abastanpour
asked on
_msdcs, _sites, _TCP, _udp no showing after NT4 PDC Upgrade to Win2k Srv.
I have recently upgraded a NT4.0 PDC to Windows 2k using the following steps:
(This is a single domain install, we have only one domain. Simple)
1. Installed a new NT4.0 BDC Server on the LAN.
2. Synchronized NT4 Domain.
3. Took the newly installed NT4 BDC off LAN and moved it to a test hub (no connection to company LAN).
4. Promoted the newly BDC to PDC on the test hub.
5. Installed Win2k srv with Active Directory (Mixed Mode).
6. I did use proper naming conventions: mycompanyname.net (I am following steps in a MS SRV 2K BOOK)
7. The installation process completed successfully with all accounts being there.
Now:
Issues:
1. The Win2k DC is showing no _msdcs, _sites, _TCP, _udp under DNS Fwd zone. Don't know why!
2. My Test environment on the hub has no access to internet/ISP. Is that OK?
3. In NT4.0 I can do manual domain synchronization through server manager, can I do that from Win2K server in Mixed mode. How?
4. Once my configuration and testing is completed with this 2K DC, can I demote the live existing PDC on company network to BDC and bring my New 2K DC to the live network. (I have not seen this done or recommended by Microsoft therefore I am assuming the answer is no). Just curious.
5. In DNS MMC, do I need to remove "." zone and configure forwarders in order to use my ISP's DNS. Don't want to confuse internal browsers in the office.
Sorry about all the question... and thank you at the same time.
(This is a single domain install, we have only one domain. Simple)
1. Installed a new NT4.0 BDC Server on the LAN.
2. Synchronized NT4 Domain.
3. Took the newly installed NT4 BDC off LAN and moved it to a test hub (no connection to company LAN).
4. Promoted the newly BDC to PDC on the test hub.
5. Installed Win2k srv with Active Directory (Mixed Mode).
6. I did use proper naming conventions: mycompanyname.net (I am following steps in a MS SRV 2K BOOK)
7. The installation process completed successfully with all accounts being there.
Now:
Issues:
1. The Win2k DC is showing no _msdcs, _sites, _TCP, _udp under DNS Fwd zone. Don't know why!
2. My Test environment on the hub has no access to internet/ISP. Is that OK?
3. In NT4.0 I can do manual domain synchronization through server manager, can I do that from Win2K server in Mixed mode. How?
4. Once my configuration and testing is completed with this 2K DC, can I demote the live existing PDC on company network to BDC and bring my New 2K DC to the live network. (I have not seen this done or recommended by Microsoft therefore I am assuming the answer is no). Just curious.
5. In DNS MMC, do I need to remove "." zone and configure forwarders in order to use my ISP's DNS. Don't want to confuse internal browsers in the office.
Sorry about all the question... and thank you at the same time.
ASKER
Greetings;
1. The DNS is installed. I still don't have _msdcs, _sites, _TCP, _udp under DNS Fwd zone after running ipconfig /registerdns. Everything I read sys it should be there.. Hmmmm!
Under DNS MMC, I am seeing "Cashed Lookups". Is that normal?
5. If no forwarders have been set in DNS, then would my clients be able to browse the internet like they do now? We are using our ISP's DNS. (our DNS Setting are obtained via DHCP)
This is a rough config of my server:
My NT 4 Domain is called DHP. I am using a nonpublic domain name, dhpassociate.net.
After the upgrade to 2k I used AD Wizard to create:
1. Create a new domain tree
2. Create a new forest of domain tree
Than went on installing DNS and completed that.
That's as far as I got since my DNS is not showing _msdcs, _sites, _TCP, _udp under DNS Fwd zone.
1. The DNS is installed. I still don't have _msdcs, _sites, _TCP, _udp under DNS Fwd zone after running ipconfig /registerdns. Everything I read sys it should be there.. Hmmmm!
Under DNS MMC, I am seeing "Cashed Lookups". Is that normal?
5. If no forwarders have been set in DNS, then would my clients be able to browse the internet like they do now? We are using our ISP's DNS. (our DNS Setting are obtained via DHCP)
This is a rough config of my server:
My NT 4 Domain is called DHP. I am using a nonpublic domain name, dhpassociate.net.
After the upgrade to 2k I used AD Wizard to create:
1. Create a new domain tree
2. Create a new forest of domain tree
Than went on installing DNS and completed that.
