dns issues

[just_buck]

I've read thru many posts, but I'm still LOST!!!!!

Here's my problem, and I hope that someone out there can help me
figure this thing out....

I have/had an existing domain controller w/ Win2k. There is a backup
domain controller that is NT4. (all latest service packs)

I wanted to get rid of the 2k dc. So I setup a new server. Ran the
promo, everything copied fine, no problems. About 3 days later, login
times for the clients were taking forever! up to 5 minutes to get
onto the network. The old dc wouldn't demote. Told me issues w/ DNS.
Okay. DNS problem!

I transferred the roles back to the old DC, thinking that I need to
demote the new controller, setup dns and then promote it. (I think
that's right) (please correct if not)

I did some digging and did the dns flush and register w/ net stop and
start from the command prompt. Didn't help log in times.

Our DNS is handled thru our provider. I tried a test. I changed my
client in tcp/ip properties to the internal dns. Log in was FAST!
But can't access the internet. Change back to provider's DNS. I can
get on the internet, but login time to the domain is about 2 minutes.
All clients are win2k.

I'm out of ideas and need help!

I hope I gave enough information here, if not, I'll tell you anything
you need to know to help me.

THANKS!

 

[Kevin D. Goodknecht [MVP]]

In just_buck <[email protected]> posted a question
Then Kevin replied below:
: I've read thru many posts, but I'm still LOST!!!!!
:
: Here's my problem, and I hope that someone out there can help me
: figure this thing out....
:
: I have/had an existing domain controller w/ Win2k. There is a backup
: domain controller that is NT4. (all latest service packs)
:
: I wanted to get rid of the 2k dc. So I setup a new server. Ran the
: promo, everything copied fine, no problems. About 3 days later, login
: times for the clients were taking forever! up to 5 minutes to get
: onto the network. The old dc wouldn't demote. Told me issues w/ DNS.
: Okay. DNS problem!
:
: I transferred the roles back to the old DC, thinking that I need to
: demote the new controller, setup dns and then promote it. (I think
: that's right) (please correct if not)
:
: I did some digging and did the dns flush and register w/ net stop and
: start from the command prompt. Didn't help log in times.
:
: Our DNS is handled thru our provider. I tried a test. I changed my
: client in tcp/ip properties to the internal dns. Log in was FAST!
: But can't access the internet. Change back to provider's DNS. I can
: get on the internet, but login time to the domain is about 2 minutes.
: All clients are win2k.
:
: I'm out of ideas and need help!
:
: I hope I gave enough information here, if not, I'll tell you anything
: you need to know to help me.
:
: THANKS!

If your local DNS cannot resolve external names then it probably has a "."
forward lookup zone.
Delete the zone the refresh the DNS console then you can set a forwarder to
you ISP's DNS.
You should never use your ISP's DNS in any NIC on any domain member.
When you DCPROMOed the new DC did you go into ADS&S down to the NTDS
Settings and make it a Global Catalog?
That is the only way you can transfer GC, there is no mechanism to transfer
it automatically, it is only added automatically on the first DC in the
Forrest.

 

[just_buck]

In just_buck <[email protected]> posted a question
Then Kevin replied below:
: I've read thru many posts, but I'm still LOST!!!!!
:
: Here's my problem, and I hope that someone out there can help me
: figure this thing out....
:
: I have/had an existing domain controller w/ Win2k. There is a backup
: domain controller that is NT4. (all latest service packs)
:
: I wanted to get rid of the 2k dc. So I setup a new server. Ran the
: promo, everything copied fine, no problems. About 3 days later, login
: times for the clients were taking forever! up to 5 minutes to get
: onto the network. The old dc wouldn't demote. Told me issues w/ DNS.
: Okay. DNS problem!
:
: I transferred the roles back to the old DC, thinking that I need to
: demote the new controller, setup dns and then promote it. (I think
: that's right) (please correct if not)
:
: I did some digging and did the dns flush and register w/ net stop and
: start from the command prompt. Didn't help log in times.
:
: Our DNS is handled thru our provider. I tried a test. I changed my
: client in tcp/ip properties to the internal dns. Log in was FAST!
: But can't access the internet. Change back to provider's DNS. I can
: get on the internet, but login time to the domain is about 2 minutes.
: All clients are win2k.
:
: I'm out of ideas and need help!
:
: I hope I gave enough information here, if not, I'll tell you anything
: you need to know to help me.
:
: THANKS!

If your local DNS cannot resolve external names then it probably has a "."
forward lookup zone.
Delete the zone the refresh the DNS console then you can set a forwarder to
you ISP's DNS.
You should never use your ISP's DNS in any NIC on any domain member.
When you DCPROMOed the new DC did you go into ADS&S down to the NTDS
Settings and make it a Global Catalog?
That is the only way you can transfer GC, there is no mechanism to transfer
it automatically, it is only added automatically on the first DC in the
Forrest.

I've gone into the DNS Console and under the Forward Lookup Zones,
there is the "." folder. I right click to delete it, and it tells me
that it cannot be deleted. The zone does not exist. This is getting
increasingly frustrating!
Plus there are red X's on the folders in the "." sub folders.

