Can't get a Win Server 2003 to join existing Win 2000 domain

[Jerry S]

I am upgrading from a Win NT 4.0 domain. I set up a
temporary BDC, promoted that to a PDC and then upgraded
the system to Win Server 2000. I applied all the service
packs and patches, installed DNS server. The domain seems
to be working fine. I purchased a new server which I wish
to become the primary machine "PDC" in the existing
domain. When I load Win Server 2003 and join the domain
it let it in, but in trying to install Active Directory I
receive the following error message:

When I run ipconfig /all on the dmc2 machine this is what
I get....
Windows 2000 IP Configuration
Host Name . . . . . . . . . : dmc2
Primary DNS Suffix. . . . . : example.company.net
Node Type . . . . . . . .. .: Broadcast
IP Routing Enabled. . . . : No
WINS Proxy Enabled. . .. .. : No
DNS Suffix Search List. . . : example.company.net
company.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . .: Intel(R) PRO/100 VE Network
Connection
Physical Address. . .: 00-D0-B7-E3-0C-DF
DHCP Enabled. .. . . : No
IP Address. . .. . . : 192.168.10.150
Subnet Mask .. . . . : 255.255.255.0
Default Gateway . . : 192.168.10.1
DNS Servers . . . . . . . . . . . : 192.168.10.150
209.235.000.2
Can you please help me?

Jerry

 

[Kevin D. Goodknecht [MVP]]

In Jerry S <[email protected]> posted a question
Then Kevin replied below:
: I am upgrading from a Win NT 4.0 domain. I set up a
: temporary BDC, promoted that to a PDC and then upgraded
: the system to Win Server 2000. I applied all the service
: packs and patches, installed DNS server. The domain seems
: to be working fine. I purchased a new server which I wish
: to become the primary machine "PDC" in the existing
: domain. When I load Win Server 2003 and join the domain
: it let it in, but in trying to install Active Directory I
: receive the following error message:
:
::: DNS was successfully queried for the service location
::::: (SRV) resource record used to locate a domain
::: controller for domain example.company.net:
:
::: The query was for the SRV record for
::: _ldap._tcp.dc._msdcs.example.company.net
:
::: The following domain controllers were identified by the
::: query:
:
::: dmc2.example.company.net
:
::: Common causes of this error include:
:
::: - Host (A) records that map the name of the domain
::: controller to its IP addresses are missing or contain
::: incorrect addresses.
:
::: - Domain controllers registered in DNS are not connected
::: to the network or are not running.
:
: When I run ipconfig /all on the dmc2 machine this is what
: I get....
: Windows 2000 IP Configuration
: Host Name . . . . . . . . . : dmc2
: Primary DNS Suffix. . . . . : example.company.net
: Node Type . . . . . . . .. .: Broadcast
: IP Routing Enabled. . . . : No
: WINS Proxy Enabled. . .. .. : No
: DNS Suffix Search List. . . : example.company.net
: company.net
: Ethernet adapter Local Area Connection:
: Connection-specific DNS Suffix . :
: Description . . . . .: Intel(R) PRO/100 VE Network
: Connection
: Physical Address. . .: 00-D0-B7-E3-0C-DF
: DHCP Enabled. .. . . : No
: IP Address. . .. . . : 192.168.10.150
: Subnet Mask .. . . . : 255.255.255.0
: Default Gateway . . : 192.168.10.1
: DNS Servers . . . . . . . . . . . : 192.168.10.150
: 209.235.000.2
: Can you please help me?
:
: Jerry
First remove your ISP's DNS from your NIC, use only the Win2k for DNS. That
will cause many problems for you. You say you are trying to add a Win Server
2003 as a Domain controller?
Adding it as a Member is easy, you got that done but you must run adprep
/forestprep and adprep /domainprep on the Win2k DC before you can add the
2k3 as a DC, did you do that?
Before you do DCPROMO on the 2k3 you should move DNS to the 2k3 server, the
easiest way is to add the 2k3 as a secondary then change it to a primary,
allow dynamic updates and point all machines to it. 2k3 DNS better supports
2k3 domains, what you are doing is basically converting it to a 2k3 domain
with support for win2k domain controllers.

 

[jerrys]

I have tried the DNS with and without the ISP DNS. No
difference.
I have successfully run both adprep /forestprep and
adprep /domainprep. No errors.
Every time I try to install AD on the w2k3 I get the error
mentioned earlier. At this point I have only been trying
to get the w2k3 machine into the AD domain.

Any further ideas would be greatly appreciated.

Jerry S.

 

[Ace Fekay [MVP]]

In

I have tried the DNS with and without the ISP DNS. No
difference.
I have successfully run both adprep /forestprep and
adprep /domainprep. No errors.
Every time I try to install AD on the w2k3 I get the error
mentioned earlier. At this point I have only been trying
to get the w2k3 machine into the AD domain.