That's as far as I got since my DNS is not showing _msdcs, _sites, _TCP, _udp under DNS Fwd zone.
1. No DNS API Errors?
If not I'd delete the zone, and re-add it ensuring it's AD Integrated.
Did DCPromo complete successfully?
5. Yes - Without forwarders DNS will use the Root Hints file, these are the IP Addresses of the Top Level Domain Name Servers, they will tell your DNS where to get answers to it's questions. The only time it won't use this file is if the zone "." exists. You should be able to see the Root Hints option under your DNS Config. If it is greyed out then something is wrong.
Can you also confirm the Domain name you've assigned to AD? You can mask it, I'm only after the format you've used.
ASKER
I don't see any API errors.
The only issue I see under system events is:
Event ID 5781
Source: Netlogon
Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.
What would be the best way for me to confirm the AD doming name?
The only issue I see under system events is:
Event ID 5781
Source: Netlogon
Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.
What would be the best way for me to confirm the AD doming name?
Okay, there's definately something up with your DNS, as if you didn't ready know ;)
Try:
ipconfig /all
It should have a Primary DNS Suffix listed there (along with the host name).
Otherwise, open up AD Users and Computers, it'll have the domain name listed there too (just expand the tree on the left a bit if you can't see it).
ASKER
Oh, OK.
I have been there already. The primary DNS suffix has been there. I just checked it again with both methods. Ipconfig /all shows my primary DNS suffix as dhpassociate.net
Hummm... Very interesting...!
I have been there already. The primary DNS suffix has been there. I just checked it again with both methods. Ipconfig /all shows my primary DNS suffix as dhpassociate.net
Hummm... Very interesting...!
That's good enough for now.
Now in order for DNS to work we need a Forward Lookup Zone called dhpassociate.net, is that there?
ASKER
Yes there is one there..
Okay, delete it. Then add a new primary (AD integrated) zone with the same name.
On occasion the zone files become corrupt - this can appear as anything from TTLs not working to Updates not working.
After that select the Properties for the zone, on General confirm that it's AD Integrated. That the Dynamic Updates box is set to "Only Secure Updates".
Confirm that the server is using only it's own IP Address as DNS, then at the command prompt try ipconfig /registerdns
See if it added an A Record and an NS Record for the domain. Then check for those _ folders again.
ASKER
Ok, let me make sure I understand this.
I need to delete dhpassociate.net under the forward zone, than create a new "Zone" which the wizard should walk me through it. Correct?
I need to delete dhpassociate.net under the forward zone, than create a new "Zone" which the wizard should walk me through it. Correct?
Correct. Just to ensure the existing zone isn't corrupt. Then use the wizard to create a new forward lookup zone with the same name.
ASKER
Deleted and recreated the Zone.
Under the static IP configuration for this server, the DNS Preferred servers were pointing at the ISP. I have changed it to point at itself.
Did the Ipconfig /registerdns.
Let's see what happens...
Under the static IP configuration for this server, the DNS Preferred servers were pointing at the ISP. I have changed it to point at itself.
Did the Ipconfig /registerdns.
Let's see what happens...
Okay, it should be okay.. make sure you keep a bit of an eye on the System and DNS Logs in Event Viewer.
ASKER
OK
I am showing _sites, _TCP, _udp, but no _msdcs.
I am showing _sites, _TCP, _udp, but no _msdcs.
Getting there though ;)
Check for DNS API Errors in System, and more general DNS errors in the DNS Log.
Any NTDS type errors in the Directory Service log?
ASKER
OK.. Looking good.
The _msdcs is there now.
The only error I see is in the system event log and its:
Event ID 5781
Source: Netlogon
Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.
I getting this message every 2 hrs. Not sure why..
The _msdcs is there now.
The only error I see is in the system event log and its:
Event ID 5781
Source: Netlogon
Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.
I getting this message every 2 hrs. Not sure why..
That one on the server itself?
Is there just the Servers IP as the Primary Name Server in TCP/IP Configuration? Or do you have a secondary one there too?
If it's not that simple then we can turn on logging for the NetLogon service. It might be on already of couse, to check look for:
%Windir%\debug\netlogon.lo
ASKER
The IP Configuration on the server is pointing Primary DNS to itself and I do have a WINS entry. When you say the name server, are you talking about the WINS?
The netlogon.log is blank. There are no entries in it.
The netlogon.log is blank. There are no entries in it.
Nope, DNS is a Name Server. Sorry, I should stick to the same names ;)
Looks like Netlogon logging is disabled... to enable it you do the following from the command prompt:
nltest /dbflag:2080ffff
net stop netlogon
net start netlogon
To disable it again you do:
nltest /dbflag:0
net stop netlogon
net start netlogon
That should add a bit more information about what the NetLogon service is trying to register in DNS.
ASKER
I have a lot of entry in the netlogon.log now. :)
Man, I don't understand why netlogon was disabled! After all, I upgraded form a working NT4 PDC.
Also;
In static configuration of the sever, I did know that you had to have the primary DNS set to point at itself. Originally my Static DNS setting where set to point at the ISP.
These are little steps that my book did not cover.
Also,
I took a laptop plugged it into my test environment to see if I could long into the Win2k server. And it worked nicely.
However, when I took the laptop off the test network and tried to log into the company network. I got a message saying the computer account for this system is missing. I check server manager and it's there! This message worries me, because if for some reason my Upgrade to win2k is not successful, than I may incounter computer account issues throughout the office if I go back to NT 4.0 domain.
Man, I don't understand why netlogon was disabled! After all, I upgraded form a working NT4 PDC.
Also;
In static configuration of the sever, I did know that you had to have the primary DNS set to point at itself. Originally my Static DNS setting where set to point at the ISP.
These are little steps that my book did not cover.
Also,
I took a laptop plugged it into my test environment to see if I could long into the Win2k server. And it worked nicely.
However, when I took the laptop off the test network and tried to log into the company network. I got a message saying the computer account for this system is missing. I check server manager and it's there! This message worries me, because if for some reason my Upgrade to win2k is not successful, than I may incounter computer account issues throughout the office if I go back to NT 4.0 domain.
It'll mess with the Computer Account when you move it between domains (the domains are different now).
It should be fine with the other upgrade.
To check that out to be certain you could...
1. Rebuild your test server as a BDC on live again
2. Take it off live and add it to test, promoting it to PDC
3. Add your laptop (or a test computer account) to the NT 4 Test domain
4. Perform the Upgrade to AD
5. Check access from the computer
It'll definately make you nice and familiar with the upgrade procedure ;)
ASKER
I will practice more, that's for sure.
This computer account issue is worrying me again, because.. Say:
1. I take one freshly synchronized BDC off the company network and put it on the side.
2. Upgrade the Company PDC to Win2k AD Mixed mode.
3. Then for some reason I the upgrade is not successful and I had to take the Win2k off the network.
At this point my only Disaster Recovery would be to bring the Offline BDC back and promote it to PDC.
But, then all my Computer accounts are not going to work.
I am thinking correctly about this.. ?!
Oh, before I forget: Thank you for helping this solo-net admin. Thank you :)
This computer account issue is worrying me again, because.. Say:
1. I take one freshly synchronized BDC off the company network and put it on the side.
2. Upgrade the Company PDC to Win2k AD Mixed mode.
3. Then for some reason I the upgrade is not successful and I had to take the Win2k off the network.
At this point my only Disaster Recovery would be to bring the Offline BDC back and promote it to PDC.
But, then all my Computer accounts are not going to work.
I am thinking correctly about this.. ?!
Oh, before I forget: Thank you for helping this solo-net admin. Thank you :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1. Is the DNS running on your 2000 Server? It needs to be really since AD requires DNS to support Dynamic Update. The zone should be Primary Active Directory Integrated on there. To check Dynamic Update run "ipconfig /registerdns" from the command prompt.
2. Yep, no problem.
3. Sort of, although Synchronization is instant in a single site.
4. No. You cannot demote a PDC to BDC, only promote a BDC to PDC. To sort out the upgraded domain you would probably be best with:
- Add a new NT 4 BDC to the network
- Promote the BDC to PDC
- Upgrade the PDC to Windows 2000 and Launch the AD Wizard
- Upgrade the remaining BDCs afterwards
5. The "." zone makes you server thinks it knows everything about everything on the internet (. is the root zone), so definately delete that. Forwarders aren't essential, you can stick with Root Hints if you prefer.
All Internal clients and servers should refer to your Internal DNS for everything to work.
I would strongly advise that you do not use public DNS names (like .net) for your Private network, instead use something like mycompany.local. This can prevent complicating things later on.
Please post again with the rough config of your 2000 Server if it still can't query DNS.