Solved

DNS errors w/ multiple domain controllers

Posted on 2004-04-20
17
1,216 Views
Last Modified: 2010-04-12
This should be simple for someone, but i am having a real time trying to figure it out.
Originally our domain had 1 w2k server domain controller w/AD and DNS.  I added a w2003 server adn installed MS exchange server 2003 on it. Recently i decided to promote the w03 server to a domain controller, mailny for redundancy fro AD and DNS.  So next i had an idea to remove the original w2k server and let the w03 server to be the only AD/dns server on our domain network.  The w2k server is a real "dog".  After that noone on our network could browse the web.  So i put the w2k server back online, but in order to get all web pages to show in the browser, i had to set the w03 server to use the original w2k dns server as a forwarder.  My head hurts just thinking about it.  After troubleshooting for a couple hours i could not get any thing to work like i wanted.  So now i have the original w2k server as a DC running ad/dns and the new w2003 server as a DC running ad/dns/exchange2003 and pointing to the w2k server as a dns forwarder.  
Questions:
1.  Why must i use a forwarder from one dns server to the other?
2.  What must i change in order to use the w03 server as the primary DC and take the w2k server offline?
I will worry about redundancy later, as i am configuring backups servers as well.  Thanks in advance.
0
Comment
Question by:EaglePress
  • 7
  • 5
  • 4
  • +1
17 Comments
 
LVL 7

Expert Comment

by:spareticus
ID: 10870898
Did you install the DNS service on the w2k3 server?
Did you promote the w2k3 server to be a DC also?

These two things will allow you to retire the w2k dc.  You will need to have your clients use the w2k3 server as DNS.
0
 
LVL 22

Assisted Solution

by:kristinaw
kristinaw earned 40 total points
ID: 10870926
The main reason I use a DNS forwarder is so I only have to open the fewest possible ports on my firewall. My firewall has port 53 open only to/from my internal dns server out to my ISP's dns server (my forwarder).

I'm assuming the new 2k3 server is also a GC? If not, make it one.

just an FYI, DNS servers should point ONLY to themselves for their own DNS server settings in TCP/IP settings.

Check your firewall settings, make the change, and you should be OK.

hth,
kris.
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10870954
kris, dns servers can point to others for dns.  WINS servers are the picky ones about that...DC's will actually log an event if they are pointed to themselves first indicating that they are trying to update their own record, and that they will try to communicate with the next DNS server
0
 
LVL 22

Expert Comment

by:kristinaw
ID: 10871047
I know WINS is the super picky one, but according to MS a DC that's also a DNS server should be configured that way as well. Of course, that will probably change by next week :).

http://support.microsoft.com/default.aspx?scid=kb;en-us;825036

Kris.
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10871105
this article indicates only the first should point to itself only
all future dc's they indicate should point to the first
0
 
LVL 22

Expert Comment

by:kristinaw
ID: 10871149
it sounds like he's only going to have one DNS server when he's done. i'll try to be more specific next time or just post a link.

i have mine set to point only to themselves (AD integrated DNS on win2K) with no issues.

kris.
0
 

Expert Comment

by:skinnygeek
ID: 10874982
sounds like a problem with zone transfers issue before you decommssioned your old dns server.  if you can have both servers online then make the win2kserver be A/D integrated zones.   Then do the same for the win03 server.  After that see if you can try to decomission the win2k server again.
0
 

Author Comment

by:EaglePress
ID: 10877430
Sorry for the delay in answering.

spareticus-the w30 server was promoted to DC using dcpromo.exe.  DNS was added as a windows component.  The DHCP server points all local pcs to the new DNS/DC.

kristinaw-"I'm assuming the new 2k3 server is also a GC? If not, make it one. "  What is GC? DO you mean DC? If so it is a DC.

skinnygeek-i have both servers as AD integrated.
 Any other suggestions?




0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 22

Expert Comment

by:kristinaw
ID: 10877655
gc = global catalog

eagle, did you check to see if you have any firewall issues with dns getting out\in?

hth,
Kris.
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10878365
open up dns management on the w2k3 server
open up forward look up zones, and see if you have the correct zone there
open up the zone, and look to see if there is a _msdcs "subdirectory"
post back if these are present or missing
0
 

Author Comment

by:EaglePress
ID: 10879061
the correct zones are there "eaglepress.com" forward lookup zone...same as on the w2k dns server.
the _msdcs subdir is there w/ the following subs within:
dc, domains, gc, pdc, and two CNAME files one for the original dns server and one for the new dns server.

the firewall does not appear to be causing any issues.  
FYI- i only use the dns servers for INTERNAL (within my company network), we use uu.net as our external dns server.
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10879139
check the DNS console on your w2k box and find the forwarders that he is using
make sure the same forwarders are on the w2k3 box...these should be your ISP dns settings
this will resolve the "browse the web" issue
0
 

Author Comment

by:EaglePress
ID: 10879610
the w2k dns server does not have any forwarders listed.
use this link:
http://www.eaglepress.com/samples/dns.htm
or
http://65.196.69.79/samples/dns.htm
We are having issues w/ uu.net as well resolving our domain name.
to view the properties pages from each dns server.  This might be easier than listing it all here.
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10879699
some where you have external DNS settings on the W2k box
you need to move these settings to the w2k3 box in forwarders
0
 

Author Comment

by:EaglePress
ID: 10880461
I cannot find on the w2k box any reference to forwarders.  OK just to make sure we are takling about the same thing...
out internal network is in the 10.10.0.0 range.  The internal dns server (w03 box) has a static ip address of 10.10.0.2, while the w2k dns box is static 10.10.0.7.  I have a cisco PIX firewall that also acts as the dhcp server.  The firewall has settings to use 10.10.0.2 as the DNS.  No where am i listing an external dns server ip address (an ip address that is not a 10.10.0.0 address or either one of our public addresses, i.e. 65.196.69.79).  Should i reference the uu.net (that host our external dns server) somewhere? That address is 198.6.1.82.  I have tried putting that in the dns properties as the forwarder but nothing changed.  Actually the event logged:
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            4/21/2004
Time:            9:31:38 AM
User:            N/A
Computer:      ENTERPRISE
Description:
The DNS server was unable to complete directory service enumeration of zone print4orce.com.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    
~~~~~~~~~~~~~~~~
0
 
LVL 7

Accepted Solution

by:
spareticus earned 60 total points
ID: 10882468
do you have the uu.net ip's in the ipconfig of the w2k server?  do you have root hint enabled/disabled?
If 198.6.1.82 is working as a DNS server, then putting it in the forwarders for your w2k3 server will allow your clients to browse the internet.
Make sure your firewall allows this server to go out to the internet on port 53 UDP and TCP

this above error may be immediately after a reboot, when dns is trying to start before AD has finished loading
0
 

Author Comment

by:EaglePress
ID: 10898710
Success!!!
I finally got intouch w/ uu.net to get a correct ip address for their dns caching servers.  I added these to the forwarders to the w03 server and it worked.   I decided to add the uu.net ip address to thew2k server as well and keep it online for redundancy for the next few weeks.  The initial uu.net ip address that i was using as a forwarder was incorrect.  Thanks for all of the assistance.
FYI to kristinaw: The w2k box was a GC as well as the w03 box.  Since the w03 box had exchange server 2003 installed it was, by default, a global catolog.  

I did go to AD User/computers and then to Operations Master and change all the settings (RID, PDC, Infrastructure), to point to the w03 server.  I will split the points.  Thanks to all for your help.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A Short Story about the Best File Recovery Software – Acronis True Image 2017
This video discusses moving either the default database or any database to a new volume.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now