Any further ideas would be greatly appreciated.

Jerry S.

Well, first as Kevin mentioned, any external DNS servers need to be removed.
That is the basis of AD functionality and an external one can harm it. Once
that is done, we can eliminate that as any possiblity as being an issue.

I would then on the existing DC, delete the system32\config\netlogon.dns and
netlogon.dnb files, then run:
ipconfig /registerdns
restart the netlogon service.

This should refresh the SRV and host record info, since your error states
the host info is incorrect. Now give it a shot again and try to install it
as a new DC in an existing domain. Make sure you set the Primary DNS Suffix
to the existing domain name on the W2k3 machine prior to your dcpromo
attempt and make sure it only points to the 192.168.10.150 for DNS and no
others.

Let us know if that helps.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Jerry S]

I tried all these things and still the same error....

What I am doing on the w2k3 server is using the Manage
your Server... and adding a Role... that of the "Domain
Controller (Active Directory).

This starts The AD Installation Wizard.... I choose to ad
a DC in an existing domain. After entering the password I
get the error. (The same error message.... it has not
changed.)

Is there another way of doing this that I have missed.

Any help will be appreciated.

Jerry S.

 

[Kevin D. Goodknecht [MVP]]

In jerrys <[email protected]> posted a question
Then Kevin replied below:
: I have tried the DNS with and without the ISP DNS. No
: difference.
: I have successfully run both adprep /forestprep and
: adprep /domainprep. No errors.
: Every time I try to install AD on the w2k3 I get the error
: mentioned earlier. At this point I have only been trying
: to get the w2k3 machine into the AD domain.
:
: Any further ideas would be greatly appreciated.
:

Your post is kind of confusing because you make contradicting statements:
upgraded
the system to Win Server 2000. I applied all the service
packs and patches, installed DNS server. The domain seems
to be working fine.

Then you say:
I purchased a new server which I wish
to become the primary machine "PDC" in the existing
domain. When I load Win Server 2003 and join the domain
it let it in, but in trying to install Active Directory I
receive the following error message

Please explain how you intend to do this.

For one, forget the term PDC and BDC those are NT4 terms and do not apply to
Active Directory. Is the Win2k a domain controller for which domain?
We are trying to help but where does the Win2k fit in? Is it a DC for
'company.net' or 'example.company.net'


You are trying to add the Win2k as an additional DC for the Win2k or trying
to add the Win2k3 as a child for the Win2k domain?
If the latter (Win2k3 child to Win2k parent) Create a zone for company.net
in the Win2k3 DNS point the Win2k DC to the Win2k3 as Alternate DNS restart
Netlogon run ipconfig /register DNS and delegate the child name 'example' to
the Win2k3 DNS (yes delegate it to itself) then create the zone
'example.company.net' on the Win2k3. Or have you already done this?

 

[Jerry S]

These are the facts...

We have one domain .... several servers ... mix of win nt
4.o and wk2....

The PDC was a Win NT and no BDC....

Our equipment is aging so I purchased a new server with
w2k3 and wanted to make it the primary machine.....

Took these steps....
1. Set up a temporary win nt BDC.. loaded all service
packs etc and then promoted it to the PDC....
2. I upgraded this machine to a win 2k .... did all the
upgrades etc.... installed AD on this machine... made it
the DNS server
3. I installed AD client on all the NT machines (one of
which is now the BDC.)
4. On the new machine I purchased I installed W2k3.... &
joined the existing domain.... On the properties page it
says it in in the domain.
5. It is at this point that I am trying to install AD with
the wizard and make it a DC... or so says the selection
screen on the w2k3 "Manage Your Computer"

I don't want the new w2k3 machine in a "child" domain. The
w2k machine is a DC in example.company.net .... This is
where I want the w2k3.

Sorry I am so confusing but I am on the verge of being in
over my head.

Jerry S

 

[Kevin D. Goodknecht [MVP]]

In Jerry S <[email protected]> posted a question
Then Kevin replied below:
: These are the facts...
:
: We have one domain .... several servers ... mix of win nt
: 4.o and wk2....
:
: The PDC was a Win NT and no BDC....
:
: Our equipment is aging so I purchased a new server with
: w2k3 and wanted to make it the primary machine.....
:
: Took these steps....
: 1. Set up a temporary win nt BDC.. loaded all service
: packs etc and then promoted it to the PDC....
: 2. I upgraded this machine to a win 2k .... did all the
: upgrades etc.... installed AD on this machine... made it
: the DNS server
: 3. I installed AD client on all the NT machines (one of
: which is now the BDC.)
: 4. On the new machine I purchased I installed W2k3.... &
: joined the existing domain.... On the properties page it
: says it in in the domain.
: 5. It is at this point that I am trying to install AD with
: the wizard and make it a DC... or so says the selection
: screen on the w2k3 "Manage Your Computer"
:
: I don't want the new w2k3 machine in a "child" domain. The
: w2k machine is a DC in example.company.net .... This is
: where I want the w2k3.
:
: Sorry I am so confusing but I am on the verge of being in
: over my head.
:
OK, now I'm getting the picture, what was throughing me off was your DNS
search list in your ipconfig
DNS Suffix Search List. . . : example.company.net
company.net
It was giving me the picture that this was a child domain.

The ipconfig from your original post is for the Win2k, correct?

Did you remove the ISP's DNS from that NIC?

Can you post the ipconfig /all from the Win2k3?

Is there an Exchange 2000 in the mix?

Run dcdiag /v from the Win2k
and dcdiag /h:example.company.net /v from the Win2k3
and dcdiag /test:dcpromo /DnsDomain:example.company.net /ReplicaDC from the
Win2k3

Post errors

 

[Ace Fekay [MVP]]

In

I tried all these things and still the same error....

What I am doing on the w2k3 server is using the Manage
your Server... and adding a Role... that of the "Domain
Controller (Active Directory).

This starts The AD Installation Wizard.... I choose to ad
a DC in an existing domain. After entering the password I
get the error. (The same error message.... it has not
changed.)

Is there another way of doing this that I have missed.

Any help will be appreciated.

Jerry S.

It fails when you put in your credentials? Are you doing it with the domain
admin or Enterprise Admin account? Are your DNS addresses only pointing to
the existing DNS internally only (remove that external DNS IP)?

And run dcrpomo.exe from a run command. Don't use the Manage server wizard.

Also, if promoting it, if it's joined to a domain, remove it from the
domain, restart, then set the Primary DNS suffix to the domain.com name,
then restart, then run DCPROMO. Then when done, you can install DNS on it,
then create your zone, make it AD Integrated and provided that it's AD
Integrated in DNS on the existing W2k domain controller, the zone will be
available immediately.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Jerry S]

Kevin,

This is a long response.... but I wanted to give you all
the info I have...

1. The ipconfig from the original post is from the w2k
machine..
2. Yes I removed the isp dns.....
3. This is the ipconfig /all from w2k3 computer (FS1)

Windows IP Configuration
Host Name . . . . . . . . . . . . : FS1
Primary Dns Suffix . . . . . . . : example.company.net
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : example.company.net
company.net

Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000
MT Dual Port Network Connection #2
Physical Address. . . . . . . . . : 00-07-E9-06-3E-87
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.152
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
DNS Servers . . . . . . . . . . . : 192.168.10.150
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000
MT Dual Port Network Connection
Physical Address. . . . . . . . . : 00-07-E9-06-3E-86
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.153
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
DNS Servers . . . . . . . . . . . : 192.168.10.150

4. Dcdiag /v from w2k computer

From w2k, dmc2dcdiag /v

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine dmc2, is a DC.
* Connecting to directory service on server dmc2.
* Collecting site info.
* Identifying all servers.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DMC2
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DMC2 passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DMC2
Starting test: Replications
* Replications Check
......................... DMC2 passed test
Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for

CN=Schema,CN=Configuration,DC=inet,DC=imagewright,DC=net
* Security Permissions Check for
CN=Configuration,DC=inet,DC=imagewright,DC=net
* Security Permissions Check for
DC=inet,DC=imagewright,DC=net
......................... DMC2 passed test
NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... DMC2 passed test
NetLogons
Starting test: Advertising
The DC DMC2 is advertising itself as a DC and
having a DS.
The DC DMC2 is advertising as an LDAP server
The DC DMC2 is advertising as having a writeable
directory
The DC DMC2 is advertising as a Key Distribution
Center
The DC DMC2 is advertising as a time server
The DS DMC2 is advertising as a GC.
......................... DMC2 passed test
Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=DMC2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=inet,DC=imagewright,DC=ne
t
Role Domain Owner = CN=NTDS
Settings,CN=DMC2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=inet,DC=imagewright,DC=ne
t
Role PDC Owner = CN=NTDS
Settings,CN=DMC2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=inet,DC=imagewright,DC=ne
t
Role Rid Owner = CN=NTDS
Settings,CN=DMC2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=inet,DC=imagewright,DC=ne
t
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=DMC2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=inet,DC=imagewright,DC=ne
t
......................... DMC2 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 1819 to
1073741823
* dmc2.example.company.net is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1319 to 1818
* rIDNextRID: 1324
* rIDPreviousAllocationPool is 1319 to 1818
......................... DMC2 passed test
RidManager
Starting test: MachineAccount
* SPN
found :LDAP/dmc2.example.company.net/example.company.net
* SPN found :LDAP/dmc2.example.company.net
* SPN found :LDAP/DMC2
* SPN found :LDAP/dmc2.example.company.net/INET
* SPN found :LDAP/3b368261-70cd-48bb-a115-
4a918f365b51._msdcs.example.company.net
* SPN found :E3514235-4B06-11D1-AB04-
00C04FC2DCD2/3b368261-70cd-48bb-a115-
4a918f365b51/example.company.net
* SPN
found :HOST/dmc2.example.company.net/example.company.net
* SPN found :HOST/dmc2.example.company.net
* SPN found :HOST/DMC2
* SPN found :HOST/dmc2.example.company.net/INET
* SPN
found :GC/dmc2.example.company.net/example.company.net
......................... DMC2 passed test
MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
......................... DMC2 passed test
Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
DMC2 is in domain DC=inet,DC=imagewright,DC=net
Checking for CN=DMC2,OU=Domain
Controllers,DC=inet,DC=imagewright,DC=net in domain
DC=inet,DC=imagewright,DC=net on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=DMC2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=inet,DC=imagewright,DC=ne
t in domain CN=Configuration,DC=inet,DC=imagewright,DC=net
on 1 servers
Object is up-to-date on all servers.
......................... DMC2 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no
longer
prevented from starting by the File Replication
Service.
......................... DMC2 passed test
frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event
log in the last 15 minutes.
......................... DMC2 passed test
kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last
60 minutes.
......................... DMC2 passed test
systemlog

Running enterprise tests on : example.company.net
Starting test: Intersite
Skipping site Default-First-Site-Name, this site
is outside the scope

provided by the command line arguments provided.
......................... example.company.net
passed test Intersite
Starting test: FsmoCheck
GC Name: \\dmc2.example.company.net
Locator Flags: 0xe00001fd
PDC Name: \\dmc2.example.company.net
Locator Flags: 0xe00001fd
Time Server Name: \\dmc2.example.company.net
Locator Flags: 0xe00001fd
Preferred Time Server Name:
\\dmc2.example.company.net
Locator Flags: 0xe00001fd
KDC Name: \\dmc2.example.company.net
Locator Flags: 0xe00001fd
......................... example.company.net
passed test FsmoCheck

5. dcdiag /h:example.company.net /v from w2k3 computer
From w2k3 (FS1 (machine name))
dcdiag /h:example.company.net /v
Domain Controller Diagnosis

Performing initial setup:
* Connecting to directory service on server
dmc2.example.company.net.
* Collecting site info.
* Identifying all servers.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DMC2
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DMC2 passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DMC2
Starting test: Replications
* Replications Check
......................... DMC2 passed test
Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for

CN=Schema,CN=Configuration,DC=inet,DC=imagewright,DC=net
* Security Permissions Check for
CN=Configuration,DC=inet,DC=imagewright,DC=net
* Security Permissions Check for
DC=inet,DC=imagewright,DC=net
......................... DMC2 passed test
NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... DMC2 passed test
NetLogons
Starting test: Advertising
The DC DMC2 is advertising itself as a DC and
having a DS.
The DC DMC2 is advertising as an LDAP server
The DC DMC2 is advertising as having a writeable
directory
The DC DMC2 is advertising as a Key Distribution
Center
The DC DMC2 is advertising as a time server
The DS DMC2 is advertising as a GC.
......................... DMC2 passed test
Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=DMC2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=inet,DC=imagewright,DC=ne
t
Role Domain Owner = CN=NTDS
Settings,CN=DMC2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=inet,DC=imagewright,DC=ne
t
Role PDC Owner = CN=NTDS
Settings,CN=DMC2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=inet,DC=imagewright,DC=ne
t
Role Rid Owner = CN=NTDS
Settings,CN=DMC2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=inet,DC=imagewright,DC=ne
t
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=DMC2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=inet,DC=imagewright,DC=ne
t
......................... DMC2 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 1819 to
1073741823
* dmc2.example.company.net is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1319 to 1818
* rIDNextRID: 1324
* rIDPreviousAllocationPool is 1319 to 1818
......................... DMC2 passed test
RidManager
Starting test: MachineAccount
* SPN
found :LDAP/dmc2.example.company.net/example.company.net
* SPN found :LDAP/dmc2.example.company.net
* SPN found :LDAP/DMC2
* SPN found :LDAP/dmc2.example.company.net/INET
* SPN found :LDAP/3b368261-70cd-48bb-a115-
4a918f365b51._msdcs.example.company.net
* SPN found :E3514235-4B06-11D1-AB04-
00C04FC2DCD2/3b368261-70cd-48bb-a115-
4a918f365b51/example.company.net
* SPN
found :HOST/dmc2.example.company.net/example.company.net
* SPN found :HOST/dmc2.example.company.net
* SPN found :HOST/DMC2
* SPN found :HOST/dmc2.example.company.net/INET
* SPN
found :GC/dmc2.example.company.net/example.company.net
......................... DMC2 passed test
MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
......................... DMC2 passed test
Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
DMC2 is in domain DC=inet,DC=imagewright,DC=net
Checking for CN=DMC2,OU=Domain
Controllers,DC=inet,DC=imagewright,DC=net in domain
DC=inet,DC=imagewright,DC=net on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=DMC2,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=inet,DC=imagewright,DC=ne
t in domain CN=Configuration,DC=inet,DC=imagewright,DC=net
on 1 servers
Object is up-to-date on all servers.
......................... DMC2 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no
longer
prevented from starting by the File Replication
Service.
......................... DMC2 passed test
frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event
log in the last 15 minutes.
......................... DMC2 passed test
kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last
60 minutes.
......................... DMC2 passed test
systemlog