Do you think I should just uninstall the DNS and yank the folder from
System32 and reinstall?

 

[just_buck]

In just_buck <[email protected]> posted a question
Then Kevin replied below:
: I've read thru many posts, but I'm still LOST!!!!!
:
: Here's my problem, and I hope that someone out there can help me
: figure this thing out....
:
: I have/had an existing domain controller w/ Win2k. There is a backup
: domain controller that is NT4. (all latest service packs)
:
: I wanted to get rid of the 2k dc. So I setup a new server. Ran the
: promo, everything copied fine, no problems. About 3 days later, login
: times for the clients were taking forever! up to 5 minutes to get
: onto the network. The old dc wouldn't demote. Told me issues w/ DNS.
: Okay. DNS problem!
:
: I transferred the roles back to the old DC, thinking that I need to
: demote the new controller, setup dns and then promote it. (I think
: that's right) (please correct if not)
:
: I did some digging and did the dns flush and register w/ net stop and
: start from the command prompt. Didn't help log in times.
:
: Our DNS is handled thru our provider. I tried a test. I changed my
: client in tcp/ip properties to the internal dns. Log in was FAST!
: But can't access the internet. Change back to provider's DNS. I can
: get on the internet, but login time to the domain is about 2 minutes.
: All clients are win2k.
:
: I'm out of ideas and need help!
:
: I hope I gave enough information here, if not, I'll tell you anything
: you need to know to help me.
:
: THANKS!

If your local DNS cannot resolve external names then it probably has a "."
forward lookup zone.
Delete the zone the refresh the DNS console then you can set a forwarder to
you ISP's DNS.
You should never use your ISP's DNS in any NIC on any domain member.
When you DCPROMOed the new DC did you go into ADS&S down to the NTDS
Settings and make it a Global Catalog?
That is the only way you can transfer GC, there is no mechanism to transfer
it automatically, it is only added automatically on the first DC in the
Forrest.

Also, thought I better mention this....
I go into AS site and services. The new domain controller in NTDS
setting are set as global. The old is unchecked. I noticed that the
backup controller is checked also. Should this be removed and only
the main dc be checked?

Also... When I was going thru everything yesterday, I transferred all
the roles back to the old domain controller. Now looking back, I
regret doing that. I was able to do what you said, it just took
awhile. It told me that it wouldn't delete. I came back to the
system and it was gone. I have no idea how or why.... But I did get
the forwarders in place. Changed all the clients to point the
controller and login time is FAST! Internet access is fine too!
AWESOME ADVICE!!! THANK YOU THANK YOU!

But I will throw one more thing at you. Now that I stupidly switched
roles back, I went through again to switch them back the new server.
I want this old DC out of here. I go on the new server into Active
directory domains and trust. I attempt to change the operations
master. I see the older computer and the new computer. But it's
greyed out the the message that the current operations master is
offline. Role cannot be transferred. This is only only role to go.
All the others have transferred. The other wierd thing is when I
check the setting in AD users and computers. The settings there tell
me that the computer is the operations master, that if I want to
change, I have to connect to it. Just for "trying" I attempted to
connect to the old dc and it tells me it's not validated because the
RPC server is unavailable.

When I was going around and changing the clients and logging in, I
have scripts in place for mapped drives and such, I noticed that
sometimes the new dc or the bdc or even the OLD dc (that I'm trying to
get rid of) would handle the log in. So I know that the network is
seeing these machines...

I'm tired of this whole thing and ready to put this all past me.
And THANKS Kevin - you're advice was GREAT!

 

[Kevin D. Goodknecht [MVP]]

In just_buck <[email protected]> posted a question
Then Kevin replied below:
:
: Also, thought I better mention this....
: I go into AS site and services. The new domain controller in NTDS
: setting are set as global. The old is unchecked. I noticed that the
: backup controller is checked also. Should this be removed and only
: the main dc be checked?
:
: Also... When I was going thru everything yesterday, I transferred all
: the roles back to the old domain controller. Now looking back, I
: regret doing that. I was able to do what you said, it just took
: awhile. It told me that it wouldn't delete. I came back to the
: system and it was gone. I have no idea how or why.... But I did get
: the forwarders in place. Changed all the clients to point the
: controller and login time is FAST! Internet access is fine too!
: AWESOME ADVICE!!! THANK YOU THANK YOU!
:
: But I will throw one more thing at you. Now that I stupidly switched
: roles back, I went through again to switch them back the new server.
: I want this old DC out of here. I go on the new server into Active
: directory domains and trust. I attempt to change the operations
: master. I see the older computer and the new computer. But it's
: greyed out the the message that the current operations master is
: offline. Role cannot be transferred. This is only only role to go.
: All the others have transferred. The other wierd thing is when I
: check the setting in AD users and computers. The settings there tell
: me that the computer is the operations master, that if I want to
: change, I have to connect to it. Just for "trying" I attempted to
: connect to the old dc and it tells me it's not validated because the
: RPC server is unavailable.
:
: When I was going around and changing the clients and logging in, I
: have scripts in place for mapped drives and such, I noticed that
: sometimes the new dc or the bdc or even the OLD dc (that I'm trying to
: get rid of) would handle the log in. So I know that the network is
: seeing these machines...
:
: I'm tired of this whole thing and ready to put this all past me.
: And THANKS Kevin - you're advice was GREAT!

Sometimes it takes a good while to complete the transfer of all FSMO roles.
You did transfer all five FSMO roles, right?

Just give it time, depending on how much data is in AD it can take a half
day or more. You can run DCDIAG /v to see what is happening.
O, BTW the Global Catalog should be on the Best DC you can afford to put it
on, especially if Exchange 2000 is in the mix, Exchange 2000 won't run
without the GC available.

 

[just_buck]

In just_buck <[email protected]> posted a question
Then Kevin replied below:
:
: Also, thought I better mention this....
: I go into AS site and services. The new domain controller in NTDS
: setting are set as global. The old is unchecked. I noticed that the
: backup controller is checked also. Should this be removed and only
: the main dc be checked?
:
: Also... When I was going thru everything yesterday, I transferred all
: the roles back to the old domain controller. Now looking back, I
: regret doing that. I was able to do what you said, it just took
: awhile. It told me that it wouldn't delete. I came back to the
: system and it was gone. I have no idea how or why.... But I did get
: the forwarders in place. Changed all the clients to point the
: controller and login time is FAST! Internet access is fine too!
: AWESOME ADVICE!!! THANK YOU THANK YOU!
:
: But I will throw one more thing at you. Now that I stupidly switched
: roles back, I went through again to switch them back the new server.
: I want this old DC out of here. I go on the new server into Active
: directory domains and trust. I attempt to change the operations
: master. I see the older computer and the new computer. But it's
: greyed out the the message that the current operations master is
: offline. Role cannot be transferred. This is only only role to go.
: All the others have transferred. The other wierd thing is when I
: check the setting in AD users and computers. The settings there tell
: me that the computer is the operations master, that if I want to
: change, I have to connect to it. Just for "trying" I attempted to
: connect to the old dc and it tells me it's not validated because the
: RPC server is unavailable.
:
: When I was going around and changing the clients and logging in, I
: have scripts in place for mapped drives and such, I noticed that
: sometimes the new dc or the bdc or even the OLD dc (that I'm trying to
: get rid of) would handle the log in. So I know that the network is
: seeing these machines...
:
: I'm tired of this whole thing and ready to put this all past me.
: And THANKS Kevin - you're advice was GREAT!

Sometimes it takes a good while to complete the transfer of all FSMO roles.
You did transfer all five FSMO roles, right?

Just give it time, depending on how much data is in AD it can take a half
day or more. You can run DCDIAG /v to see what is happening.
O, BTW the Global Catalog should be on the Best DC you can afford to put it
on, especially if Exchange 2000 is in the mix, Exchange 2000 won't run
without the GC available.

Well it's been several days now and it still is messed up somewhere.
Going into AD Domain and Trusts to change the Operations Master is
still greyed out, won't allow for a change. When I go into AD Sites &
Services, I can replicate to the BDC and the Term Server, but
attempting a replication to the old DC gives the following error. DSA
operation is unable to proceed because of a DNS lookup failure. I
think this is the only thing holdinig me back from changing the Master
Operation and running DCpromo to get rid of this controller once and
for all. I've noticed that all the machines are logging in and the
scripts are running from the new dc's.
Now I hope this helps, and please tell me if I need to change this.
The old DC is still running DNS. The new DC is running DNS. Do I
need to kill the DNS server on the old? I don't think it's really
needed at this point. ONly thing I've noticed between the two is that
the old DC has a cached lookup. and the new DC does not. The cache
of the old DC they appear to be new listing.
And I followed the instructions from MSKB for changing the roles of
the domain controllers. It's worked once. Just couldn't demote the
dc. So I switched them back during troubleshooting and now it won't
change. That's the only role that won't switch. All others are
complete.

 

[Kevin D. Goodknecht [MVP]]

