New 2008R2 Server To 2003 Domain

[ICTCity]

Mhhhh that's a good question.

I think you should copy the original file, modify it as I suggested before, stop dns service (open DNS snap-in > right click > stop), rename the new file properly, flush DNS cache, restart DNS and export again everything just to be sure everything has gone in the properly way.

EDIT ***Uh... DELETE ALSO the entry for ipv6!***

After that, try to open sites and services and tell me if you have the same error again.

DO NOT RENAME YOUR SERVER! We are going to fix this problem in another way.

Check event log for a while.

If you can open sites and services with no errors... we can be a bit more happy

If not... well... I still have time before the clean install

 

[SailingNut]

Still not sure on the "rename properly" part of the above.

Can I just go into the DNS snapin and change the enrties?

 

[ICTCity]

Still not sure on the "rename properly" part of the above.

Can I just go into the DNS snapin and change the enrties?

yes

 

[SailingNut]

OK, got the DNS reconfigured and I still get the "interface is unknown" problem when opening the AD Dimain Services. :wallbash:

Output from dcdiag.exe still shows references to big-rig2 (I can post if you want to see.)

Shuld I go through and try seizing roles again now that the DNS stuff is cleared up?

FYI, there is no deadline for doing a clean install on Saturday. I'm happy to keep working on this as long as you are!

 

[SailingNut]

Other information.... I grabbed the event log from a reboot after I changed the DNS entries. The file is attached.

 

[ICTCity]

Other information.... I grabbed the event log from a reboot after I changed the DNS entries. The file is attached.

Grrrrrrrr f****ng ipv6!!!

First try this procedure which surely disable IPv6:
http://www.windowsreference.com/net...-windows-server-20008-full-core-installation/

Then Export and post the DNS configuration again.

The first error is interesting:

The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.

It looks like it's trying to access another server via the wrong interface!

I'm still trying to find a way to manage domain and trust from command line...

 

[ICTCity]

Do you have another server?

If yes, open domain and trusts from there and connect to the dc by typing the ip.

Let me know.


Somebody explain me WHY you can't manage a server with core install -.- now I want to open a new topic in this forum!

 

[SailingNut]

Here's the output after doing the registry edit & rebooting.

;
;  Database file (null) for wtbhome.net zone.
;      Zone version:  5632
;

@                       IN  SOA big-rig.wtbhome.net. admin.wtbhome.net. (
5632         ; serial number
900          ; refresh
600          ; retry
86400        ; expire
3600       ) ; default TTL

;
;  Zone NS records
;

@                       NS	big-rig.wtbhome.net.
@                       NS	somewhere-hot.wtbhome.net.

;
;  Zone records
;

