Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

DNS service won't start after DCPromo

Posted on 2005-04-08
8
Medium Priority
?
583 Views
Last Modified: 2012-05-05
I have a standalone Win2K3 server that is used for running terminal services. For security and administration purposes, I thought it would be a good idea to install Active Directory since it wasn't done upon installation 12 moniths ago. I followed the instructions available here:

http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm

Here are the settings I used:
Servername: companyfs1
Suffix: company.local
IP: 192.168.0.2
Gateway: 192.168.0.1
DNS: 192.168.0.2

I created the forward lookup zone, tested it to see if the server registered, rebooted just to be sure, tested it again, then ran dcpromo. It ran fine all the way through, rebooted, and then sat on the dreaded "preparing network connections" for 10 minutes before allowing me to log on. I ran through the AD installation checklist and discovered that the DNS Server service was stuck on "starting". I can kill the process then try to start it again, but when I start it manually, the progress indicator gets to about halfway then virtually stops. I then get the error "1053: the service did not respond to the start or control request in a timely fashion" and the service status remains stuck on "starting". After several reboots and an uninstall and reinstall DNS without luck, I'm out of ideas. It doesn't seem anyone has documented this exact problem before.

What's more, is that the server can ping itself - and resolve it's own name. Ping companyfs1 comes back with a reply from 192.168.0.2 and gives the FQDN of companyfs1.company.local. How is this possible? I know it's only querying itself, but I thought that would still use DNS.

Anyway, I'm convinced I did nothing wrong throughout the process so surely it's not terminal. Is there any workaround or will I be forced to demote the server and remove AD? Oh - and I hope the existing user accounts are intact.
0
Comment
Question by:PJNG1
  • 5
  • 3
8 Comments
 

Author Comment

by:PJNG1
ID: 13735041
After 2 hours of messing about and getting nowhere, the service just suddenly started out of the blue. I have no idea why, but it happened. I then went through and recreated the DNS forward lookup zone, which is working nicely, but when I try to connect to AD sites and services, it says the server is not operational. I can browse the domain and the server is listed, but it won't connect to it. I'm too scared to restart the damn thing. Anything I can do to kick it in without a boot?
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13735115
DNS Service is started ok..no problem here...but what about DC SRVs for domain controller in the respective zone. All AD Tools access active directory domain name by sending a query to DNS server for DC SRVs. If DC SRVs are not registered in DNS the AD Tools will show this message "Naming information not found" or "Server is not operational". Try the following: -

1. Dcdiag /fix
2. Netdiag /fix
3. Restart Netlogon service
4. Ipconfig /registerdns.

Let me know.
0
 

Author Comment

by:PJNG1
ID: 13738428

Before I start, thought I'd mention I'm now running this server on a standalone hub with no net access and no workstations so many of the lookup tests don't work. Here are the results of the suggested actions:

1. dcdiag returns with an LDAP response error - companyfs1 could not be contacted. Check if it's a DC.
2. netdiag returns many interesting things - including:

  Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.

  DC discovery test. . . . . . . . . : Failed
        [FATAL] Cannot find DC in domain 'COMPANY'. [ERROR_NO_SUCH_DOMAIN]

   DC list test . . . . . . . . . . . : Failed
        'COMPANY': Cannot find DC to get DC list from [test skipped].

All other error messages seems to be due to the fact that there are no workstations or gateway available.
I think it's really trying to tell me that it doesn't think the server is a DC, but when I run dcpromo, it immediately says that the computer is already an AD DC.

I've since done a restart, which kills the dns service again, but I can now fairly consistently start it by killing the process and starting it manually - it still comes up with a "timely fashion" error, but starts after about 3 minutes.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:PJNG1
ID: 13738499
Oh - to answer your question - the DC SRVs are all registered in DNS and the SYSVOL directory is intact.
0
 

Author Comment

by:PJNG1
ID: 13742461
Update: the SYSVOL and NETLOGON shares had not been created. I created them manually, but that didn't make a difference.

Every tool I run reports that the DC for the domain can not be contacted.
0
 
LVL 35

Accepted Solution

by:
Nirmal Sharma earned 750 total points
ID: 13760544
Follow all the steps carefully to rebuild the Sysvol share and then run Ntdsutil.exe to clear unused domain data from Directory.
http://support.microsoft.com/default.aspx?scid=kb;en-us;315457

Metadata Cleanup: -
How To Remove Orphaned Domains from Active Directory
http://support.microsoft.com/?kbid=230306

How do I remove a nonexistent domain from Active Directory?
http://www.windowsitpro.com/Article/ArticleID/13415/13415.html

BTW: - What is your domain name? Did you give the NetBIOS name and not FQDN while promoting it to a domain controller?

Let me know.
0
 

Author Comment

by:PJNG1
ID: 13760798

Thanks for the replies. Due to the lack of time I had to get the server running, I spent as long as I could troubleshooting, but mid-afternoon Sunday, I decided I had just enough time to rebuild it to have to fully working by Monday morning. Turns out the system disk was on it's way out, so I'm not sure any more fiddling would have worked.

Have some points anyway.
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13761800
Sorry. I couldn't be of some help.

Hope next time i will try my level best.

Thanks!
SystmProg
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question