In just_buck <[email protected]> posted a question
Then Kevin replied below:
: :: In :: just_buck <[email protected]> posted a question
:: Then Kevin replied below:
:::
::: Also, thought I better mention this....
::: I go into AS site and services. The new domain controller in NTDS
::: setting are set as global. The old is unchecked. I noticed that
::: the backup controller is checked also. Should this be removed and
::: only the main dc be checked?
:::
::: Also... When I was going thru everything yesterday, I transferred
::: all the roles back to the old domain controller. Now looking back,
::: I regret doing that. I was able to do what you said, it just took
::: awhile. It told me that it wouldn't delete. I came back to the
::: system and it was gone. I have no idea how or why.... But I did
::: get the forwarders in place. Changed all the clients to point the
::: controller and login time is FAST! Internet access is fine too!
::: AWESOME ADVICE!!! THANK YOU THANK YOU!
:::
::: But I will throw one more thing at you. Now that I stupidly
::: switched roles back, I went through again to switch them back the
::: new server. I want this old DC out of here. I go on the new server
::: into Active directory domains and trust. I attempt to change the
::: operations master. I see the older computer and the new computer.
::: But it's greyed out the the message that the current operations
::: master is offline. Role cannot be transferred. This is only only
::: role to go. All the others have transferred. The other wierd thing
::: is when I check the setting in AD users and computers. The
::: settings there tell me that the computer is the operations master,
::: that if I want to change, I have to connect to it. Just for
::: "trying" I attempted to connect to the old dc and it tells me it's
::: not validated because the RPC server is unavailable.
:::
::: When I was going around and changing the clients and logging in, I
::: have scripts in place for mapped drives and such, I noticed that
::: sometimes the new dc or the bdc or even the OLD dc (that I'm trying
::: to get rid of) would handle the log in. So I know that the network
::: is seeing these machines...
:::
::: I'm tired of this whole thing and ready to put this all past me.
::: And THANKS Kevin - you're advice was GREAT!
::
:: Sometimes it takes a good while to complete the transfer of all FSMO
:: roles. You did transfer all five FSMO roles, right?
::
:: Just give it time, depending on how much data is in AD it can take a
:: half day or more. You can run DCDIAG /v to see what is happening.
:: O, BTW the Global Catalog should be on the Best DC you can afford to
:: put it on, especially if Exchange 2000 is in the mix, Exchange 2000
:: won't run without the GC available.
::
::
::
:: --
:: Best regards,
:: Kevin D4 Dad Goodknecht Sr. [MVP]
:: Hope This Helps
:: ============================
:: --
:: When responding to posts, please "Reply to Group" via your
:: newsreader so that others may learn and benefit from your issue.
:: To respond directly to me remove the nospam. from my email.
:: ==========================================
:: http://www.lonestaramerica.com/
:: ==========================================
:: Use Outlook Express?... Get OE_Quotefix:
:: It will strip signature out and more
:: http://home.in.tum.de/~jain/software/oe-quotefix/
:: ==========================================
:: Keep a back up of your OE settings and folders with
:: OEBackup:
:: http://www.oehelp.com/OEBackup/Default.aspx
:: ==========================================
:
: Well it's been several days now and it still is messed up somewhere.
: Going into AD Domain and Trusts to change the Operations Master is
: still greyed out, won't allow for a change. When I go into AD Sites &
: Services, I can replicate to the BDC and the Term Server, but
: attempting a replication to the old DC gives the following error. DSA
: operation is unable to proceed because of a DNS lookup failure. I
: think this is the only thing holdinig me back from changing the Master
: Operation and running DCpromo to get rid of this controller once and
: for all. I've noticed that all the machines are logging in and the
: scripts are running from the new dc's.
: Now I hope this helps, and please tell me if I need to change this.
: The old DC is still running DNS. The new DC is running DNS. Do I
: need to kill the DNS server on the old? I don't think it's really
: needed at this point. ONly thing I've noticed between the two is that
: the old DC has a cached lookup. and the new DC does not. The cache
: of the old DC they appear to be new listing.
: And I followed the instructions from MSKB for changing the roles of
: the domain controllers. It's worked once. Just couldn't demote the
: dc. So I switched them back during troubleshooting and now it won't
: change. That's the only role that won't switch. All others are
: complete.

Did you transfer the Global Catalog?
I don't remember if I asked or if you said.
The Global Catalog has to manually transferred there is no mechanism for
automatic transfer.
Make the new DC a GC first in ADS&S by going down into NTDS Settings it may
take a while for the GC to replicate, depending on the number of users and
machines.

 

[just_buck]

