bubble_guy
asked on
problem promoting windows 2003 server as a child domain for windows 2000 domain
hi,
I have been trying to promote a windows 2003 server as a new child domain for an existing windows 2000 domain. I am getting the error "The DSA operation is unable to proceed because of a DNS lookup failure."
DNS on the root DC is set yes to Dynamic updates. i set the preferred DNS server fot the server i am promoting to itself and alternate to root DC.
I read that i don't have to prepare windows 2000 DCs (schema and infrastructure) in order to have a windows 2003 DC child domain.
I tried configuring DNS first before dcpromo, having delegation in root DNS server for the new DNS server on windows 2003, and also adding zone for in root DNS. nothing worked.
I did look at https://www.experts-exchange.com/questions/20860702/Windows-Server-2003-and-Child-Domain-Controller-problem.html but in my case DNS is not populating any of _msdcs etc. and also even if i add manually with new domain...it wasn't working. may be my case is different. may be i went wrong somewhere.
Please give me step-by-step procedure to add a new child domain into an exisitng domain, after having windows 2003 server fresh installation. Do I have to first join this server into the domain or not? i tried both the ways (joing domain and joining just workgroup)...nothing worked. please consider that I am new to Active Directory.
Any help is greatly appreciated.
Thanks.
I have been trying to promote a windows 2003 server as a new child domain for an existing windows 2000 domain. I am getting the error "The DSA operation is unable to proceed because of a DNS lookup failure."
DNS on the root DC is set yes to Dynamic updates. i set the preferred DNS server fot the server i am promoting to itself and alternate to root DC.
I read that i don't have to prepare windows 2000 DCs (schema and infrastructure) in order to have a windows 2003 DC child domain.
I tried configuring DNS first before dcpromo, having delegation in root DNS server for the new DNS server on windows 2003, and also adding zone for in root DNS. nothing worked.
I did look at https://www.experts-exchange.com/questions/20860702/Windows-Server-2003-and-Child-Domain-Controller-problem.html but in my case DNS is not populating any of _msdcs etc. and also even if i add manually with new domain...it wasn't working. may be my case is different. may be i went wrong somewhere.
Please give me step-by-step procedure to add a new child domain into an exisitng domain, after having windows 2003 server fresh installation. Do I have to first join this server into the domain or not? i tried both the ways (joing domain and joining just workgroup)...nothing worked. please consider that I am new to Active Directory.
Any help is greatly appreciated.
Thanks.
I ran into a similar problelm just trying to put to DC's in different sites although they were in the same domain. I got around it by installing the second DC in the network 10.10.x.x then moving one dc to a new site 192.168.100.x.
bubble_guy
Your problem is DNS on your existing domain, sites has nothing to do with it.
Firstly I recommend you do run the schema updates for 2003 on your 2000 domain as these have zero impact, and you will need them later.
On your existing DNS server make sure it points to itself for DNS lookup and that it has a forward lookup zone for your existing domain. remove any entries you have created for the child domain. Initially set all DNS zones up as primary/secondaries until you have all AD functions operating correctly.
Configure the existing DNS Server by deleting the .ROOT forward lookup zone and to forward to your ISP DNS servers if required.
At the existing DC run the following commands at the command line:
IPCONFIG /FLUSHDNS
IPCONFIG /REGISTERDNS
On the new DC. Point the DNS setting to the existing DC/DNS Server and use DC promo to create the child domain - if all is configured correctly it will create the new forward lookup zone on the existing DC itslef and put in the correct _MSDCS entries itself. You can then set the new DC as a DNS secondary and copy the new zone down to it. Later you will be able to configure all your DNS as AD integrated.
Let me know how you got on
heers
JamesDS
Your problem is DNS on your existing domain, sites has nothing to do with it.
Firstly I recommend you do run the schema updates for 2003 on your 2000 domain as these have zero impact, and you will need them later.
On your existing DNS server make sure it points to itself for DNS lookup and that it has a forward lookup zone for your existing domain. remove any entries you have created for the child domain. Initially set all DNS zones up as primary/secondaries until you have all AD functions operating correctly.
Configure the existing DNS Server by deleting the .ROOT forward lookup zone and to forward to your ISP DNS servers if required.
At the existing DC run the following commands at the command line:
IPCONFIG /FLUSHDNS
IPCONFIG /REGISTERDNS
On the new DC. Point the DNS setting to the existing DC/DNS Server and use DC promo to create the child domain - if all is configured correctly it will create the new forward lookup zone on the existing DC itslef and put in the correct _MSDCS entries itself. You can then set the new DC as a DNS secondary and copy the new zone down to it. Later you will be able to configure all your DNS as AD integrated.
Let me know how you got on
heers
JamesDS
ASKER
JamesDS,
Can you be more specific on the schema updates. What is it?
Can you be more specific on the schema updates. What is it?
bubble_guy
When you want to upgrade 2000 AD to 2003 you need to upgrade the underlying database design as well. The Database design is referred to as the schema.
The ADPREP tool described in the readme on the 2003 CD describes the commands and the updates will not affect a 2000 domain in any way until you are ready to upgrade.
Updating a schema well in advance of any migration or upgrade is a zero impact change and is never a bad idea.
Cheers
JamesDS
When you want to upgrade 2000 AD to 2003 you need to upgrade the underlying database design as well. The Database design is referred to as the schema.
The ADPREP tool described in the readme on the 2003 CD describes the commands and the updates will not affect a 2000 domain in any way until you are ready to upgrade.
Updating a schema well in advance of any migration or upgrade is a zero impact change and is never a bad idea.
Cheers
JamesDS
ASKER
JamesDS,
I ran Adprep /forestprep and /domainprep. And ran dcpromo on new server, but it still gives the same error. The following is the directory service event error message i got (all the times i tried with several options of dns) on the new server that i am trying to promote.
------------------------
The Active Directory Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
Domain controller:
748c81a3-6645-4336-a8fb-90
Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.
------------------------
None of the DCs has 748c81a3-6645-4336-a8fb-90
What do you mean by "Initially set all DNS zones up as primary/secondaries until you have all AD functions operating correctly."? The root DC is currently set up as AD-integrated( this domain has 2 DCs). I want to add a child domain to this existing domain.
on root DC, i did ipconfig /flushdns. it went ok. but with /registerdns, it gave error
Error: The system cannot find the file specified.
: Refrshing DNS names
May be it is becuase, we don't run DHCP on our servers.
"Configure the existing DNS Server by deleting the .ROOT forward lookup zone and to forward to your ISP DNS servers if required."
we don't have .ROOT forward lookup zone in root DNS server.
Please let us know, if you have any ideas regarding this issue.
Thanks.
I ran Adprep /forestprep and /domainprep. And ran dcpromo on new server, but it still gives the same error. The following is the directory service event error message i got (all the times i tried with several options of dns) on the new server that i am trying to promote.
------------------------
The Active Directory Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
Domain controller:
748c81a3-6645-4336-a8fb-90
Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.
------------------------
None of the DCs has 748c81a3-6645-4336-a8fb-90
What do you mean by "Initially set all DNS zones up as primary/secondaries until you have all AD functions operating correctly."? The root DC is currently set up as AD-integrated( this domain has 2 DCs). I want to add a child domain to this existing domain.
on root DC, i did ipconfig /flushdns. it went ok. but with /registerdns, it gave error
Error: The system cannot find the file specified.
: Refrshing DNS names
May be it is becuase, we don't run DHCP on our servers.
"Configure the existing DNS Server by deleting the .ROOT forward lookup zone and to forward to your ISP DNS servers if required."
we don't have .ROOT forward lookup zone in root DNS server.
Please let us know, if you have any ideas regarding this issue.
Thanks.
ASKER
hi,
I could fix the error i mentioned above, which was with NTDS replication, by synchronizing new server net time with root server.
Anyway i still can't get it to work. There is another error message i am getting which i forgot to mention in last post. May be this is more significant error.
--------------------------
Event Id: 1168 Source: NTDS General
Internal error: An Active Directory error has occurred.
Additional Data
Error value (decimal):
-1073741823
Error value (hex):
c0000001
Internal ID:
3000e0e
--------------------------
Trying to find out about this on google currently, but please any of you knows about this, please let me know.
Thanks a lot.
I could fix the error i mentioned above, which was with NTDS replication, by synchronizing new server net time with root server.
Anyway i still can't get it to work. There is another error message i am getting which i forgot to mention in last post. May be this is more significant error.
--------------------------
Event Id: 1168 Source: NTDS General
Internal error: An Active Directory error has occurred.
Additional Data
Error value (decimal):
-1073741823
Error value (hex):
c0000001
Internal ID:
3000e0e
--------------------------
Trying to find out about this on google currently, but please any of you knows about this, please let me know.
Thanks a lot.
bubble_guy
Are all your Domain Controllers on the root domain also DNS Servers and Global Catalogs - if not they should be.
Each server should have it's IP settings for DNS pointing to one of the OTHER servers as primary and itself as secondary.
We need to sort your DNS issues out before we go onto joining another child domain.
Cheers
JamesDS
Are all your Domain Controllers on the root domain also DNS Servers and Global Catalogs - if not they should be.
Each server should have it's IP settings for DNS pointing to one of the OTHER servers as primary and itself as secondary.
We need to sort your DNS issues out before we go onto joining another child domain.
Cheers
JamesDS
Is this a new location? The reason I had my issue was routing between the two sites. I totally agree with JamesDS that it is a DNS issue as my site couldn't find a route to contact my DNS server I was not able to promote the DC.
ClintN
AD Sites would have had nothing to do with your problem either. Network Routing is not controlled or affected by AD Sites.
Cheers
JamesDS
AD Sites would have had nothing to do with your problem either. Network Routing is not controlled or affected by AD Sites.
Cheers
JamesDS
My DNS server was on a different physical network from my second site. AD was not my issue it was the ability to contact my primary DNS(on the 10.10.x.x network from the 192.168.x.x.)
ASKER
Hi all,
Finally we sorted the problem out. It is caused by that the role holder for the schema master was pointing to a deleted DC, which crashed long time ago. Even though we rebuilt the DC with the same name, the internal SID is different. After we seized the schema master role, everything works.
Even though the problem was not caused by the DNS, we thanks for your inputs, which really help us to have learned a lot. If it is OK with you, I'm going to close this question.
Regards
Finally we sorted the problem out. It is caused by that the role holder for the schema master was pointing to a deleted DC, which crashed long time ago. Even though we rebuilt the DC with the same name, the internal SID is different. After we seized the schema master role, everything works.
Even though the problem was not caused by the DNS, we thanks for your inputs, which really help us to have learned a lot. If it is OK with you, I'm going to close this question.
Regards
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.