So I have been searching and reading and have seen some similar posts but what I am experiencing is a little different. In my development network I have 2 vmhosts. I added another system with a SAS array running Windows Storage Server 2008 R2 and moved my guests to this box via Iscsi. According to what I have read, storage server should be a member of the domain, but all my domain controllers are VM's so the array needs to come up before the domain controllers. I had tried making Storage Server a domain controller but kept getting errors about AD not being able to start because it could not resolve the DNS host name of the source domain controller to an IP address. DNS was throwing an error that it was waiting for AD to signal that the initial sync had completed. I then get an error stating the KCC failed and it points to the second DC that is a guest and unavailable until Storage Server has loaded. Both AD and DNS were running on the box. So I decided to try adding another box to the mix just as a domain controller. I still get the same error. I have checked _msdc.XXX.XXXXX settings and removed instances of the second (VM guest machine) but as soon as I bring up the second DC it happens all over again. One thing I discovered is the Storage Server box does appear to start and the Iscsi targets are available even thought the box is not logged into the domain, so maybe I will just move it to a workgroup and go back to running the DC's as VM's. I guess my question is why does DNS point to a second instance of DNS to resolve its own host name. The DC in question is the fsmo role holder

This one may help. Things to consider when you host Active Directory domain controllers in virtual hosting environments http://support.microsoft.com/kb/888794 Regards, Dave Patrick .... Microsoft Certified Professional Microsoft MVP [Windows]

Hi, Thanks for posting here. I think you don’t have to prompt both physical host servers as domain controller, this will create “chicken and egg” problem when restart host servers. So basically I think you are encountering this issue right now. To reduce complexity of deployment ,in my view that you should demote two physical hosts, adding SAS array where on storage server via iSCSI , deploying VMs and promoting to domain controllers. For more information please refer to the blog post below : Domain in a box http://blogs.technet.com/b/megand/archive/2004/12/08/278532.aspx Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi , If there is any update on this issue, please feel free to let us know. We are looking forward to your reply. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I am still having issues. I promoted the windows storage server to a domain controller and between the fsmo role holder and the wss box ad will still not start. I have a vm that is configured as a dc. Unless I power the vm ad will not start. I went through DNS and removed all occurances of the VM dc from DNS, and still ad will not start unless the VM is running. Since it appears that the iscsi services start on WSS without AD running, I guess it is not a big issue. The iscsi targets are on a separate network that does not have dns. If I demote the wss to a member server and then remove it from the domain, how badly is that going to break my iscsi? If it only affects the initiators I can fix that. I just don't want to lose the targets. I don't really want to start from scratch with a single domain controller as I have exchange on this development network but I would really like to upgrade from a 2003 domain to a 2008 domain

Hi, Thanks for update. Please try setting the registry value Repl Perform Initial Synchronizations to 0 in order to bypass initial synchronization requirements in Active Directory. The specific path and values for that setting are shown below: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters Value name: Repl Perform Initial Synchronizations Value type: REG_DWORD Value data: 0 The following article will provide you more information about initial synchronizations: 305476 Initial synchronization requirements for Windows 2000 Server and Windows Server 2003 operations master role holders http://support.microsoft.com/default.aspx?scid=kb;EN-US;305476 2001093 Troubleshooting DNS Event ID 4013: The DNS server was unable to load AD integrated DNS zones http://support.microsoft.com/default.aspx?scid=kb;en-US;2001093 Meanwhile, it should be fine to demote the Hyper-V host without affecting the ISCSI target setting if the authentication of ISCSI is not using domain account. For safety, Please backup server first before demoting it. More Information on domain controller in virtualization environment: http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv(WS.10).aspx Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, If there is any update on this issue, please feel free to let us know. We are looking forward to your reply. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.