In just_buck <[email protected]> posted a question
Then Kevin replied below:
: :: In :: just_buck <[email protected]> posted a question
:: Then Kevin replied below:
:::
::: Also, thought I better mention this....
::: I go into AS site and services. The new domain controller in NTDS
::: setting are set as global. The old is unchecked. I noticed that
::: the backup controller is checked also. Should this be removed and
::: only the main dc be checked?
:::
::: Also... When I was going thru everything yesterday, I transferred
::: all the roles back to the old domain controller. Now looking back,
::: I regret doing that. I was able to do what you said, it just took
::: awhile. It told me that it wouldn't delete. I came back to the
::: system and it was gone. I have no idea how or why.... But I did
::: get the forwarders in place. Changed all the clients to point the
::: controller and login time is FAST! Internet access is fine too!
::: AWESOME ADVICE!!! THANK YOU THANK YOU!
:::
::: But I will throw one more thing at you. Now that I stupidly
::: switched roles back, I went through again to switch them back the
::: new server. I want this old DC out of here. I go on the new server
::: into Active directory domains and trust. I attempt to change the
::: operations master. I see the older computer and the new computer.
::: But it's greyed out the the message that the current operations
::: master is offline. Role cannot be transferred. This is only only
::: role to go. All the others have transferred. The other wierd thing
::: is when I check the setting in AD users and computers. The
::: settings there tell me that the computer is the operations master,
::: that if I want to change, I have to connect to it. Just for
::: "trying" I attempted to connect to the old dc and it tells me it's
::: not validated because the RPC server is unavailable.
:::
::: When I was going around and changing the clients and logging in, I
::: have scripts in place for mapped drives and such, I noticed that
::: sometimes the new dc or the bdc or even the OLD dc (that I'm trying
::: to get rid of) would handle the log in. So I know that the network
::: is seeing these machines...
:::
::: I'm tired of this whole thing and ready to put this all past me.
::: And THANKS Kevin - you're advice was GREAT!
::
:: Sometimes it takes a good while to complete the transfer of all FSMO
:: roles. You did transfer all five FSMO roles, right?
::
:: Just give it time, depending on how much data is in AD it can take a
:: half day or more. You can run DCDIAG /v to see what is happening.
:: O, BTW the Global Catalog should be on the Best DC you can afford to
:: put it on, especially if Exchange 2000 is in the mix, Exchange 2000
:: won't run without the GC available.
::
::
::
:: --
:: Best regards,
:: Kevin D4 Dad Goodknecht Sr. [MVP]
:: Hope This Helps
:: ============================
:: --
:: When responding to posts, please "Reply to Group" via your
:: newsreader so that others may learn and benefit from your issue.
:: To respond directly to me remove the nospam. from my email.
:: ==========================================
:: http://www.lonestaramerica.com/
:: ==========================================
:: Use Outlook Express?... Get OE_Quotefix:
:: It will strip signature out and more
:: http://home.in.tum.de/~jain/software/oe-quotefix/
:: ==========================================
:: Keep a back up of your OE settings and folders with
:: OEBackup:
:: http://www.oehelp.com/OEBackup/Default.aspx
:: ==========================================
:
: Well it's been several days now and it still is messed up somewhere.
: Going into AD Domain and Trusts to change the Operations Master is
: still greyed out, won't allow for a change. When I go into AD Sites &
: Services, I can replicate to the BDC and the Term Server, but
: attempting a replication to the old DC gives the following error. DSA
: operation is unable to proceed because of a DNS lookup failure. I
: think this is the only thing holdinig me back from changing the Master
: Operation and running DCpromo to get rid of this controller once and
: for all. I've noticed that all the machines are logging in and the
: scripts are running from the new dc's.
: Now I hope this helps, and please tell me if I need to change this.
: The old DC is still running DNS. The new DC is running DNS. Do I
: need to kill the DNS server on the old? I don't think it's really
: needed at this point. ONly thing I've noticed between the two is that
: the old DC has a cached lookup. and the new DC does not. The cache
: of the old DC they appear to be new listing.
: And I followed the instructions from MSKB for changing the roles of
: the domain controllers. It's worked once. Just couldn't demote the
: dc. So I switched them back during troubleshooting and now it won't
: change. That's the only role that won't switch. All others are
: complete.

Did you transfer the Global Catalog?
I don't remember if I asked or if you said.
The Global Catalog has to manually transferred there is no mechanism for
automatic transfer.
Make the new DC a GC first in ADS&S by going down into NTDS Settings it may
take a while for the GC to replicate, depending on the number of users and
machines.

Yes, I made sure that the Global Catalog was switched. Used the NTDS
settings and placed a check in the box for it. I removed it from the
one I'm trying to get rid of... This is nutz! But thanks for all
your help and advice. I do appreciate your assistance.

 

[Kevin D. Goodknecht [MVP]]

In just_buck <[email protected]> posted a question
Then Kevin replied below::
: Yes, I made sure that the Global Catalog was switched. Used the NTDS
: settings and placed a check in the box for it. I removed it from the
: one I'm trying to get rid of... This is nutz! But thanks for all
: your help and advice. I do appreciate your assistance.

Before you lose hope how about posting ipconfig /all from the affected
machines?

 

[just_buck]

In just_buck <[email protected]> posted a question
Then Kevin replied below::
: Yes, I made sure that the Global Catalog was switched. Used the NTDS
: settings and placed a check in the box for it. I removed it from the
: one I'm trying to get rid of... This is nutz! But thanks for all
: your help and advice. I do appreciate your assistance.

Before you lose hope how about posting ipconfig /all from the affected
machines?

Okay... here goes..

I since removed the bdc (that was fine)
Renamed the computer to pdc
setup DNS... (that appears fine)
Ran thru dcpromo - that went thru fine.

ipconfig /all for PDC

Host name PDC
Primary DNS Suff ourname.com
Node Type broadcast
IP Routing no
Wins Proxy no
DNS Suffix ourname.com

Description Compaq NC3120 Fast Ethernet NIC
Physical Addy 00-50-8b-10-90-7E
DHCP no
IP Addy 192.168.0.5
Subnet 255.255.255.0
Gateway 192.168.0.1
DNS Server 192.168.0.2
192.168.0.3

(I haven't made the change for the new PDC yet. There aren't any
roles even on it yet)

DC (newer one)

Host dc
primary DNS ourname.com
Node type hybrid
IP Routing no
Wins Proxy no
DNS Suffix ourname.com
ourname <--problem????

