PDC replacement caused DNS issues: no DNS records!

[Guest]

We have two Win2000 SP4 servers. Server1 is the PDC and DNS server for our basic domain setup in a small office, server2 is a member.

We need to remove Server1 from the domain for web hosting services, so this morning we attempted to replace server1 as PDC:
- dcpromo on server2
- add DNS
- Migrate all fsmo roles through mmc on server2, executing a change of operations master
- removed existing DNS domain zones (all configured for server1)
- added new DNS forward lookup zone for server2
- removed DNS from server1

DHCP is not enabled on either server. From what I can tell server2 is now the pdc with DNS, and server2 is an additional dc.

dcdiag results in these failures:
Doing initial required tests

Testing server: Default-First-Site-Name\server2
Starting test: Connectivity
server2's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(actualguidhere._msdcs.domainname) couldn't be
resolved, the server name (server2.domainname) resolved to the IP address
(192.0.2.2) and was pingable. Check that the IP address is registered
correctly with the DNS server.
......................... server2 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\server2
Skipping all tests, because server server2 is
not responding to directory service requests

You'll note we do have a single label domain, but have not had issues in the past with this. We do not intend on using this domain publically (externally on internet).
server2 has properly configured DNS server in tcp/ip properties (points to itself, 192.0.2.2).
server2 DNS forward lookup zones only contain the basic SOA, NS, A info for server2, but none of the _ dns records!

We have tried ipconfig /registerdns with no change to zone records.
We have tried to stop and start netlogon with no change zone records.
We have tried netdiag.exe /fix with no change zone records.
We even tried to demote server1 to a member so we could remove it from the domain (and hoped it might resolve something) but we get a failure from the dcpromo "The Directory Service failed to find a server to replicate off changes".

All of the diagnostics continue to show DNS errors. We have no idea where to go with this... any help at all would be appreciated!

Suffering from a major migraine...

 

[Randy Barger \(ConsultIT\)]

Assuming that your zones were AD-integrated, I'd recommend trying this:

1) Put DNS back on SERVER1. If the zone was AD-integrated, that server
should still have all the correct DNS information.
2) Assuming #1 is successful, and all information is there, point both
servers' DNS settings to use SERVER1 *only*.
3) Run your DCDIAG tests and make sure synchronization is occurring
properly. You can use REPADMIN to force synchronization attempts.
4) Install/configure DNS on SERVER2 again. If synchronization was occurring
properly, all the correct zone information should now be there.
5) Point both servers' DNS settings to SERVER2.
6) Repeat step 3.
7) One thing you didn't mention was Global Catalog. By default, SERVER2
would not have become a GC, so you'll need to make it a GC before you demote
SERVER1.
8) If everything has gone correctly this far, check DNS and synchronization
one last time, and then demote SERVER1.

Feel free to email me on this if you need faster response time on additional
questions.

Randy Barger
MCT, MCSE, MCSA, CCNA, CCA, CNA
__________________________________________________
ConsultIT - http://ConsultIT.bizhosting.com/
Improving business through technology.

We have two Win2000 SP4 servers. Server1 is the PDC and DNS server for

our basic domain setup in a small office, server2 is a member.

We need to remove Server1 from the domain for web hosting services, so

this morning we attempted to replace server1 as PDC:

- dcpromo on server2
- add DNS
- Migrate all fsmo roles through mmc on server2, executing a change of operations master
- removed existing DNS domain zones (all configured for server1)
- added new DNS forward lookup zone for server2
- removed DNS from server1

DHCP is not enabled on either server. From what I can tell server2 is now

the pdc with DNS, and server2 is an additional dc.

dcdiag results in these failures:
Doing initial required tests

Testing server: Default-First-Site-Name\server2
Starting test: Connectivity
server2's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(actualguidhere._msdcs.domainname) couldn't be
resolved, the server name (server2.domainname) resolved to the IP address
(192.0.2.2) and was pingable. Check that the IP address is registered
correctly with the DNS server.
......................... server2 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\server2
Skipping all tests, because server server2 is
not responding to directory service requests

You'll note we do have a single label domain, but have not had issues in

the past with this. We do not intend on using this domain publically
(externally on internet).

server2 has properly configured DNS server in tcp/ip properties (points to itself, 192.0.2.2).
server2 DNS forward lookup zones only contain the basic SOA, NS, A info

for server2, but none of the _ dns records!

We have tried ipconfig /registerdns with no change to zone records.
We have tried to stop and start netlogon with no change zone records.
We have tried netdiag.exe /fix with no change zone records.
We even tried to demote server1 to a member so we could remove it from the

domain (and hoped it might resolve something) but we get a failure from the
dcpromo "The Directory Service failed to find a server to replicate off
changes".

All of the diagnostics continue to show DNS errors. We have no idea where

to go with this... any help at all would be appreciated!

 

[TIM ROBERTS]

One thing that you said will cause this "a single label domain" plus you are
running SP4. SP3 allowed the Single label domain but SP4 is RFC compliant.
Please review this article, make the change on all DC run SP 4 and Winxp
Clients.

Q300684 Information about Configuring Windows 2000 for Domain with Single
label DNS name

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
AllowSingleLabelDnsDomain
Reg_dword
0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DnsCache\Parameters
UpdateTopLevelDomainZones
Reg_Dword
0x1

i hope this helps

Tim Roberts (MSFT)

We have two Win2000 SP4 servers. Server1 is the PDC and DNS server for

our basic domain setup in a small office, server2 is a member.

We need to remove Server1 from the domain for web hosting services, so

this morning we attempted to replace server1 as PDC:

- dcpromo on server2
- add DNS
- Migrate all fsmo roles through mmc on server2, executing a change of operations master
- removed existing DNS domain zones (all configured for server1)
- added new DNS forward lookup zone for server2
- removed DNS from server1

DHCP is not enabled on either server. From what I can tell server2 is now

the pdc with DNS, and server2 is an additional dc.

dcdiag results in these failures:
Doing initial required tests

Testing server: Default-First-Site-Name\server2
Starting test: Connectivity
server2's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(actualguidhere._msdcs.domainname) couldn't be
resolved, the server name (server2.domainname) resolved to the IP address
(192.0.2.2) and was pingable. Check that the IP address is registered
correctly with the DNS server.
......................... server2 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\server2
Skipping all tests, because server server2 is
not responding to directory service requests

You'll note we do have a single label domain, but have not had issues in

the past with this. We do not intend on using this domain publically
(externally on internet).

server2 has properly configured DNS server in tcp/ip properties (points to itself, 192.0.2.2).
server2 DNS forward lookup zones only contain the basic SOA, NS, A info

for server2, but none of the _ dns records!

We have tried ipconfig /registerdns with no change to zone records.
We have tried to stop and start netlogon with no change zone records.
We have tried netdiag.exe /fix with no change zone records.
We even tried to demote server1 to a member so we could remove it from the

domain (and hoped it might resolve something) but we get a failure from the
dcpromo "The Directory Service failed to find a server to replicate off
changes".

All of the diagnostics continue to show DNS errors. We have no idea where

to go with this... any help at all would be appreciated!

 

[Migraine]

I have been working on this with everyone's helpful
suggestions. Things are better, but not quite complete.
Here is the summary and answers to previous questions:

GC is indeed on new PDC, server2 (in sites NTDS Settings I
unchecked server1, checked server2 global catalog box).

Updated registry on both servers (had to add these keys,
didn't even exist) per Tim recommendation (article
Q300684), but no change.

Re-installed DNS on original PDC, server1, and changed
TCP/IP DNS settings in both servers to point to server1.
Removed DNS from server2.

netdiag /fix on server1 (several fixes)
netdiag /fix on server2 (several fixes)
dcdiag /fix on server1
dcdiag /fix on server2

Server1 is now showing original DNS records (with proper _
folders).

Ran dcdiag on server1, everything passes.

Ran netdiag on server1, everything passes except this
warning:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative
DNS server for the name
'BIRD.primewest.'. [ERROR_TIMEOUT]
The name 'BIRD.primewest.' may not be
registered in DNS.
PASS - All the DNS entries for DC are registered on
DNS server '192.0.2.3' a
nd other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS
server 192.0.2.2, ERROR_TIMEOUT.


Ran dcdiag on server 2 (new PDC), everything passed except:

Starting test: Services
SMTPSVC Service is stopped on [MONK]
......................... MONK failed test
Services
Starting test: ObjectsReplicated
......................... MONK passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.


Ran netdiag on server2, everything passes.

Also attempted net stop netlogon, net start netlogon again
on server1. Still showing error in event viewer "Dynamic
registration or deregistration of one or more DNS records
failed because no DNS servers are available."

Is there a timing issue here? Would it make a difference
if I go back to the office and re-run this in say, an hour?

Again I'm new to this, can anyone clarify how I can force
and verify sychronization + replication (other than what
occurs during diag /fix)?

Much appreciated!
Subsiding Migraine (hopeful)...

-----Original Message-----
We have two Win2000 SP4 servers. Server1 is the PDC and

DNS server for our basic domain setup in a small office,
server2 is a member.

We need to remove Server1 from the domain for web hosting

services, so this morning we attempted to replace server1
as PDC:

- dcpromo on server2
- add DNS
- Migrate all fsmo roles through mmc on server2,

executing a change of operations master

- removed existing DNS domain zones (all configured for server1)
- added new DNS forward lookup zone for server2
- removed DNS from server1

DHCP is not enabled on either server. From what I can

tell server2 is now the pdc with DNS, and server2 is an
additional dc.

dcdiag results in these failures:
Doing initial required tests

Testing server: Default-First-Site-Name\server2
Starting test: Connectivity
server2's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(actualguidhere._msdcs.domainname) couldn't be
resolved, the server name (server2.domainname) resolved to the IP address
(192.0.2.2) and was pingable. Check that the IP address is registered
correctly with the DNS server.
......................... server2 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\server2
Skipping all tests, because server server2 is
not responding to directory service requests

You'll note we do have a single label domain, but have

not had issues in the past with this. We do not intend on
using this domain publically (externally on internet).

server2 has properly configured DNS server in tcp/ip

properties (points to itself, 192.0.2.2).

server2 DNS forward lookup zones only contain the basic

SOA, NS, A info for server2, but none of the _ dns records!

We have tried ipconfig /registerdns with no change to zone records.
We have tried to stop and start netlogon with no change zone records.
We have tried netdiag.exe /fix with no change zone records.
We even tried to demote server1 to a member so we could

remove it from the domain (and hoped it might resolve
something) but we get a failure from the dcpromo "The
Directory Service failed to find a server to replicate off
changes".

All of the diagnostics continue to show DNS errors. We

have no idea where to go with this... any help at all
would be appreciated!

 

[Kevin Goodknecht]

In

I have been working on this with everyone's helpful
suggestions. Things are better, but not quite complete.
Here is the summary and answers to previous questions:

GC is indeed on new PDC, server2 (in sites NTDS Settings I
unchecked server1, checked server2 global catalog box).

Updated registry on both servers (had to add these keys,
didn't even exist) per Tim recommendation (article
Q300684), but no change.

Re-installed DNS on original PDC, server1, and changed
TCP/IP DNS settings in both servers to point to server1.
Removed DNS from server2.

netdiag /fix on server1 (several fixes)
netdiag /fix on server2 (several fixes)
dcdiag /fix on server1
dcdiag /fix on server2

Server1 is now showing original DNS records (with proper _
folders).

Ran dcdiag on server1, everything passes.

Ran netdiag on server1, everything passes except this
warning:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative
DNS server for the name
'BIRD.primewest.'. [ERROR_TIMEOUT]
The name 'BIRD.primewest.' may not be
registered in DNS.
PASS - All the DNS entries for DC are registered on
DNS server '192.0.2.3' a
nd other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS
server 192.0.2.2, ERROR_TIMEOUT.


Ran dcdiag on server 2 (new PDC), everything passed except:

Starting test: Services
SMTPSVC Service is stopped on [MONK]
......................... MONK failed test
Services
Starting test: ObjectsReplicated
......................... MONK passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.


Ran netdiag on server2, everything passes.

Also attempted net stop netlogon, net start netlogon again
on server1. Still showing error in event viewer "Dynamic
registration or deregistration of one or more DNS records
failed because no DNS servers are available."

Is there a timing issue here? Would it make a difference
if I go back to the office and re-run this in say, an hour?

Again I'm new to this, can anyone clarify how I can force
and verify sychronization + replication (other than what
occurs during diag /fix)?

Much appreciated!
Subsiding Migraine (hopeful)...

-----Original Message-----
We have two Win2000 SP4 servers. Server1 is the PDC and

DNS server for our basic domain setup in a small office,
server2 is a member.

We need to remove Server1 from the domain for web hosting

services, so this morning we attempted to replace server1
as PDC:

- dcpromo on server2
- add DNS
- Migrate all fsmo roles through mmc on server2,

executing a change of operations master

- removed existing DNS domain zones (all configured for server1)
- added new DNS forward lookup zone for server2
- removed DNS from server1

DHCP is not enabled on either server. From what I can

tell server2 is now the pdc with DNS, and server2 is an
additional dc.

dcdiag results in these failures:
Doing initial required tests

Testing server: Default-First-Site-Name\server2
Starting test: Connectivity
server2's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(actualguidhere._msdcs.domainname) couldn't be
resolved, the server name (server2.domainname) resolved to
the IP address (192.0.2.2) and was pingable. Check that the
IP address is registered correctly with the DNS server.
......................... server2 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\server2
Skipping all tests, because server server2 is
not responding to directory service requests

You'll note we do have a single label domain, but have

not had issues in the past with this. We do not intend on
using this domain publically (externally on internet).

server2 has properly configured DNS server in tcp/ip

properties (points to itself, 192.0.2.2).

server2 DNS forward lookup zones only contain the basic

SOA, NS, A info for server2, but none of the _ dns records!

We have tried ipconfig /registerdns with no change to zone records.
We have tried to stop and start netlogon with no change zone records.
We have tried netdiag.exe /fix with no change zone records.
We even tried to demote server1 to a member so we could

remove it from the domain (and hoped it might resolve
something) but we get a failure from the dcpromo "The
Directory Service failed to find a server to replicate off
changes".

All of the diagnostics continue to show DNS errors. We

have no idea where to go with this... any help at all
would be appreciated!

Suffering from a major migraine...
.

Some of your problem may be due to your IP address range 192.x.x.x is in a
public Range and will cause routing issues unless you are actually the owner
of the Netblock. I would highly recommend change your addressing scheme to a
non-routable 192.168.x.x. While this may not resolve your current issue I
can promise you will have issues with connecting to servers that are in this
Netblock.
http://www.dnsstuff.com/tools/whois.ch?ip=!NET-192-0-2-0-1&server=whois.arin.net

 

[Ace Fekay [MVP]]

In

We have two Win2000 SP4 servers. Server1 is the PDC and DNS server
for our basic domain setup in a small office, server2 is a member.

We need to remove Server1 from the domain for web hosting services,
so this morning we attempted to replace server1 as PDC:
- dcpromo on server2
- add DNS
- Migrate all fsmo roles through mmc on server2, executing a change
of operations master
- removed existing DNS domain zones (all configured for server1)
- added new DNS forward lookup zone for server2
- removed DNS from server1

DHCP is not enabled on either server. From what I can tell server2
is now the pdc with DNS, and server2 is an additional dc.

dcdiag results in these failures:
Doing initial required tests

Testing server: Default-First-Site-Name\server2
Starting test: Connectivity
server2's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(actualguidhere._msdcs.domainname) couldn't be
resolved, the server name (server2.domainname) resolved to
the IP address (192.0.2.2) and was pingable. Check that the
IP address is registered correctly with the DNS server.
......................... server2 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\server2
Skipping all tests, because server server2 is
not responding to directory service requests

You'll note we do have a single label domain, but have not had issues
in the past with this. We do not intend on using this domain
publically (externally on internet).
server2 has properly configured DNS server in tcp/ip properties
(points to itself, 192.0.2.2).
server2 DNS forward lookup zones only contain the basic SOA, NS, A
info for server2, but none of the _ dns records!

We have tried ipconfig /registerdns with no change to zone records.
We have tried to stop and start netlogon with no change zone records.
We have tried netdiag.exe /fix with no change zone records.
We even tried to demote server1 to a member so we could remove it
from the domain (and hoped it might resolve something) but we get a
failure from the dcpromo "The Directory Service failed to find a
server to replicate off changes".

All of the diagnostics continue to show DNS errors. We have no idea
where to go with this... any help at all would be appreciated!

Suffering from a major migraine...

Hi Migraine,

I received your private email, and it seems you have a couple of qualified
answers here anyway. Just would like to add another possibility to try or
just to look at.

In your DNS zone, do the SRV records all show up?

Can you post an ipconfig /all or email it to me? I want to take a look at
your Primary DNS Suffix. The netlogon service uses that name to register
into the DNS zone with that name. Hopefully that name, the zone name and the
AD DNS domain name are all spelled exactly the same and are not a single
label name. I'm assuming that you took care of the single label name issue
with Tim's suggestions? Since SP4 stopped allowing single label name zones,
if you took care of that with those reg entries, that will force DNS to
allow updates into the zone.

And yes, as Randy said, make sure you make this new server a GC, if you
haven't already done so.

Do keep us informed with your progress.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Randy Barger \(ConsultIT\)]

You can use the "REPADMIN /syncall DCNAME" command for each DC to force
synchronization. REPADMIN is in the Support Tools, which can be installed
from the W2K Server CD.

From your NETDIAG test on SERVER1, it appears that it is trying to query
both servers for DNS, which indicates that you still have both servers in
the DNS settings on SERVER1. Make sure that you are pointing to ONLY
SERVER1 at this point.

For the DCDIAG error on SERVER2. Since this is your only site, and you're
not using SMTP for replication, you can ignore the SMTPSVC error. The
SYSVOL error is generally a good indicator that replication isn't occurring
(which we already knew).

What is "BIRD.primewest"? Is that your domain name, one of the servers, or
....?

Randy Barger
MCT, MCSE, MCSA, CCNA, CCA, CNA
__________________________________________________
ConsultIT - http://ConsultIT.bizhosting.com/
Improving business through technology.

I have been working on this with everyone's helpful
suggestions. Things are better, but not quite complete.
Here is the summary and answers to previous questions:

GC is indeed on new PDC, server2 (in sites NTDS Settings I
unchecked server1, checked server2 global catalog box).

Updated registry on both servers (had to add these keys,
didn't even exist) per Tim recommendation (article
Q300684), but no change.

Re-installed DNS on original PDC, server1, and changed
TCP/IP DNS settings in both servers to point to server1.
Removed DNS from server2.

netdiag /fix on server1 (several fixes)
netdiag /fix on server2 (several fixes)
dcdiag /fix on server1
dcdiag /fix on server2

Server1 is now showing original DNS records (with proper _
folders).

Ran dcdiag on server1, everything passes.

Ran netdiag on server1, everything passes except this
warning:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative
DNS server for the name
'BIRD.primewest.'. [ERROR_TIMEOUT]
The name 'BIRD.primewest.' may not be
registered in DNS.
PASS - All the DNS entries for DC are registered on
DNS server '192.0.2.3' a
nd other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS
server 192.0.2.2, ERROR_TIMEOUT.


Ran dcdiag on server 2 (new PDC), everything passed except:

Starting test: Services
SMTPSVC Service is stopped on [MONK]
......................... MONK failed test
Services
Starting test: ObjectsReplicated
......................... MONK passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.


Ran netdiag on server2, everything passes.

Also attempted net stop netlogon, net start netlogon again
on server1. Still showing error in event viewer "Dynamic
registration or deregistration of one or more DNS records
failed because no DNS servers are available."

Is there a timing issue here? Would it make a difference
if I go back to the office and re-run this in say, an hour?

Again I'm new to this, can anyone clarify how I can force
and verify sychronization + replication (other than what
occurs during diag /fix)?

Much appreciated!
Subsiding Migraine (hopeful)...

-----Original Message-----
We have two Win2000 SP4 servers. Server1 is the PDC and

DNS server for our basic domain setup in a small office,
server2 is a member.

We need to remove Server1 from the domain for web hosting

services, so this morning we attempted to replace server1
as PDC:

- dcpromo on server2
- add DNS
- Migrate all fsmo roles through mmc on server2,

executing a change of operations master

- removed existing DNS domain zones (all configured for server1)
- added new DNS forward lookup zone for server2
- removed DNS from server1

DHCP is not enabled on either server. From what I can

tell server2 is now the pdc with DNS, and server2 is an
additional dc.

dcdiag results in these failures:
Doing initial required tests

Testing server: Default-First-Site-Name\server2
Starting test: Connectivity
server2's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(actualguidhere._msdcs.domainname) couldn't be
resolved, the server name (server2.domainname) resolved to the IP address
(192.0.2.2) and was pingable. Check that the IP address is registered
correctly with the DNS server.
......................... server2 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\server2
Skipping all tests, because server server2 is
not responding to directory service requests

You'll note we do have a single label domain, but have

not had issues in the past with this. We do not intend on
using this domain publically (externally on internet).

server2 has properly configured DNS server in tcp/ip

properties (points to itself, 192.0.2.2).

server2 DNS forward lookup zones only contain the basic

SOA, NS, A info for server2, but none of the _ dns records!

We have tried ipconfig /registerdns with no change to zone records.
We have tried to stop and start netlogon with no change zone records.
We have tried netdiag.exe /fix with no change zone records.
We even tried to demote server1 to a member so we could

remove it from the domain (and hoped it might resolve
something) but we get a failure from the dcpromo "The
Directory Service failed to find a server to replicate off
changes".

All of the diagnostics continue to show DNS errors. We

have no idea where to go with this... any help at all
would be appreciated!

Suffering from a major migraine...
.

 

[Migraine]

Comments inline below.

-----Original Message-----
You can use the "REPADMIN /syncall DCNAME" command for each DC to force
synchronization. REPADMIN is in the Support Tools, which can be installed
from the W2K Server CD.

Will try...

From your NETDIAG test on SERVER1, it appears that it is trying to query
both servers for DNS, which indicates that you still have both servers in
the DNS settings on SERVER1. Make sure that you are pointing to ONLY
SERVER1 at this point.

Both servers only use server1 in their adapter DNS
settings. However I did notice that server2 shows up as
an A record in server2 DNS. Is this okay or is this
another pointer that should be manually removed?

For the DCDIAG error on SERVER2. Since this is your only site, and you're
not using SMTP for replication, you can ignore the SMTPSVC error. The
SYSVOL error is generally a good indicator that replication isn't occurring
(which we already knew).

What is "BIRD.primewest"? Is that your domain name, one of the servers, or
....?

Sorry for lack of clarification, this is server1, MONK is
server2.

Randy Barger
MCT, MCSE, MCSA, CCNA, CCA, CNA
__________________________________________________
ConsultIT - http://ConsultIT.bizhosting.com/
Improving business through technology.

I have been working on this with everyone's helpful
suggestions. Things are better, but not quite complete.
Here is the summary and answers to previous questions:

GC is indeed on new PDC, server2 (in sites NTDS Settings I
unchecked server1, checked server2 global catalog box).

Updated registry on both servers (had to add these keys,
didn't even exist) per Tim recommendation (article
Q300684), but no change.

Re-installed DNS on original PDC, server1, and changed
TCP/IP DNS settings in both servers to point to server1.
Removed DNS from server2.

netdiag /fix on server1 (several fixes)
netdiag /fix on server2 (several fixes)
dcdiag /fix on server1
dcdiag /fix on server2

Server1 is now showing original DNS records (with proper _
folders).

Ran dcdiag on server1, everything passes.

Ran netdiag on server1, everything passes except this
warning:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative
DNS server for the name
'BIRD.primewest.'. [ERROR_TIMEOUT]
The name 'BIRD.primewest.' may not be
registered in DNS.
PASS - All the DNS entries for DC are registered on
DNS server '192.0.2.3' a
nd other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS
server 192.0.2.2, ERROR_TIMEOUT.


Ran dcdiag on server 2 (new PDC), everything passed except:

Starting test: Services
SMTPSVC Service is stopped on [MONK]
......................... MONK failed test
Services
Starting test: ObjectsReplicated
......................... MONK passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.


Ran netdiag on server2, everything passes.

Also attempted net stop netlogon, net start netlogon again
on server1. Still showing error in event viewer "Dynamic
registration or deregistration of one or more DNS records
failed because no DNS servers are available."

Is there a timing issue here? Would it make a difference
if I go back to the office and re-run this in say, an hour?

Again I'm new to this, can anyone clarify how I can force
and verify sychronization + replication (other than what
occurs during diag /fix)?

Much appreciated!
Subsiding Migraine (hopeful)...

-----Original Message-----
We have two Win2000 SP4 servers. Server1 is the PDC

and
DNS server for our basic domain setup in a small office,
server2 is a member.

We need to remove Server1 from the domain for web

hosting
services, so this morning we attempted to replace server1
as PDC:

- dcpromo on server2
- add DNS
- Migrate all fsmo roles through mmc on server2,

executing a change of operations master

- removed existing DNS domain zones (all configured for server1)
- added new DNS forward lookup zone for server2
- removed DNS from server1

DHCP is not enabled on either server. From what I can

tell server2 is now the pdc with DNS, and server2 is an
additional dc.

dcdiag results in these failures:
Doing initial required tests

Testing server: Default-First-Site-Name\server2
Starting test: Connectivity
server2's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP,

server
name, etc

Although the Guid DNS name
(actualguidhere._msdcs.domainname) couldn't be
resolved, the server name (server2.domainname) resolved to the IP address
(192.0.2.2) and was pingable. Check that the

IP
address is registered

correctly with the DNS server.
......................... server2 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\server2
Skipping all tests, because server server2 is
not responding to directory service requests

You'll note we do have a single label domain, but have

not had issues in the past with this. We do not intend on
using this domain publically (externally on internet).

server2 has properly configured DNS server in tcp/ip

properties (points to itself, 192.0.2.2).

server2 DNS forward lookup zones only contain the basic

SOA, NS, A info for server2, but none of the _ dns records!

We have tried ipconfig /registerdns with no change to zone records.
We have tried to stop and start netlogon with no change zone records.
We have tried netdiag.exe /fix with no change zone records.
We even tried to demote server1 to a member so we could

remove it from the domain (and hoped it might resolve
something) but we get a failure from the dcpromo "The
Directory Service failed to find a server to replicate off
changes".

All of the diagnostics continue to show DNS errors. We

have no idea where to go with this... any help at all
would be appreciated!

Suffering from a major migraine...
.

.

 

[Randy Barger \(ConsultIT\)]

After looking at the diag results you sent me, it looks like things are
going much better. Replication appears to be successful on both DCs now.

The next thing I'd try is putting DNS back on SERVER2, but don't point
anything to it yet. Just make sure the DNS information all replicates
properly. Once you've confirmed that, then you can switch the servers to
both point to SERVER2 only. Then you can remove DNS from SERVER1.

Randy Barger
MCT, MCSE, MCSA, CCNA, CCA, CNA
__________________________________________________
ConsultIT - http://ConsultIT.bizhosting.com/
Improving business through technology.

Comments inline below.

-----Original Message-----
You can use the "REPADMIN /syncall DCNAME" command for each DC to force
synchronization. REPADMIN is in the Support Tools, which can be installed
from the W2K Server CD.

Will try...

From your NETDIAG test on SERVER1, it appears that it is trying to query
both servers for DNS, which indicates that you still have both servers in
the DNS settings on SERVER1. Make sure that you are pointing to ONLY
SERVER1 at this point.

Both servers only use server1 in their adapter DNS
settings. However I did notice that server2 shows up as
an A record in server2 DNS. Is this okay or is this
another pointer that should be manually removed?

For the DCDIAG error on SERVER2. Since this is your only site, and you're
not using SMTP for replication, you can ignore the SMTPSVC error. The
SYSVOL error is generally a good indicator that replication isn't occurring
(which we already knew).

What is "BIRD.primewest"? Is that your domain name, one of the servers, or
....?

Sorry for lack of clarification, this is server1, MONK is
server2.

Randy Barger
MCT, MCSE, MCSA, CCNA, CCA, CNA
__________________________________________________
ConsultIT - http://ConsultIT.bizhosting.com/
Improving business through technology.

I have been working on this with everyone's helpful
suggestions. Things are better, but not quite complete.
Here is the summary and answers to previous questions:

GC is indeed on new PDC, server2 (in sites NTDS Settings I
unchecked server1, checked server2 global catalog box).

Updated registry on both servers (had to add these keys,
didn't even exist) per Tim recommendation (article
Q300684), but no change.

Re-installed DNS on original PDC, server1, and changed
TCP/IP DNS settings in both servers to point to server1.
Removed DNS from server2.

netdiag /fix on server1 (several fixes)
netdiag /fix on server2 (several fixes)
dcdiag /fix on server1
dcdiag /fix on server2

Server1 is now showing original DNS records (with proper _
folders).

Ran dcdiag on server1, everything passes.

Ran netdiag on server1, everything passes except this
warning:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative
DNS server for the name
'BIRD.primewest.'. [ERROR_TIMEOUT]
The name 'BIRD.primewest.' may not be
registered in DNS.
PASS - All the DNS entries for DC are registered on
DNS server '192.0.2.3' a
nd other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS
server 192.0.2.2, ERROR_TIMEOUT.


Ran dcdiag on server 2 (new PDC), everything passed except:

Starting test: Services
SMTPSVC Service is stopped on [MONK]
......................... MONK failed test
Services
Starting test: ObjectsReplicated
......................... MONK passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.


Ran netdiag on server2, everything passes.

Also attempted net stop netlogon, net start netlogon again
on server1. Still showing error in event viewer "Dynamic
registration or deregistration of one or more DNS records
failed because no DNS servers are available."

Is there a timing issue here? Would it make a difference
if I go back to the office and re-run this in say, an hour?

Again I'm new to this, can anyone clarify how I can force
and verify sychronization + replication (other than what
occurs during diag /fix)?

Much appreciated!
Subsiding Migraine (hopeful)...

-----Original Message-----
We have two Win2000 SP4 servers. Server1 is the PDC and
DNS server for our basic domain setup in a small office,
server2 is a member.

We need to remove Server1 from the domain for web hosting
services, so this morning we attempted to replace server1
as PDC:
- dcpromo on server2
- add DNS
- Migrate all fsmo roles through mmc on server2,
executing a change of operations master
- removed existing DNS domain zones (all configured for
server1)
- added new DNS forward lookup zone for server2
- removed DNS from server1

DHCP is not enabled on either server. From what I can
tell server2 is now the pdc with DNS, and server2 is an
additional dc.

dcdiag results in these failures:
Doing initial required tests

Testing server: Default-First-Site-Name\server2
Starting test: Connectivity
server2's server GUID DNS name could not be
resolved to an
IP address. Check the DNS server, DHCP, server
name, etc
Although the Guid DNS name
(actualguidhere._msdcs.domainname) couldn't be
resolved, the server name (server2.domainname)
resolved to the IP address
(192.0.2.2) and was pingable. Check that the IP
address is registered
correctly with the DNS server.
......................... server2 failed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\server2
Skipping all tests, because server server2 is
not responding to directory service requests

You'll note we do have a single label domain, but have
not had issues in the past with this. We do not intend on
using this domain publically (externally on internet).
server2 has properly configured DNS server in tcp/ip
properties (points to itself, 192.0.2.2).
server2 DNS forward lookup zones only contain the basic
SOA, NS, A info for server2, but none of the _ dns records!

We have tried ipconfig /registerdns with no change to
zone records.
We have tried to stop and start netlogon with no change
zone records.
We have tried netdiag.exe /fix with no change zone
records.
We even tried to demote server1 to a member so we could
remove it from the domain (and hoped it might resolve
something) but we get a failure from the dcpromo "The
Directory Service failed to find a server to replicate off
changes".

All of the diagnostics continue to show DNS errors. We
have no idea where to go with this... any help at all
would be appreciated!

Suffering from a major migraine...
.

.

 

[Migraine]

In summary for everyone else:
Fundamental changes since the original issue occurred:
- Confirmed new PDC is operations master for fsmo roles,
and also is global catalog master
- Re-installed DNS on original PDC (server1), pointed
both servers to new DNS server1, remove DNS from server2,
and ran netdiag /fix, dcdiag /fix to repair everything
- Added two single label domain reg changes (MS Article
Q300684) & reboot servers
- Change current IP block to private 192.168.0.X

Still seeing one error in events: "The Windows Time
Service was not able to find a Domain Controller. A time
and date update was not possible." and Ace recommended
this fix:

On new PDC (server2):
net time /setsntp:192.5.41.41
net stop w32time
w32tm -once
net start w32time

And one error in dcdiag on the current DNS server1:
"There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occurred. EventID: 0x800034C4"

Trying to confirm if I can ignore this. If so, I will
attempt to finalize the process by adding DNS to new PDC
(server2), verifying replication, pointing servers to new
DNS IP, and finally demoting original PDC (server1) and
removing from domain.

Stay tuned.

-----Original Message-----
After looking at the diag results you sent me, it looks like things are
going much better. Replication appears to be successful on both DCs now.

The next thing I'd try is putting DNS back on SERVER2, but don't point
anything to it yet. Just make sure the DNS information all replicates
properly. Once you've confirmed that, then you can switch the servers to
both point to SERVER2 only. Then you can remove DNS from SERVER1.

Randy Barger
MCT, MCSE, MCSA, CCNA, CCA, CNA
__________________________________________________
ConsultIT - http://ConsultIT.bizhosting.com/
Improving business through technology.

Comments inline below.

-----Original Message-----
You can use the "REPADMIN /syncall DCNAME" command for each DC to force
synchronization. REPADMIN is in the Support Tools,

which
can be installed

from the W2K Server CD.

Will try...

From your NETDIAG test on SERVER1, it appears that it

is
trying to query

both servers for DNS, which indicates that you still

have
both servers in

the DNS settings on SERVER1. Make sure that you are pointing to ONLY
SERVER1 at this point.

Both servers only use server1 in their adapter DNS
settings. However I did notice that server2 shows up as
an A record in server2 DNS. Is this okay or is this
another pointer that should be manually removed?

For the DCDIAG error on SERVER2. Since this is your

only
site, and you're

not using SMTP for replication, you can ignore the SMTPSVC error. The
SYSVOL error is generally a good indicator that replication isn't occurring
(which we already knew).

What is "BIRD.primewest"? Is that your domain name,

one
of the servers, or

....?

Sorry for lack of clarification, this is server1, MONK is
server2.

Randy Barger
MCT, MCSE, MCSA, CCNA, CCA, CNA
__________________________________________________
ConsultIT - http://ConsultIT.bizhosting.com/
Improving business through technology.


"Migraine" <[email protected]>

wrote
in message

I have been working on this with everyone's helpful
suggestions. Things are better, but not quite complete.
Here is the summary and answers to previous questions:

GC is indeed on new PDC, server2 (in sites NTDS Settings I
unchecked server1, checked server2 global catalog box).

Updated registry on both servers (had to add these keys,
didn't even exist) per Tim recommendation (article
Q300684), but no change.

Re-installed DNS on original PDC, server1, and changed
TCP/IP DNS settings in both servers to point to server1.
Removed DNS from server2.

netdiag /fix on server1 (several fixes)
netdiag /fix on server2 (several fixes)
dcdiag /fix on server1
dcdiag /fix on server2

Server1 is now showing original DNS records (with proper _
folders).

Ran dcdiag on server1, everything passes.

Ran netdiag on server1, everything passes except this
warning:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative
DNS server for the name
'BIRD.primewest.'. [ERROR_TIMEOUT]
The name 'BIRD.primewest.' may not be
registered in DNS.
PASS - All the DNS entries for DC are registered on
DNS server '192.0.2.3' a
nd other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS
server 192.0.2.2, ERROR_TIMEOUT.


Ran dcdiag on server 2 (new PDC), everything passed except:

Starting test: Services
SMTPSVC Service is stopped on [MONK]
......................... MONK failed test
Services
Starting test: ObjectsReplicated
......................... MONK passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.


Ran netdiag on server2, everything passes.

Also attempted net stop netlogon, net start netlogon again
on server1. Still showing error in event viewer "Dynamic
registration or deregistration of one or more DNS records
failed because no DNS servers are available."

Is there a timing issue here? Would it make a difference
if I go back to the office and re-run this in say, an hour?

Again I'm new to this, can anyone clarify how I can force
and verify sychronization + replication (other than what
occurs during diag /fix)?

Much appreciated!
Subsiding Migraine (hopeful)...

-----Original Message-----
We have two Win2000 SP4 servers. Server1 is the PDC and
DNS server for our basic domain setup in a small office,
server2 is a member.

We need to remove Server1 from the domain for web hosting
services, so this morning we attempted to replace server1
as PDC:
- dcpromo on server2
- add DNS
- Migrate all fsmo roles through mmc on server2,
executing a change of operations master
- removed existing DNS domain zones (all configured for
server1)
- added new DNS forward lookup zone for server2
- removed DNS from server1

DHCP is not enabled on either server. From what I can
tell server2 is now the pdc with DNS, and server2 is an
additional dc.

dcdiag results in these failures:
Doing initial required tests

Testing server: Default-First-Site-Name\server2
Starting test: Connectivity
server2's server GUID DNS name could not be
resolved to an
IP address. Check the DNS server, DHCP, server
name, etc
Although the Guid DNS name
(actualguidhere._msdcs.domainname) couldn't be
resolved, the server name (server2.domainname)
resolved to the IP address
(192.0.2.2) and was pingable. Check that

the
IP

address is registered
correctly with the DNS server.
......................... server2 failed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\server2
Skipping all tests, because server server2 is
not responding to directory service requests

You'll note we do have a single label domain, but have
not had issues in the past with this. We do not

intend
on

using this domain publically (externally on internet).
server2 has properly configured DNS server in tcp/ip
properties (points to itself, 192.0.2.2).
server2 DNS forward lookup zones only contain the basic
SOA, NS, A info for server2, but none of the _ dns records!

We have tried ipconfig /registerdns with no change to
zone records.
We have tried to stop and start netlogon with no change
zone records.
We have tried netdiag.exe /fix with no change zone
records.
We even tried to demote server1 to a member so we could
remove it from the domain (and hoped it might resolve
something) but we get a failure from the dcpromo "The
Directory Service failed to find a server to

replicate
off

changes".

All of the diagnostics continue to show DNS errors. We
have no idea where to go with this... any help at all
would be appreciated!

Suffering from a major migraine...
.



.

.

 

[Migraine]

Well, here's the update:
- I removed the event logs on both servers (system, DNS,
and FRS).
- Re-installed DNS on Monk. Interestingly enough the zone
appeared AD integrated and already updated... I did not
have to add the zone at all!
- Checked events log and found only one DNS error 6702.
That same error was followed by an info message with same
time stamp, 'DNS started...'
- Did a quick dcdiag /fix, netdiag /fix, also deleted a
rogue record from DNS that used the old IP block.
- Checked DNS again and everything was in order,
everything appeared synchronized. (Hoping the DNS error
above was a fluke), I now pointed both servers to Monk as
DNS server.
- Ran ipconfig /flushdns, ipconfig /registerdns, then
another dcdiag /fix, netdiag /fix for good measure.
- After a few mins, ran dcdiag and netdiag. Everything
looked fine except dcdiag was reporting the following on
both servers:
Starting test: frssysvol
Error: No record of File Replication System, SYSVOL
started.
The Active Directory may be prevented from starting.
......................... BIRD passed test frssysvol

However, at this point there were no further errors in the
events log. Also tried a few PC's around the office and
all were logging into the domain and accessing the
internet just fine with Monk. What gives with that dcdiag
error?

Here's another tidbit, when I used nslookup to sniff
around, it recognizes both dc's no problem, but I always
get this prelim error:
*** Can't find server name for address 192.168.0.3: Non-
existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.0.3

So in summary, it's generally looking good except I'm
worried about the dcdiag error (and one time DNS events
error) so I did not proceed with removal of DNS from Bird
and demotion just yet. What do you think of all this?

-----Original Message-----
In summary for everyone else:
Fundamental changes since the original issue occurred:
- Confirmed new PDC is operations master for fsmo roles,
and also is global catalog master
- Re-installed DNS on original PDC (server1), pointed
both servers to new DNS server1, remove DNS from server2,
and ran netdiag /fix, dcdiag /fix to repair everything
- Added two single label domain reg changes (MS Article
Q300684) & reboot servers
- Change current IP block to private 192.168.0.X

Still seeing one error in events: "The Windows Time
Service was not able to find a Domain Controller. A time
and date update was not possible." and Ace recommended
this fix:

On new PDC (server2):
net time /setsntp:192.5.41.41
net stop w32time
w32tm -once
net start w32time

And one error in dcdiag on the current DNS server1:
"There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occurred. EventID: 0x800034C4"

Trying to confirm if I can ignore this. If so, I will
attempt to finalize the process by adding DNS to new PDC
(server2), verifying replication, pointing servers to new
DNS IP, and finally demoting original PDC (server1) and
removing from domain.

Stay tuned.

-----Original Message-----
After looking at the diag results you sent me, it looks like things are
going much better. Replication appears to be successful on both DCs now.

The next thing I'd try is putting DNS back on SERVER2, but don't point
anything to it yet. Just make sure the DNS information all replicates
properly. Once you've confirmed that, then you can switch the servers to
both point to SERVER2 only. Then you can remove DNS

from

SERVER1.

Randy Barger
MCT, MCSE, MCSA, CCNA, CCA, CNA
__________________________________________________
ConsultIT - http://ConsultIT.bizhosting.com/
Improving business through technology.


"Migraine" <[email protected]>

wrote
in message

Comments inline below.


-----Original Message-----
You can use the "REPADMIN /syncall DCNAME" command for
each DC to force
synchronization. REPADMIN is in the Support Tools, which
can be installed
from the W2K Server CD.

Will try...

From your NETDIAG test on SERVER1, it appears that it is
trying to query
both servers for DNS, which indicates that you still have
both servers in
the DNS settings on SERVER1. Make sure that you are
pointing to ONLY
SERVER1 at this point.

Both servers only use server1 in their adapter DNS
settings. However I did notice that server2 shows up as
an A record in server2 DNS. Is this okay or is this
another pointer that should be manually removed?


For the DCDIAG error on SERVER2. Since this is your only
site, and you're
not using SMTP for replication, you can ignore the
SMTPSVC error. The
SYSVOL error is generally a good indicator that
replication isn't occurring
(which we already knew).

What is "BIRD.primewest"? Is that your domain name, one
of the servers, or
....?

Sorry for lack of clarification, this is server1, MONK is
server2.


Randy Barger
MCT, MCSE, MCSA, CCNA, CCA, CNA
__________________________________________________
ConsultIT - http://ConsultIT.bizhosting.com/
Improving business through technology.


in message
I have been working on this with everyone's helpful
suggestions. Things are better, but not quite complete.
Here is the summary and answers to previous questions:

GC is indeed on new PDC, server2 (in sites NTDS
Settings I
unchecked server1, checked server2 global catalog box).

Updated registry on both servers (had to add these keys,
didn't even exist) per Tim recommendation (article
Q300684), but no change.

Re-installed DNS on original PDC, server1, and changed
TCP/IP DNS settings in both servers to point to server1.
Removed DNS from server2.

netdiag /fix on server1 (several fixes)
netdiag /fix on server2 (several fixes)
dcdiag /fix on server1
dcdiag /fix on server2

Server1 is now showing original DNS records (with
proper _
folders).

Ran dcdiag on server1, everything passes.

Ran netdiag on server1, everything passes except this
warning:

DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative
DNS server for the name
'BIRD.primewest.'. [ERROR_TIMEOUT]
The name 'BIRD.primewest.' may not be
registered in DNS.
PASS - All the DNS entries for DC are

registered

on

DNS server '192.0.2.3' a
nd other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC cannot be
verified right now on DNS
server 192.0.2.2, ERROR_TIMEOUT.


Ran dcdiag on server 2 (new PDC), everything passed
except:

Starting test: Services
SMTPSVC Service is stopped on [MONK]
......................... MONK failed test
Services
Starting test: ObjectsReplicated
......................... MONK passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been
shared.
The SYSVOL can prevent the AD from starting.


Ran netdiag on server2, everything passes.

Also attempted net stop netlogon, net start netlogon
again
on server1. Still showing error in event
viewer "Dynamic
registration or deregistration of one or more DNS
records
failed because no DNS servers are available."

Is there a timing issue here? Would it make a
difference
if I go back to the office and re-run this in say, an
hour?

Again I'm new to this, can anyone clarify how I can
force
and verify sychronization + replication (other than what
occurs during diag /fix)?

Much appreciated!
Subsiding Migraine (hopeful)...

-----Original Message-----
We have two Win2000 SP4 servers. Server1 is the PDC
and
DNS server for our basic domain setup in a small office,
server2 is a member.

We need to remove Server1 from the domain for web
hosting
services, so this morning we attempted to replace
server1
as PDC:
- dcpromo on server2
- add DNS
- Migrate all fsmo roles through mmc on server2,
executing a change of operations master
- removed existing DNS domain zones (all

configured

for

is

an


.

.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Well, here's the update:
- I removed the event logs on both servers (system, DNS,
and FRS).
- Re-installed DNS on Monk. Interestingly enough the zone
appeared AD integrated and already updated... I did not
have to add the zone at all!
- Checked events log and found only one DNS error 6702.
That same error was followed by an info message with same
time stamp, 'DNS started...'
- Did a quick dcdiag /fix, netdiag /fix, also deleted a
rogue record from DNS that used the old IP block.
- Checked DNS again and everything was in order,
everything appeared synchronized. (Hoping the DNS error
above was a fluke), I now pointed both servers to Monk as
DNS server.
- Ran ipconfig /flushdns, ipconfig /registerdns, then
another dcdiag /fix, netdiag /fix for good measure.
- After a few mins, ran dcdiag and netdiag. Everything
looked fine except dcdiag was reporting the following on
both servers:
Starting test: frssysvol
Error: No record of File Replication System, SYSVOL
started.
The Active Directory may be prevented from starting.
........................ BIRD passed test frssysvol

However, at this point there were no further errors in the
events log. Also tried a few PC's around the office and
all were logging into the domain and accessing the
internet just fine with Monk. What gives with that dcdiag
error?

Here's another tidbit, when I used nslookup to sniff
around, it recognizes both dc's no problem, but I always
get this prelim error:
*** Can't find server name for address 192.168.0.3: Non-
existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.0.3

So in summary, it's generally looking good except I'm
worried about the dcdiag error (and one time DNS events
error) so I did not proceed with removal of DNS from Bird
and demotion just yet. What do you think of all this?

Since you did change your Netrange, each DC should point to the other first
then to its own address for DNS, you should be able to force replication.

The Nslookup error can be ignored.

Nslookup performs a reverse lookup on the IP it is looking at for DNS you
can ignore it
or
create a reverse lookup zone for 168.192.in-addr.arpa let it allow dynamic
up dates restart the netlogon service on the DCs run ipcongfig /registerdns
on your Workstations. this should complete the zone and create the PTR
records for you.

FYI, you can make the zone AD integrated but you should check the ACL on the
zone to make sure your machines have the permissions to create/delete child
objects.

 

[Ace Fekay [MVP]]

In Migraine <[email protected]> posted their thoughts,
then I offered mine
<snip>

At this juncture, I would suggest to remote into your machine(s). I think I
may have a few minutes later today to do so, but my week is booked.

Also, check to make sure that both DNS servers are not listed in both
machine's IP properties, as Randy mentioned that it appears that way from
the netdiag test.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Migraine]

In regards to the comment:

FYI, you can make the zone AD integrated but you should check the ACL on the
zone to make sure your machines have the permissions to create/delete child
objects.

I found it interesting that both dc's are only members
of 'Domain Controllers' and in fact that group does not
appear in the zone ACL. Authenticated user, Enterprise
Admin, etc. you name it, but no dc group. So for kicks I
added 'Domain Controllers'. Do you think that is std
practice or did I have a fluke in my ACL?

Migraine subsiding...

 

[No more migraine!]

Not sure if this ACL change or a maintenance reboot did
the trick, but the sysvol errors out of dcdiag disappeared!

I did have a couple of warnings that I tied to old
information in the events log (thanks for that tip Randy!)
so once I cleaned it up everything was perfect!

I was finally able to proceed with the demotion of the
original PDC, which completed without a hitch.

Thanks to everyone for the invaluable assistance!

Best regards,
No more migraine!

 

[Kevin Goodknecht]

In

In regards to the comment:

I found it interesting that both dc's are only members
of 'Domain Controllers' and in fact that group does not
appear in the zone ACL. Authenticated user, Enterprise
Admin, etc. you name it, but no dc group. So for kicks I
added 'Domain Controllers'. Do you think that is std
practice or did I have a fluke in my ACL?

Migraine subsiding...

If it was a fluke on your machine then I had the same fluke. I had to add my
DCs to the list before I could use "Only secure updates"

 

[Ace Fekay [MVP]]

No more migraines! That's what I like to hear!!

I think that ACL entry probably may have probably helped. And yes, those old
Event log errors being there are interesting causing the dcidiag errors.
That;s one I have to remember.

Ace

In