@                       600	A	192.168.0.2
@                       600	AAAA	fd47:dced:df9d:5a5f::1
63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs 600	CNAME	big-rig.wtbhome.net.
_kerberos._tcp.wtbhome._sites.dc._msdcs 600	SRV	0 100 88	big-rig.wtbhome.net.
_ldap._tcp.wtbhome._sites.dc._msdcs 600	SRV	0 100 389	big-rig.wtbhome.net.
_kerberos._tcp.dc._msdcs 600	SRV	0 100 88	big-rig.wtbhome.net.
_ldap._tcp.dc._msdcs    600	SRV	0 100 389	big-rig.wtbhome.net.
_ldap._tcp.d170d4c1-dda7-4565-b23c-024adc8e5aa9.domains._msdcs 600	SRV	0 100 389	big-rig.wtbhome.net.
gc._msdcs               600	A	192.168.0.100
600	A	192.168.0.2
600	AAAA	fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.gc._msdcs 600	SRV	0 100 3268	big-rig.wtbhome.net.
_ldap._tcp.gc._msdcs    600	SRV	0 100 3268	big-rig.wtbhome.net.
_ldap._tcp.pdc._msdcs   600	SRV	0 100 389	big-rig.wtbhome.net.
_gc._tcp.wtbhome._sites 600	SRV	0 100 3268	big-rig.wtbhome.net.
_kerberos._tcp.wtbhome._sites 600	SRV	0 100 88	big-rig.wtbhome.net.
_ldap._tcp.wtbhome._sites 600	SRV	0 100 389	big-rig.wtbhome.net.
_gc._tcp                600	SRV	0 100 3268	big-rig.wtbhome.net.
_kerberos._tcp          600	SRV	0 100 88	big-rig.wtbhome.net.
_kpasswd._tcp           600	SRV	0 100 464	big-rig.wtbhome.net.
_ldap._tcp              600	SRV	0 100 389	big-rig.wtbhome.net.
_kerberos._udp          600	SRV	0 100 88	big-rig.wtbhome.net.
_kpasswd._udp           600	SRV	0 100 464	big-rig.wtbhome.net.
apocalypso              1200	A	192.168.0.68
ATMRACK                 1200	A	192.168.0.54
BankOfBadHabits         1200	A	192.168.0.53
big-rig                 A	192.168.0.2
big-rigx                1200	A	192.168.0.7
CHGSINLATTITUDE         1200	A	192.168.0.55
DomainDnsZones          600	A	192.168.0.2
600	AAAA	fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.DomainDnsZones 600	SRV	0 100 389	big-rig.wtbhome.net.
_ldap._tcp.DomainDnsZones 600	SRV	0 100 389	big-rig.wtbhome.net.
ForestDnsZones          600	A	192.168.0.2
600	AAAA	fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.ForestDnsZones 600	SRV	0 100 389	big-rig.wtbhome.net.
_ldap._tcp.ForestDnsZones 600	SRV	0 100 389	big-rig.wtbhome.net.
JamaciaMistaka          1200	A	192.168.0.54
mame-cabinet            1200	A	192.168.0.57
mamecab                 1200	A	192.168.0.69
mamestation             1200	A	192.168.0.59
Margaritaville          1200	A	192.168.0.54
miss-magic              1200	A	192.168.0.57
missmagic               1200	A	192.168.0.51
overkill                1200	A	192.168.0.55
virtoverkill            1200	A	192.168.0.69
WIN7TEST-PC             1200	A	192.168.131.66

 

[ICTCity]

Here's the output after doing the registry edit & rebooting.

;
;  Database file (null) for wtbhome.net zone.
;      Zone version:  5632
;

@                       IN  SOA big-rig.wtbhome.net. admin.wtbhome.net. (
5632         ; serial number
900          ; refresh
600          ; retry
86400        ; expire
3600       ) ; default TTL

;
;  Zone NS records
;

@                       NS	big-rig.wtbhome.net.
@                       NS	somewhere-hot.wtbhome.net.

;
;  Zone records
;

@                       600	A	192.168.0.2
@                       600	AAAA	fd47:dced:df9d:5a5f::1
63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs 600	CNAME	big-rig.wtbhome.net.
_kerberos._tcp.wtbhome._sites.dc._msdcs 600	SRV	0 100 88	big-rig.wtbhome.net.
_ldap._tcp.wtbhome._sites.dc._msdcs 600	SRV	0 100 389	big-rig.wtbhome.net.
_kerberos._tcp.dc._msdcs 600	SRV	0 100 88	big-rig.wtbhome.net.
_ldap._tcp.dc._msdcs    600	SRV	0 100 389	big-rig.wtbhome.net.
_ldap._tcp.d170d4c1-dda7-4565-b23c-024adc8e5aa9.domains._msdcs 600	SRV	0 100 389	big-rig.wtbhome.net.
gc._msdcs               600	A	192.168.0.100
600	A	192.168.0.2
600	AAAA	fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.gc._msdcs 600	SRV	0 100 3268	big-rig.wtbhome.net.
_ldap._tcp.gc._msdcs    600	SRV	0 100 3268	big-rig.wtbhome.net.
_ldap._tcp.pdc._msdcs   600	SRV	0 100 389	big-rig.wtbhome.net.
_gc._tcp.wtbhome._sites 600	SRV	0 100 3268	big-rig.wtbhome.net.
_kerberos._tcp.wtbhome._sites 600	SRV	0 100 88	big-rig.wtbhome.net.
_ldap._tcp.wtbhome._sites 600	SRV	0 100 389	big-rig.wtbhome.net.
_gc._tcp                600	SRV	0 100 3268	big-rig.wtbhome.net.
_kerberos._tcp          600	SRV	0 100 88	big-rig.wtbhome.net.
_kpasswd._tcp           600	SRV	0 100 464	big-rig.wtbhome.net.
_ldap._tcp              600	SRV	0 100 389	big-rig.wtbhome.net.
_kerberos._udp          600	SRV	0 100 88	big-rig.wtbhome.net.
_kpasswd._udp           600	SRV	0 100 464	big-rig.wtbhome.net.
apocalypso              1200	A	192.168.0.68
ATMRACK                 1200	A	192.168.0.54
BankOfBadHabits         1200	A	192.168.0.53
big-rig                 A	192.168.0.2
big-rigx                1200	A	192.168.0.7
CHGSINLATTITUDE         1200	A	192.168.0.55
DomainDnsZones          600	A	192.168.0.2
600	AAAA	fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.DomainDnsZones 600	SRV	0 100 389	big-rig.wtbhome.net.
_ldap._tcp.DomainDnsZones 600	SRV	0 100 389	big-rig.wtbhome.net.
ForestDnsZones          600	A	192.168.0.2
600	AAAA	fd47:dced:df9d:5a5f::1
_ldap._tcp.wtbhome._sites.ForestDnsZones 600	SRV	0 100 389	big-rig.wtbhome.net.
_ldap._tcp.ForestDnsZones 600	SRV	0 100 389	big-rig.wtbhome.net.
JamaciaMistaka          1200	A	192.168.0.54
mame-cabinet            1200	A	192.168.0.57
mamecab                 1200	A	192.168.0.69
mamestation             1200	A	192.168.0.59
Margaritaville          1200	A	192.168.0.54
miss-magic              1200	A	192.168.0.57
missmagic               1200	A	192.168.0.51
overkill                1200	A	192.168.0.55
virtoverkill            1200	A	192.168.0.69
WIN7TEST-PC             1200	A	192.168.131.66

Can you please DELETE all the entries for IPv6? I see there's a zone for IPv6 and a A record. Also the two A records have the same "weight", when the DC try to use the IPv6 it doesn't work.

We must delete everything related to IPv6!

 

[SailingNut]

So I removed ALL IPv6 entries in the DNS server. I then restarted the DNS server service and attempted to open the AD Sites & Services with the same error. :-(

After the AD Sites & Services app came up I tried to manually connect to big-rig and it also failed with the interface unknown error. It also fails with the same error if I put in the IP address for connecting instead of the DNS name.

What are the next steps?

 

[ICTCity]

So I removed ALL IPv6 entries in the DNS server. I then restarted the DNS server service and attempted to open the AD Sites & Services with the same error. :-(

After the AD Sites & Services app came up I tried to manually connect to big-rig and it also failed with the interface unknown error. It also fails with the same error if I put in the IP address for connecting instead of the DNS name.

What are the next steps?

Ok, now we just need to set up NETLOGON properly, because it's trying to start with the wrong server's name (big-rig 2).

Now the point is: how to point netlogon to the right name?

Let's try this first:

Open the registry and select your computer, press CTRL+F and type big-rig2 and also check "Match whole string only". Once a result has been found, rename it to big-rig. After that press F3 (find next) and continue until the end.
Once done, restart the server and open a command prompt and type: net start netlogon and let me know if it's working or it gives you the same error.

 

[SailingNut]

Quite sadly, the same error after "cleasning" the registry.

Event viewer event ID = 5602
description = An internal error occurred while accessing the computer's local or network security database

Next? ;-)

On the plus side, dcdiag is looking a bit more like we're erasing traces of big-rig2. But the minus is that there seems to be an IPv6 entry "stuck" somewhere. Here's the output:

Directory Server Diagnosis


Performing initial setup:

Trying to find home server...

Home Server = big-rig

* Identified AD Forest. 
Done gathering initial info.


Doing initial required tests


Testing server: wtbhome\BIG-RIG2

Starting test: Connectivity

The host 63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net could

not be resolved to an IP address. Check the DNS server, DHCP, server

name, etc.

Neither the the server name (big-rig2.wtbhome.net) nor the Guid DNS

name (63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net) could

be resolved by DNS.  Check that the server is up and is registered

correctly with the DNS server. 
Got error while checking LDAP and RPC connectivity. Please check your

firewall settings.

......................... BIG-RIG2 failed test Connectivity



Doing primary tests


Testing server: wtbhome\BIG-RIG2

Skipping all tests, because server BIG-RIG2 is not responding to

directory service requests.



Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation


Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation


Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation


Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation


Running partition tests on : wtbhome

Starting test: CheckSDRefDom

......................... wtbhome passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... wtbhome passed test CrossRefValidation


Running enterprise tests on : wtbhome.net

Starting test: LocatorCheck

Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722

A Global Catalog Server could not be located - All GC's are down.

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722

A Primary Domain Controller could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(TIME_SERVER) call failed, error 1722

A Time Server could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

1722

A Good Time Server could not be located.

Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722

A KDC could not be located - All the KDCs are down.

......................... wtbhome.net failed test LocatorCheck

Starting test: Intersite

......................... wtbhome.net passed test Intersite

 

[ICTCity]

Quite sadly, the same error after "cleasning" the registry.

Event viewer event ID = 5602
description = An internal error occurred while accessing the computer's local or network security database

Next? ;-)

Open your DNS and add a new A record:

Name: big-rig2 (yes with number 2) IP: IP_big-rig

Add AAAA record:

Name: big-rig2 IPv6: IP_v6_big-rig

Add a CNAME:

from BIG-RIG2 to BIG-RIG



Flush DNS's cache.

 

[SailingNut]

Open your DNS and add a new A record:

Name: big-rig2 (yes with number 2) IP: IP_big-rig

Add AAAA record:

Name: big-rig2 IPv6: IP_v6_big-rig

Add a CNAME:

from BIG-RIG2 to BIG-RIG



Flush DNS's cache.

Unfortunately, when I go in to add the new A record it will not let me create the A record with IP_big-rig in the IP address field. It is insisting that I put in an IP address. Should I create the records with 192.168.0.2? (and whatever the IPv6 address is)

Or should I just try adding the CNAME?

 

[ICTCity]

Unfortunately, when I go in to add the new A record it will not let me create the A record with IP_big-rig in the IP address field. It is insisting that I put in an IP address. Should I create the records with 192.168.0.2? (and whatever the IPv6 address is)

Or should I just try adding the CNAME?

Well of course you have to put the real IP (192.168.0.2) eheh

 

[SailingNut]

OK, tried that and I get an error!

Dialog reads:

The host record big-rig2.wtbhome.net cannot be created. Refused

Nothing in the event log.

 

[ICTCity]

Retry and look here:
http://support.microsoft.com/kb/815224

 

[SailingNut]

Retry and look here:
http://support.microsoft.com/kb/815224

So, I tried the workaround listed in the KB article and no joy. When I double click on the "Manage auditing and security log" entry under "User Rights Assignment" the ass and remove buttoms are both disabled.

Also, I tried the "add the record twice" and I keep getting the same error.

Won't be able to try things for over a week due to many circumstances. Looking forward to something new to try when I'm able to "play" with this.

Thanks again!

 

[ICTCity]

you have to change this policy in the Default Domain Policy GPO not in local policy.

Let me know.

 

[SailingNut]

Finally got a moment to try this and when I open group policy management there is nothing listed. So I went to "Add forrest" and entered my domain name in the dialog. When I clicked OK it gave me the error "The specified domain either does not exist or could not be contacted."

I did some googling on that error but could not seem to find anything that looked useful to me.