DNS/Active Directory Issue

[Lem@community.nospam]

I recently added a new dc that is also the new global catalog server. I was
unable to demote the old dc using the dcpromo.

I have 2 main problems:

1. Clients are not using the new active directory server, for example i am
unable to share documents, cannot add users because I cannot find the ad when
trying to change permissions, etc.

2. Clients are also not using the new dns server (which is also the new
dc/global catalog server) to access the internet. I know this because
everytime I unplug the old dc from the network no one is able to access the
internet and they all have the new dns server added to their nic settings as
the primary dns server.

All addresses are static so there is no dhcp server. Also the dcdiag and
netdiag has a bunch of errors:

DCDiag Errors Below:

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : ilcuboard
Starting test: CrossRefValidation
......................... ilcuboard passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ilcuboard passed test CheckSDRefDom

Running enterprise tests on : ilcuboard.local
Starting test: Intersite
......................... ilcuboard.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... ilcuboard.local failed test FsmoCheck


=====================================================
=====================================================

My Net Diag Errors are Below:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag

.........................................

Computer Name: DBSERVER2
DNS Host Name: dbserver2.ilcuboard.local
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB909520
KB921503
KB925398_WMP64
KB925876
KB925902
KB926122
KB927891
KB928090-IE7
KB929123
KB929969
KB930178
KB931768-IE7
KB931784
KB931836
KB932168
KB933360
KB933566-IE7
KB933729
KB933854
KB935839
KB935840
KB935966
KB936021
KB936357
KB936782
KB937143-IE7
KB938127-IE7
KB939653-IE7
KB941202
KB941568
KB941569
KB941644
KB941672
KB941693
KB942615-IE7
KB942763
KB942830
KB942831
KB943055
KB943460
KB943485
KB943729
KB944533-IE7
KB944653
KB945553
KB946026
KB947864-IE7
KB948496
KB948590
KB948745
KB948881
KB949014
KB950759-IE7
KB950760
KB950762
KB951698
Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection 3

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : dbserver2
IP Address . . . . . . . . : 192.168.100.94
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.100.1
Primary WINS Server. . . . : 192.168.100.94
Secondary WINS Server. . . : 192.168.100.87
Dns Servers. . . . . . . . : 192.168.100.87
192.168.100.94
192.168.100.77


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Failed
[WARNING] Ths system volume has not been completely replicated to the
local
machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE]
The name 'dbserver2.ilcuboard.local.' may not be registered in
DNS.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '192.168.100.87'. Please wait for 30 minutes for DNS server replication.
PASS - All the DNS entries for DC are registered on DNS server
'192.168.100.
94' and other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC cannot be verified right now on
DNS
server 192.168.100.77, ERROR_TIMEOUT.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Failed
[FATAL] Cannot find DC in domain 'CUB_DOMAIN'. [ERROR_NO_SUCH_DOMAIN]


DC list test . . . . . . . . . . . : Failed
'CUB_DOMAIN': Cannot find DC to get DC list from [test skipped].


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Skipped
'CUB_DOMAIN': Cannot find DC to get DC list from [test skipped].


LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: The
specified d
omain either does not exist or could not be contacted.

[WARNING] Cannot find DC in domain 'CUB_DOMAIN'.
[ERROR_NO_SUCH_DOMAIN]


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Documents and Settings\Administrator.CUB_DOMAIN>

My plan of action is to do a dcpromo /forceremoval first on the old server
in directory services restore mode (because I cant boot into windows normally)

and then Ill perform a ntdsutil metadata cleanup on the new server

I believe this will resolve my problem but I am not totally sure and would
like feedback if anyone has any suggestions.

Also I did transfer all the roles to the new server and this is a single
domain network with 3 dcs we needed backups thats why i have 3 dcs for a
really small network of 30 users/computers.

Is there any thing I should do different or should I just build a whole new
forest which I dont really want to do.

Thanks for any help and suggestions.

 

[Lem@community.nospam]

RE: DNS/Active Directory Issue

Repost of dcdiag

C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DBSERVER2
Starting test: Connectivity
The host
530aa149-6851-4f9e-a02b-40cacc83ef67._msdcs.ilcuboard.local co
uld not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(530aa149-6851-4f9e-a02b-40cacc83ef67._msdcs.ilcuboard.local)
couldn't
be resolved, the server name (dbserver2.ilcuboard.local) resolved to
the IP address (192.168.100.94) and was pingable. Check that the IP
address is registered correctly with the DNS server.
......................... DBSERVER2 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DBSERVER2
Skipping all tests, because server DBSERVER2 is
not responding to directory service requests

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : ilcuboard
Starting test: CrossRefValidation
......................... ilcuboard passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ilcuboard passed test CheckSDRefDom

Running enterprise tests on : ilcuboard.local
Starting test: Intersite
......................... ilcuboard.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
135
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... ilcuboard.local failed test FsmoCheck

C:\Documents and Settings\Administrator.CUB_DOMAIN>

"Lem@community.nospam" wrote:

> I recently added a new dc that is also the new global catalog server. I was
> unable to demote the old dc using the dcpromo.
>
> I have 2 main problems:
>
> 1. Clients are not using the new active directory server, for example i am
> unable to share documents, cannot add users because I cannot find the ad when
> trying to change permissions, etc.
>
> 2. Clients are also not using the new dns server (which is also the new
> dc/global catalog server) to access the internet. I know this because
> everytime I unplug the old dc from the network no one is able to access the
> internet and they all have the new dns server added to their nic settings as
> the primary dns server.
>
> All addresses are static so there is no dhcp server. Also the dcdiag and
> netdiag has a bunch of errors:
>
> DCDiag Errors Below:
>
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ......................... DomainDnsZones passed test
> CrossRefValidation
>
> Starting test: CheckSDRefDom
> ......................... DomainDnsZones passed test CheckSDRefDom
>
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
>
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test CheckSDRefDom
>
> Running partition tests on : ilcuboard
> Starting test: CrossRefValidation
> ......................... ilcuboard passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... ilcuboard passed test CheckSDRefDom
>
> Running enterprise tests on : ilcuboard.local
> Starting test: Intersite
> ......................... ilcuboard.local passed test Intersite
> Starting test: FsmoCheck
> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
> A Global Catalog Server could not be located - All GC's are down.
> ......................... ilcuboard.local failed test FsmoCheck
>
>
> =====================================================
> =====================================================
>
> My Net Diag Errors are Below:
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag
>
> ........................................
>
> Computer Name: DBSERVER2
> DNS Host Name: dbserver2.ilcuboard.local
> System info : Microsoft Windows Server 2003 R2 (Build 3790)
> Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
> List of installed hotfixes :
> KB909520
> KB921503
> KB925398_WMP64
> KB925876
> KB925902
> KB926122
> KB927891
> KB928090-IE7
> KB929123
> KB929969
> KB930178
> KB931768-IE7
> KB931784
> KB931836
> KB932168
> KB933360
> KB933566-IE7
> KB933729
> KB933854
> KB935839
> KB935840
> KB935966
> KB936021
> KB936357
> KB936782
> KB937143-IE7
> KB938127-IE7
> KB939653-IE7
> KB941202
> KB941568
> KB941569
> KB941644
> KB941672
> KB941693
> KB942615-IE7
> KB942763
> KB942830
> KB942831
> KB943055
> KB943460
> KB943485
> KB943729
> KB944533-IE7
> KB944653
> KB945553
> KB946026
> KB947864-IE7
> KB948496
> KB948590
> KB948745
> KB948881
> KB949014
> KB950759-IE7
> KB950760
> KB950762
> KB951698
> Q147222
>
>
> Netcard queries test . . . . . . . : Passed
>
>
>
> Per interface results:
>
> Adapter : Local Area Connection 3
>
> Netcard queries test . . . : Passed
>
> Host Name. . . . . . . . . : dbserver2
> IP Address . . . . . . . . : 192.168.100.94
> Subnet Mask. . . . . . . . : 255.255.255.0
> Default Gateway. . . . . . : 192.168.100.1
> Primary WINS Server. . . . : 192.168.100.94
> Secondary WINS Server. . . : 192.168.100.87
> Dns Servers. . . . . . . . : 192.168.100.87
> 192.168.100.94
> 192.168.100.77
>
>
> AutoConfiguration results. . . . . . : Passed
>
> Default gateway test . . . : Passed
>
> NetBT name test. . . . . . : Passed
>
> WINS service test. . . . . : Passed
>
>
> Global results:
>
>
> Domain membership test . . . . . . : Failed
> [WARNING] Ths system volume has not been completely replicated to the
> local
> machine. This machine is not working properly as a DC.
>
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
> 1 NetBt transport currently configured.
>
>
> Autonet address test . . . . . . . : Passed
>
>
> IP loopback ping test. . . . . . . : Passed
>
>
> Default gateway test . . . . . . . : Passed
>
>
> NetBT name test. . . . . . . . . . : Passed
>
>
> Winsock test . . . . . . . . . . . : Passed
>
>
> DNS test . . . . . . . . . . . . . : Passed
> [WARNING] Cannot find a primary authoritative DNS server for the
> name
> 'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE]
> The name 'dbserver2.ilcuboard.local.' may not be registered in
> DNS.
> [WARNING] The DNS entries for this DC are not registered correctly on
> DNS se
> rver '192.168.100.87'. Please wait for 30 minutes for DNS server replication.
> PASS - All the DNS entries for DC are registered on DNS server
> '192.168.100.
> 94' and other DCs also have some of the names registered.
> [WARNING] The DNS entries for this DC cannot be verified right now on
> DNS
> server 192.168.100.77, ERROR_TIMEOUT.
>
>
> Redir and Browser test . . . . . . : Passed
> List of NetBt transports currently bound to the Redir
> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
> The redir is bound to 1 NetBt transport.
>
> List of NetBt transports currently bound to the browser
> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
> The browser is bound to 1 NetBt transport.
>
>
> DC discovery test. . . . . . . . . : Failed
> [FATAL] Cannot find DC in domain 'CUB_DOMAIN'. [ERROR_NO_SUCH_DOMAIN]
>
>
> DC list test . . . . . . . . . . . : Failed
> 'CUB_DOMAIN': Cannot find DC to get DC list from [test skipped].
>
>
> Trust relationship test. . . . . . : Skipped
>
>
> Kerberos test. . . . . . . . . . . : Skipped
> 'CUB_DOMAIN': Cannot find DC to get DC list from [test skipped].
>
>
> LDAP test. . . . . . . . . . . . . : Failed
> Cannot find DC to run LDAP tests on. The error occurred was: The
> specified d
> omain either does not exist or could not be contacted.
>
> [WARNING] Cannot find DC in domain 'CUB_DOMAIN'.
> [ERROR_NO_SUCH_DOMAIN]
>
>
> Bindings test. . . . . . . . . . . : Passed
>
>
> WAN configuration test . . . . . . : Skipped
> No active remote access connections.
>
>
> Modem diagnostics test . . . . . . : Passed
>
> IP Security test . . . . . . . . . : Skipped
>
> Note: run "netsh ipsec dynamic show /?" for more detailed information
>
>
> The command completed successfully
>
> C:\Documents and Settings\Administrator.CUB_DOMAIN>
>
> My plan of action is to do a dcpromo /forceremoval first on the old server
> in directory services restore mode (because I cant boot into windows normally)
>
> and then Ill perform a ntdsutil metadata cleanup on the new server
>
> I believe this will resolve my problem but I am not totally sure and would
> like feedback if anyone has any suggestions.
>
> Also I did transfer all the roles to the new server and this is a single
> domain network with 3 dcs we needed backups thats why i have 3 dcs for a
> really small network of 30 users/computers.
>
> Is there any thing I should do different or should I just build a whole new
> forest which I dont really want to do.
>
> Thanks for any help and suggestions.
>
>

 

[Meinolf Weber]

Re: DNS/Active Directory Issue

Hello Lem@community.nospam,

Just to get you correct, the old DC is still up and running? Or is it shutdown
or disconnected? Please describe in detail about.

Did you make the new server DNS server?

Did you reconfigure the clients to use the new DNS server?

Did you move/transfer the 5 FSMO roles to the new one?


Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> I recently added a new dc that is also the new global catalog server.
> I was unable to demote the old dc using the dcpromo.
>
> I have 2 main problems:
>
> 1. Clients are not using the new active directory server, for example
> i am unable to share documents, cannot add users because I cannot find
> the ad when trying to change permissions, etc.
>
> 2. Clients are also not using the new dns server (which is also the
> new dc/global catalog server) to access the internet. I know this
> because everytime I unplug the old dc from the network no one is able
> to access the internet and they all have the new dns server added to
> their nic settings as the primary dns server.
>
> All addresses are static so there is no dhcp server. Also the dcdiag
> and netdiag has a bunch of errors:
>
> DCDiag Errors Below:
>
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ......................... DomainDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... DomainDnsZones passed test
> CheckSDRefDom
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test
> CheckSDRefDom
> Running partition tests on : ilcuboard
> Starting test: CrossRefValidation
> ......................... ilcuboard passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... ilcuboard passed test CheckSDRefDom
> Running enterprise tests on : ilcuboard.local
> Starting test: Intersite
> ......................... ilcuboard.local passed test
> Intersite
> Starting test: FsmoCheck
> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
> 1355
> A Global Catalog Server could not be located - All GC's are
> down.
> ......................... ilcuboard.local failed test
> FsmoCheck
> =====================================================
> =====================================================
>
> My Net Diag Errors are Below:
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
> C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag
>
> ........................................
>
> Computer Name: DBSERVER2
> DNS Host Name: dbserver2.ilcuboard.local
> System info : Microsoft Windows Server 2003 R2 (Build 3790)
> Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
> List of installed hotfixes :
> KB909520
> KB921503
> KB925398_WMP64
> KB925876
> KB925902
> KB926122
> KB927891
> KB928090-IE7
> KB929123
> KB929969
> KB930178
> KB931768-IE7
> KB931784
> KB931836
> KB932168
> KB933360
> KB933566-IE7
> KB933729
> KB933854
> KB935839
> KB935840
> KB935966
> KB936021
> KB936357
> KB936782
> KB937143-IE7
> KB938127-IE7
> KB939653-IE7
> KB941202
> KB941568
> KB941569
> KB941644
> KB941672
> KB941693
> KB942615-IE7
> KB942763
> KB942830
> KB942831
> KB943055
> KB943460
> KB943485
> KB943729
> KB944533-IE7
> KB944653
> KB945553
> KB946026
> KB947864-IE7
> KB948496
> KB948590
> KB948745
> KB948881
> KB949014
> KB950759-IE7
> KB950760
> KB950762
> KB951698
> Q147222
> Netcard queries test . . . . . . . : Passed
>
> Per interface results:
>
> Adapter : Local Area Connection 3
>
> Netcard queries test . . . : Passed
>
> Host Name. . . . . . . . . : dbserver2
> IP Address . . . . . . . . : 192.168.100.94
> Subnet Mask. . . . . . . . : 255.255.255.0
> Default Gateway. . . . . . : 192.168.100.1
> Primary WINS Server. . . . : 192.168.100.94
> Secondary WINS Server. . . : 192.168.100.87
> Dns Servers. . . . . . . . : 192.168.100.87
> 192.168.100.94
> 192.168.100.77
> AutoConfiguration results. . . . . . : Passed
>
> Default gateway test . . . : Passed
>
> NetBT name test. . . . . . : Passed
>
> WINS service test. . . . . : Passed
>
> Global results:
>
> Domain membership test . . . . . . : Failed
> [WARNING] Ths system volume has not been completely replicated to
> the
> local
> machine. This machine is not working properly as a DC.
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
> 1 NetBt transport currently configured.
> Autonet address test . . . . . . . : Passed
>
> IP loopback ping test. . . . . . . : Passed
>
> Default gateway test . . . . . . . : Passed
>
> NetBT name test. . . . . . . . . . : Passed
>
> Winsock test . . . . . . . . . . . : Passed
>
> DNS test . . . . . . . . . . . . . : Passed
> [WARNING] Cannot find a primary authoritative DNS server for
> the
> name
> 'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE]
> The name 'dbserver2.ilcuboard.local.' may not be
> registered in
> DNS.
> [WARNING] The DNS entries for this DC are not registered correctly
> on
> DNS se
> rver '192.168.100.87'. Please wait for 30 minutes for DNS server
> replication.
> PASS - All the DNS entries for DC are registered on DNS server
> '192.168.100.
> 94' and other DCs also have some of the names registered.
> [WARNING] The DNS entries for this DC cannot be verified right
> now on
> DNS
> server 192.168.100.77, ERROR_TIMEOUT.
> Redir and Browser test . . . . . . : Passed
> List of NetBt transports currently bound to the Redir
> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
> The redir is bound to 1 NetBt transport.
> List of NetBt transports currently bound to the browser
> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
> The browser is bound to 1 NetBt transport.
> DC discovery test. . . . . . . . . : Failed
> [FATAL] Cannot find DC in domain 'CUB_DOMAIN'.
> [ERROR_NO_SUCH_DOMAIN]
> DC list test . . . . . . . . . . . : Failed
> 'CUB_DOMAIN': Cannot find DC to get DC list from [test
> skipped].
> Trust relationship test. . . . . . : Skipped
>
> Kerberos test. . . . . . . . . . . : Skipped
> 'CUB_DOMAIN': Cannot find DC to get DC list from [test
> skipped].
> LDAP test. . . . . . . . . . . . . : Failed
> Cannot find DC to run LDAP tests on. The error occurred was: The
> specified d
> omain either does not exist or could not be contacted.
>
> [WARNING] Cannot find DC in domain 'CUB_DOMAIN'.
> [ERROR_NO_SUCH_DOMAIN]
>
> Bindings test. . . . . . . . . . . : Passed
>
> WAN configuration test . . . . . . : Skipped
> No active remote access connections.
> Modem diagnostics test . . . . . . : Passed
>
> IP Security test . . . . . . . . . : Skipped
>
> Note: run "netsh ipsec dynamic show /?" for more detailed
> information
>
> The command completed successfully
>
> C:\Documents and Settings\Administrator.CUB_DOMAIN>
>
> My plan of action is to do a dcpromo /forceremoval first on the old
> server in directory services restore mode (because I cant boot into
> windows normally)
>
> and then Ill perform a ntdsutil metadata cleanup on the new server
>
> I believe this will resolve my problem but I am not totally sure and
> would like feedback if anyone has any suggestions.
>
> Also I did transfer all the roles to the new server and this is a
> single domain network with 3 dcs we needed backups thats why i have 3
> dcs for a really small network of 30 users/computers.
>
> Is there any thing I should do different or should I just build a
> whole new forest which I dont really want to do.
>
> Thanks for any help and suggestions.
>

 

[Lem@community.nospam]

Re: DNS/Active Directory Issue

Hi Meinolf Weber,

Yes I did make the new server the new main dns server as well.

I also configured the clients to use the new server as their dns servers
(added the new server as the Primary DNS server in their NIC settings).

I also transferred all 5 of the FSMO roles including global catalog to the
new server.

The old dc server is still connected to the network.
The old dc server has not been demoted because it will not boot normally it
gets stuck at active directory is rebuilding indicies and then an error comes
up which I listed below:

lssas.exe - system error
Security Accounts Manager initialization failed because of the following
error: Directory Service cannot start. Error Status: 0x00002e1

Also the old dc server is still connected because it is the only way right
now to give users access to the internet.

Thanks for your replies. Please let me know if their is any other info I
need to provide.

"Meinolf Weber" wrote:

> Hello Lem@community.nospam,
>
> Just to get you correct, the old DC is still up and running? Or is it shutdown
> or disconnected? Please describe in detail about.
>
> Did you make the new server DNS server?
>
> Did you reconfigure the clients to use the new DNS server?
>
> Did you move/transfer the 5 FSMO roles to the new one?
>
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
> > I recently added a new dc that is also the new global catalog server.
> > I was unable to demote the old dc using the dcpromo.
> >
> > I have 2 main problems:
> >
> > 1. Clients are not using the new active directory server, for example
> > i am unable to share documents, cannot add users because I cannot find
> > the ad when trying to change permissions, etc.
> >
> > 2. Clients are also not using the new dns server (which is also the
> > new dc/global catalog server) to access the internet. I know this
> > because everytime I unplug the old dc from the network no one is able
> > to access the internet and they all have the new dns server added to
> > their nic settings as the primary dns server.
> >
> > All addresses are static so there is no dhcp server. Also the dcdiag
> > and netdiag has a bunch of errors:
> >
> > DCDiag Errors Below:
> >
> > Running partition tests on : DomainDnsZones
> > Starting test: CrossRefValidation
> > ......................... DomainDnsZones passed test
> > CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... DomainDnsZones passed test
> > CheckSDRefDom
> > Running partition tests on : Schema
> > Starting test: CrossRefValidation
> > ......................... Schema passed test
> > CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... Schema passed test CheckSDRefDom
> > Running partition tests on : Configuration
> > Starting test: CrossRefValidation
> > ......................... Configuration passed test
> > CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... Configuration passed test
> > CheckSDRefDom
> > Running partition tests on : ilcuboard
> > Starting test: CrossRefValidation
> > ......................... ilcuboard passed test
> > CrossRefValidation
> > Starting test: CheckSDRefDom
> > ......................... ilcuboard passed test CheckSDRefDom
> > Running enterprise tests on : ilcuboard.local
> > Starting test: Intersite
> > ......................... ilcuboard.local passed test
> > Intersite
> > Starting test: FsmoCheck
> > Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
> > 1355
> > A Global Catalog Server could not be located - All GC's are
> > down.
> > ......................... ilcuboard.local failed test
> > FsmoCheck
> > =====================================================
> > =====================================================
> >
> > My Net Diag Errors are Below:
> >
> > Microsoft Windows [Version 5.2.3790]
> > (C) Copyright 1985-2003 Microsoft Corp.
> > C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag
> >
> > ........................................
> >
> > Computer Name: DBSERVER2
> > DNS Host Name: dbserver2.ilcuboard.local
> > System info : Microsoft Windows Server 2003 R2 (Build 3790)
> > Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
> > List of installed hotfixes :
> > KB909520
> > KB921503
> > KB925398_WMP64
> > KB925876
> > KB925902
> > KB926122
> > KB927891
> > KB928090-IE7
> > KB929123
> > KB929969
> > KB930178
> > KB931768-IE7
> > KB931784
> > KB931836
> > KB932168
> > KB933360
> > KB933566-IE7
> > KB933729
> > KB933854
> > KB935839
> > KB935840
> > KB935966
> > KB936021
> > KB936357
> > KB936782
> > KB937143-IE7
> > KB938127-IE7
> > KB939653-IE7
> > KB941202
> > KB941568
> > KB941569
> > KB941644
> > KB941672
> > KB941693
> > KB942615-IE7
> > KB942763
> > KB942830
> > KB942831
> > KB943055
> > KB943460
> > KB943485
> > KB943729
> > KB944533-IE7
> > KB944653
> > KB945553
> > KB946026
> > KB947864-IE7
> > KB948496
> > KB948590
> > KB948745
> > KB948881
> > KB949014
> > KB950759-IE7
> > KB950760
> > KB950762
> > KB951698
> > Q147222
> > Netcard queries test . . . . . . . : Passed
> >
> > Per interface results:
> >
> > Adapter : Local Area Connection 3
> >
> > Netcard queries test . . . : Passed
> >
> > Host Name. . . . . . . . . : dbserver2
> > IP Address . . . . . . . . : 192.168.100.94
> > Subnet Mask. . . . . . . . : 255.255.255.0
> > Default Gateway. . . . . . : 192.168.100.1
> > Primary WINS Server. . . . : 192.168.100.94
> > Secondary WINS Server. . . : 192.168.100.87
> > Dns Servers. . . . . . . . : 192.168.100.87
> > 192.168.100.94
> > 192.168.100.77
> > AutoConfiguration results. . . . . . : Passed
> >
> > Default gateway test . . . : Passed
> >
> > NetBT name test. . . . . . : Passed
> >
> > WINS service test. . . . . : Passed
> >
> > Global results:
> >
> > Domain membership test . . . . . . : Failed
> > [WARNING] Ths system volume has not been completely replicated to
> > the
> > local
> > machine. This machine is not working properly as a DC.
> >
> > NetBT transports test. . . . . . . : Passed
> > List of NetBt transports currently configured:
> > NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
> > 1 NetBt transport currently configured.
> > Autonet address test . . . . . . . : Passed
> >
> > IP loopback ping test. . . . . . . : Passed
> >
> > Default gateway test . . . . . . . : Passed
> >
> > NetBT name test. . . . . . . . . . : Passed
> >
> > Winsock test . . . . . . . . . . . : Passed
> >
> > DNS test . . . . . . . . . . . . . : Passed
> > [WARNING] Cannot find a primary authoritative DNS server for
> > the
> > name
> > 'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE]
> > The name 'dbserver2.ilcuboard.local.' may not be
> > registered in
> > DNS.
> > [WARNING] The DNS entries for this DC are not registered correctly
> > on
> > DNS se
> > rver '192.168.100.87'. Please wait for 30 minutes for DNS server
> > replication.
> > PASS - All the DNS entries for DC are registered on DNS server
> > '192.168.100.
> > 94' and other DCs also have some of the names registered.
> > [WARNING] The DNS entries for this DC cannot be verified right
> > now on
> > DNS
> > server 192.168.100.77, ERROR_TIMEOUT.
> > Redir and Browser test . . . . . . : Passed
> > List of NetBt transports currently bound to the Redir
> > NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
> > The redir is bound to 1 NetBt transport.
> > List of NetBt transports currently bound to the browser
> > NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
> > The browser is bound to 1 NetBt transport.
> > DC discovery test. . . . . . . . . : Failed
> > [FATAL] Cannot find DC in domain 'CUB_DOMAIN'.
> > [ERROR_NO_SUCH_DOMAIN]
> > DC list test . . . . . . . . . . . : Failed
> > 'CUB_DOMAIN': Cannot find DC to get DC list from [test
> > skipped].
> > Trust relationship test. . . . . . : Skipped
> >
> > Kerberos test. . . . . . . . . . . : Skipped
> > 'CUB_DOMAIN': Cannot find DC to get DC list from [test
> > skipped].
> > LDAP test. . . . . . . . . . . . . : Failed
> > Cannot find DC to run LDAP tests on. The error occurred was: The
> > specified d
> > omain either does not exist or could not be contacted.
> >
> > [WARNING] Cannot find DC in domain 'CUB_DOMAIN'.
> > [ERROR_NO_SUCH_DOMAIN]
> >
> > Bindings test. . . . . . . . . . . : Passed
> >
> > WAN configuration test . . . . . . : Skipped
> > No active remote access connections.
> > Modem diagnostics test . . . . . . : Passed
> >
> > IP Security test . . . . . . . . . : Skipped
> >
> > Note: run "netsh ipsec dynamic show /?" for more detailed
> > information
> >
> > The command completed successfully
> >
> > C:\Documents and Settings\Administrator.CUB_DOMAIN>
> >
> > My plan of action is to do a dcpromo /forceremoval first on the old
> > server in directory services restore mode (because I cant boot into
> > windows normally)
> >
> > and then Ill perform a ntdsutil metadata cleanup on the new server
> >
> > I believe this will resolve my problem but I am not totally sure and
> > would like feedback if anyone has any suggestions.
> >
> > Also I did transfer all the roles to the new server and this is a
> > single domain network with 3 dcs we needed backups thats why i have 3
> > dcs for a really small network of 30 users/computers.
> >
> > Is there any thing I should do different or should I just build a
> > whole new forest which I dont really want to do.
> >
> > Thanks for any help and suggestions.
> >
>
>
>

 

[Meinolf Weber]

Re: DNS/Active Directory Issue

Hello Lem@community.nospam,

To get internet access for the users configure your ISP's DNS server under
the server porperties in the DNS management console under the FORWARDERS
TAB on the new server.

Please post an unedited ipconfig /all from all DC/DNS servers. Do you use
AD integrated zones?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hi Meinolf Weber,
>
> Yes I did make the new server the new main dns server as well.
>
> I also configured the clients to use the new server as their dns
> servers (added the new server as the Primary DNS server in their NIC
> settings).
>
> I also transferred all 5 of the FSMO roles including global catalog to
> the new server.
>
> The old dc server is still connected to the network.
> The old dc server has not been demoted because it will not boot
> normally it
> gets stuck at active directory is rebuilding indicies and then an
> error comes
> up which I listed below:
> lssas.exe - system error Security Accounts Manager initialization
> failed because of the following error: Directory Service cannot start.
> Error Status: 0x00002e1
>
> Also the old dc server is still connected because it is the only way
> right now to give users access to the internet.
>
> Thanks for your replies. Please let me know if their is any other info
> I need to provide.
>
> "Meinolf Weber" wrote:
>
>> Hello Lem@community.nospam,
>>
>> Just to get you correct, the old DC is still up and running? Or is it
>> shutdown or disconnected? Please describe in detail about.
>>
>> Did you make the new server DNS server?
>>
>> Did you reconfigure the clients to use the new DNS server?
>>
>> Did you move/transfer the 5 FSMO roles to the new one?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I recently added a new dc that is also the new global catalog
>>> server. I was unable to demote the old dc using the dcpromo.
>>>
>>> I have 2 main problems:
>>>
>>> 1. Clients are not using the new active directory server, for
>>> example i am unable to share documents, cannot add users because I
>>> cannot find the ad when trying to change permissions, etc.
>>>
>>> 2. Clients are also not using the new dns server (which is also the
>>> new dc/global catalog server) to access the internet. I know this
>>> because everytime I unplug the old dc from the network no one is
>>> able to access the internet and they all have the new dns server
>>> added to their nic settings as the primary dns server.
>>>
>>> All addresses are static so there is no dhcp server. Also the dcdiag
>>> and netdiag has a bunch of errors:
>>>
>>> DCDiag Errors Below:
>>>
>>> Running partition tests on : DomainDnsZones
>>> Starting test: CrossRefValidation
>>> ......................... DomainDnsZones passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... DomainDnsZones passed test
>>> CheckSDRefDom
>>> Running partition tests on : Schema
>>> Starting test: CrossRefValidation
>>> ......................... Schema passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... Schema passed test CheckSDRefDom
>>> Running partition tests on : Configuration
>>> Starting test: CrossRefValidation
>>> ......................... Configuration passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... Configuration passed test
>>> CheckSDRefDom
>>> Running partition tests on : ilcuboard
>>> Starting test: CrossRefValidation
>>> ......................... ilcuboard passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... ilcuboard passed test CheckSDRefDom
>>> Running enterprise tests on : ilcuboard.local
>>> Starting test: Intersite
>>> ......................... ilcuboard.local passed test
>>> Intersite
>>> Starting test: FsmoCheck
>>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
>>> 1355
>>> A Global Catalog Server could not be located - All GC's are
>>> down.
>>> ......................... ilcuboard.local failed test
>>> FsmoCheck
>>> =====================================================
>>> =====================================================
>>> My Net Diag Errors are Below:
>>>
>>> Microsoft Windows [Version 5.2.3790]
>>> (C) Copyright 1985-2003 Microsoft Corp.
>>> C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag
>>> ........................................
>>>
>>> Computer Name: DBSERVER2
>>> DNS Host Name: dbserver2.ilcuboard.local
>>> System info : Microsoft Windows Server 2003 R2 (Build 3790)
>>> Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
>>> List of installed hotfixes :
>>> KB909520
>>> KB921503
>>> KB925398_WMP64
>>> KB925876
>>> KB925902
>>> KB926122
>>> KB927891
>>> KB928090-IE7
>>> KB929123
>>> KB929969
>>> KB930178
>>> KB931768-IE7
>>> KB931784
>>> KB931836
>>> KB932168
>>> KB933360
>>> KB933566-IE7
>>> KB933729
>>> KB933854
>>> KB935839
>>> KB935840
>>> KB935966
>>> KB936021
>>> KB936357
>>> KB936782
>>> KB937143-IE7
>>> KB938127-IE7
>>> KB939653-IE7
>>> KB941202
>>> KB941568
>>> KB941569
>>> KB941644
>>> KB941672
>>> KB941693
>>> KB942615-IE7
>>> KB942763
>>> KB942830
>>> KB942831
>>> KB943055
>>> KB943460
>>> KB943485
>>> KB943729
>>> KB944533-IE7
>>> KB944653
>>> KB945553
>>> KB946026
>>> KB947864-IE7
>>> KB948496
>>> KB948590
>>> KB948745
>>> KB948881
>>> KB949014
>>> KB950759-IE7
>>> KB950760
>>> KB950762
>>> KB951698
>>> Q147222
>>> Netcard queries test . . . . . . . : Passed
>>> Per interface results:
>>>
>>> Adapter : Local Area Connection 3
>>>
>>> Netcard queries test . . . : Passed
>>>
>>> Host Name. . . . . . . . . : dbserver2
>>> IP Address . . . . . . . . : 192.168.100.94
>>> Subnet Mask. . . . . . . . : 255.255.255.0
>>> Default Gateway. . . . . . : 192.168.100.1
>>> Primary WINS Server. . . . : 192.168.100.94
>>> Secondary WINS Server. . . : 192.168.100.87
>>> Dns Servers. . . . . . . . : 192.168.100.87
>>> 192.168.100.94
>>> 192.168.100.77
>>> AutoConfiguration results. . . . . . : Passed
>>> Default gateway test . . . : Passed
>>>
>>> NetBT name test. . . . . . : Passed
>>>
>>> WINS service test. . . . . : Passed
>>>
>>> Global results:
>>>
>>> Domain membership test . . . . . . : Failed
>>> [WARNING] Ths system volume has not been completely replicated to
>>> the
>>> local
>>> machine. This machine is not working properly as a DC.
>>> NetBT transports test. . . . . . . : Passed
>>> List of NetBt transports currently configured:
>>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
>>> 1 NetBt transport currently configured.
>>> Autonet address test . . . . . . . : Passed
>>> IP loopback ping test. . . . . . . : Passed
>>>
>>> Default gateway test . . . . . . . : Passed
>>>
>>> NetBT name test. . . . . . . . . . : Passed
>>>
>>> Winsock test . . . . . . . . . . . : Passed
>>>
>>> DNS test . . . . . . . . . . . . . : Passed
>>> [WARNING] Cannot find a primary authoritative DNS server for
>>> the
>>> name
>>> 'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE]
>>> The name 'dbserver2.ilcuboard.local.' may not be
>>> registered in
>>> DNS.
>>> [WARNING] The DNS entries for this DC are not registered correctly
>>> on
>>> DNS se
>>> rver '192.168.100.87'. Please wait for 30 minutes for DNS server
>>> replication.
>>> PASS - All the DNS entries for DC are registered on DNS server
>>> '192.168.100.
>>> 94' and other DCs also have some of the names registered.
>>> [WARNING] The DNS entries for this DC cannot be verified right
>>> now on
>>> DNS
>>> server 192.168.100.77, ERROR_TIMEOUT.
>>> Redir and Browser test . . . . . . : Passed
>>> List of NetBt transports currently bound to the Redir
>>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
>>> The redir is bound to 1 NetBt transport.
>>> List of NetBt transports currently bound to the browser
>>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
>>> The browser is bound to 1 NetBt transport.
>>> DC discovery test. . . . . . . . . : Failed
>>> [FATAL] Cannot find DC in domain 'CUB_DOMAIN'.
>>> [ERROR_NO_SUCH_DOMAIN]
>>> DC list test . . . . . . . . . . . : Failed
>>> 'CUB_DOMAIN': Cannot find DC to get DC list from [test
>>> skipped].
>>> Trust relationship test. . . . . . : Skipped
>>> Kerberos test. . . . . . . . . . . : Skipped
>>> 'CUB_DOMAIN': Cannot find DC to get DC list from [test
>>> skipped].
>>> LDAP test. . . . . . . . . . . . . : Failed
>>> Cannot find DC to run LDAP tests on. The error occurred was: The
>>> specified d
>>> omain either does not exist or could not be contacted.
>>> [WARNING] Cannot find DC in domain 'CUB_DOMAIN'.
>>> [ERROR_NO_SUCH_DOMAIN]
>>> Bindings test. . . . . . . . . . . : Passed
>>>
>>> WAN configuration test . . . . . . : Skipped
>>> No active remote access connections.
>>> Modem diagnostics test . . . . . . : Passed
>>> IP Security test . . . . . . . . . : Skipped
>>>
>>> Note: run "netsh ipsec dynamic show /?" for more detailed
>>> information
>>>
>>> The command completed successfully
>>>
>>> C:\Documents and Settings\Administrator.CUB_DOMAIN>
>>>
>>> My plan of action is to do a dcpromo /forceremoval first on the old
>>> server in directory services restore mode (because I cant boot into
>>> windows normally)
>>>
>>> and then Ill perform a ntdsutil metadata cleanup on the new server
>>>
>>> I believe this will resolve my problem but I am not totally sure and
>>> would like feedback if anyone has any suggestions.
>>>
>>> Also I did transfer all the roles to the new server and this is a
>>> single domain network with 3 dcs we needed backups thats why i have
>>> 3 dcs for a really small network of 30 users/computers.
>>>
>>> Is there any thing I should do different or should I just build a
>>> whole new forest which I dont really want to do.
>>>
>>> Thanks for any help and suggestions.
>>>

 

[Lem@community.nospam]

Re: DNS/Active Directory Issue

Yes the isp's dns server is listed under forwarders

here is the ipconfig/all from the new dc

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : dbserver2
Primary Dns Suffix . . . . . . . : ilcuboard.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ilcuboard.local

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-76-40-3B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.94
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 192.168.100.87
192.168.100.94
192.168.100.77
Primary WINS Server . . . . . . . : 192.168.100.94
Secondary WINS Server . . . . . . : 192.168.100.87

C:\Documents and Settings\Administrator.CUB_DOMAIN>

the old dc which is running in directory services restore mode (safe mode)
ipconfig/all

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : netserver1
Primary Dns Suffix . . . . . . . : cubnet.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cubnet.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection #
2
Physical Address. . . . . . . . . : 00-11-43-EE-19-A2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.185.58
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.100.87
192.168.100.94
Primary WINS Server . . . . . . . : 192.168.100.87
Secondary WINS Server . . . . . . : 192.168.100.94
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-11-43-EE-19-A1
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.87
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 192.168.100.87
192.168.100.94
Primary WINS Server . . . . . . . : 192.168.100.87
Secondary WINS Server . . . . . . : 192.168.100.94

C:\Documents and Settings\Administrator.CUB_DOMAIN>

"Meinolf Weber" wrote:

> Hello Lem@community.nospam,
>
> To get internet access for the users configure your ISP's DNS server under
> the server porperties in the DNS management console under the FORWARDERS
> TAB on the new server.
>
> Please post an unedited ipconfig /all from all DC/DNS servers. Do you use
> AD integrated zones?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
> > Hi Meinolf Weber,
> >
> > Yes I did make the new server the new main dns server as well.
> >
> > I also configured the clients to use the new server as their dns
> > servers (added the new server as the Primary DNS server in their NIC
> > settings).
> >
> > I also transferred all 5 of the FSMO roles including global catalog to
> > the new server.
> >
> > The old dc server is still connected to the network.
> > The old dc server has not been demoted because it will not boot
> > normally it
> > gets stuck at active directory is rebuilding indicies and then an
> > error comes
> > up which I listed below:
> > lssas.exe - system error Security Accounts Manager initialization
> > failed because of the following error: Directory Service cannot start.
> > Error Status: 0x00002e1
> >
> > Also the old dc server is still connected because it is the only way
> > right now to give users access to the internet.
> >
> > Thanks for your replies. Please let me know if their is any other info
> > I need to provide.
> >
> > "Meinolf Weber" wrote:
> >
> >> Hello Lem@community.nospam,
> >>
> >> Just to get you correct, the old DC is still up and running? Or is it
> >> shutdown or disconnected? Please describe in detail about.
> >>
> >> Did you make the new server DNS server?
> >>
> >> Did you reconfigure the clients to use the new DNS server?
> >>
> >> Did you move/transfer the 5 FSMO roles to the new one?
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> I recently added a new dc that is also the new global catalog
> >>> server. I was unable to demote the old dc using the dcpromo.
> >>>
> >>> I have 2 main problems:
> >>>
> >>> 1. Clients are not using the new active directory server, for
> >>> example i am unable to share documents, cannot add users because I
> >>> cannot find the ad when trying to change permissions, etc.
> >>>
> >>> 2. Clients are also not using the new dns server (which is also the
> >>> new dc/global catalog server) to access the internet. I know this
> >>> because everytime I unplug the old dc from the network no one is
> >>> able to access the internet and they all have the new dns server
> >>> added to their nic settings as the primary dns server.
> >>>
> >>> All addresses are static so there is no dhcp server. Also the dcdiag
> >>> and netdiag has a bunch of errors:
> >>>
> >>> DCDiag Errors Below:
> >>>
> >>> Running partition tests on : DomainDnsZones
> >>> Starting test: CrossRefValidation
> >>> ......................... DomainDnsZones passed test
> >>> CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... DomainDnsZones passed test
> >>> CheckSDRefDom
> >>> Running partition tests on : Schema
> >>> Starting test: CrossRefValidation
> >>> ......................... Schema passed test
> >>> CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... Schema passed test CheckSDRefDom
> >>> Running partition tests on : Configuration
> >>> Starting test: CrossRefValidation
> >>> ......................... Configuration passed test
> >>> CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... Configuration passed test
> >>> CheckSDRefDom
> >>> Running partition tests on : ilcuboard
> >>> Starting test: CrossRefValidation
> >>> ......................... ilcuboard passed test
> >>> CrossRefValidation
> >>> Starting test: CheckSDRefDom
> >>> ......................... ilcuboard passed test CheckSDRefDom
> >>> Running enterprise tests on : ilcuboard.local
> >>> Starting test: Intersite
> >>> ......................... ilcuboard.local passed test
> >>> Intersite
> >>> Starting test: FsmoCheck
> >>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
> >>> 1355
> >>> A Global Catalog Server could not be located - All GC's are
> >>> down.
> >>> ......................... ilcuboard.local failed test
> >>> FsmoCheck
> >>> =====================================================
> >>> =====================================================
> >>> My Net Diag Errors are Below:
> >>>
> >>> Microsoft Windows [Version 5.2.3790]
> >>> (C) Copyright 1985-2003 Microsoft Corp.
> >>> C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag
> >>> ........................................
> >>>
> >>> Computer Name: DBSERVER2
> >>> DNS Host Name: dbserver2.ilcuboard.local
> >>> System info : Microsoft Windows Server 2003 R2 (Build 3790)
> >>> Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
> >>> List of installed hotfixes :
> >>> KB909520
> >>> KB921503
> >>> KB925398_WMP64
> >>> KB925876
> >>> KB925902
> >>> KB926122
> >>> KB927891
> >>> KB928090-IE7
> >>> KB929123
> >>> KB929969
> >>> KB930178
> >>> KB931768-IE7
> >>> KB931784
> >>> KB931836
> >>> KB932168
> >>> KB933360
> >>> KB933566-IE7
> >>> KB933729
> >>> KB933854
> >>> KB935839
> >>> KB935840
> >>> KB935966
> >>> KB936021
> >>> KB936357
> >>> KB936782
> >>> KB937143-IE7
> >>> KB938127-IE7
> >>> KB939653-IE7
> >>> KB941202
> >>> KB941568
> >>> KB941569
> >>> KB941644
> >>> KB941672
> >>> KB941693
> >>> KB942615-IE7
> >>> KB942763
> >>> KB942830
> >>> KB942831
> >>> KB943055
> >>> KB943460
> >>> KB943485
> >>> KB943729
> >>> KB944533-IE7
> >>> KB944653
> >>> KB945553
> >>> KB946026
> >>> KB947864-IE7
> >>> KB948496
> >>> KB948590
> >>> KB948745
> >>> KB948881
> >>> KB949014
> >>> KB950759-IE7
> >>> KB950760
> >>> KB950762
> >>> KB951698
> >>> Q147222
> >>> Netcard queries test . . . . . . . : Passed
> >>> Per interface results:
> >>>
> >>> Adapter : Local Area Connection 3
> >>>
> >>> Netcard queries test . . . : Passed
> >>>
> >>> Host Name. . . . . . . . . : dbserver2
> >>> IP Address . . . . . . . . : 192.168.100.94
> >>> Subnet Mask. . . . . . . . : 255.255.255.0
> >>> Default Gateway. . . . . . : 192.168.100.1
> >>> Primary WINS Server. . . . : 192.168.100.94
> >>> Secondary WINS Server. . . : 192.168.100.87
> >>> Dns Servers. . . . . . . . : 192.168.100.87
> >>> 192.168.100.94
> >>> 192.168.100.77
> >>> AutoConfiguration results. . . . . . : Passed
> >>> Default gateway test . . . : Passed
> >>>
> >>> NetBT name test. . . . . . : Passed
> >>>
> >>> WINS service test. . . . . : Passed
> >>>
> >>> Global results:
> >>>
> >>> Domain membership test . . . . . . : Failed
> >>> [WARNING] Ths system volume has not been completely replicated to
> >>> the
> >>> local
> >>> machine. This machine is not working properly as a DC.
> >>> NetBT transports test. . . . . . . : Passed
> >>> List of NetBt transports currently configured:
> >>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
> >>> 1 NetBt transport currently configured.
> >>> Autonet address test . . . . . . . : Passed
> >>> IP loopback ping test. . . . . . . : Passed
> >>>
> >>> Default gateway test . . . . . . . : Passed
> >>>
> >>> NetBT name test. . . . . . . . . . : Passed
> >>>
> >>> Winsock test . . . . . . . . . . . : Passed
> >>>
> >>> DNS test . . . . . . . . . . . . . : Passed
> >>> [WARNING] Cannot find a primary authoritative DNS server for
> >>> the
> >>> name
> >>> 'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE]
> >>> The name 'dbserver2.ilcuboard.local.' may not be
> >>> registered in
> >>> DNS.
> >>> [WARNING] The DNS entries for this DC are not registered correctly
> >>> on
> >>> DNS se
> >>> rver '192.168.100.87'. Please wait for 30 minutes for DNS server
> >>> replication.
> >>> PASS - All the DNS entries for DC are registered on DNS server
> >>> '192.168.100.
> >>> 94' and other DCs also have some of the names registered.
> >>> [WARNING] The DNS entries for this DC cannot be verified right
> >>> now on
> >>> DNS
> >>> server 192.168.100.77, ERROR_TIMEOUT.
> >>> Redir and Browser test . . . . . . : Passed
> >>> List of NetBt transports currently bound to the Redir
> >>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
> >>> The redir is bound to 1 NetBt transport.
> >>> List of NetBt transports currently bound to the browser
> >>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
> >>> The browser is bound to 1 NetBt transport.
> >>> DC discovery test. . . . . . . . . : Failed
> >>> [FATAL] Cannot find DC in domain 'CUB_DOMAIN'.
> >>> [ERROR_NO_SUCH_DOMAIN]
> >>> DC list test . . . . . . . . . . . : Failed
> >>> 'CUB_DOMAIN': Cannot find DC to get DC list from [test
> >>> skipped].
> >>> Trust relationship test. . . . . . : Skipped
> >>> Kerberos test. . . . . . . . . . . : Skipped
> >>> 'CUB_DOMAIN': Cannot find DC to get DC list from [test
> >>> skipped].
> >>> LDAP test. . . . . . . . . . . . . : Failed
> >>> Cannot find DC to run LDAP tests on. The error occurred was: The
> >>> specified d
> >>> omain either does not exist or could not be contacted.
> >>> [WARNING] Cannot find DC in domain 'CUB_DOMAIN'.
> >>> [ERROR_NO_SUCH_DOMAIN]
> >>> Bindings test. . . . . . . . . . . : Passed
> >>>
> >>> WAN configuration test . . . . . . : Skipped
> >>> No active remote access connections.
> >>> Modem diagnostics test . . . . . . : Passed
> >>> IP Security test . . . . . . . . . : Skipped
> >>>
> >>> Note: run "netsh ipsec dynamic show /?" for more detailed
> >>> information
> >>>
> >>> The command completed successfully
> >>>
> >>> C:\Documents and Settings\Administrator.CUB_DOMAIN>
> >>>
> >>> My plan of action is to do a dcpromo /forceremoval first on the old
> >>> server in directory services restore mode (because I cant boot into
> >>> windows normally)
> >>>
> >>> and then Ill perform a ntdsutil metadata cleanup on the new server
> >>>
> >>> I believe this will resolve my problem but I am not totally sure and

 

[Lem@community.nospam]

Re: DNS/Active Directory Issue

After looking over my posts I noticed that my old server has dhcp service
configured which I never configured we have all ways used static ips, so I
dont know why that is. and our domain uses the netbios name cub_domain.

cubnet.com was that servers old domain ilcuboard.local is the name that is
supposed to be there.

"Lem@community.nospam" wrote:

> Yes the isp's dns server is listed under forwarders
>
> here is the ipconfig/all from the new dc
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : dbserver2
> Primary Dns Suffix . . . . . . . : ilcuboard.local
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ilcuboard.local
>
> Ethernet adapter Local Area Connection 3:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
> Physical Address. . . . . . . . . : 00-14-22-76-40-3B
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.100.94
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.100.1
> DNS Servers . . . . . . . . . . . : 192.168.100.87
> 192.168.100.94
> 192.168.100.77
> Primary WINS Server . . . . . . . : 192.168.100.94
> Secondary WINS Server . . . . . . : 192.168.100.87
>
> C:\Documents and Settings\Administrator.CUB_DOMAIN>
>
> the old dc which is running in directory services restore mode (safe mode)
> ipconfig/all
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : netserver1
> Primary Dns Suffix . . . . . . . : cubnet.com
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : cubnet.com
>
> Ethernet adapter Local Area Connection 2:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> Connection #
> 2
> Physical Address. . . . . . . . . : 00-11-43-EE-19-A2
> DHCP Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> Autoconfiguration IP Address. . . : 169.254.185.58
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.168.100.87
> 192.168.100.94
> Primary WINS Server . . . . . . . : 192.168.100.87
> Secondary WINS Server . . . . . . : 192.168.100.94
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
> Physical Address. . . . . . . . . : 00-11-43-EE-19-A1
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.100.87
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.100.1
> DNS Servers . . . . . . . . . . . : 192.168.100.87
> 192.168.100.94
> Primary WINS Server . . . . . . . : 192.168.100.87
> Secondary WINS Server . . . . . . : 192.168.100.94
>
> C:\Documents and Settings\Administrator.CUB_DOMAIN>
>
> "Meinolf Weber" wrote:
>
> > Hello Lem@community.nospam,
> >
> > To get internet access for the users configure your ISP's DNS server under
> > the server porperties in the DNS management console under the FORWARDERS
> > TAB on the new server.
> >
> > Please post an unedited ipconfig /all from all DC/DNS servers. Do you use
> > AD integrated zones?
> >
> > Best regards
> >
> > Meinolf Weber
> > Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> > no rights.
> > ** Please do NOT email, only reply to Newsgroups
> > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >
> > > Hi Meinolf Weber,
> > >
> > > Yes I did make the new server the new main dns server as well.
> > >
> > > I also configured the clients to use the new server as their dns
> > > servers (added the new server as the Primary DNS server in their NIC
> > > settings).
> > >
> > > I also transferred all 5 of the FSMO roles including global catalog to
> > > the new server.
> > >
> > > The old dc server is still connected to the network.
> > > The old dc server has not been demoted because it will not boot
> > > normally it
> > > gets stuck at active directory is rebuilding indicies and then an
> > > error comes
> > > up which I listed below:
> > > lssas.exe - system error Security Accounts Manager initialization
> > > failed because of the following error: Directory Service cannot start.
> > > Error Status: 0x00002e1
> > >
> > > Also the old dc server is still connected because it is the only way
> > > right now to give users access to the internet.
> > >
> > > Thanks for your replies. Please let me know if their is any other info
> > > I need to provide.
> > >
> > > "Meinolf Weber" wrote:
> > >
> > >> Hello Lem@community.nospam,
> > >>
> > >> Just to get you correct, the old DC is still up and running? Or is it
> > >> shutdown or disconnected? Please describe in detail about.
> > >>
> > >> Did you make the new server DNS server?
> > >>
> > >> Did you reconfigure the clients to use the new DNS server?
> > >>
> > >> Did you move/transfer the 5 FSMO roles to the new one?
> > >>
> > >> Best regards
> > >>
> > >> Meinolf Weber
> > >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> > >> confers
> > >> no rights.
> > >> ** Please do NOT email, only reply to Newsgroups
> > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> > >>> I recently added a new dc that is also the new global catalog
> > >>> server. I was unable to demote the old dc using the dcpromo.
> > >>>
> > >>> I have 2 main problems:
> > >>>
> > >>> 1. Clients are not using the new active directory server, for
> > >>> example i am unable to share documents, cannot add users because I
> > >>> cannot find the ad when trying to change permissions, etc.
> > >>>
> > >>> 2. Clients are also not using the new dns server (which is also the
> > >>> new dc/global catalog server) to access the internet. I know this
> > >>> because everytime I unplug the old dc from the network no one is
> > >>> able to access the internet and they all have the new dns server
> > >>> added to their nic settings as the primary dns server.
> > >>>
> > >>> All addresses are static so there is no dhcp server. Also the dcdiag
> > >>> and netdiag has a bunch of errors:
> > >>>
> > >>> DCDiag Errors Below:
> > >>>
> > >>> Running partition tests on : DomainDnsZones
> > >>> Starting test: CrossRefValidation
> > >>> ......................... DomainDnsZones passed test
> > >>> CrossRefValidation
> > >>> Starting test: CheckSDRefDom
> > >>> ......................... DomainDnsZones passed test
> > >>> CheckSDRefDom
> > >>> Running partition tests on : Schema
> > >>> Starting test: CrossRefValidation
> > >>> ......................... Schema passed test
> > >>> CrossRefValidation
> > >>> Starting test: CheckSDRefDom
> > >>> ......................... Schema passed test CheckSDRefDom
> > >>> Running partition tests on : Configuration
> > >>> Starting test: CrossRefValidation
> > >>> ......................... Configuration passed test
> > >>> CrossRefValidation
> > >>> Starting test: CheckSDRefDom
> > >>> ......................... Configuration passed test
> > >>> CheckSDRefDom
> > >>> Running partition tests on : ilcuboard
> > >>> Starting test: CrossRefValidation
> > >>> ......................... ilcuboard passed test
> > >>> CrossRefValidation
> > >>> Starting test: CheckSDRefDom
> > >>> ......................... ilcuboard passed test CheckSDRefDom
> > >>> Running enterprise tests on : ilcuboard.local
> > >>> Starting test: Intersite
> > >>> ......................... ilcuboard.local passed test
> > >>> Intersite
> > >>> Starting test: FsmoCheck
> > >>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
> > >>> 1355
> > >>> A Global Catalog Server could not be located - All GC's are
> > >>> down.
> > >>> ......................... ilcuboard.local failed test
> > >>> FsmoCheck
> > >>> =====================================================
> > >>> =====================================================
> > >>> My Net Diag Errors are Below:
> > >>>
> > >>> Microsoft Windows [Version 5.2.3790]
> > >>> (C) Copyright 1985-2003 Microsoft Corp.
> > >>> C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag
> > >>> ........................................
> > >>>
> > >>> Computer Name: DBSERVER2
> > >>> DNS Host Name: dbserver2.ilcuboard.local
> > >>> System info : Microsoft Windows Server 2003 R2 (Build 3790)
> > >>> Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
> > >>> List of installed hotfixes :
> > >>> KB909520
> > >>> KB921503
> > >>> KB925398_WMP64
> > >>> KB925876
> > >>> KB925902
> > >>> KB926122
> > >>> KB927891
> > >>> KB928090-IE7
> > >>> KB929123
> > >>> KB929969
> > >>> KB930178
> > >>> KB931768-IE7
> > >>> KB931784
> > >>> KB931836
> > >>> KB932168
> > >>> KB933360
> > >>> KB933566-IE7
> > >>> KB933729
> > >>> KB933854
> > >>> KB935839
> > >>> KB935840
> > >>> KB935966
> > >>> KB936021
> > >>> KB936357
> > >>> KB936782
> > >>> KB937143-IE7
> > >>> KB938127-IE7
> > >>> KB939653-IE7
> > >>> KB941202
> > >>> KB941568
> > >>> KB941569
> > >>> KB941644
> > >>> KB941672
> > >>> KB941693
> > >>> KB942615-IE7
> > >>> KB942763
> > >>> KB942830
> > >>> KB942831
> > >>> KB943055
> > >>> KB943460
> > >>> KB943485
> > >>> KB943729
> > >>> KB944533-IE7
> > >>> KB944653
> > >>> KB945553
> > >>> KB946026
> > >>> KB947864-IE7
> > >>> KB948496
> > >>> KB948590
> > >>> KB948745
> > >>> KB948881
> > >>> KB949014
> > >>> KB950759-IE7
> > >>> KB950760
> > >>> KB950762
> > >>> KB951698
> > >>> Q147222
> > >>> Netcard queries test . . . . . . . : Passed
> > >>> Per interface results:
> > >>>
> > >>> Adapter : Local Area Connection 3
> > >>>
> > >>> Netcard queries test . . . : Passed
> > >>>
> > >>> Host Name. . . . . . . . . : dbserver2
> > >>> IP Address . . . . . . . . : 192.168.100.94
> > >>> Subnet Mask. . . . . . . . : 255.255.255.0
> > >>> Default Gateway. . . . . . : 192.168.100.1
> > >>> Primary WINS Server. . . . : 192.168.100.94
> > >>> Secondary WINS Server. . . : 192.168.100.87
> > >>> Dns Servers. . . . . . . . : 192.168.100.87
> > >>> 192.168.100.94
> > >>> 192.168.100.77
> > >>> AutoConfiguration results. . . . . . : Passed
> > >>> Default gateway test . . . : Passed
> > >>>

 

[Meinolf Weber]

Re: DNS/Active Directory Issue

Hello Lem@community.nospam,

Why are the both servers from different domains? New machine dbserver2 is
ilcuboard.local, old machine netserver1 is cubnet.com???

Please clarify this configuration, did you setup a NEW domain with the new
server? Is the new server maybe a SBS server operating system?

Also if you do not use a NIC on a DC disable it, the second NIC on netserver1
witht 169.254.x.x address.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Yes the isp's dns server is listed under forwarders
>
> here is the ipconfig/all from the new dc
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
> C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : dbserver2
> Primary Dns Suffix . . . . . . . : ilcuboard.local
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ilcuboard.local
> Ethernet adapter Local Area Connection 3:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> Connection
> Physical Address. . . . . . . . . : 00-14-22-76-40-3B
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.100.94
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.100.1
> DNS Servers . . . . . . . . . . . : 192.168.100.87
> 192.168.100.94
> 192.168.100.77
> Primary WINS Server . . . . . . . : 192.168.100.94
> Secondary WINS Server . . . . . . : 192.168.100.87
> C:\Documents and Settings\Administrator.CUB_DOMAIN>
>
> the old dc which is running in directory services restore mode (safe
> mode) ipconfig/all
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
> C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : netserver1
> Primary Dns Suffix . . . . . . . : cubnet.com
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : cubnet.com
> Ethernet adapter Local Area Connection 2:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> Connection #
> 2
> Physical Address. . . . . . . . . : 00-11-43-EE-19-A2
> DHCP Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> Autoconfiguration IP Address. . . : 169.254.185.58
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.168.100.87
> 192.168.100.94
> Primary WINS Server . . . . . . . : 192.168.100.87
> Secondary WINS Server . . . . . . : 192.168.100.94
> NetBIOS over Tcpip. . . . . . . . : Disabled
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> Connection
> Physical Address. . . . . . . . . : 00-11-43-EE-19-A1
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.100.87
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.100.1
> DNS Servers . . . . . . . . . . . : 192.168.100.87
> 192.168.100.94
> Primary WINS Server . . . . . . . : 192.168.100.87
> Secondary WINS Server . . . . . . : 192.168.100.94
> C:\Documents and Settings\Administrator.CUB_DOMAIN>
>
> "Meinolf Weber" wrote:
>
>> Hello Lem@community.nospam,
>>
>> To get internet access for the users configure your ISP's DNS server
>> under the server porperties in the DNS management console under the
>> FORWARDERS TAB on the new server.
>>
>> Please post an unedited ipconfig /all from all DC/DNS servers. Do you
>> use AD integrated zones?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hi Meinolf Weber,
>>>
>>> Yes I did make the new server the new main dns server as well.
>>>
>>> I also configured the clients to use the new server as their dns
>>> servers (added the new server as the Primary DNS server in their NIC
>>> settings).
>>>
>>> I also transferred all 5 of the FSMO roles including global catalog
>>> to the new server.
>>>
>>> The old dc server is still connected to the network.
>>> The old dc server has not been demoted because it will not boot
>>> normally it
>>> gets stuck at active directory is rebuilding indicies and then an
>>> error comes
>>> up which I listed below:
>>> lssas.exe - system error Security Accounts Manager initialization
>>> failed because of the following error: Directory Service cannot
>>> start.
>>> Error Status: 0x00002e1
>>> Also the old dc server is still connected because it is the only way
>>> right now to give users access to the internet.
>>>
>>> Thanks for your replies. Please let me know if their is any other
>>> info I need to provide.
>>>
>>> "Meinolf Weber" wrote:
>>>
>>>> Hello Lem@community.nospam,
>>>>
>>>> Just to get you correct, the old DC is still up and running? Or is
>>>> it shutdown or disconnected? Please describe in detail about.
>>>>
>>>> Did you make the new server DNS server?
>>>>
>>>> Did you reconfigure the clients to use the new DNS server?
>>>>
>>>> Did you move/transfer the 5 FSMO roles to the new one?
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> I recently added a new dc that is also the new global catalog
>>>>> server. I was unable to demote the old dc using the dcpromo.
>>>>>
>>>>> I have 2 main problems:
>>>>>
>>>>> 1. Clients are not using the new active directory server, for
>>>>> example i am unable to share documents, cannot add users because I
>>>>> cannot find the ad when trying to change permissions, etc.
>>>>>
>>>>> 2. Clients are also not using the new dns server (which is also
>>>>> the new dc/global catalog server) to access the internet. I know
>>>>> this because everytime I unplug the old dc from the network no one
>>>>> is able to access the internet and they all have the new dns
>>>>> server added to their nic settings as the primary dns server.
>>>>>
>>>>> All addresses are static so there is no dhcp server. Also the
>>>>> dcdiag and netdiag has a bunch of errors:
>>>>>
>>>>> DCDiag Errors Below:
>>>>>
>>>>> Running partition tests on : DomainDnsZones
>>>>> Starting test: CrossRefValidation
>>>>> ......................... DomainDnsZones passed test
>>>>> CrossRefValidation
>>>>> Starting test: CheckSDRefDom
>>>>> ......................... DomainDnsZones passed test
>>>>> CheckSDRefDom
>>>>> Running partition tests on : Schema
>>>>> Starting test: CrossRefValidation
>>>>> ......................... Schema passed test
>>>>> CrossRefValidation
>>>>> Starting test: CheckSDRefDom
>>>>> ......................... Schema passed test CheckSDRefDom
>>>>> Running partition tests on : Configuration
>>>>> Starting test: CrossRefValidation
>>>>> ......................... Configuration passed test
>>>>> CrossRefValidation
>>>>> Starting test: CheckSDRefDom
>>>>> ......................... Configuration passed test
>>>>> CheckSDRefDom
>>>>> Running partition tests on : ilcuboard
>>>>> Starting test: CrossRefValidation
>>>>> ......................... ilcuboard passed test
>>>>> CrossRefValidation
>>>>> Starting test: CheckSDRefDom
>>>>> ......................... ilcuboard passed test CheckSDRefDom
>>>>> Running enterprise tests on : ilcuboard.local
>>>>> Starting test: Intersite
>>>>> ......................... ilcuboard.local passed test
>>>>> Intersite
>>>>> Starting test: FsmoCheck
>>>>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
>>>>> 1355
>>>>> A Global Catalog Server could not be located - All GC's are
>>>>> down.
>>>>> ......................... ilcuboard.local failed test
>>>>> FsmoCheck
>>>>> =====================================================
>>>>> =====================================================
>>>>> My Net Diag Errors are Below:
>>>>> Microsoft Windows [Version 5.2.3790]
>>>>> (C) Copyright 1985-2003 Microsoft Corp.
>>>>> C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag
>>>>> ........................................
>>>>> Computer Name: DBSERVER2
>>>>> DNS Host Name: dbserver2.ilcuboard.local
>>>>> System info : Microsoft Windows Server 2003 R2 (Build 3790)
>>>>> Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
>>>>> List of installed hotfixes :
>>>>> KB909520
>>>>> KB921503
>>>>> KB925398_WMP64
>>>>> KB925876
>>>>> KB925902
>>>>> KB926122
>>>>> KB927891
>>>>> KB928090-IE7
>>>>> KB929123
>>>>> KB929969
>>>>> KB930178
>>>>> KB931768-IE7
>>>>> KB931784
>>>>> KB931836
>>>>> KB932168
>>>>> KB933360
>>>>> KB933566-IE7
>>>>> KB933729
>>>>> KB933854
>>>>> KB935839
>>>>> KB935840
>>>>> KB935966
>>>>> KB936021
>>>>> KB936357
>>>>> KB936782
>>>>> KB937143-IE7
>>>>> KB938127-IE7
>>>>> KB939653-IE7
>>>>> KB941202
>>>>> KB941568
>>>>> KB941569
>>>>> KB941644
>>>>> KB941672
>>>>> KB941693
>>>>> KB942615-IE7
>>>>> KB942763
>>>>> KB942830
>>>>> KB942831
>>>>> KB943055
>>>>> KB943460
>>>>> KB943485
>>>>> KB943729
>>>>> KB944533-IE7
>>>>> KB944653
>>>>> KB945553
>>>>> KB946026
>>>>> KB947864-IE7
>>>>> KB948496
>>>>> KB948590
>>>>> KB948745
>>>>> KB948881
>>>>> KB949014
>>>>> KB950759-IE7
>>>>> KB950760
>>>>> KB950762
>>>>> KB951698
>>>>> Q147222
>>>>> Netcard queries test . . . . . . . : Passed
>>>>> Per interface results:
>>>>> Adapter : Local Area Connection 3
>>>>>
>>>>> Netcard queries test . . . : Passed
>>>>>
>>>>> Host Name. . . . . . . . . : dbserver2
>>>>> IP Address . . . . . . . . : 192.168.100.94
>>>>> Subnet Mask. . . . . . . . : 255.255.255.0
>>>>> Default Gateway. . . . . . : 192.168.100.1
>>>>> Primary WINS Server. . . . : 192.168.100.94
>>>>> Secondary WINS Server. . . : 192.168.100.87
>>>>> Dns Servers. . . . . . . . : 192.168.100.87
>>>>> 192.168.100.94
>>>>> 192.168.100.77
>>>>> AutoConfiguration results. . . . . . : Passed
>>>>> Default gateway test . . . : Passed
>>>>> NetBT name test. . . . . . : Passed
>>>>>
>>>>> WINS service test. . . . . : Passed
>>>>>
>>>>> Global results:
>>>>>
>>>>> Domain membership test . . . . . . : Failed
>>>>> [WARNING] Ths system volume has not been completely replicated to
>>>>> the
>>>>> local
>>>>> machine. This machine is not working properly as a DC.
>>>>> NetBT transports test. . . . . . . : Passed
>>>>> List of NetBt transports currently configured:
>>>>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
>>>>> 1 NetBt transport currently configured.
>>>>> Autonet address test . . . . . . . : Passed
>>>>> IP loopback ping test. . . . . . . : Passed
>>>>> Default gateway test . . . . . . . : Passed
>>>>>
>>>>> NetBT name test. . . . . . . . . . : Passed
>>>>>
>>>>> Winsock test . . . . . . . . . . . : Passed
>>>>>
>>>>> DNS test . . . . . . . . . . . . . : Passed
>>>>> [WARNING] Cannot find a primary authoritative DNS server for
>>>>> the
>>>>> name
>>>>> 'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE]
>>>>> The name 'dbserver2.ilcuboard.local.' may not be
>>>>> registered in
>>>>> DNS.
>>>>> [WARNING] The DNS entries for this DC are not registered correctly
>>>>> on
>>>>> DNS se
>>>>> rver '192.168.100.87'. Please wait for 30 minutes for DNS server
>>>>> replication.
>>>>> PASS - All the DNS entries for DC are registered on DNS server
>>>>> '192.168.100.
>>>>> 94' and other DCs also have some of the names registered.
>>>>> [WARNING] The DNS entries for this DC cannot be verified right
>>>>> now on
>>>>> DNS
>>>>> server 192.168.100.77, ERROR_TIMEOUT.
>>>>> Redir and Browser test . . . . . . : Passed
>>>>> List of NetBt transports currently bound to the Redir
>>>>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
>>>>> The redir is bound to 1 NetBt transport.
>>>>> List of NetBt transports currently bound to the browser
>>>>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C}
>>>>> The browser is bound to 1 NetBt transport.
>>>>> DC discovery test. . . . . . . . . : Failed
>>>>> [FATAL] Cannot find DC in domain 'CUB_DOMAIN'.
>>>>> [ERROR_NO_SUCH_DOMAIN]
>>>>> DC list test . . . . . . . . . . . : Failed
>>>>> 'CUB_DOMAIN': Cannot find DC to get DC list from [test
>>>>> skipped].
>>>>> Trust relationship test. . . . . . : Skipped
>>>>> Kerberos test. . . . . . . . . . . : Skipped
>>>>> 'CUB_DOMAIN': Cannot find DC to get DC list from [test
>>>>> skipped].
>>>>> LDAP test. . . . . . . . . . . . . : Failed
>>>>> Cannot find DC to run LDAP tests on. The error occurred was: The
>>>>> specified d
>>>>> omain either does not exist or could not be contacted.
>>>>> [WARNING] Cannot find DC in domain 'CUB_DOMAIN'.
>>>>> [ERROR_NO_SUCH_DOMAIN]
>>>>> Bindings test. . . . . . . . . . . : Passed
>>>>> WAN configuration test . . . . . . : Skipped
>>>>> No active remote access connections.
>>>>> Modem diagnostics test . . . . . . : Passed
>>>>> IP Security test . . . . . . . . . : Skipped
>>>>> Note: run "netsh ipsec dynamic show /?" for more detailed
>>>>> information
>>>>>
>>>>> The command completed successfully
>>>>>
>>>>> C:\Documents and Settings\Administrator.CUB_DOMAIN>
>>>>>
>>>>> My plan of action is to do a dcpromo /forceremoval first on the
>>>>> old server in directory services restore mode (because I cant boot
>>>>> into windows normally)
>>>>>
>>>>> and then Ill perform a ntdsutil metadata cleanup on the new server
>>>>>
>>>>> I believe this will resolve my problem but I am not totally sure
>>>>> and
>>>>>

 

[Lem@community.nospam]

Re: DNS/Active Directory Issue

The servers are actually not in different domains I believe this happened
because I renamed the domain from cubnet.com to ilcuboard.local about 4 years
ago.

I renamed the domain from cubnet.com to ilcuboard.local because cubnet.com
caused problems with some internet sites. Our domain is only accessible
locally so I had to rename the domain to ilcuboard.local. But during that
process the old dc kept the old cubnet.com suffix but it still operated
without major problems with this setup.

I will also disable all inactive nics, thanks for the tip.

"Meinolf Weber" wrote:

> Hello Lem@community.nospam,
>
> Why are the both servers from different domains? New machine dbserver2 is
> ilcuboard.local, old machine netserver1 is cubnet.com???
>
> Please clarify this configuration, did you setup a NEW domain with the new
> server? Is the new server maybe a SBS server operating system?
>
> Also if you do not use a NIC on a DC disable it, the second NIC on netserver1
> witht 169.254.x.x address.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
> > Yes the isp's dns server is listed under forwarders
> >
> > here is the ipconfig/all from the new dc
> >
> > Microsoft Windows [Version 5.2.3790]
> > (C) Copyright 1985-2003 Microsoft Corp.
> > C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all
> >
> > Windows IP Configuration
> >
> > Host Name . . . . . . . . . . . . : dbserver2
> > Primary Dns Suffix . . . . . . . : ilcuboard.local
> > Node Type . . . . . . . . . . . . : Hybrid
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : ilcuboard.local
> > Ethernet adapter Local Area Connection 3:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> > Connection
> > Physical Address. . . . . . . . . : 00-14-22-76-40-3B
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 192.168.100.94
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > Default Gateway . . . . . . . . . : 192.168.100.1
> > DNS Servers . . . . . . . . . . . : 192.168.100.87
> > 192.168.100.94
> > 192.168.100.77
> > Primary WINS Server . . . . . . . : 192.168.100.94
> > Secondary WINS Server . . . . . . : 192.168.100.87
> > C:\Documents and Settings\Administrator.CUB_DOMAIN>
> >
> > the old dc which is running in directory services restore mode (safe
> > mode) ipconfig/all
> >
> > Microsoft Windows [Version 5.2.3790]
> > (C) Copyright 1985-2003 Microsoft Corp.
> > C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all
> >
> > Windows IP Configuration
> >
> > Host Name . . . . . . . . . . . . : netserver1
> > Primary Dns Suffix . . . . . . . : cubnet.com
> > Node Type . . . . . . . . . . . . : Hybrid
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : cubnet.com
> > Ethernet adapter Local Area Connection 2:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> > Connection #
> > 2
> > Physical Address. . . . . . . . . : 00-11-43-EE-19-A2
> > DHCP Enabled. . . . . . . . . . . : Yes
> > Autoconfiguration Enabled . . . . : Yes
> > Autoconfiguration IP Address. . . : 169.254.185.58
> > Subnet Mask . . . . . . . . . . . : 255.255.0.0
> > Default Gateway . . . . . . . . . :
> > DNS Servers . . . . . . . . . . . : 192.168.100.87
> > 192.168.100.94
> > Primary WINS Server . . . . . . . : 192.168.100.87
> > Secondary WINS Server . . . . . . : 192.168.100.94
> > NetBIOS over Tcpip. . . . . . . . : Disabled
> > Ethernet adapter Local Area Connection:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> > Connection
> > Physical Address. . . . . . . . . : 00-11-43-EE-19-A1
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 192.168.100.87
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > Default Gateway . . . . . . . . . : 192.168.100.1
> > DNS Servers . . . . . . . . . . . : 192.168.100.87
> > 192.168.100.94
> > Primary WINS Server . . . . . . . : 192.168.100.87
> > Secondary WINS Server . . . . . . : 192.168.100.94
> > C:\Documents and Settings\Administrator.CUB_DOMAIN>
> >
> > "Meinolf Weber" wrote:
> >
> >> Hello Lem@community.nospam,
> >>
> >> To get internet access for the users configure your ISP's DNS server
> >> under the server porperties in the DNS management console under the
> >> FORWARDERS TAB on the new server.
> >>
> >> Please post an unedited ipconfig /all from all DC/DNS servers. Do you
> >> use AD integrated zones?
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> Hi Meinolf Weber,
> >>>
> >>> Yes I did make the new server the new main dns server as well.
> >>>
> >>> I also configured the clients to use the new server as their dns
> >>> servers (added the new server as the Primary DNS server in their NIC
> >>> settings).
> >>>
> >>> I also transferred all 5 of the FSMO roles including global catalog
> >>> to the new server.
> >>>
> >>> The old dc server is still connected to the network.
> >>> The old dc server has not been demoted because it will not boot
> >>> normally it
> >>> gets stuck at active directory is rebuilding indicies and then an
> >>> error comes
> >>> up which I listed below:
> >>> lssas.exe - system error Security Accounts Manager initialization
> >>> failed because of the following error: Directory Service cannot
> >>> start.
> >>> Error Status: 0x00002e1
> >>> Also the old dc server is still connected because it is the only way
> >>> right now to give users access to the internet.
> >>>
> >>> Thanks for your replies. Please let me know if their is any other
> >>> info I need to provide.
> >>>
> >>> "Meinolf Weber" wrote:
> >>>
> >>>> Hello Lem@community.nospam,
> >>>>
> >>>> Just to get you correct, the old DC is still up and running? Or is
> >>>> it shutdown or disconnected? Please describe in detail about.
> >>>>
> >>>> Did you make the new server DNS server?
> >>>>
> >>>> Did you reconfigure the clients to use the new DNS server?
> >>>>
> >>>> Did you move/transfer the 5 FSMO roles to the new one?
> >>>>
> >>>> Best regards
> >>>>
> >>>> Meinolf Weber
> >>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>> and
> >>>> confers
> >>>> no rights.
> >>>> ** Please do NOT email, only reply to Newsgroups
> >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>> I recently added a new dc that is also the new global catalog
> >>>>> server. I was unable to demote the old dc using the dcpromo.
> >>>>>
> >>>>> I have 2 main problems:
> >>>>>
> >>>>> 1. Clients are not using the new active directory server, for
> >>>>> example i am unable to share documents, cannot add users because I
> >>>>> cannot find the ad when trying to change permissions, etc.
> >>>>>
> >>>>> 2. Clients are also not using the new dns server (which is also
> >>>>> the new dc/global catalog server) to access the internet. I know
> >>>>> this because everytime I unplug the old dc from the network no one
> >>>>> is able to access the internet and they all have the new dns
> >>>>> server added to their nic settings as the primary dns server.
> >>>>>
> >>>>> All addresses are static so there is no dhcp server. Also the
> >>>>> dcdiag and netdiag has a bunch of errors:
> >>>>>
> >>>>> DCDiag Errors Below:
> >>>>>
> >>>>> Running partition tests on : DomainDnsZones
> >>>>> Starting test: CrossRefValidation
> >>>>> ......................... DomainDnsZones passed test
> >>>>> CrossRefValidation
> >>>>> Starting test: CheckSDRefDom
> >>>>> ......................... DomainDnsZones passed test
> >>>>> CheckSDRefDom
> >>>>> Running partition tests on : Schema
> >>>>> Starting test: CrossRefValidation
> >>>>> ......................... Schema passed test
> >>>>> CrossRefValidation
> >>>>> Starting test: CheckSDRefDom
> >>>>> ......................... Schema passed test CheckSDRefDom
> >>>>> Running partition tests on : Configuration
> >>>>> Starting test: CrossRefValidation
> >>>>> ......................... Configuration passed test
> >>>>> CrossRefValidation
> >>>>> Starting test: CheckSDRefDom
> >>>>> ......................... Configuration passed test
> >>>>> CheckSDRefDom
> >>>>> Running partition tests on : ilcuboard
> >>>>> Starting test: CrossRefValidation
> >>>>> ......................... ilcuboard passed test
> >>>>> CrossRefValidation
> >>>>> Starting test: CheckSDRefDom
> >>>>> ......................... ilcuboard passed test CheckSDRefDom
> >>>>> Running enterprise tests on : ilcuboard.local
> >>>>> Starting test: Intersite
> >>>>> ......................... ilcuboard.local passed test
> >>>>> Intersite
> >>>>> Starting test: FsmoCheck
> >>>>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
> >>>>> 1355
> >>>>> A Global Catalog Server could not be located - All GC's are
> >>>>> down.
> >>>>> ......................... ilcuboard.local failed test
> >>>>> FsmoCheck
> >>>>> =====================================================
> >>>>> =====================================================
> >>>>> My Net Diag Errors are Below:
> >>>>> Microsoft Windows [Version 5.2.3790]
> >>>>> (C) Copyright 1985-2003 Microsoft Corp.
> >>>>> C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag
> >>>>> ........................................
> >>>>> Computer Name: DBSERVER2
> >>>>> DNS Host Name: dbserver2.ilcuboard.local
> >>>>> System info : Microsoft Windows Server 2003 R2 (Build 3790)
> >>>>> Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
> >>>>> List of installed hotfixes :
> >>>>> KB909520
> >>>>> KB921503
> >>>>> KB925398_WMP64
> >>>>> KB925876
> >>>>> KB925902
> >>>>> KB926122
> >>>>> KB927891
> >>>>> KB928090-IE7
> >>>>> KB929123
> >>>>> KB929969
> >>>>> KB930178
> >>>>> KB931768-IE7
> >>>>> KB931784
> >>>>> KB931836
> >>>>> KB932168
> >>>>> KB933360
> >>>>> KB933566-IE7
> >>>>> KB933729
> >>>>> KB933854
> >>>>> KB935839
> >>>>> KB935840
> >>>>> KB935966
> >>>>> KB936021
> >>>>> KB936357
> >>>>> KB936782
> >>>>> KB937143-IE7
> >>>>> KB938127-IE7
> >>>>> KB939653-IE7
> >>>>> KB941202
> >>>>> KB941568
> >>>>> KB941569
> >>>>> KB941644
> >>>>> KB941672
> >>>>> KB941693
> >>>>> KB942615-IE7
> >>>>> KB942763
> >>>>> KB942830
> >>>>> KB942831
> >>>>> KB943055
> >>>>> KB943460
> >>>>> KB943485
> >>>>> KB943729
> >>>>> KB944533-IE7
> >>>>> KB944653
> >>>>> KB945553
> >>>>> KB946026
> >>>>> KB947864-IE7
> >>>>> KB948496
> >>>>> KB948590
> >>>>> KB948745
> >>>>> KB948881
> >>>>> KB949014
> >>>>> KB950759-IE7
> >>>>> KB950760
> >>>>> KB950762
> >>>>> KB951698
> >>>>> Q147222
> >>>>> Netcard queries test . . . . . . . : Passed
> >>>>> Per interface results:
> >>>>> Adapter : Local Area Connection 3
> >>>>>
> >>>>> Netcard queries test . . . : Passed
> >>>>>

 

[David Shen [MSFT]]

RE: DNS/Active Directory Issue

Hello Lem,

Thank you for posting here.

According to description, my understanding of the problematic system
environment is as followed. If I have any misunderstanding, please feel
free to let me know.

Scenario:
==========

Old DC:
Host Name . . . . . . . . . . . . : netserver1
IP Address. . . . . . . . . . . . : 192.168.100.87
Primary Dns Suffix . . . . . . . : cubnet.com

New DC:
Host Name. . . . . . . . . : dbserver2
IP Address . . . . . . . . : 192.168.100.94
Primary Dns Suffix . . . . . . . : ilcuboard.local

Current domain name: ilcuboard.local

Based on the experience, here is some information which may be helpful for
you.

Analysis and Suggestion:
=====================

1. Please try to change to "Primary DNS suffix" of Old DC "netserver1" to
"ilcuboard.local"

2. Can you tell me if the DNS lookup zone type is "Active Directory
Integrated" on all the DNS servers? If not, please change the type to "
Active Directory Integrated"

3. After you change the DNS lookup zone type, please adjust the DNS servers
sequence in the NIC configuration of all the DCs and the domain clients.

The DNS servers sequence is as followed.

Primary DNS Server: 192.168.100.94
Secondary DNS Server: 192.168.100.87
Third DNS Server: 192.168.100.77

4. Please check on the new DC dbserver2 to see if the DNS zone
"ilcuboard.local" is created; meanwhile, please let me know how you renamed
the domain.

5. To verify all the domain clients can access the Internet, please enable
Forwarder on the Primary DNS Server and make it point to the ISP DNS server.

6. Afterwards, please clear cache on all the DNS servers

7. Then, you may run "net stop netlogon" and then run "net start netlogon"
on all the domain controllers to manually register the SRV records in the
DNS database.

Please note: before you restart the netlogon service, please verify all the
Primary DNS suffix of all the domain controller is "ilcuboard.local" (the
same as the current domain name)

8. After that, please check if the issue will re-occur.

Since the issue is little complex and it may need a rather long period of
troubleshooting. If the issue is important or urgent to you, I would like
to suggest that you contact Microsoft Product Support Services via
telephone so that a dedicated Support Professional can assist with this
request.

To obtain the phone numbers for specific technology request please take a
look at the web site listed below.

http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS

If you are outside the US please see http://support.microsoft.com for
regional support phone numbers.

Hope the issue will be resolved soon.

David Shen
Microsoft Online Partner Support

 

[David Shen [MSFT]]

RE: DNS/Active Directory Issue

Hello Lem,

How's everything going?

I'm wondering if the suggestion has helped or if you have any further
questions. Please feel free to respond to the newsgroups if I can assist
further.

David Shen
Microsoft Online Partner Support

 

[Lem@community.nospam]

RE: DNS/Active Directory Issue

Hi David,

I've been following all the suggestions in this thread and was able to
rebuild the network without losing all of my ad objects and the dns was the
key.

But the problem is not totally solved yet I have my main zone created
ilcuboard.local and I cannot create a new zone on the rebuilt dns server. I
rebuilt it with the same name and ip address of the failed ad/dns server. The
error is "the zone cannot be created. there was a server failure."

also running a netdiag /fix returns the following results:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Connectivity
......................... NETSERVER1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Replications
......................... NETSERVER1 passed test Replications
Starting test: NCSecDesc
......................... NETSERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... NETSERVER1 passed test NetLogons
Starting test: Advertising
......................... NETSERVER1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NETSERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NETSERVER1 passed test RidManager
Starting test: MachineAccount
......................... NETSERVER1 passed test MachineAccount
Starting test: Services
......................... NETSERVER1 passed test Services
Starting test: ObjectsReplicated
......................... NETSERVER1 passed test ObjectsReplicated
Starting test: frssysvol
......................... NETSERVER1 passed test frssysvol
Starting test: frsevent
......................... NETSERVER1 passed test frsevent
Starting test: kccevent
......................... NETSERVER1 passed test kccevent
Starting test: systemlog
......................... NETSERVER1 passed test systemlog
Starting test: VerifyReferences
......................... NETSERVER1 passed test VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : ilcuboard
Starting test: CrossRefValidation
......................... ilcuboard passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ilcuboard passed test CheckSDRefDom

Running enterprise tests on : ilcuboard.local
Starting test: Intersite
......................... ilcuboard.local passed test Intersite
Starting test: FsmoCheck
......................... ilcuboard.local passed test FsmoCheck

C:\Documents and Settings\Administrator.CUB_DOMAIN>





Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag /fix

........................................

Computer Name: NETSERVER1
DNS Host Name: netserver1.ilcuboard.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB924667-v2
KB925398_WMP64
KB925876
KB925902
KB926122
KB927891
KB929123
KB930178
KB931784
KB932168
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB938127
KB938127-IE7
KB941202
KB941569
KB941644
KB941672
KB941693
KB942763
KB943055
KB943460
KB943485
KB943729
KB944338
KB944653
KB945553
KB946026
KB948496
KB948590
KB949014
KB950759
KB950759-IE7
KB950760
KB950762
KB951698
KB951746
KB951748
Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : netserver1
IP Address . . . . . . . . : 192.168.100.87
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.100.1
Primary WINS Server. . . . : 192.168.100.87
Dns Servers. . . . . . . . : 192.168.100.87
192.168.100.94
192.168.100.77


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry cubnet.com. re-registeration on DNS
serv
er '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.cubnet.com.
re-registeration
on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.cubnet.com. re-registeration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.cubnet.com.
re-regi
steration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87'
failed.

DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.e7181c48-3613-4666-8bb6-10ddc
90a40a3.domains._msdcs.cubnet.com. re-registeration on DNS server
'192.168.100.8
7' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry gc._msdcs.cubnet.com.
re-registeration o
n DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
827c49b4-9a34-4c00-a2fe-c9048d23e005._ms
dcs.cubnet.com. re-registeration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.cubnet.com.
re-
registeration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87'
fail
ed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.cubnet.com.
re-regi
steration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87'
failed.

DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.cubnet.com.
re-registerat
ion on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.cubnet.com. re-registeration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _gc._tcp.cubnet.com.
re-registeration on
DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_gc._tcp.Default-First-Site-Name._sites.
cubnet.com. re-registeration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.cubnet.com.
re-registerat
ion on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.cubnet.com.
re-registerati
on on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.cubnet.com.
re-registerati
on on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries
for th
is DC on DNS server '192.168.100.87'.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'CUB_DOMAIN' is to '\\mserver1.ilcuboard.local'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Documents and Settings\Administrator.CUB_DOMAIN>

the cubnet.com errors are referring to the previous ad/dns server that was
rebuilt with the same name and ip.

the ipconfig/all returns:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : netserver1
Primary Dns Suffix . . . . . . . : ilcuboard.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ilcuboard.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection #
2
Physical Address. . . . . . . . . : 00-11-43-EE-19-A1
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.87
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 192.168.100.87
192.168.100.94
192.168.100.77
Primary WINS Server . . . . . . . : 192.168.100.87

C:\Documents and Settings\Administrator.CUB_DOMAIN>

Do you all have any suggestions on how to resolve this issue?




"David Shen [MSFT]" wrote:

> Hello Lem,
>
> How's everything going?
>
> I'm wondering if the suggestion has helped or if you have any further
> questions. Please feel free to respond to the newsgroups if I can assist
> further.
>
> David Shen
> Microsoft Online Partner Support
>
>

 

[Lem@community.nospam]

RE: DNS/Active Directory Issue

Also to provide more information all of the suggestions are coming in handy,

so my current domain is ad integrated on both servers. the main server is
the netserver1.ilcuboard.local and the backup will be mserver1.ilcuboard.local

Netserver1 was was rebuilt by wiping replacing the hardrive that crashed
then reinstalling without the new name of netserver1.ilcuboard.local instead
of netserver1.cubnet.com which was the old suffix.

The netserver1 is not currently the primary dc the primary is mserver1 which
will be changed once I figure out this last part of getting rid of the
remains of the cubnet.com suffix and being able to create new zones on the
netserver1 which i want to be my primary again.

I also demoted dbserver2 back to member server status.

all the clients can access the internet and the shared folders work now so i
am almost completely done with this problem once i figure out how to get rid
of the problems i mentioned above.

Please let me know if there is any other information needed.

"Lem@community.nospam" wrote:

> Hi David,
>
> I've been following all the suggestions in this thread and was able to
> rebuild the network without losing all of my ad objects and the dns was the
> key.
>
> But the problem is not totally solved yet I have my main zone created
> ilcuboard.local and I cannot create a new zone on the rebuilt dns server. I
> rebuilt it with the same name and ip address of the failed ad/dns server. The
> error is "the zone cannot be created. there was a server failure."
>
> also running a netdiag /fix returns the following results:
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag /fix
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\NETSERVER1
> Starting test: Connectivity
> ......................... NETSERVER1 passed test Connectivity
>
> Doing primary tests
>
> Testing server: Default-First-Site-Name\NETSERVER1
> Starting test: Replications
> ......................... NETSERVER1 passed test Replications
> Starting test: NCSecDesc
> ......................... NETSERVER1 passed test NCSecDesc
> Starting test: NetLogons
> ......................... NETSERVER1 passed test NetLogons
> Starting test: Advertising
> ......................... NETSERVER1 passed test Advertising
> Starting test: KnowsOfRoleHolders
> ......................... NETSERVER1 passed test KnowsOfRoleHolders
> Starting test: RidManager
> ......................... NETSERVER1 passed test RidManager
> Starting test: MachineAccount
> ......................... NETSERVER1 passed test MachineAccount
> Starting test: Services
> ......................... NETSERVER1 passed test Services
> Starting test: ObjectsReplicated
> ......................... NETSERVER1 passed test ObjectsReplicated
> Starting test: frssysvol
> ......................... NETSERVER1 passed test frssysvol
> Starting test: frsevent
> ......................... NETSERVER1 passed test frsevent
> Starting test: kccevent
> ......................... NETSERVER1 passed test kccevent
> Starting test: systemlog
> ......................... NETSERVER1 passed test systemlog
> Starting test: VerifyReferences
> ......................... NETSERVER1 passed test VerifyReferences
>
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
>
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test CheckSDRefDom
>
> Running partition tests on : ilcuboard
> Starting test: CrossRefValidation
> ......................... ilcuboard passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... ilcuboard passed test CheckSDRefDom
>
> Running enterprise tests on : ilcuboard.local
> Starting test: Intersite
> ......................... ilcuboard.local passed test Intersite
> Starting test: FsmoCheck
> ......................... ilcuboard.local passed test FsmoCheck
>
> C:\Documents and Settings\Administrator.CUB_DOMAIN>
>
>
>
>
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag /fix
>
> .......................................
>
> Computer Name: NETSERVER1
> DNS Host Name: netserver1.ilcuboard.local
> System info : Microsoft Windows Server 2003 (Build 3790)
> Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
> List of installed hotfixes :
> KB924667-v2
> KB925398_WMP64
> KB925876
> KB925902
> KB926122
> KB927891
> KB929123
> KB930178
> KB931784
> KB932168
> KB933729
> KB933854
> KB935839
> KB935840
> KB936021
> KB936357
> KB936782
> KB938127
> KB938127-IE7
> KB941202
> KB941569
> KB941644
> KB941672
> KB941693
> KB942763
> KB943055
> KB943460
> KB943485
> KB943729
> KB944338
> KB944653
> KB945553
> KB946026
> KB948496
> KB948590
> KB949014
> KB950759
> KB950759-IE7
> KB950760
> KB950762
> KB951698
> KB951746
> KB951748
> Q147222
>
>
> Netcard queries test . . . . . . . : Passed
>
>
>
> Per interface results:
>
> Adapter : Local Area Connection
>
> Netcard queries test . . . : Passed
>
> Host Name. . . . . . . . . : netserver1
> IP Address . . . . . . . . : 192.168.100.87
> Subnet Mask. . . . . . . . : 255.255.255.0
> Default Gateway. . . . . . : 192.168.100.1
> Primary WINS Server. . . . : 192.168.100.87
> Dns Servers. . . . . . . . : 192.168.100.87
> 192.168.100.94
> 192.168.100.77
>
>
> AutoConfiguration results. . . . . . : Passed
>
> Default gateway test . . . : Passed
>
> NetBT name test. . . . . . : Passed
>
> WINS service test. . . . . : Passed
>
>
> Global results:
>
>
> Domain membership test . . . . . . : Passed
>
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
> 1 NetBt transport currently configured.
>
>
> Autonet address test . . . . . . . : Passed
>
>
> IP loopback ping test. . . . . . . : Passed
>
>
> Default gateway test . . . . . . . : Passed
>
>
> NetBT name test. . . . . . . . . . : Passed
>
>
> Winsock test . . . . . . . . . . . : Passed
>
>
> DNS test . . . . . . . . . . . . . : Failed
> [FATAL] Failed to fix: DC DNS entry cubnet.com. re-registeration on DNS
> serv
> er '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry _ldap._tcp.cubnet.com.
> re-registeration
> on DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.Default-First-Site-Name._site
> s.cubnet.com. re-registeration on DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.cubnet.com.
> re-regi
> steration on DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.Default-First-Site-Name._site
> s.gc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87'
> failed.
>
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.e7181c48-3613-4666-8bb6-10ddc
> 90a40a3.domains._msdcs.cubnet.com. re-registeration on DNS server
> '192.168.100.8
> 7' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry gc._msdcs.cubnet.com.
> re-registeration o
> n DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry
> 827c49b4-9a34-4c00-a2fe-c9048d23e005._ms
> dcs.cubnet.com. re-registeration on DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.cubnet.com.
> re-
> registeration on DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry
> _kerberos._tcp.Default-First-Site-Name._
> sites.dc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87'
> fail
> ed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.cubnet.com.
> re-regi
> steration on DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.Default-First-Site-Name._site
> s.dc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87'
> failed.
>
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.cubnet.com.
> re-registerat
> ion on DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry
> _kerberos._tcp.Default-First-Site-Name._
> sites.cubnet.com. re-registeration on DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry _gc._tcp.cubnet.com.
> re-registeration on
> DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry
> _gc._tcp.Default-First-Site-Name._sites.
> cubnet.com. re-registeration on DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry _kerberos._udp.cubnet.com.
> re-registerat
> ion on DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.cubnet.com.
> re-registerati
> on on DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.cubnet.com.
> re-registerati
> on on DNS server '192.168.100.87' failed.
> DNS Error code: 0x00002339
> [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries
> for th
> is DC on DNS server '192.168.100.87'.
> [FATAL] No DNS servers have the DNS records for this DC registered.
>
>
> Redir and Browser test . . . . . . : Passed
> List of NetBt transports currently bound to the Redir
> NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}

 

[David Shen [MSFT]]

RE: DNS/Active Directory Issue

Hello Lem,

Thanks for the reply.

Based on the research of the message that you provided with me. I found
that all the SRV resource records cannot be registered on the
'192.168.100.87'(netserver1). To further troubleshoot the issue, please
follow the steps to check if it still exists.

1. please verify the Primary DNS suffix of the DC (netserver1) is
"ilcuboard.local" and the domain name on the DC is also "ilcuboard.local"

2. please also verify that the DNS domain name is "ilcuboard.local" and
the DNS lookup zone type is "Active Directory Integrated"

3. Afterwards, please run "net stop netlogon" and then run "net start
netlogon" on the DC (netserver1) to manually register the SRV records in
the
DNS database.

Hope it helps.

David Shen
Microsoft Online Partner Support

 

[Lem@community.nospam]

RE: DNS/Active Directory Issue

Hi David,

I verified that the primary dns suffix on the dc is ilcuboard.local and
verified that the dns server has the ilcuboard.local suffix in its computer
name.

To verify that the zone is active directory integrated i checked the
properties of the ilcuboard.local zone and under the general tab, replication
not an active directory integrated zone is greyed out.

I also ran the net stop/start netlogon commands. I dont know if the error i
get when trying to create a new zone "the zone cannot be created. there was a
server failure." has to do with anything but i am only able to create a
secondary zone for reverse zone which doesnt work because it has a red x on
it after its created.

Please let me know what you think.

I also have results from the current dcdiag and netdiag commands

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag

..........................................

Computer Name: NETSERVER1
DNS Host Name: netserver1.ilcuboard.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB924667-v2
KB925398_WMP64
KB925876
KB925902
KB926122
KB927891
KB929123
KB930178
KB931784
KB932168
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB938127
KB938127-IE7
KB941202
KB941569
KB941644
KB941672
KB941693
KB942763
KB943055
KB943460
KB943485
KB943729
KB944338
KB944653
KB945553
KB946026
KB948496
KB948590
KB948745
KB949014
KB950759
KB950759-IE7
KB950760
KB950762
KB951698
KB951746
KB951748
Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : netserver1
IP Address . . . . . . . . : 192.168.100.87
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.100.1
Primary WINS Server. . . . : 192.168.100.87
Dns Servers. . . . . . . . : 192.168.100.87
192.168.100.94
192.168.100.77


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '192.168.100.87'. Please wait for 30 minutes for DNS server replication.
[WARNING] The DNS entries for this DC cannot be verified right now on
DNS
server 192.168.100.94, ERROR_TIMEOUT.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '192.168.100.77'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'CUB_DOMAIN' is to '\\mserver1.ilcuboard.local'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Documents and Settings\Administrator.CUB_DOMAIN>


====================================================================================================================
====================================================================================================================


C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag/fix

........................................

Computer Name: NETSERVER1
DNS Host Name: netserver1.ilcuboard.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB924667-v2
KB925398_WMP64
KB925876
KB925902
KB926122
KB927891
KB929123
KB930178
KB931784
KB932168
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB938127
KB938127-IE7
KB941202
KB941569
KB941644
KB941672
KB941693
KB942763
KB943055
KB943460
KB943485
KB943729
KB944338
KB944653
KB945553
KB946026
KB948496
KB948590
KB948745
KB949014
KB950759
KB950759-IE7
KB950760
KB950762
KB951698
KB951746
KB951748
Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : netserver1
IP Address . . . . . . . . : 192.168.100.87
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.100.1
Primary WINS Server. . . . : 192.168.100.87
Dns Servers. . . . . . . . : 192.168.100.87
192.168.100.94
192.168.100.77


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry cubnet.com. re-registeration on DNS
serv
er '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.cubnet.com.
re-registeration
on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.cubnet.com. re-registeration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.cubnet.com.
re-regi
steration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87'
failed.

DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.e7181c48-3613-4666-8bb6-10ddc
90a40a3.domains._msdcs.cubnet.com. re-registeration on DNS server
'192.168.100.8
7' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry gc._msdcs.cubnet.com.
re-registeration o
n DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
827c49b4-9a34-4c00-a2fe-c9048d23e005._ms
dcs.cubnet.com. re-registeration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.cubnet.com.
re-
registeration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87'
fail
ed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.cubnet.com.
re-regi
steration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87'
failed.

DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.cubnet.com.
re-registerat
ion on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.cubnet.com. re-registeration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _gc._tcp.cubnet.com.
re-registeration on
DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_gc._tcp.Default-First-Site-Name._sites.
cubnet.com. re-registeration on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.cubnet.com.
re-registerat
ion on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.cubnet.com.
re-registerati
on on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.cubnet.com.
re-registerati
on on DNS server '192.168.100.87' failed.
DNS Error code: 0x00002339
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries
for th
is DC on DNS server '192.168.100.87'.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'CUB_DOMAIN' is to '\\mserver1.ilcuboard.local'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Documents and Settings\Administrator.CUB_DOMAIN>


====================================================================================================================
====================================================================================================================


C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Connectivity
......................... NETSERVER1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Replications
......................... NETSERVER1 passed test Replications
Starting test: NCSecDesc
......................... NETSERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... NETSERVER1 passed test NetLogons
Starting test: Advertising
......................... NETSERVER1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NETSERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NETSERVER1 passed test RidManager
Starting test: MachineAccount
......................... NETSERVER1 passed test MachineAccount
Starting test: Services
......................... NETSERVER1 passed test Services
Starting test: ObjectsReplicated
......................... NETSERVER1 passed test ObjectsReplicated
Starting test: frssysvol
......................... NETSERVER1 passed test frssysvol
Starting test: frsevent
......................... NETSERVER1 passed test frsevent
Starting test: kccevent
......................... NETSERVER1 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:19
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:19
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:19
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:19
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:20
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:20
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:20
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:20
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:20
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:20
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
......................... NETSERVER1 failed test systemlog
Starting test: VerifyReferences
......................... NETSERVER1 passed test VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : ilcuboard
Starting test: CrossRefValidation
......................... ilcuboard passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ilcuboard passed test CheckSDRefDom

Running enterprise tests on : ilcuboard.local
Starting test: Intersite
......................... ilcuboard.local passed test Intersite
Starting test: FsmoCheck
......................... ilcuboard.local passed test FsmoCheck

C:\Documents and Settings\Administrator.CUB_DOMAIN>

====================================================================================================================
====================================================================================================================


C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag/fix

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Connectivity
......................... NETSERVER1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Replications
......................... NETSERVER1 passed test Replications
Starting test: NCSecDesc
......................... NETSERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... NETSERVER1 passed test NetLogons
Starting test: Advertising
......................... NETSERVER1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NETSERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NETSERVER1 passed test RidManager
Starting test: MachineAccount
......................... NETSERVER1 passed test MachineAccount
Starting test: Services
......................... NETSERVER1 passed test Services
Starting test: ObjectsReplicated
......................... NETSERVER1 passed test ObjectsReplicated
Starting test: frssysvol
......................... NETSERVER1 passed test frssysvol
Starting test: frsevent
......................... NETSERVER1 passed test frsevent
Starting test: kccevent
......................... NETSERVER1 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:19
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:19
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:19
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:19
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:20
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:20
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:20
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:20
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:20
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:20
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 07/11/2008 10:02:21
Event String: The dynamic registration of the DNS record
......................... NETSERVER1 failed test systemlog
Starting test: VerifyReferences
......................... NETSERVER1 passed test VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : ilcuboard
Starting test: CrossRefValidation
......................... ilcuboard passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ilcuboard passed test CheckSDRefDom

Running enterprise tests on : ilcuboard.local
Starting test: Intersite
......................... ilcuboard.local passed test Intersite
Starting test: FsmoCheck
......................... ilcuboard.local passed test FsmoCheck

C:\Documents and Settings\Administrator.CUB_DOMAIN>

David Shen [MSFT]" wrote:

> Hello Lem,
>
> Thanks for the reply.
>
> Based on the research of the message that you provided with me. I found
> that all the SRV resource records cannot be registered on the
> '192.168.100.87'(netserver1). To further troubleshoot the issue, please
> follow the steps to check if it still exists.
>
> 1. please verify the Primary DNS suffix of the DC (netserver1) is
> "ilcuboard.local" and the domain name on the DC is also "ilcuboard.local"
>
> 2. please also verify that the DNS domain name is "ilcuboard.local" and
> the DNS lookup zone type is "Active Directory Integrated"
>
> 3. Afterwards, please run "net stop netlogon" and then run "net start
> netlogon" on the DC (netserver1) to manually register the SRV records in
> the
> DNS database.
>
> Hope it helps.
>
> David Shen
> Microsoft Online Partner Support
>
>

 

[David Shen [MSFT]]

RE: DNS/Active Directory Issue

Hi LEM,

Thanks for the reply.

Analysis and Suggestion:
=======================

According to the netdiag report, the problematic DC (netserver1) still uses
old domain suffix (cubnet.com) to register SRV resource records on the DNS
server. As you has done domain rename before, it seems that some old domain
information are still left. When using random to rename a domain, we should
use he rendom /clean command to remove the old domain names from Active
Directory. This cleanup step removes all values of msDS-DnsRootAlias from
the domain naming operations master, and removal of this value is
replicated to all domain controllers in the forest.

According to the symptom, it seems that the "random /clean" command was not
run properly before performing domain rename.

Please run the command line "random /clean" on the problematic DC/

Meanwhile, you can try the following steps to delete the value
"msDS-DnsRootAlias" to check if the issue will re-occur.

1. Open ADSIEdit.msc. Navigate to the following location.

CN=<domain name>, CN=Partitions, CN=Configuration, DC=<domain name>,
DC=local

2. Right-click on the object and select properties.

3. Verify the attribute "msDS-DnsRootAlias". If any value does exists,
clear the value. i.e. msDS-DnsRootAlias: <not set>

4. Force replication to all the domain controllers.

5. Rename the netlogon.dns and netlogon.dnb file in
%systemroot%\system32\config directory on the problematic domain controller.

6. Stop and restart the netlogon service.

7. Run netdiag to test this issue again.

Hope it helps.

David Shen
Microsoft Online Partner Support

 

[Lem@community.nospam]

RE: DNS/Active Directory Issue

Hi David,

I performed the rendom /clean on all the dcs in the domain just to be sure
because you're right I did not perform this step when i did the domain
rename. But I ran it and the netdiag tests passed as I will post below. But
the dcdiag still had errors in it.

I also renamed the netlog.dns and .dnb files. But I was unable to locate the
msDS-DnsRootAlias attribute, I checked the location on both dcs and could not
find the value so i guess that is a good thing.

I still cannot create a zone but Im thinking I may need to post that in a
new thread.

here are the netdiag and dcdiag test results:

======================================================


C:\Program Files\Microsoft Domain Rename Tools>netdiag/fix

.......................................

Computer Name: NETSERVER1
DNS Host Name: netserver1.ilcuboard.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB924667-v2
KB925398_WMP64
KB925876
KB925902
KB926122
KB927891
KB929123
KB930178
KB931784
KB932168
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB938127
KB938127-IE7
KB941202
KB941569
KB941644
KB941672
KB941693
KB942763
KB943055
KB943460
KB943485
KB943729
KB944338
KB944653
KB945553
KB946026
KB948496
KB948590
KB948745
KB949014
KB950759
KB950759-IE7
KB950760
KB950762
KB951698
KB951746
KB951748
Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : netserver1
IP Address . . . . . . . . : 192.168.100.87
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.100.1
Primary WINS Server. . . . : 192.168.100.87
Dns Servers. . . . . . . . : 192.168.100.87
192.168.100.94
192.168.100.77


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'192.168.100.
87' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'CUB_DOMAIN' is to '\\mserver1.ilcuboard.local'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Program Files\Microsoft Domain Rename Tools>

=====================================================


C:\Program Files\Microsoft Domain Rename Tools>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Connectivity
......................... NETSERVER1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Replications
......................... NETSERVER1 passed test Replications
Starting test: NCSecDesc
......................... NETSERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... NETSERVER1 passed test NetLogons
Starting test: Advertising
......................... NETSERVER1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NETSERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NETSERVER1 passed test RidManager
Starting test: MachineAccount
......................... NETSERVER1 passed test MachineAccount
Starting test: Services
......................... NETSERVER1 passed test Services
Starting test: ObjectsReplicated
......................... NETSERVER1 passed test ObjectsReplicated
Starting test: frssysvol
......................... NETSERVER1 passed test frssysvol
Starting test: frsevent
......................... NETSERVER1 passed test frsevent
Starting test: kccevent
......................... NETSERVER1 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:35
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:36
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 07/14/2008 09:32:36
Event String: The dynamic deletion of the DNS record
......................... NETSERVER1 failed test systemlog
Starting test: VerifyReferences
......................... NETSERVER1 passed test VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : ilcuboard
Starting test: CrossRefValidation
......................... ilcuboard passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ilcuboard passed test CheckSDRefDom

Running enterprise tests on : ilcuboard.local
Starting test: Intersite
......................... ilcuboard.local passed test Intersite
Starting test: FsmoCheck
......................... ilcuboard.local passed test FsmoCheck

C:\Program Files\Microsoft Domain Rename Tools>

"David Shen [MSFT]" wrote:

> Hi LEM,
>
> Thanks for the reply.
>
> Analysis and Suggestion:
> =======================
>
> According to the netdiag report, the problematic DC (netserver1) still uses
> old domain suffix (cubnet.com) to register SRV resource records on the DNS
> server. As you has done domain rename before, it seems that some old domain
> information are still left. When using random to rename a domain, we should
> use he rendom /clean command to remove the old domain names from Active
> Directory. This cleanup step removes all values of msDS-DnsRootAlias from
> the domain naming operations master, and removal of this value is
> replicated to all domain controllers in the forest.
>
> According to the symptom, it seems that the "random /clean" command was not
> run properly before performing domain rename.
>
> Please run the command line "random /clean" on the problematic DC/
>
> Meanwhile, you can try the following steps to delete the value
> "msDS-DnsRootAlias" to check if the issue will re-occur.
>
> 1. Open ADSIEdit.msc. Navigate to the following location.
>
> CN=<domain name>, CN=Partitions, CN=Configuration, DC=<domain name>,
> DC=local
>
> 2. Right-click on the object and select properties.
>
> 3. Verify the attribute "msDS-DnsRootAlias". If any value does exists,
> clear the value. i.e. msDS-DnsRootAlias: <not set>
>
> 4. Force replication to all the domain controllers.
>
> 5. Rename the netlogon.dns and netlogon.dnb file in
> %systemroot%\system32\config directory on the problematic domain controller.
>
> 6. Stop and restart the netlogon service.
>
> 7. Run netdiag to test this issue again.
>
> Hope it helps.
>
> David Shen
> Microsoft Online Partner Support
>
>

 

[David Shen [MSFT]]

RE: DNS/Active Directory Issue

Hello LEM,

How's everything going?

I'm wondering if the suggestion has helped or if you have any further
questions. Please feel free to respond to the newsgroups if I can assist
further.

David Shen
Microsoft Online Partner Support

 

[Lem@community.nospam]

RE: DNS/Active Directory Issue

Hi David,

I am closer to resolving the problem but running the dcdiag I still get this
error about the frsevent failed but all other test passed and it seems like
replication is working but I am still trying to figure this error out.

If you have any suggestions please let me know.

Thanks

------------------------------------------------------------------------------------------------
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag/fix

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Connectivity
......................... NETSERVER1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Replications
......................... NETSERVER1 passed test Replications
Starting test: NCSecDesc
......................... NETSERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... NETSERVER1 passed test NetLogons
Starting test: Advertising
......................... NETSERVER1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NETSERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NETSERVER1 passed test RidManager
Starting test: MachineAccount
......................... NETSERVER1 passed test MachineAccount
Starting test: Services
......................... NETSERVER1 passed test Services
Starting test: ObjectsReplicated
......................... NETSERVER1 passed test ObjectsReplicated
Starting test: frssysvol
......................... NETSERVER1 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may
cause
Group Policy problems.
......................... NETSERVER1 failed test frsevent
Starting test: kccevent
......................... NETSERVER1 passed test kccevent
Starting test: systemlog
......................... NETSERVER1 passed test systemlog
Starting test: VerifyReferences
......................... NETSERVER1 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : ilcuboard
Starting test: CrossRefValidation
......................... ilcuboard passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ilcuboard passed test CheckSDRefDom

Running enterprise tests on : ilcuboard.local
Starting test: Intersite
......................... ilcuboard.local passed test Intersite
Starting test: FsmoCheck
......................... ilcuboard.local passed test FsmoCheck

C:\Documents and Settings\Administrator.CUB_DOMAIN>




"David Shen [MSFT]" wrote:

> Hello LEM,
>
> How's everything going?
>
> I'm wondering if the suggestion has helped or if you have any further
> questions. Please feel free to respond to the newsgroups if I can assist
> further.
>
> David Shen
> Microsoft Online Partner Support
>
>

 

[David Shen [MSFT]]

RE: DNS/Active Directory Issue

Hi LEM,

Thanks for the reply.

Based on the log file, I noticed the error message as follow.

There are warning or error events within the last 24 hours after the SYSVOL
has been shared. Failing SYSVOL replication problems may cause Group
Policy problems. ......................... NETSERVER1 failed test frsevent

As all other tests have passed, it seems that the server is working
properly now. This error will be reported whenever there is any warning or
error events within the last 24 hours. When did you run the dcdiag.exe
tool? Did you run it just after you ran the “random clean” command. If you
ran dcdiag tool just after you fixed the issue, this error might be
reported even though the problem has gone away.

Please check on all the domain controllers to see if SYSVOL contents have
been replicated properly. Meanwhile, please wait for 24 hours and then run
"dcdiag /fix" again to see if the error still exists.

Hope it helps.

David Shen
Microsoft Online Partner Support