Connection-specific DNS Suffix ourname
Decription Netelligent 10/100 PCI embedded
Phyiscal addy 00-50-8B-32-34-3E
DHCP enabled no
IP Addy 192.168.0.2
Subnet 255.255.255.0
Default Gateway 192.168.0.1
DNS Servers 192.168.0.2
192.168.0.3
Primary Wins 204.158.111.251
204.158.111.250


Term1 (listed in domain controllers)

Host name term1
Primary ourname.com
node type broadcast
ip routing no
wins proxy no
DNS Suffix ourname.com

Ethernet Adpater Intranet
Connection specific DNS Suffix: <blank>
Physical addy 192.168.0.3
Subnet Mask 255.255.255.0
Default Gateway <goes to external addy from provider>
DNS Servers 192.168.0.3
192.168.0.2

The other adapter lists our external connection. No problems there.

Now for the system I'm trying to get rid of!
DomCon-1

Host name domcon-1
primary ourname.com
node type hybrid
ip routing yes
wins proxy no
DNS Suffix ourname (note: no .com at end)

Ethernet adapter INTRA
connection-specific DSN Suffix urname
Descriptions Intel(R) Pro/100 Dual Port Server
Physical Addy 00-D0-B7-82-E8-E9
IP Addy 192.168.0.145
Subnet 255.255.255.0
Default Gateway 192.168.0.1
DNS Servers 192.168.0.2
192.168.0.3
Primary WINS 204.158.111.251
2nday WINS 204.158.111.250


Hope this helps.... I can't due a print screen due to the switch
that's in place.

Summary.... PDC is new. DNS setup on Friday, replicated w/ DC. (all
fine)
No roles on PDC at this time and Global Catalog is checked.

DC PDC and Term1 all in the NTDS settings will replicate connections
fine.

Domcon-1 will not, gives DSA error. (DNS lookup problem)

Attempt to change operations master in AD Domains and Trusts is greyed
out.
Lists that the current Operations Master is offline. Role cannot be
transferred.

Attempt to change RID from domcon-1 to "any" give the message. "cannot
be performed: requested FSMO operation failed. current FSMO holder
could not be contacted"

Kevin if you can help me get thru this - I OWE YOU BIG TIME!

 

[Kevin D. Goodknecht [MVP]]

In just_buck <[email protected]> posted a question
Then Kevin replied below:
Have you installed DNS on PDC?
When you did DCPROMO it asked if you wanted to configure DNS.
I suggest this, if DNS is not on PDC install DNS then point all machines
includin PDC to this address for DNS.
Side note: After you install DNS on PDC see if the zone replicates to it, it
will if you have a DC with an AD Integrated DNS. Then restart the Netlogon
Service run ipconfig /flushdns and ipconfig /registerdns this will register
the DC in DNS and create the sub folders and SRV records.
Read inline.
:
:
: Okay... here goes..
:
: I since removed the bdc (that was fine)
: Renamed the computer to pdc
: setup DNS... (that appears fine)
: Ran thru dcpromo - that went thru fine.
:
: ipconfig /all for PDC
:
: Host name PDC
: Primary DNS Suff ourname.com
: Node Type broadcast
: IP Routing no
: Wins Proxy no
: DNS Suffix ourname.com
:
: Description Compaq NC3120 Fast Ethernet NIC
: Physical Addy 00-50-8b-10-90-7E
: DHCP no
: IP Addy 192.168.0.5
: Subnet 255.255.255.0
: Gateway 192.168.0.1
: DNS Server 192.168.0.2<---tell me about this DNS
: 192.168.0.3<----and this one
:
: (I haven't made the change for the new PDC yet. There aren't any
: roles even on it yet)
:
: DC (newer one)
:
: Host dc
: primary DNS ourname.com
: Node type hybrid
: IP Routing no
: Wins Proxy no
: DNS Suffix ourname.com
: ourname <--problem???? Yes it is remove
this name.
:
: Connection-specific DNS Suffix ourname<---remove this
: Decription Netelligent 10/100 PCI embedded
: Phyiscal addy 00-50-8B-32-34-3E
: DHCP enabled no
: IP Addy 192.168.0.2
: Subnet 255.255.255.0
: Default Gateway 192.168.0.1
: DNS Servers 192.168.0.2
: 192.168.0.3
: Primary Wins 204.158.111.251<-----WINS servers with public IP
addresses?
: 204.158.111.250<------------- " " "
" " " ?
:
:
: Term1 (listed in domain controllers)
:
: Host name term1
: Primary ourname.com
: node type broadcast
: ip routing no
: wins proxy no
: DNS Suffix ourname.com
:
: Ethernet Adpater Intranet
: Connection specific DNS Suffix: <blank>
: Physical addy 192.168.0.3
: Subnet Mask 255.255.255.0
: Default Gateway <goes to external addy from provider>
: DNS Servers 192.168.0.3
: 192.168.0.2
:
: The other adapter lists our external connection. No problems there.
:
: Now for the system I'm trying to get rid of!
: DomCon-1
:
: Host name domcon-1
: primary ourname.com
: node type hybrid
: ip routing yes
: wins proxy no
: DNS Suffix ourname (note: no .com at end)<-----Remove
:
: Ethernet adapter INTRA
: connection-specific DSN Suffix urname<------------Remove
: Descriptions Intel(R) Pro/100 Dual Port Server
: Physical Addy 00-D0-B7-82-E8-E9
: IP Addy 192.168.0.145
: Subnet 255.255.255.0
: Default Gateway 192.168.0.1
: DNS Servers 192.168.0.2
: 192.168.0.3
: Primary WINS 204.158.111.251<-------?
: 2nday WINS 204.158.111.250<--------?
:
:
: Hope this helps.... I can't due a print screen due to the switch
: that's in place.
:
: Summary.... PDC is new. DNS setup on Friday, replicated w/ DC. (all
: fine)
: No roles on PDC at this time and Global Catalog is checked.
:
: DC PDC and Term1 all in the NTDS settings will replicate connections
: fine.
:
: Domcon-1 will not, gives DSA error. (DNS lookup problem)
:
: Attempt to change operations master in AD Domains and Trusts is greyed
: out.
: Lists that the current Operations Master is offline. Role cannot be
: transferred.
:
: Attempt to change RID from domcon-1 to "any" give the message. "cannot
: be performed: requested FSMO operation failed. current FSMO holder
: could not be contacted"
:
: Kevin if you can help me get thru this - I OWE YOU BIG TIME!

