : 00-08-C7-84-19-1
DHCP Enabled. . . . . . . . . . . : N
IP Address. . . . . . . . . . . . : 172.30.31.25
Subnet Mask . . . . . . . . . . . : 255.255.240.
Default Gateway . . . . . . . . . : 172.30.16.
DNS Servers . . . . . . . . . . . : 172.30.31.25
Primary WINS Server . . . . . . . : 172.30.31.25
2) The name of the AD domain name is "opc.nsw.gov.au". - same as th
external domain name

Hi Larry,

Thanks for posting that data. You know what's funny, you're the first that
I've seen using this private address range to actually get the subnet
correct for this private range! Cool...

Anyway...
Is your zone name in DNS called: opc.nsw.gov.au ?
Dynamic updates on the zone set to at least Yes?

You said the only SRV record you see is the _tcp SRV? Are there any errors
in the Event logs?

I'm assuming based on what you replied with that the 2nd machine you're
trying to promote is only using this machine for DNS. Did you also set the
Prmary DNS Suffix prior to trying to promote it? (that won't cause any
problem prior to promotion, but afterwards since the netlogon service uses
that name to register into the zone).

Oops, also see another potential issue, the underscores in the hostname.
That causes issues with DNS as well. Underscores and spaces are illegal
hostname characters with DNS. You may see 5004 errors based on that (I think
that was the event ID number for it).

Are there any services turned off, such as the DHCP Client Service or the
NetBios Helper service? They are actually required believe it or not,
whether DHCP or not, or even if you have NetBIOS disabled on the NIC.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

Hi Prepi,
Answers in line below ...

In

Hi Ace,

1) Yes the zone name in DNS is opc.nsw.gov.au and dynamic updates is
set to Yes.
Good


2) There are no errors in event log. There are, however, some
warnings. Here is a copy of the warning;

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 7062
Date: 06/03/2004
Time: 10:50:29 AM
User: N/A
Computer: SVR_ADS_01
Description:
The DNS server encountered a packet addressed to itself -- IP address
172.30.31.254.

<snip>

If you create a forwarder to your ISP's DNS, that should get rid of this
message in most cases.

When I tried to remove the NTDS entry in Active Directory Sites and
Services, a screen popped up asking me if I wanted to demote this
domain controller - I clicked cancel.

You don't want to do that....

3) The second machine is trying to use the primary DNS server.
Regarding the second part of this question, the Primary DNS Suffix
was entered during the upgrade from WinNT4 (I may have misunderstood
your question).

No, you got the question right. Also as long as all your machines are using
172.30.31.254, we should be good to go, as far as that we determine why reg
updates are not occuring at this point since you're saying the the SRVs are
not being created automatically.

4) Is it now possible to change the host name? i.e. get rid of the
underscores?

Yes and no. If you get the second DC up, you can demote the first one,
rename it and promote it again. That's the only real way to do it.

5) The services mentioned are up and running.
Good!


Larry

Larry, can you also run a
dcdiag /v > c:\dcdiag.txt
netdiag /v /fix > c:\netdiag.txt

And post the results from those two (attach it to your post).

Thanks

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Guest]

Hi Ace

I have the results of the test you requested. How do I attach these two files? They are rather large to cut & paste

Larr


----- Ace Fekay [MVP] wrote: ----

Hi Prepi
Answers in line below ..

In

Hi Ace
set to Yes
Goo

warnings. Here is a copy of the warning
Event Source: DN
Event Category: Non
Event ID: 706
Date: 06/03/200
Time: 10:50:29 A
User: N/
Computer: SVR_ADS_0
Description
The DNS server encountered a packet addressed to itself -- IP addres
172.30.31.254

<snip

If you create a forwarder to your ISP's DNS, that should get rid of thi
message in most cases

Services, a screen popped up asking me if I wanted to demote thi
domain controller - I clicked cancel

You don't want to do that...

