DNS on Windows 2008 deleted

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

ASKER

Thank you for your prompt response Krzysztof. I was not able to find in the DNS Management console the zone properties to Enable Secure updates. Underneath the DNS object (servername) and clicking on Forward Lookup Zones I get a "Add a New Zone" message. The same goes for Reverse Lookup Zones...

You're welcome :)

OK, then you have also no forward lookup zone, right? It was deleted and not created again?
If so, first click on Forward lookup zone and create new Primary zone and tick "Store in AD" checkbox. When you do that then re-run all those commands provided above by me and then edit created zone, by choosing properties on it

Krzysztof

ASKER

Thank you very much.
To make matters worse, I discovered this Windows 2008 Server is a DC that has been brought into a Windows 2000 domain but has never been completely setup!
dcpromo was run on the Windows 2000 Server but never finished (sigh).

Do you have any suggestions of how to remove the Windows 2000 DC from the domain? It appears both are running the Global Catalog.

SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

ASKER

Here is the result from dxdiag.

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Windows\system32>ipconfig /registerdns

Windows IP Configuration

Registration of the DNS resource records for all adapters of this computer has b
een initiated. Any errors will be reported in the Event Viewer in 15 minutes.

C:\Windows\system32>dcdiag /fix

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = SERVERNAME
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVERNAME
Starting test: Connectivity
The host 09db5bef-5e6e-4260-9da7-63d37a19eecb._msdcs.servername.com could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
......................... SERVERNAME failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVERNAME
Skipping all tests, because server SERVERNAME is not responding to
directory service requests.

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : linford
Starting test: CheckSDRefDom
......................... SERVERNAME passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... SERVERNAME passed test CrossRefValidation

Running enterprise tests on : linford.com
Starting test: LocatorCheck
......................... SERVERNAME passed test LocatorCheck
Starting test: Intersite
......................... SERVERNAME passed test Intersite

C:\Windows\system32>vMicrosoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Windows\system32>ipconfig /registerdns

Windows IP Configuration

Registration of the DNS resource records for all adapters of this computer has b
een initiated. Any errors will be reported in the Event Viewer in 15 minutes.

C:\Windows\system32>dcdiag /fix

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = SERVERNAME
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVERNAME
Starting test: Connectivity
The host 09db5bef-5e6e-4260-9da7-63d37a19eecb._msdcs.SERVERNAME could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
......................... SERVERNAME failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVERNAME
Skipping all tests, because server SERVERNAME is not responding to
directory service requests.

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : SERVERNAME
Starting test: CheckSDRefDom
......................... SERVERNAME passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... SERVERNAME passed test CrossRefValidation

Running enterprise tests on : SERVERNAME
Starting test: LocatorCheck
......................... SERVERNAME passed test LocatorCheck
Starting test: Intersite
......................... SERVERNAME passed test Intersite

OK, there is for sure problem with inproperly removed DC. Please, follow an artcile provided by me above for metadata cleanup

Krzysztof

ASKER

OK. Once I do the above, remove the Metadata and ultimately the AD what would my next step(s) be as there are 5 workstations (WinXP, Win7), WIn2003 Server running SQL/ MS Dynamics and 4 Printers that will need to connect to this Win2008 DC...?

If you have at least one DC available then nothing. Those machines will stay still connected to the domain

Krzysztof

ASKER

Thank you. Currently we only have only one single DC that is barely "functioning", allowing people on to the domain but with printing issues on another Windows 2003 Server running MS Dynamics.

The primary DC has failed and the current one is broken from an incomplete dcpromo. Do you need log data or can I run a diagnostic for you?

Do you have any recent system state backup of your failed DC? Looks like we have serious troubles if no DCs are working and we have no backup :|

Krzysztof

ASKER

That is correct, no back up of the system state. People currently can log on, access net shares, browse and print. I'm going to order a couple of Dell Servers to deploy. ASAP, but in the mean time do you have any other procedures to try to stabilize the current Server?

SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

ASKER

Thank you very much for your current efforts.

Here are all the log files you requested except for the last one:

dsquery server -name * | dsget server -dnsname -site -isgc >>c:\dcs.log

As I am not sure if the Server name should be replaced with linford01 (servername).
-------------------------------------------------------------

ipconfig log

Windows IP Configuration

Host Name . . . . . . . . . . . . : LINFORD01
Primary Dns Suffix . . . . . . . : linford.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : linford.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-26-B9-33-6C-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7c27:b118:fb4:c5dd%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251668153
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-45-BF-F3-00-26-B9-33-6C-E0
DNS Servers . . . . . . . . . . . : ::1
192.168.1.2
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{23D4E4A9-0B4D-45DD-B462-0613815C5A78}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

fsmo log

Schema master LOA001.linford.com
Domain naming master LOA001.linford.com
PDC LINFORD01.linford.com
RID pool manager LINFORD01.linford.com
Infrastructure master LINFORD01.linford.com
The command completed successfully.

dcdiag log
Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

* Verifying that the local machine LINFORD01, is a Directory Server.
Home Server = LINFORD01

* Connecting to directory service on server LINFORD01.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=linford,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=linford,DC=com
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=linford,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=LOA001,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=linford,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=LINFORD01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=linford,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 2 DC(s). Testing 1 of them.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\LINFORD01

Starting test: Connectivity

* Active Directory LDAP Services Check
The host 09db5bef-5e6e-4260-9da7-63d37a19eecb._msdcs.linford.com could

not be resolved to an IP address. Check the DNS server, DHCP, server

name, etc.

......................... LINFORD01 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\LINFORD01

Skipping all tests, because server LINFORD01 is not responding to

directory service requests.

Test omitted by user request: Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Test omitted by user request: FrsEvent

Test omitted by user request: DFSREvent

Test omitted by user request: SysVolCheck

Test omitted by user request: KccEvent

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: MachineAccount

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: Replications

Test omitted by user request: RidManager

Test omitted by user request: Services

Test omitted by user request: SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyReplicas

Test omitted by user request: DNS

Test omitted by user request: DNS

Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Running partition tests on : linford

Starting test: CheckSDRefDom

......................... linford passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... linford passed test CrossRefValidation

Running enterprise tests on : linford.com

Test omitted by user request: DNS

Test omitted by user request: DNS

Starting test: LocatorCheck

GC Name: \\LINFORD01.linford.com

Locator Flags: 0xe00013fd
PDC Name: \\LINFORD01.linford.com
Locator Flags: 0xe00013fd
Time Server Name: \\LINFORD01.linford.com
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\LINFORD01.linford.com
Locator Flags: 0xe00013fd
KDC Name: \\LINFORD01.linford.com
Locator Flags: 0xe00013fd
......................... linford.com passed test LocatorCheck

Starting test: Intersite

Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.
......................... linford.com passed test Intersite

Great, thank you for logs. I'm staring analyzing them.

According to the last syntax. No, you don't have to replace anything, just run exactly this command on a DC

dsquery server -name * | dsget server -dnsname -site -isgc >>c:\dcs.log

Krzysztof

I will post comments in parts :)

as you can see from netdom query fsmo command output, your current server holds only part of FSMO roles (only those domain wide)

PDC LINFORD01.linford.com
RID pool manager LINFORD01.linford.com
Infrastructure master LINFORD01.linford.com

2 FSMO forest wide are still on the old one (I assume that broken one which is not able to bring back, right?)

Schema master LOA001.linford.com
Domain naming master LOA001.linford.com

If server is no longer in your environment then seize these 2 FSMO roles to LINFORD, please (and do not bring back broken server before system reinstallation on it, even in case that it was repaired)
http://kpytko.wordpress.com/2011/08/28/seizing-fsmo-roles/

When that server is still in network then transfer FSMO roles instead of seizing
http://kpytko.wordpress.com/2011/08/26/transferring-fsmo-roles-from-gui/
http://kpytko.wordpress.com/2011/08/26/transferring-fsmo-roles-from-command-line/

then re-try running these commands

ipconfig /flushdns
ipconfig /registerdns
dcdiag /fix
nltest /DSregDNS

Krzysztof

ASKER

Got the dcs log

dnsname site isgc
LINFORD01.linford.com Default-First-Site-Name yes
dsget succeeded

OK, that means your domain knows the only one DC, so the broken one is no longer in network. So, as pointed above, please seize 2 forest-wide FSMO roles to your existing DC (LINDFORD)

and re-run commands. Let me know about their status

Krzysztof

ASKER

Thank you very much.
FSMO forest wide are still on the old one:
Schema master LOA001.linford.com
Domain naming master LOA001.linford.com

And this old one is powered-on and connected to the network running as a member server. Should I try and transfer the FSMO roles instead of seizing or power-off LOA001 and seize?

ASKER

I posted after your latest comment so I will seize 2 forest-wide FSMO roles of the existing DC (LINDFORD) and re-run commands. And let you know about their status...

ASKER

Do I need to do everything described in you article:

http://kpytko.wordpress.com/2011/08/26/transferring-fsmo-roles-from-command-line/

SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

ASKER

Thank you. I performed the steps steps only for Domain Naming master and Schema master and the results:
c:\netdom query fsmo

Schema master LINFORD01.linford.com
Domain Naming Master LINFORD01.linford.com
PDC LINFORD01.linford.com
RID pool manager LINFORD01.linford.com
Infrastructure master LINFORD01.linford.com

Then I re-ran the commands with the results:

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>dcdiag /fix

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = LINFORD01
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\LINFORD01
Starting test: Connectivity
The host 09db5bef-5e6e-4260-9da7-63d37a19eecb._msdcs.linford.com could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
......................... LINFORD01 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\LINFORD01
Skipping all tests, because server LINFORD01 is not responding to
directory service requests.

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : linford
Starting test: CheckSDRefDom
......................... linford passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... linford passed test CrossRefValidation

Running enterprise tests on : linford.com
Starting test: LocatorCheck
......................... linford.com passed test LocatorCheck
Starting test: Intersite
......................... linford.com passed test Intersite

ip

ASKER

Thank you so much Krzysztof for you help! I send blessings to you and your family and hope you have a wonderful Thanksgiving holiday!

Currently the system is stable. I will replace a failed drive in both the OS and Data arrays on a Dell PE 2800.. Because of the current holiday season sourcing anything from Dell will have to wait a few days. I value your opinion in choosing the most reliable systems: IBM, HP or Dell Servers, which do you prefer?