Running enterprise tests on : example.company.net
Starting test: Intersite
Skipping site Default-First-Site-Name, this site
is outside the scope

provided by the command line arguments provided.
......................... example.company.net
passed test Intersite
Starting test: FsmoCheck
GC Name: \\dmc2.example.company.net
Locator Flags: 0xe00001fd
PDC Name: \\dmc2.example.company.net
Locator Flags: 0xe00001fd
Time Server Name: \\dmc2.example.company.net
Locator Flags: 0xe00001fd
Preferred Time Server Name:
\\dmc2.example.company.net
Locator Flags: 0xe00001fd
KDC Name: \\dmc2.example.company.net
Locator Flags: 0xe00001fd
......................... example.company.net
passed test FsmoCheck

6. dcdiag /test:dcpromo /DnsDomain:example.company.net

Starting test: DcPromo
Syntax Error: the test name must be followed by a
DNS domain name and the

operation,
e.g.: /testcPromo /DnsDomain:domain.company.com /<operati
on>


......................... FS1 failed test DcPromo

Your help is greatly appreciated....

Jerry S

-----Original Message-----
In [email protected],
Jerry S <[email protected]> posted a question
Then Kevin replied below:
: These are the facts...
:
: We have one domain .... several servers ... mix of win nt
: 4.o and wk2....
:
: The PDC was a Win NT and no BDC....
:
: Our equipment is aging so I purchased a new server with
: w2k3 and wanted to make it the primary machine.....
:
: Took these steps....
: 1. Set up a temporary win nt BDC.. loaded all service
: packs etc and then promoted it to the PDC....
: 2. I upgraded this machine to a win 2k .... did all the
: upgrades etc.... installed AD on this machine... made it
: the DNS server
: 3. I installed AD client on all the NT machines (one of
: which is now the BDC.)
: 4. On the new machine I purchased I installed W2k3.... &
: joined the existing domain.... On the properties page it
: says it in in the domain.
: 5. It is at this point that I am trying to install AD with
: the wizard and make it a DC... or so says the selection
: screen on the w2k3 "Manage Your Computer"
:
: I don't want the new w2k3 machine in a "child" domain. The
: w2k machine is a DC in example.company.net .... This is
: where I want the w2k3.
:
: Sorry I am so confusing but I am on the verge of being in
: over my head.
:
OK, now I'm getting the picture, what was throughing me off was your DNS
search list in your ipconfig
DNS Suffix Search List. . . : example.company.net
company.net
It was giving me the picture that this was a child domain.

The ipconfig from your original post is for the Win2k, correct?

Did you remove the ISP's DNS from that NIC?

Can you post the ipconfig /all from the Win2k3?

Is there an Exchange 2000 in the mix?

Run dcdiag /v from the Win2k
and dcdiag /h:example.company.net /v from the Win2k3
and

dcdiag /test:dcpromo /DnsDomain:example.company.net /Replic
aDC from the

 

[Guest]

Ace,
1. I am using the admin account and the credentials are
not failing.... it is not finding a dc.
2. Using the properties option under "
my computer" I could not remove the computer from the
domain.

3. The external dns has been removed.
4. Running the dcpromo starts the AD Wizard....

How do I get the computer out of the domain?

Thanks for your hel.

Jerry S

 

[Kevin D. Goodknecht [MVP]]

In Jerry S <[email protected]> posted a question
Then Kevin replied below:
: Kevin,
:
: This is a long response.... but I wanted to give you all
: the info I have...
:
: 1. The ipconfig from the original post is from the w2k
: machine..
: 2. Yes I removed the isp dns.....
: 3. This is the ipconfig /all from w2k3 computer (FS1)
:
: Windows IP Configuration
: Host Name . . . . . . . . . . . . : FS1
: Primary Dns Suffix . . . . . . . : example.company.net
: Node Type . . . . . . . . . . . . : Unknown
: IP Routing Enabled. . . . . . . . : No
: WINS Proxy Enabled. . . . . . . . : No
: DNS Suffix Search List. . . . . . : example.company.net
: company.net
:
: Ethernet adapter Local Area Connection 2:
: Connection-specific DNS Suffix . :
: Description . . . . . . . . . . . : Intel(R) PRO/1000
: MT Dual Port Network Connection #2
: Physical Address. . . . . . . . . : 00-07-E9-06-3E-87
: DHCP Enabled. . . . . . . . . . . : No
: IP Address. . . . . . . . . . . . : 192.168.10.152
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
: Default Gateway . . . . . . . . . : 192.168.10.1
: DNS Servers . . . . . . . . . . . : 192.168.10.150
: Ethernet adapter Local Area Connection:
: Connection-specific DNS Suffix . :
: Description . . . . . . . . . . . : Intel(R) PRO/1000
: MT Dual Port Network Connection
: Physical Address. . . . . . . . . : 00-07-E9-06-3E-86
: DHCP Enabled. . . . . . . . . . . : No
: IP Address. . . . . . . . . . . . : 192.168.10.153
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
: Default Gateway . . . . . . . . . : 192.168.10.1
: DNS Servers . . . . . . . . . . . : 192.168.10.150
:
The ipconfig looks OK are these NICs teamed?
I'm not sure how this could affect your problem.
I didn't see any failed tests for the dcdiags except for the dcpromo test
where you used incorrect command line.

You used incorrect command line arguments on this one the correct command is
dcdiag /test:dcpromo /DnsDomain:example.company.net /ReplicaDC

:
: 6. dcdiag /test:dcpromo /DnsDomain:example.company.net
:
: Starting test: DcPromo
: Syntax Error: the test name must be followed by a
: DNS domain name and the
:
: operation,
: e.g.: /testcPromo /DnsDomain:domain.company.com /<operati
: on>
:
:
: ......................... FS1 failed test DcPromo
:
: Your help is greatly appreciated....
:

 

[Guest]

Kevin, My reply is integrated below...

-----Original Message-----
In Jerry S <[email protected]> posted a question
Then Kevin replied below:
: Kevin,
:
: This is a long response.... but I wanted to give you all
: the info I have...
:
: 1. The ipconfig from the original post is from the w2k
: machine..
: 2. Yes I removed the isp dns.....
: 3. This is the ipconfig /all from w2k3 computer (FS1)
:
: Windows IP Configuration
: Host Name . . . . . . . . . . . . : FS1
: Primary Dns Suffix . . . . . . . : example.company.net
: Node Type . . . . . . . . . . . . : Unknown
: IP Routing Enabled. . . . . . . . : No
: WINS Proxy Enabled. . . . . . . . : No
: DNS Suffix Search List. . . . . . : example.company.net
: company.net
:
: Ethernet adapter Local Area Connection 2:
: Connection-specific DNS Suffix . :
: Description . . . . . . . . . . . : Intel(R) PRO/1000
: MT Dual Port Network Connection #2
: Physical Address. . . . . . . . . : 00-07-E9-06-3E-87
: DHCP Enabled. . . . . . . . . . . : No
: IP Address. . . . . . . . . . . . : 192.168.10.152
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
: Default Gateway . . . . . . . . . : 192.168.10.1
: DNS Servers . . . . . . . . . . . : 192.168.10.150
: Ethernet adapter Local Area Connection:
: Connection-specific DNS Suffix . :
: Description . . . . . . . . . . . : Intel(R) PRO/1000
: MT Dual Port Network Connection
: Physical Address. . . . . . . . . : 00-07-E9-06-3E-86
: DHCP Enabled. . . . . . . . . . . : No
: IP Address. . . . . . . . . . . . : 192.168.10.153
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
: Default Gateway . . . . . . . . . : 192.168.10.1
: DNS Servers . . . . . . . . . . . : 192.168.10.150
:
The ipconfig looks OK are these NICs teamed?

I don't have them teamed and I have been getting this
message when closing the TCP/IP Properties after I have
made a change..... I have been ignoring it as unrelated.
"Warning - Multiple default gateways are intended to
provide redundancy to a single network (such as an
intranet or the Internet). They will not function
properly when the gateways are on two separate, disjoint
networks (such as one on your intranet and one on the
internet). Do you wish to save this configeration?"

Since I could not find anything wrong with it I have been
ignoring it.

I'm not sure how this could affect your problem.
I didn't see any failed tests for the dcdiags except for the dcpromo test
where you used incorrect command line.

You used incorrect command line arguments on this one the correct command is
dcdiag /test:dcpromo /DnsDomain:example.company.net /Repli

caDC

The results of this test are.......
Starting test: DcPromo
The DNS configuration is sufficient to allow this
computer to be promoted

as a replica domain controller in the
inet.imagewright.net domain.

Messages logged below this line indicate whether
this domain controller

will be able to dynamically register DNS records
required for the

location of this DC by other devices on the network.
If any

misconfiguration is detected, it might prevent
dynamic DNS registration

of some records, but does not prevent successful
completion of the Active

Directory Installation Wizard. However, we recommend
fixing the reported

problems now, unless you plan to manually update the
DNS database.

DNS configuration is sufficient to allow this domain
controller to

dynamically register the domain controller Locator
records in DNS.

......................... FS1 passed test DcPromo

I remain puzzled.....

Jerry S

:
: 6. dcdiag /test:dcpromo /DnsDomain:example.company.net
:
: Starting test: DcPromo
: Syntax Error: the test name must be followed by a
: DNS domain name and the
:
: operation,
:

e.g.: /testcPromo /DnsDomain:domain.company.com /<operati

 

[Ace Fekay [MVP]]

In

Kevin, My reply is integrated below...

I don't have them teamed and I have been getting this
message when closing the TCP/IP Properties after I have
made a change..... I have been ignoring it as unrelated.
"Warning - Multiple default gateways are intended to
provide redundancy to a single network (such as an
intranet or the Internet). They will not function
properly when the gateways are on two separate, disjoint
networks (such as one on your intranet and one on the
internet). Do you wish to save this configeration?"

Since I could not find anything wrong with it I have been
ignoring it.


The results of this test are.......
Starting test: DcPromo
The DNS configuration is sufficient to allow this
computer to be promoted

as a replica domain controller in the
inet.imagewright.net domain.

Messages logged below this line indicate whether
this domain controller

will be able to dynamically register DNS records
required for the

location of this DC by other devices on the network.
If any

misconfiguration is detected, it might prevent
dynamic DNS registration

of some records, but does not prevent successful
completion of the Active

Directory Installation Wizard. However, we recommend
fixing the reported

problems now, unless you plan to manually update the
DNS database.

DNS configuration is sufficient to allow this domain
controller to

dynamically register the domain controller Locator
records in DNS.

......................... FS1 passed test DcPromo

I remain puzzled.....

Jerry S

You'll have to team the NICs, otherwise, I believe you'll still have
problems. Look at the NIC documentation on how to do that. I believe you'll
need to use two NICs of the same name brand and model to team them.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

Ace,
1. I am using the admin account and the credentials are
not failing.... it is not finding a dc.
2. Using the properties option under "
my computer" I could not remove the computer from the
domain.

3. The external dns has been removed.
4. Running the dcpromo starts the AD Wizard....

How do I get the computer out of the domain?

Thanks for your hel.

Jerry S

I think there's a combination of things going on here.

First, the external DNS address can cause major issues.

Second, you have two NICs on the same subnet. I would suggest to disable one
of them to get this going.

Third, if you cannot disjoin it from the domain (the option is grayed out),
then it's telling me that it thinks it's a DC.
Look in your registry at:
HKLM\SYSTEM\CCS\Control\ProductOptions

You'll see something called "ProductType". If the value is "LanmanNT", then
it thinks it's a DC. If it says "ServerNT", then it's a member server. IF it
is a DC, then DCPROMO must have failed half way thru and locked into it
thinking it's a DC. Another way to check is to go back to your W2k DC and
look in ADUC and look in the DOmain Controllers OU and see if this server is
in there. If it is, then it thinks it's a DC.

Let me know what you find.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kevin D. Goodknecht [MVP]]

In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
: Kevin, My reply is integrated below...
:: -----Original Message-----
:: In :: Jerry S <[email protected]> posted a question
:: Then Kevin replied below:
::: Kevin,
:::
::: This is a long response.... but I wanted to give you all
::: the info I have...
:::
::: 1. The ipconfig from the original post is from the w2k
::: machine..
::: 2. Yes I removed the isp dns.....
::: 3. This is the ipconfig /all from w2k3 computer (FS1)
:::
::: Windows IP Configuration
::: Host Name . . . . . . . . . . . . : FS1
::: Primary Dns Suffix . . . . . . . : example.company.net
::: Node Type . . . . . . . . . . . . : Unknown
::: IP Routing Enabled. . . . . . . . : No
::: WINS Proxy Enabled. . . . . . . . : No
::: DNS Suffix Search List. . . . . . : example.company.net
::: company.net
:::
::: Ethernet adapter Local Area Connection 2:
::: Connection-specific DNS Suffix . :
::: Description . . . . . . . . . . . : Intel(R) PRO/1000
::: MT Dual Port Network Connection #2
::: Physical Address. . . . . . . . . : 00-07-E9-06-3E-87
::: DHCP Enabled. . . . . . . . . . . : No
::: IP Address. . . . . . . . . . . . : 192.168.10.152
::: Subnet Mask . . . . . . . . . . . : 255.255.255.0
::: Default Gateway . . . . . . . . . : 192.168.10.1
::: DNS Servers . . . . . . . . . . . : 192.168.10.150
::: Ethernet adapter Local Area Connection:
::: Connection-specific DNS Suffix . :
::: Description . . . . . . . . . . . : Intel(R) PRO/1000
::: MT Dual Port Network Connection
::: Physical Address. . . . . . . . . : 00-07-E9-06-3E-86
::: DHCP Enabled. . . . . . . . . . . : No
::: IP Address. . . . . . . . . . . . : 192.168.10.153
::: Subnet Mask . . . . . . . . . . . : 255.255.255.0
::: Default Gateway . . . . . . . . . : 192.168.10.1
::: DNS Servers . . . . . . . . . . . : 192.168.10.150
:::
:: The ipconfig looks OK are these NICs teamed?
:
: I don't have them teamed and I have been getting this
: message when closing the TCP/IP Properties after I have
: made a change..... I have been ignoring it as unrelated.
: "Warning - Multiple default gateways are intended to
: provide redundancy to a single network (such as an
: intranet or the Internet). They will not function
: properly when the gateways are on two separate, disjoint
: networks (such as one on your intranet and one on the
: internet). Do you wish to save this configeration?"
:
: Since I could not find anything wrong with it I have been
: ignoring it.
:
:: I'm not sure how this could affect your problem.
:: I didn't see any failed tests for the dcdiags except for the dcpromo
:: test where you used incorrect command line.
::
:: You used incorrect command line arguments on this one the correct
:: command is dcdiag /test:dcpromo /DnsDomain:example.company.net
:: /Repli caDC
:
: The results of this test are.......
: Starting test: DcPromo
: The DNS configuration is sufficient to allow this
: computer to be promoted
:
: as a replica domain controller in the
: inet.imagewright.net domain.
:
: Messages logged below this line indicate whether
: this domain controller
:
: will be able to dynamically register DNS records
: required for the
:
: location of this DC by other devices on the network.
: If any
:
: misconfiguration is detected, it might prevent
: dynamic DNS registration
:
: of some records, but does not prevent successful
: completion of the Active
:
: Directory Installation Wizard. However, we recommend
: fixing the reported
:
: problems now, unless you plan to manually update the
: DNS database.
:
: DNS configuration is sufficient to allow this domain
: controller to
:
: dynamically register the domain controller Locator
: records in DNS.
:
: ......................... FS1 passed test DcPromo
:
: I remain puzzled.....

I'm going to go along with Ace, you need to either team these NICs or
disable one. Both NICs are on the same subnet can see each other giving the
machine the idea on both of them that there is another machine with the same
NetBIOS name.

 

[Jerry S]

Ace & Kevin,

I have disabled one of the NIC's..
1. The registry on the w2k3 says it is a ServerNT
It is not in the ADUC of DMC2 as a DC (the w2k computer)
2. The registry of DMC2 (the w2k DC) says it is a ServerNT
The ADUC says that DMC2 is a DC

3. On DMC2 I got Event ID: 5723....so I uninstalled Norton
AntiVirus

4. Now on DMC2 I get Event ID: 5722

I just started getting these messages.

Jerry S

 

[Kevin D. Goodknecht [MVP]]

In Jerry S <[email protected]> posted a question
Then Kevin replied below:
: Ace & Kevin,
:
: I have disabled one of the NIC's..
: 1. The registry on the w2k3 says it is a ServerNT
: It is not in the ADUC of DMC2 as a DC (the w2k computer)
: 2. The registry of DMC2 (the w2k DC) says it is a ServerNT
: The ADUC says that DMC2 is a DC
:
: 3. On DMC2 I got Event ID: 5723....so I uninstalled Norton
: AntiVirus
:
: 4. Now on DMC2 I get Event ID: 5722
:
: I just started getting these messages.
:
: Jerry S
See if this helps: http://www.eventid.net/display.asp?eventid=5722&source=
This would seem to tell me that you are having Global Catalog problems, is
there a (same as parent folder) A <ipaddressofDC> in the
gc._msdcs.example.company.net subfolder?
If the record does not exist or if it does not have the correct IP that may
be the root of your problem. The Global Catalog must be available for logon
for the first time or after your cached credetials have expired.

 

[Jerry S]

I cannot get the adminpak to install on the dmc2 w2k
computer.... During installation it asks for a "Setup CD"
which I cannot find anywhere.... and I cannot find a
download for it on Microsoft site...
Therefore I cannot get to the Global Catalog.....

How can I get the "Hot Fix" for Event ID: 5722?

I am at wits end with this and am about ready to consider
drastic alternatives...... any suggestions.

Jerry S

 

[Kevin D. Goodknecht [MVP]]

In Jerry S <[email protected]> posted a question
Then Kevin replied below:
: I cannot get the adminpak to install on the dmc2 w2k
: computer.... During installation it asks for a "Setup CD"
: which I cannot find anywhere.... and I cannot find a
: download for it on Microsoft site...
: Therefore I cannot get to the Global Catalog.....
:
: How can I get the "Hot Fix" for Event ID: 5722?
:
: I am at wits end with this and am about ready to consider
: drastic alternatives...... any suggestions.
:
The updated Windows 2000 adminpak.msi you will find in
C:\WINNT\ServicePackFiles
This one won't work on Windows Server 2003, you can download the Windows
Server 2003 tools from download.microsoft.com do a search for adminpak.msi