Regarding the second part of this question, the Primary DNS Suffi
was entered during the upgrade from WinNT4 (I may have misunderstoo
your question)

No, you got the question right. Also as long as all your machines are usin
172.30.31.254, we should be good to go, as far as that we determine why re
updates are not occuring at this point since you're saying the the SRVs ar
not being created automatically

underscores

Yes and no. If you get the second DC up, you can demote the first one
rename it and promote it again. That's the only real way to do it

Good

Larry, can you also run
dcdiag /v > c:\dcdiag.tx
netdiag /v /fix > c:\netdiag.tx

And post the results from those two (attach it to your post)

Thank

--
Regards
Ac

Please direct all replies to the newsgroup so all can benefit
This posting is provided "AS IS" with no warranties

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MV
Microsoft Windows MVP - Active Director

 

[Ace Fekay [MVP]]

In

Hi Ace,

I have the results of the test you requested. How do I attach these
two files? They are rather large to cut & paste.

Larry

Actually, if you just run the commands this way, it will save it to a text
file:

This command will save the output to a text file called dcdiag.txt on your
C: drive:
dcdiag /v > c:\dcdiag.txt

This command will save the output to a text file called netdiage.txt on your
C: drive:
netdiag /v /fix > c:\netdiag.txt

Then when you reply with your next post, just attach these two files. You'll
find them both on the root of your C: drive.

Did you create a forwarder to your ISP as I suggested in my previous post?
That should take care of the Event ID 7062 errors, for the most part.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Guest]

Hi

Guess what? It worked. I think running the netdiag utility inserted the missing SRV records. I ran DCPROMO on the second server and it went through with out a hitch. I have added the forwarder as sugested. Hopefully I shouldn't encounter anymore problems. Thanks a lot for your help.

All the best

Larr


----- Prepi wrote: ----

Hi

I have upgraded our WinNT4 PDC server to Windows 2000 (Server1) mixed mode. The upgrade appeared to go through well, users were able to login to the network and work normally. However, when I tried to add a second domain controller (Server2), by running DCPROMO, I kept getting a message stating that "the domain could not be contacted or does not exist". The Win2000 server on which I am running DCPromo has succesfully joined the domain

I checked DNS on Server1 and found that all services are not installed. The only service installed is _tcp. This could be the problem. However, I have no idea how to go about installing the required services i.e. _msdcs, _sites, _udp. I am not sure if unstalling DNS from the only domain controller will destroy ADS and hence, loose all user account information. Users are probably using WINS for name resolution - I need WINS for the WinNT4 workstations

I would be greatful if someone could give me detailed instructions on how I could rectify the DNS problems so that I could add second domain controller. I cannot rebuild Server1 as it is the only domain controller on the network.

Your assistance is greatly appreciated

 

[Ace Fekay [MVP]]

In

Hi,

Guess what? It worked. I think running the netdiag utility inserted
the missing SRV records. I ran DCPROMO on the second server and it
went through with out a hitch. I have added the forwarder as
sugested. Hopefully I shouldn't encounter anymore problems. Thanks a
lot for your help.

All the best.

Larry


----- Prepi wrote: -----

Hi,

I have upgraded our WinNT4 PDC server to Windows 2000 (Server1)
mixed mode. The upgrade appeared to go through well, users were able
to login to the network and work normally. However, when I tried to
add a second domain controller (Server2), by running DCPROMO, I kept
getting a message stating that "the domain could not be contacted or
does not exist". The Win2000 server on which I am running DCPromo
has succesfully joined the domain.

I checked DNS on Server1 and found that all services are not
installed. The only service installed is _tcp. This could be the
problem. However, I have no idea how to go about installing the
required services i.e. _msdcs, _sites, _udp. I am not sure if
unstalling DNS from the only domain controller will destroy ADS and
hence, loose all user account information. Users are probably using
WINS for name resolution - I need WINS for the WinNT4 workstations.

I would be greatful if someone could give me detailed
instructions on how I could rectify the DNS problems so that I could
add second domain controller. I cannot rebuild Server1 as it is the
only domain controller on the network.

Your assistance is greatly appreciated.

Very good!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory