Issues When Adding a Windows Server 2008 R2 Domain Controller
Windows Server 2008 R2. I began the DCPROMO.EXE process of adding a third domain controller to our domain. I had a couple of things come up during the process that led me to abort the process and come here to post. The following two issues came up for which I have questions. 1. Early in the DCPROMO I received the dialogue: "There are currrently 3 DNS servers that are registered as authoritative name servers for this domain. You cannot install a read-only domain controller at this time. You must first run "adprep/rodcprep" from a command window on any computer in this forest . . ." First I only have 2 DNS servers in the domain before adding this thrid one. I am not sure how it is getting a count of 3. I used to have three, but completely removed (or so I thought) one of the 3 a couple of weeks ago. Where can I go to see a list of the 3 DNS servers it thinks I have? How can I remove the extraneous DNS server from the list (if there is an extraneous one)?Second, what is a "read-only domain controller" and why would I want to install one? 2. Later in the DCPROMO process I received the dialogue, "A delegation for the DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "goodnewsjail.org." Otherwise, no action is required." First, what is this trying to tell me? It is cryptic to me. I have two existing domain controllers, so why can it not find what it needs here?I have seen articles that say, "Ignore this and move on." But this does not look like something I want to ignore. Any help would be appreciated. So at present I only have two domain controllers (one a Windows Server 2003 and one a Windows Server 2008 R2 virtual). I canceled the DCPROMO for my third Windows Server 2008 R2 virtual domain controller until I get clarification here. Thanks for any help. Doug Pruiett Good News Jail & Prison Ministry Richmond, Virginia www.goodnewsjail.org
March 24th, 2012 11:12am

First I only have 2 DNS servers in the domain before adding this thrid one. I am not sure how it is getting a count of 3. I used to have three, but completely removed (or so I thought) one of the 3 a couple of weeks ago. Where can I go to see a list of the 3 DNS servers it thinks I have? How can I remove the extraneous DNS server from the list (if there is an extraneous one)? This is because your 3rd DNS server was not retired cleanly, seems like you still have it's NS record in DNS zone. You will need to manually remove it. Brows to the properties of the Primary Zone and click on the name servers tab from their remove the dismissed server from the list. Also delete any other records for that sever if any. Ref article- Removing a DNS Server http://technet.microsoft.com/en-us/library/cc794727%28v=ws.10%29.aspx Second, what is a "read-only domain controller" and why would I want to install one? An RODC is an additional domain controller for a domain that hosts read-only partitions of the Active Directory database. An RODC is designed primarily to be deployed in a branch office environment. Branch offices typically have relatively few users, poor physical security, relatively poor network bandwidth to a hub site, and little local IT knowledge. In your case you don't need to worry about it if you don't need this functionality. What Is an RODC? http://technet.microsoft.com/en-us/library/cc755058%28v=WS.10%29.aspx First, what is this trying to tell me? It is cryptic to me. I have two existing domain controllers, so why can it not find what it needs here? This is also due to the stale DNS entries for your retired server, go to the same location , properties of zone and from the SOA tab make sure you have selected the working server. And also make sure DNS pointing to correct DNS server under NIC settings. I have seen articles that say, "Ignore this and move on." But this does not look like something I want to ignore. Any help would be appreciated. If you follow previous steps you won't need to worry about this as the error will disappear. Sachin Gadhave
Free Windows Admin Tool Kit Click here and download it now
March 24th, 2012 12:23pm

Thanks Sachin. Sure enough the old server name was showing on the Name Servers tab as status "unknown." I removed it and tested per your reference article on "Removing a DNS Server." All looks good. I reran the DCPROMO and did not get the errors. However, I am holding off on making this VM a domain controller until I can get some advice on another issue referenced in the thread below. Thanks. I would appreciate your opinion/technical advice on the other thread I have here: http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/6b5957eb-9f0f-4fcb-9311-d74a9bfd0848 Thanks for any help. Doug Pruiett Good News Jail & Prison Ministry Richmond, Virginia www.goodnewsjail.org
March 24th, 2012 2:23pm

Sachin: I tried again and now I only got the following dialogue: "A delegation for the DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "goodnewsjail.org." What can I do to clear this?Doug Pruiett Good News Jail & Prison Ministry Richmond, Virginia www.goodnewsjail.org
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2012 9:56am

By the way, there are two (2) other DNS servers (domain controllers) that have been running for quite a while in this same forest. Why can it not find what it needs?Doug Pruiett Good News Jail & Prison Ministry Richmond, Virginia www.goodnewsjail.org
March 26th, 2012 10:03am

Never mind. I found an article that said to uncheck the DNS role during DCPROMO and add DNS after DCPROMO is finished. I did that.Doug Pruiett Good News Jail & Prison Ministry Richmond, Virginia www.goodnewsjail.org
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2012 10:18am

Hello, I tried again and now I only got the following dialogue: "A delegation for the DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "goodnewsjail.org." What can I do to clear this? This is a warning you can ignore when installing additional DCs in an existing domain. No problem with doing this and you cannot prevent this message.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
March 26th, 2012 10:26am

By the way, there are two (2) other DNS servers (domain controllers) that have been running for quite a while in this same forest. Why can it not find what it needs? Doug Pruiett Good News Jail & Prison Ministry Richmond, Virginia www.goodnewsjail.org Hello, please elaborate "find what it needs?". During dcpromo the new machine has to contact a DNS server to find a DC.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2012 10:27am

Never mind. I found an article that said to uncheck the DNS role during DCPROMO and add DNS after DCPROMO is finished. I did that. Doug Pruiett Good News Jail & Prison Ministry Richmond, Virginia www.goodnewsjail.org Hello, never had the problem to add the DNS server role during promotion process. Did you use ONLY one DC/DNS server on the NIC and NONE other ip address? Even no the loopback ip or the own server ones? Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
March 26th, 2012 10:29am

Hello, I tried again and now I only got the following dialogue: "A delegation for the DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "goodnewsjail.org." What can I do to clear this? This is a warning you can ignore when installing additional DCs in an existing domain. No problem with doing this and you cannot prevent this message.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2012 5:24pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics