cusas76
asked on
Major Help Needed -- Changed the IP Address if a DC / Exchange Server
OK,
I am a moron. I had to move my Domain Controller/Exchange server to my house for a while. I didn't think anything about it, I brought it up changed the IP address and rebooted. I messed around in the DNS area
Needless to say I am dead in the water.
I have a backup of the exchange from a couple days ago so worst case scenario I try to rebuild. But can anyone help me salvage my setup. I have seen people say I should have demoted it from a DC, but what would that do to Exchange?
Any and all help is greatly appreciated. I don't know if I can do 1000 points, but I'll try, and if you do help me and you come through Chicago, I'll buy you dinner.
I'm running Windows 2003 Server Enterprise and Exchange 2004 Enterprise.
Thanks again.
I am a moron. I had to move my Domain Controller/Exchange server to my house for a while. I didn't think anything about it, I brought it up changed the IP address and rebooted. I messed around in the DNS area
Needless to say I am dead in the water.
I have a backup of the exchange from a couple days ago so worst case scenario I try to rebuild. But can anyone help me salvage my setup. I have seen people say I should have demoted it from a DC, but what would that do to Exchange?
Any and all help is greatly appreciated. I don't know if I can do 1000 points, but I'll try, and if you do help me and you come through Chicago, I'll buy you dinner.
I'm running Windows 2003 Server Enterprise and Exchange 2004 Enterprise.
Thanks again.
ASKER
Well, I changed the IP address, and then rebooted, it took forever coming up and there were tons of DNS errors in the application log, so stupid me went into DNS and everywhere I saw the old address I put the new address.
It was at about that point I thought hey, lets see what they say about doing this. So now I can't get into Exchange nor Active Directory.
Unfotunately I don't have access to the old IP network so if I am going to get it running it has to be on the new one. The old IP was shut off this morning.
I undid exactly what I did, but I fear that the damage was already done.
When I try to go into ADUC I get a message saying:
"Naming information cannot be located for the following reason:
The server is not operational."
Then it comes up and there is the big old red X over ADUC.
Same with Sites & Service
And the message for Domains and Trusts is similar
Hope this helps,
Thanks for responding
It was at about that point I thought hey, lets see what they say about doing this. So now I can't get into Exchange nor Active Directory.
Unfotunately I don't have access to the old IP network so if I am going to get it running it has to be on the new one. The old IP was shut off this morning.
I undid exactly what I did, but I fear that the damage was already done.
When I try to go into ADUC I get a message saying:
"Naming information cannot be located for the following reason:
The server is not operational."
Then it comes up and there is the big old red X over ADUC.
Same with Sites & Service
And the message for Domains and Trusts is similar
Hope this helps,
Thanks for responding
Maybe this will help you.
Apparently you are not able to put in the old IP address ?? The thing you have to do first is setting up the DNS server properly and have it connected to your active directory.
1) Setup the ip addresses you need in the network interfaces.
2) Open the nameserver config (either via configuration panel/System administration/DNS or right click this computer/manage/services/d
3) Make a new forward zone integrated with active directory
Now you are halfway however the necessary dns records for active directory integration are not yet there.
Get the tools from the windows2003 server resource kit, you need especially the tool nltest.exe.
When you have installed these tools go to a command box (run/cmd)
go to the directory where you have installed the resourcekit tools.
Type in the following command: nltest.exe /dsregdns
this will enforce registration of the nameserver records that you need for active directory integration.
From that point on your active directory should be functioning again.
Note, It will take some time before everything is running completely properly again.
Hope this will be of use.
Goodluck
Ray
Apparently you are not able to put in the old IP address ?? The thing you have to do first is setting up the DNS server properly and have it connected to your active directory.
1) Setup the ip addresses you need in the network interfaces.
2) Open the nameserver config (either via configuration panel/System administration/DNS or right click this computer/manage/services/d
3) Make a new forward zone integrated with active directory
Now you are halfway however the necessary dns records for active directory integration are not yet there.
Get the tools from the windows2003 server resource kit, you need especially the tool nltest.exe.
When you have installed these tools go to a command box (run/cmd)
go to the directory where you have installed the resourcekit tools.
Type in the following command: nltest.exe /dsregdns
this will enforce registration of the nameserver records that you need for active directory integration.
From that point on your active directory should be functioning again.
Note, It will take some time before everything is running completely properly again.
Hope this will be of use.
Goodluck
Ray
ASKER
Ray, I did that and it took all of a second or two, did I do something wrong?
Can you elaborate more on how to do step 3) Make a new forward zone integrated with active directory? How do I do that.
I know that I did it once, but it has been a year or so since I set this up so I forgot all of steps that I took.
Can you elaborate more on how to do step 3) Make a new forward zone integrated with active directory? How do I do that.
I know that I did it once, but it has been a year or so since I set this up so I forgot all of steps that I took.
Hi
Open DNS in Administrative Tools, right click the server object and select new zone to launch the zone wizard. Select the following - Active Directory Integrated - Forward Lookup Zone - then enter the name of your internal domain ie yourdomain.com click next and then finish. Then run nltest as Ray suggested - dns should be ok,
Deb :))
Open DNS in Administrative Tools, right click the server object and select new zone to launch the zone wizard. Select the following - Active Directory Integrated - Forward Lookup Zone - then enter the name of your internal domain ie yourdomain.com click next and then finish. Then run nltest as Ray suggested - dns should be ok,
Deb :))
ASKER
Cool that is what I did.
Just to prove what a HUGE idiot I am, I did all of what you said to do. Then I did a ping of my server and it still came up with the old IP Address so then i thought to check the host file in c:\Windows\system32\driver
Now I have active directory backup and running.
Now i have an error in the application log saying:
Active Directory was unable to establish a connection with the global catalog.
Any ideas?
Just to prove what a HUGE idiot I am, I did all of what you said to do. Then I did a ping of my server and it still came up with the old IP Address so then i thought to check the host file in c:\Windows\system32\driver
Now I have active directory backup and running.
Now i have an error in the application log saying:
Active Directory was unable to establish a connection with the global catalog.
Any ideas?
Yep,
You need to tell your DC that is is also a Global Catalog. Go to sites and services which is somewhere in the admin panel. Open it until you get to the NTDS settings right click and there should be a tick that you can enter to make the machine a GC
Goodluck
You need to tell your DC that is is also a Global Catalog. Go to sites and services which is somewhere in the admin panel. Open it until you get to the NTDS settings right click and there should be a tick that you can enter to make the machine a GC
Goodluck
Euh, lets not forget to tell you that before you can set the GC you need to select the NTDS properties
Goodluck
Ray
Goodluck
Ray
ASKER
First off, Ray you are awesome for helping out this quickly.
Second, I went that far and GC was selected. It seems as though I am mostly back up and running. Exchange can send externally and it can send and receive internally, it does not seem as though it can receive externally though.
I am not 100% sure that AD is fine, but we are a whole lot closer that I have been since I started working on this yesterday.
What properties are there to select for NTDS? When I clicked on properties all that I recall seeing is the Global Catalog check box and a couple other items.
Second, I went that far and GC was selected. It seems as though I am mostly back up and running. Exchange can send externally and it can send and receive internally, it does not seem as though it can receive externally though.
I am not 100% sure that AD is fine, but we are a whole lot closer that I have been since I started working on this yesterday.
What properties are there to select for NTDS? When I clicked on properties all that I recall seeing is the Global Catalog check box and a couple other items.
That's it. Not a lot of options there.
When there are no more nasty things around anymore it should be up and running after the next replication cycle.
Sometimes you can force replication by rebooting the system.
The GC is absolutely necessary for exchange to function properly.
Also look into the exchange system manager / under the server properties / Directory Access to see whether exchange already found the GC.
Hmmm... when exchange can receive internally it should be able to receive externally as well. That sounds like another problem. Maybe somewhere in the SMTP connector
When there are no more nasty things around anymore it should be up and running after the next replication cycle.
Sometimes you can force replication by rebooting the system.
The GC is absolutely necessary for exchange to function properly.
Also look into the exchange system manager / under the server properties / Directory Access to see whether exchange already found the GC.
Hmmm... when exchange can receive internally it should be able to receive externally as well. That sounds like another problem. Maybe somewhere in the SMTP connector
ASKER
Now since I have redone the forward lookup zone, I am am getting errors like:
The dynamic registration of the DNS record
'ForestDnsZones.activeinte
DBS server IP address 216.168.228.5
Returned Response Code(RCODE): 5
Returned Status Code: 9017.
I also get similar messages fro DomainDnsZones.activeinter
I noticed that I don't have the ForestDnsZone and _LDAP and all those entries anymore. Is there a quick way to recreate them?
I have no clue what that IP address the 66.9.251.106 is the old address of my server.
The dynamic registration of the DNS record
'ForestDnsZones.activeinte
DBS server IP address 216.168.228.5
Returned Response Code(RCODE): 5
Returned Status Code: 9017.
I also get similar messages fro DomainDnsZones.activeinter
I noticed that I don't have the ForestDnsZone and _LDAP and all those entries anymore. Is there a quick way to recreate them?
I have no clue what that IP address the 66.9.251.106 is the old address of my server.
These should be created after you have done the nltest.exe however I have noticed it does take some time before they are there again
nltest creates the records you have mentioned.
nltest creates the records you have mentioned.
ASKER
How long is long? Now we don't actually have anyone who connects to this DC. It is only done because we want to run Exchange.
Does that simplify or complicate things?
Does that simplify or complicate things?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK That seems to be along the lines of what I am doing wrong.
Does that mean when I configure my IP addred I don't put in anything for the DNS? Or do I put the servers IP Address?
Does that mean when I configure my IP addred I don't put in anything for the DNS? Or do I put the servers IP Address?
Hi
You put the server's IP address as preferred dns server only in tcp/ip. To resolve addresses on the internet you delete the "." root zone in dns, which will let you set forwarders on the server object in dns. That's where you put your isp's nameserver ip addresses.
You put the server's IP address as preferred dns server only in tcp/ip. To resolve addresses on the internet you delete the "." root zone in dns, which will let you set forwarders on the server object in dns. That's where you put your isp's nameserver ip addresses.
Did you only change the Ip address of this server, or did you do anything else to it? If you only changed the IP, we may be able to get you back up and running through amending dns settings. What's your exact situation now and what have you done? Give as much detail as possible,
Deb :))