 

[just_buck]

In just_buck <[email protected]> posted a question
Then Kevin replied below::
: Yes, I made sure that the Global Catalog was switched. Used the NTDS
: settings and placed a check in the box for it. I removed it from the
: one I'm trying to get rid of... This is nutz! But thanks for all
: your help and advice. I do appreciate your assistance.

Before you lose hope how about posting ipconfig /all from the affected
machines?

Okay... here goes..

I since removed the bdc (that was fine)
Renamed the computer to pdc
setup DNS... (that appears fine)
Ran thru dcpromo - that went thru fine.

ipconfig /all for PDC

Host name PDC
Primary DNS Suff ourname.com
Node Type broadcast
IP Routing no
Wins Proxy no
DNS Suffix ourname.com

Description Compaq NC3120 Fast Ethernet NIC
Physical Addy 00-50-8b-10-90-7E
DHCP no
IP Addy 192.168.0.5
Subnet 255.255.255.0
Gateway 192.168.0.1
DNS Server 192.168.0.2
192.168.0.3

(I haven't made the change for the new PDC yet. There aren't any
roles even on it yet)

DC (newer one)

Host dc
primary DNS ourname.com
Node type hybrid
IP Routing no
Wins Proxy no
DNS Suffix ourname.com
ourname <--problem????

Connection-specific DNS Suffix ourname
Decription Netelligent 10/100 PCI embedded
Phyiscal addy 00-50-8B-32-34-3E
DHCP enabled no
IP Addy 192.168.0.2
Subnet 255.255.255.0
Default Gateway 192.168.0.1
DNS Servers 192.168.0.2
192.168.0.3
Primary Wins 204.158.111.251
204.158.111.250


Term1 (listed in domain controllers)

Host name term1
Primary ourname.com
node type broadcast
ip routing no
wins proxy no
DNS Suffix ourname.com

Ethernet Adpater Intranet
Connection specific DNS Suffix: <blank>
Physical addy 192.168.0.3
Subnet Mask 255.255.255.0
Default Gateway <goes to external addy from provider>
DNS Servers 192.168.0.3
192.168.0.2

The other adapter lists our external connection. No problems there.

Now for the system I'm trying to get rid of!
DomCon-1

Host name domcon-1
primary ourname.com
node type hybrid
ip routing yes
wins proxy no
DNS Suffix ourname (note: no .com at end)

Ethernet adapter INTRA
connection-specific DSN Suffix urname
Descriptions Intel(R) Pro/100 Dual Port Server
Physical Addy 00-D0-B7-82-E8-E9
IP Addy 192.168.0.145
Subnet 255.255.255.0
Default Gateway 192.168.0.1
DNS Servers 192.168.0.2
192.168.0.3
Primary WINS 204.158.111.251
2nday WINS 204.158.111.250


Hope this helps.... I can't due a print screen due to the switch
that's in place.

Summary.... PDC is new. DNS setup on Friday, replicated w/ DC. (all
fine)
No roles on PDC at this time and Global Catalog is checked.

DC PDC and Term1 all in the NTDS settings will replicate connections
fine.

Domcon-1 will not, gives DSA error. (DNS lookup problem)

Attempt to change operations master in AD Domains and Trusts is greyed
out.
Lists that the current Operations Master is offline. Role cannot be
transferred.

Attempt to change RID from domcon-1 to "any" give the message. "cannot
be performed: requested FSMO operation failed. current FSMO holder
could not be contacted"

Kevin if you can help me get thru this - I OWE YOU BIG TIME!

 

[Ace Fekay [MVP]]

In just_buck <[email protected]> posted their thoughts, then I offered mine

Domcon-1 will not, gives DSA error. (DNS lookup problem)

Attempt to change operations master in AD Domains and Trusts is greyed
out.
Lists that the current Operations Master is offline. Role cannot be
transferred.

Attempt to change RID from domcon-1 to "any" give the message. "cannot
be performed: requested FSMO operation failed. current FSMO holder
could not be contacted"

Kevin if you can help me get thru this - I OWE YOU BIG TIME!

Can you post a dcdiag /v and a netdiag /v please?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[just_buck]

In just_buck <[email protected]> posted their thoughts, then I offered mine


Can you post a dcdiag /v and a netdiag /v please?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

Well maybe things have changed at this point.....

I really needed to get rid of this server! I ended up seizing the
roles to DC.
Waited half a day and moved the roles to PDC. The old Domcon is still
on but during the process, I disabled the network connection. This
computer will not be returning. It will be formatted and reinstalled.

Everything is running fine so far. I have a couple of
questions/troubleshooting that I hope will be painless

First off... The new PDC is running DNS (I set this up before dcpromo)
DNS is still on the other DC. Should I remove that service from that
system, or change from Active-Directory integrated to Standard
Secondary and sync w/ PDC.

That's the first question.

Second.... PDC's event view has two issues. One is W32time can't
find a domain controller. and the other is NtFrs 13508, File
Replication Service - trouble from Term1 to PDC for
\winnt\sysvol\domain using the DNS name term1.ourname.com - - - The
NTFRS issue has come only once and that was 12 hours ago. I don't
think it's a problem at this point, but thought I would mention it
just in case. (of course, I'll be researching the W32time)

Lastly is WINS. I'll admit that I don't understand Wins what-so-ever!
To try and save from questions. This is what I have. I've noticed in
WINS that push and pull are setup between DC and Commserver.
Commserver is an NT Server here (that is on the list to go)

Is Wins needed? There are Two NT servers here (one has to stay)
All clients are W2k. There are 2 Win98 machines. and one XP Pro
system.
None of clients have any type of wins information on them...

Thanks guys!

 

[Ace Fekay [MVP]]

In

Well maybe things have changed at this point.....

I really needed to get rid of this server! I ended up seizing the
roles to DC.
Waited half a day and moved the roles to PDC. The old Domcon is still
on but during the process, I disabled the network connection. This
computer will not be returning. It will be formatted and reinstalled.

Everything is running fine so far. I have a couple of
questions/troubleshooting that I hope will be painless

First off... The new PDC is running DNS (I set this up before dcpromo)
DNS is still on the other DC. Should I remove that service from that
system, or change from Active-Directory integrated to Standard
Secondary and sync w/ PDC.

Please, PLEASE, there are no "PDCs" in W2k. That was from the old legacy NT4
days. AD domain controllers do have roles, and one of them is the PDC
Emulator, but has nothing to do with the way it worked in NT4.

Getting back to your question, if you have two DCs, I would keep DNS on both
of them and make the zones AD Integrated so the zone will be available on
both DCs and AD replication will handle the zone data.

That's the first question.

Second.... PDC's event view has two issues. One is W32time can't
find a domain controller.

Time service needs to be set.
CMD prompt:
net time /setsntp:192.5.41.41
net stop w32time
w32tm -once
net start w32time.

and the other is NtFrs 13508, File
Replication Service - trouble from Term1 to PDC for
\winnt\sysvol\domain using the DNS name term1.ourname.com - - - The
NTFRS issue has come only once and that was 12 hours ago. I don't
think it's a problem at this point, but thought I would mention it
just in case. (of course, I'll be researching the W32time)

Wait 24 hours, if it persists, post back.

Lastly is WINS. I'll admit that I don't understand Wins what-so-ever!
To try and save from questions. This is what I have. I've noticed in
WINS that push and pull are setup between DC and Commserver.
Commserver is an NT Server here (that is on the list to go)

Is Wins needed?

WINS is for NetBIOS resolution across routers (to your other subnets or
remote locations) so you can simply connect by the NetBIOS (computer name)
instead of the FQDN (the DNS name) across your subnets. IT also supports
Network Neighborhood functionality across your routed enterprise. If you
only have one subnet, WINS is not needed.

There are Two NT servers here (one has to stay)
All clients are W2k. There are 2 Win98 machines. and one XP Pro
system.
None of clients have any type of wins information on them...

Probably because no one set it in the clients or the DCHP scope.

Thanks guys!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[just_buck]

In

Please, PLEASE, there are no "PDCs" in W2k. That was from the old legacy NT4
days. AD domain controllers do have roles, and one of them is the PDC
Emulator, but has nothing to do with the way it worked in NT4.

Getting back to your question, if you have two DCs, I would keep DNS on both
of them and make the zones AD Integrated so the zone will be available on
both DCs and AD replication will handle the zone data.


Time service needs to be set.
CMD prompt:
net time /setsntp:192.5.41.41
net stop w32time
w32tm -once
net start w32time.


Wait 24 hours, if it persists, post back.



WINS is for NetBIOS resolution across routers (to your other subnets or
remote locations) so you can simply connect by the NetBIOS (computer name)
instead of the FQDN (the DNS name) across your subnets. IT also supports
Network Neighborhood functionality across your routed enterprise. If you
only have one subnet, WINS is not needed.


Probably because no one set it in the clients or the DCHP scope.




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

Thank you all for all the assistance that you've given me through all this.

Everything is finally working, no errors or warnings in event viewer.

 

[Ace Fekay [MVP]]

In

"Ace Fekay [MVP]"



Thank you all for all the assistance that you've given me through all
this.

Everything is finally working, no errors or warnings in event viewer.

Good to hear!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory