• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 234
  • Last Modified:

BDC upgrade cannot see the AD PDC

We are a small ISP upgrading the 4 servers from NT to W2K. The former PDC was blown away and a fresh W2K server software was installed. AD was installed and the DNS is setup with about 20 entries each having SOA, NS, Mail Ex. and host(A) records.

The BDC was then "upgraded" and at the AD installation portion of the upgrade "Make a domain controller" selection was chosen. However the error message I get relates to either not locating the AD Domain Controller or AD was not installed on the PDC.

The FQDN for the W2k PDC is xyz.net and the NetBIOS name is xyz. I can ping the PDC from the BDC but the BDC does not recognize it through this installation.

I had to remove the "ROOT" or . entry in the DNS of the PDC otherwise I could not access the Internet. Please help...
0
Generator
Asked:
Generator
  • 4
  • 4
  • 2
  • +2
1 Solution
 
sr75Commented:
is the AD Domain Controller set in mixed mode or not?
0
 
nick_sCommented:
I don't think you can remove a PDC from a domain, install a brand new AD server and than try to have BDC from former domain upgraded to the newly created AD domain.

Am i wrong?

Nick
0
 
nick_sCommented:
What needed to be done was upgrade the PDC to W2K AD and than upgrade the BDC's, which i beleive will just become W2K member servers which will require a DCPromo.

And also to be safe you could remove the PDC from network, promote one of the BDC's and than go about the W2K AD upgrade from there. This way keeping your original PDC as a backup if something goes not as planned.

Nick
0
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

 
GeneratorAuthor Commented:
The PDC is running in mixed mode.
The other two servers on the system are the web server and the mail server (not BDCs).
The BDC is now upgraded to W2K and when trying to install AD I get the above noted error message.

0
 
Netman66Commented:
Since you "blew away" the PDC, the BDC was left in an unmanagable state.  It's SAM is no longer there as it was depending on the PDC for that info.  Also, the Domain SID is no longer the same - thus your error - it truly cannot find the domain since it uses SIDs to locate it and the original is not available anymore.

The only choice you have is to back up the data to either a tape or copy it to the new W2K box and reinstall the old BDC with W2k and join it then.


Now, that being said, there is a tool here:

http://www.sysinternals.com/ntw2k/source/newsid.shtml

This should fix the SID issue and allow you to continue.

Let me know your progress.

0
 
MSGeekCommented:
Follow Netman66's advice on this.  That's exactly what has happened.
0
 
GeneratorAuthor Commented:
Thank you for the info.
The BDC was upgraded to W2K, however when I try to install AD I get a message "The RPC Server is Unavailable"
and " The wizard cannot gain access to the list of domains in the forest"
I can ping both ways with IP addresses. I can ping the PDC with "ping xyz.net" (domain name) but I still get the same error message each time I try to install AD. This is obviously a DNS problem on the PDC - any ideas?
0
 
Netman66Commented:
I hope you figured it out and the post above is just something before you looked into my response.

If not, and you want a better explanation for your errors, let me know.

0
 
GeneratorAuthor Commented:
Netman66

This is a brand new W2K install on the former BDC. The SID cannot be the problem this time due to the fact that I haven't been able to locate the PDC during the BDC install.
The PDC server name is e.g. "mortimer" the domain is xyz.net. Should the PDC server name be "mortimer.xyz.net"? Is this what the BDC is looking for?
I will follow your advice on the other two servers and also incorporate the "SID" tool. Right now I just wish to have the BDC join the new PDC. Please find my former note regarding the error messages. Thanks...
0
 
Netman66Commented:
I have re-read all the posts so far and am not certain I know where you are in all this right now.

See if I have this straight (correct me where I am confused).

1) You "had" an NT4 network with a PDC and BDC.
2) You did NOT upgrade the PDC, but instead installed a fresh copy of Windows 2000 using the old domain name.
3) You tried to upgrade the old BDC and could not get AD to install.
4) You are now installing a fresh Windows 2000 install on the old BDC server hardware.

So, as it stands now, you have a new Active Directory domain (even though you still used the old name) and the problem now lies in joining the second newly installed server into the domain as a Domain Controller.  Is this correct so far?

If so, DNS should be set up to be dynamically updated.  You can safely remove the contents of your Forward Lookup zone, then stop and restart the Netlogon service on the main DC (what you know as the PDC).  Check the DNS Forward Lookup zone now for the new entries that should have been created again by the restarting of Netlogon.  If there are no entries, then check the NIC properties to ensure that the DNS is pointing only to itself on the internal NIC and is set to register with DNS. Also ensure the internal NIC is set at the top of the binding order.  If this is a multi-homed server, the internal NIC does NOT need a gateway.  The external NIC should have MS Network, File & Print sharing and NetBIOS all disabled.  The DNS on the external NIC should point to the ISP's DNS servers and the gateway and IP should be what was assigned to you by the ISP.

In DNS, the root (or ".") zone can be deleted and the Forwarders tab in the Properties of the server should be pointing to the ISP's DNS servers.  The Interface tab should be configured so that your DNS only listens (services) the internal network card.

Now, if all this is correct, you should be able to reboot the former BDC and have it registered automatically in DNS.  If so, run DCPROMO and join the domain as server in an already existing forest and domain.  This will make it a "peer" server.  The concept of PDC and BDC are no longer an issue in Windows 2000, all DCs contain read/write copies of Active Directory.  Only in mixed mode (for the sake of using NT4 BDC) does this matter.  Member servers are not domain controllers and are thus not affected by either mixed or native mode.

Let me know when you have digested this and if anything above has fixed your problem.  Also, tell me if I understand your situation better now.
0
 
GeneratorAuthor Commented:
Netman66

Sorry I didn't get back to you earlier. You do understand my situation. I presently have the W2K server running with AD installed and the mail server and web server running NT4 seem to work with the former PDC except of course I cannot logon to the DC from the NT machines. I have about 24 dns entries in my Primary Lookup Zone - each have the SRV/NS/Host records associated to them. I am worried that if I remove the contents of the Primary Lookup Zone and restart the netlogon service that these entries will be gone. What would be the purpose of removing them? Should I also be setting up the Secondary Lookup Zone on this DC?
The server has only one NIC connecting to a switch and then to a Cisco router and then into the Internet cloud; the tcp/ip settings are the same as they were when this machine was running NT4. I have also noted that a "Dynamic Access Miniport" was installed when I added the drivers for the 3Com NIC card. Have you come across this miniport before? - it wants similiar settings as the 3Com NIC. All my DNS entries are set to be dynamically updated. When I initially setup AD and DNS the "." (root) and the zone name "xyz.net" were automaically entered as AD Integrated and additional folders e.g. _msdcs/_sites/_tcp/_udp were automatically created, however when I added the other zones these additional folders were not created. I removed the "." zone so only one entry now has those folders.I appologize for being a bit thick with this but your help is greatly appreciated.
0
 
Netman66Commented:
Okay, glad I'm on the same page as you are.

You mention Primary and Secondary Zones...I take it that your DNS is not AD-integrated then?  Nevermind..just read more closely.  

If you have no real reason to be using Primary and Secondary zones, do yourself a favour and use only the Active Directory Integrated Forward lookup zone only.  I also imagine you are aware to create a Reverse Lookup Zone too.  As long as your clients are W2k and newer, they will register themselves with DNS dynamically - no manual input required.  If you go one step further with DHCP on that box too, you can use DHCP to register in DNS for downlevel clients (9x version OSes).  This is one of the benefits of Windows 2000 that you should be leveraging - DDNS.

Now, with respect to your Dynamic Access Miniport - this is 3Com software that is installed with the NIC drivers if you use the setup utility for installation.  I have found that this stuff causes more problems than it solves so try to remove it or change up drivers manually so that this stuff doesn't get installed - you might see if Add/Remove Programs will allow you to remove it.  I think 3Com has a driver only download so you can refrain from adding the other software.

Sorry to jump around here, but you mention being uneasy removing the contents of the Forward Lookup Zone - if you look carefully in that zone everything in there should have been dynamically added from the start.  Clearing it out and restarting the Netlogon service on that DC will recreate those entries for that DC - all the other clients just need to have a command (ipconfig /registerdns) run or be rebooted to recreate their entries.  My reasoning is this - there might be a bad entry that is stopping the other server from joining AD.

Another thing to check is the DNS settings on the "BDC" - make sure they are pointing at your DNS server and that the DNS suffix matches that of your Forward Lookup Zone.  If you use DHCP to push out IPs, then make sure your servers are statically assigned and not in the scope - this means that you must be diligent in your configurations so that all the correct settings are made and made consistently.

Make sure you can ping the main DC by address and by name - FQDN (not NetBIOS name) from the server you are trying to add as a secondary DC.  If you can, you should be good to go.

Let me know.




0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now