Problems adding W2k8 (not R2) DC to W2k Domain

Curious problem adding W2k8 DC to existing W2k domain.

I have followed the instructions of Meinolf Weber, e.g. Netdiag, DCdiag, Adprep, transferring all FMSO roles, establishing reliable external time server, etc.

On the new w2k8 DC, when I point the DNS to the existing DC, the new DC performs very well.  However, when I point the DNS to the new DC and restart, the DC does not seem to function correctly.

1. Network properties no longer shows the domain name for the network, instead it just shows "Network"

2. The event log contained numerous warnings after assigning the local IP for DNS and restarting. See below: (I can provide the details if needed)

Warning    3/28/2015 8:59:33 AM    DNS-Server-Service    4013    None
Error    3/28/2015 8:59:08 AM    GroupPolicy    1129    None
Warning    3/28/2015 8:59:08 AM    Winlogon    6006    None
Warning    3/28/2015 8:58:37 AM    Time-Service    134    None
Error    3/28/2015 8:58:28 AM    DFSR    1202    None
Warning    3/28/2015 8:58:24 AM    LsaSrv    40960    (3)
Warning    3/28/2015 8:58:23 AM    Time-Service    134    None
Warning    3/28/2015 8:58:13 AM    LsaSrv    40960    (3)
Warning    3/28/2015 8:58:09 AM    LsaSrv    40960    (3)
Warning    3/28/2015 8:57:50 AM    NETLOGON    3096    None
Warning    3/28/2015 8:57:28 AM    DNS-Server-Service    4013    None
Warning    3/28/2015 8:56:46 AM    ActiveDirectory_DomainService    2088    DS RPC Client
Warning    3/28/2015 8:56:10 AM    Winlogon    6005    None
Warning    3/28/2015 8:55:23 AM    DNS-Server-Service    4013    None
Warning    3/28/2015 8:55:18 AM    Kerberos-Key-Distribution-Center    29    None

So far, I have transferred the FMSO roles back to the old server once and demoted the new DC and removed AD completely.  I reinstalled AD under a different machine name and I am still experiencing the same issue.

I am at a loss and would greatly appreciate some assistance.

Thanks.

March 28th, 2015 1:03pm

I would recommend that you refer to what I wrote here for your DCs IP settings: http://www.ahmedmalek.com/web/fr/articles.asp?artid=23

Also, use dcdiag and repadmin to confirm that everything is okay.

To check DNS resolution against your DNS servers, you can use NSlookup and update the default server to specify your target DNS server: http://social.technet.microsoft.com/wiki/contents/articles/29184.nslookup-for-beginner

Free Windows Admin Tool Kit Click here and download it now
March 28th, 2015 5:04pm

Hello,

I would suggest your existing DC W2k  migrate to Windows server 2008 DC. It is not be the solution to the issue which you are experiencing now, But still better to create a stable enviornment with latest Operating system. atleast Windows server 2008.

Regards

Biju Kurup

March 28th, 2015 11:04pm

All TCP/IP settings conform to the article you referenced above.

When the new DC includes the IP address of the old DC in DNS settings (new IP primary, old IP secondary), All dcdiag, repadmin & NSlookup tests pass with flying colors.  When I remove the IP address of the old DC from the DNS settings, that is when the new DC does not even recognize the domain and there are numerous errors in DCdiag.

Free Windows Admin Tool Kit Click here and download it now
March 29th, 2015 9:25am

Thanks for your suggestion.  I have been working this issue for a week and I am at the point where I am considering creating an entirely new domain using 2008R2 and transferring all user profiles over to the new domain.  This has been an enormous time hole.  I have migrated numerous DCs in the past and I have never run into this kind of trouble.
March 29th, 2015 9:28am

I forgot to ask you one question.  I am curious, why is it recommended to NOT have public DNS servers listed as DNS forwarders in the DNS server?
Free Windows Admin Tool Kit Click here and download it now
March 29th, 2015 9:30am

1. I have public DNS in forwarders and have not problems (years ago). I do not configure this in latest operating systems.

2. What is really bad is putting public DNS in client NIC specifications because of RR are not reacheable.

3. In server NIC  DNS specification the first  DNS IP points to tself, second DNS IP address points to another DC. This configuration does not generate infinite error logs, namely about the fact that there was an error at the beginning. However from the point of view of proper functionality there is no difference.

4. I do not see at least two important configuration steps in your description. You have not moved GC and has not check the replication status. Every time you do something with DNS configuration, you should clear the DNS cache. Make sure that time difference is within the Kerberos window

5. Older operating systm I used netdiag with parameters /debug and /fix (as well as ipconfig /flushdns).

6. I do not understand what you want to achieve with operating systm that is out of support for 5 years.

7. For event. log analysis you will need a look at services, are important servics running - if not - is there any problm with services that these are dependent on.

HTH

Milos

March 29th, 2015 10:02am

If it's not working when you point to the new 2008 DC DNS, then it tells me that the DNS data is not replicating. When you installed DNS on the 2008 DC, it has additional options that 2000 has NO idea what they are. If you had administered it from 2008, then you may have introduced those new options causing the zone data to not replicate.

The rule of thumb is to install DNS on the new DC, and continue to administer DNS from the oldes common denominator until you get rid of them or update them.

Go into DNS on the new one, right-click the AD zone name, and tell me what replication scope did you set it to.

Free Windows Admin Tool Kit Click here and download it now
March 29th, 2015 11:13pm

FYI, here's what I mean with what can happen if choosing those new features in a mixed environment.

Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
Published by acefekay on Sep 2, 2009 at 2:34 PM  7748  2
http://blogs.msmvps.com/acefekay/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones/

-

DNS Zone Types Explained, Their Storage Locations in the AD database and their Significance in Active Directory
http://blogs.msmvps.com/acefekay/2013/04/30/dns-zone-types-explained-and-their-significance-in-active-directory/

March 29th, 2015 11:17pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics