child domain

  • Thread starter Thread starter Auddog
  • Start date Start date
A

Auddog

I might have created a mess and need some help to clean it up. I'm working
on adding a child domain to my existing structure and when I added the child
dns server to my existing structure I started having problems. I then
removed the dns server and ran dcpromo to remove the server, but I'm still
having troubles with my exchange server.

When I look at my dns under my Forward Lookup Zones, I still see a folder
for that domain. I have tried to delete it from both of my dns servers, but
it always comes back. I'm stuck on what to try next. Any help would be
greatly appreciated.

A
 
Auddog said:
I might have created a mess and need some help to clean it up. I'm working
on adding a child domain to my existing structure and when I added the child
dns server to my existing structure I started having problems.
Click to expand...

An (extra) DNS server cannot mess up any zone it
doesn't hold.

It will only adversely affect it's own zones or it's
OWN CLIENTS (those pointed to it.)

No other machines will use it for anything except
the zones it HOLDS, and only then if the parent
zone delegates to it.
I then
removed the dns server and ran dcpromo to remove the server, but I'm still
having troubles with my exchange server.
Click to expand...

Is the Exchange server on these Servers you are messing
with?
When I look at my dns under my Forward Lookup Zones, I still see a folder
for that domain. I have tried to delete it from both of my dns servers, but
it always comes back. I'm stuck on what to try next. Any help would be
greatly appreciated.
Click to expand...

(The new) DNS is almost certainly not your (main) problem.

(DNS might be screwed up but it isn't likely to be due
to the new stuff -- unless it was already screwed up.)

We can help you fix DNS -- it is the most common thing
people mess up, but you sound like you have bigger
problems so you might want to explain exactly what they
are -- including full ERROR MESSAGE text.

Here are the basics of DNS for AD:

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
 
First thanks for the help.

My primary dns server is also my exchange server. I had a single server
setup until I decided to add a secondary machine for backup purposes. I
added the second machine as a DC (dcpromo). Then installed DNS and made it
Active Directory Inegrated. It is setup to do dynamic updates.

When I run net share I do NOT see the sysvol shares. When I have run
netdiag /fix it tells me that the Domain membership test - Failed. Warning
the system volume has not been completely replicated to the local machine.
This machine is not working properly as a DC.

When I run dcdiag I receive the following errors:
Starting test: Advertising
Warning: Dsgetdcname returned information from \\server.local.com, when we
were trying to reach server2.
Server is not responding or is not considered suitable.

Starting test: frssysvol - error: no record of file replication system,
sysvol started.
The active directory may be prevented from starting
There are errors after the sysvol has been shared.
The sysvol can prevent the AD from starting.

The error that I recive in the event view is event id - 5504. The dns
server encountered an invalid domain name in a packet from <ip address>.
The packet is rejected.

I changed my external forward ip addresses.

Hope this helps.


A


Herb Martin said:
Auddog said:
I might have created a mess and need some help to clean it up. I'm working
on adding a child domain to my existing structure and when I added the child
dns server to my existing structure I started having problems.
Click to expand...

An (extra) DNS server cannot mess up any zone it
doesn't hold.

It will only adversely affect it's own zones or it's
OWN CLIENTS (those pointed to it.)

No other machines will use it for anything except
the zones it HOLDS, and only then if the parent
zone delegates to it.
I then
removed the dns server and ran dcpromo to remove the server, but I'm
still
having troubles with my exchange server.
Click to expand...

Is the Exchange server on these Servers you are messing
with?
When I look at my dns under my Forward Lookup Zones, I still see a folder
for that domain. I have tried to delete it from both of my dns servers, but
it always comes back. I'm stuck on what to try next. Any help would be
greatly appreciated.
Click to expand...

(The new) DNS is almost certainly not your (main) problem.

(DNS might be screwed up but it isn't likely to be due
to the new stuff -- unless it was already screwed up.)

We can help you fix DNS -- it is the most common thing
people mess up, but you sound like you have bigger
problems so you might want to explain exactly what they
are -- including full ERROR MESSAGE text.

Here are the basics of DNS for AD:

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

...or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
Click to expand...
 
Auddog said:
First thanks for the help.

My primary dns server is also my exchange server.
Click to expand...

Primary for which ZONE? The parent, child, or both?
You really couldn't have messed up the Exchange server
if it had the Parent zone (even probably with the other one.)

[I mean, merely by adding the new zone and servers.]
I had a single server
setup until I decided to add a secondary machine for backup purposes. I
added the second machine as a DC (dcpromo). Then installed DNS and made it
Active Directory Inegrated. It is setup to do dynamic updates.
Click to expand...

That isn't a child doman or zone. That is a new DC in the current
Domain.

For DNS it should have (initially) bee a Secondary (to
the existing Primary).

OR you could have made it a an Active Directory Integrated DNS
IF your other one was already set that way.

(AD integrated is multi-mastered since AD is multimastered)
When I run net share I do NOT see the sysvol shares.
Click to expand...

Then DCPromo did not finish (correctly) or you have run
it again and removed the DC-AD-SysVol.
When I have run
netdiag /fix it tells me that the Domain membership test - Failed. Warning
the system volume has not been completely replicated to the local machine.
This machine is not working properly as a DC.
Click to expand...

DCPromo to non-DC if you can.

Then start over with a new DCPromo.

Here is the way that DNS should work for supporting AD:

1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
When I run dcdiag I receive the following errors:
Starting test: Advertising
Warning: Dsgetdcname returned information from \\server.local.com, when we
were trying to reach server2.
Server is not responding or is not considered suitable.

Starting test: frssysvol - error: no record of file replication system,
sysvol started.
The active directory may be prevented from starting
There are errors after the sysvol has been shared.
The sysvol can prevent the AD from starting.

The error that I recive in the event view is event id - 5504. The dns
server encountered an invalid domain name in a packet from <ip address>.
The packet is rejected.
Click to expand...

You don't have a SINGLE tag name do you?
(e.g., domain. and not domain.com etc.?)

That is bad -- see above references.
I changed my external forward ip addresses.
Click to expand...

Stop changing things randomly - you will likely
make it worse.

Forwarding from internal servers should go
STRICTLY to your ISP (or a caching only DNS
server on your firewall.)
--
Herb Martin

Hope this helps.


A


Herb Martin said:
Auddog said:
I might have created a mess and need some help to clean it up. I'm working
on adding a child domain to my existing structure and when I added the child
dns server to my existing structure I started having problems.
Click to expand...

An (extra) DNS server cannot mess up any zone it
doesn't hold.

It will only adversely affect it's own zones or it's
OWN CLIENTS (those pointed to it.)

No other machines will use it for anything except
the zones it HOLDS, and only then if the parent
zone delegates to it.
I then
removed the dns server and ran dcpromo to remove the server, but I'm
still
having troubles with my exchange server.
Click to expand...

Is the Exchange server on these Servers you are messing
with?
When I look at my dns under my Forward Lookup Zones, I still see a folder
for that domain. I have tried to delete it from both of my dns
Click to expand...
servers,
but
it always comes back. I'm stuck on what to try next. Any help would be
greatly appreciated.
Click to expand...

(The new) DNS is almost certainly not your (main) problem.

(DNS might be screwed up but it isn't likely to be due
to the new stuff -- unless it was already screwed up.)

We can help you fix DNS -- it is the most common thing
people mess up, but you sound like you have bigger
problems so you might want to explain exactly what they
are -- including full ERROR MESSAGE text.

Here are the basics of DNS for AD:

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

...or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
Click to expand...
Click to expand...
 
Back
Top