[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Rename Domain (Win2003, DNS, Active Directory, Simple Domain, Internal DNS Server)

Posted on 2006-03-21
18
Medium Priority
?
1,761 Views
Last Modified: 2008-01-09
Hello,

I have a Win2003 SP1 domain called abcd.  When the domain controller was created and active directory configured, the person used abcd.com, which

resolved to 192.168.100.100 on our LAN.  Our configuration is very simple...  One domain controller, server.abcd.com (192.168.100.100), that serves DNS

to the local LAN.  All the computers on our LAN point to DNS on the server.abcd.com for domain name resolution.  The internal DNS server forwards to our

DSL's DNS servers.  Our e-mail (mail.abcd.com) and website (www.abcd.com) are hosted at Network Solutions so our abcd.com registered domain name

points to their resources.  dcdiag and netdiag reported no errors.

When I started working on this system, we were receiving "non-existent domain" nslookup errors when we tried to access www.abcd.com or mail.abcd.com

on the DC and computers on the LAN.  I debugged and determined that the issue was that the internal DNS server was trying to resolve www.abcd.com when it

really should be handled the the external DNS servers at our ISP.  I am not a DNS expert, but I don't think that we can have abcd.com on internal and

external DNS servers at the same time.  
So, I deleted the abcd.com zone on our internal DNS server and created abcd.local.  I renamed the DC and rebooted.  Voila!  Now, the DNS system is

working correctly!  I can ping the DC by "server", which is its hostname... by server.abcd.local... and by its IP address, 192.168.100.100.  In IE,

www.abcd.com brings up our website and mail.abcd.com loads the webmail login page at Network solutions.  Oh, we are currently using static networking

parameters on the clients.  DHCP is being served on the router, but once I get things cleaned up, I want to use DHCP on the DC.

So, here is the rub...

Now, I am getting Active Directory errors because the original abcd.com zone no longer exists on the internal DNS, which resolved to the DC, it is

resolving to an external IP address at Network Solutions.  The culprit seems to be the _msdcs.abcd.com zone.  I am also receiving Active Directory errors

when I reboot the server.  

Since my domain is so simple, I am wondering whether it would be easier to just use the rename domain feature in Win2003 to correct things.  Feed it

abc.local...  I really do not want to have to reinstall the DC to get things to work correctly.  I would appreciate any guidance on how to clean up this

mess.  I have included the event errors at boot time, my current dcdiag and netdiag logs.

Thanks in advance,

Mike



*******************************************
***************** EVENTS ******************
*******************************************
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4015
Date:            3/20/2006
Time:            11:23:17 PM
User:            N/A
Computer:      SERVER
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug

information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 00 00 00               Q...
----------------------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            3/20/2006
Time:            11:23:17 PM
User:            N/A
Computer:      SERVER
Description:
The DNS server was unable to complete directory service enumeration of zone ..  This DNS server is configured to use information obtained from Active

Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the

zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    
--------------------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            3/20/2006
Time:            11:23:17 PM
User:            N/A
Computer:      SERVER
Description:
The DNS server was unable to complete directory service enumeration of zone _msdcs.abc.com.  This DNS server is configured to use information obtained

from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat

enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help

and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    
--------------------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            3/20/2006
Time:            11:23:17 PM
User:            N/A
Computer:      SERVER
Description:
The DNS server was unable to complete directory service enumeration of zone 100.168.192.in-addr.arpa.  This DNS server is configured to use information

obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat

enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help

and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    
------------------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            3/20/2006
Time:            11:23:17 PM
User:            N/A
Computer:      SERVER
Description:
The DNS server was unable to complete directory service enumeration of zone abc.local.  This DNS server is configured to use information obtained from

Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of

the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support

Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    
----------------------------------

******************************************************************
************************* DCDIAG LOG *****************************
******************************************************************

C:\Documents and Settings\Administrator>cd\

C:\>dcdiag /c

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER
      Starting test: Connectivity
         ......................... SERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER
      Starting test: Replications
         ......................... SERVER passed test Replications
      Starting test: Topology
         ......................... SERVER passed test Topology
      Starting test: CutoffServers
         ......................... SERVER passed test CutoffServers
      Starting test: NCSecDesc
         ......................... SERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER passed test NetLogons
      Starting test: Advertising
         ......................... SERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVER passed test RidManager
      Starting test: MachineAccount
         ......................... SERVER passed test MachineAccount
      Starting test: Services
         ......................... SERVER passed test Services
      Starting test: OutboundSecureChannels
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... SERVER passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         ......................... SERVER passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SERVER passed test frssysvol
      Starting test: frsevent
         ......................... SERVER passed test frsevent
      Starting test: kccevent
         ......................... SERVER passed test kccevent
      Starting test: systemlog
         ......................... SERVER passed test systemlog
      Starting test: VerifyReplicas
         ......................... SERVER passed test VerifyReplicas
      Starting test: VerifyReferences
         ......................... SERVER passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... SERVER passed test VerifyEnterpriseReferences

      Starting test: CheckSecurityError
         [SERVER] No security related replication errors were found on this DC!
 To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... SERVER passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : abcd
      Starting test: CrossRefValidation
         ......................... abcd passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... abcd passed test CheckSDRefDom

   Running enterprise tests on : abcd.com
      Starting test: Intersite
         ......................... abcd.com passed test Intersite
      Starting test: FsmoCheck
         ......................... abcd.com passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:

            DC: server.abcd.local
            Domain: abcd.com


               TEST: Basic (Basc)
                  Warning: adapter [00000008] NVIDIA nForce Networking Controlle
r has invalid DNS server: 192.168.100.100 (<name unavailable>)
                  Error: all DNS servers are invalid
                  Warning: The Active Directory zone on this DC/DNS server was n
ot found (probably a misconfiguration)

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network a
dapters

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 192.168.100.100 (<name unavailable>)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.abcd.com. faile
d on the DNS server 192.168.100.100

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: abcd.com
               server                       PASS FAIL PASS n/a  PASS FAIL n/a

         ......................... abcd.com failed test DNS



**************************************************************
*********************** NETDIAG ******************************
**************************************************************
    Bind Name: NetbiosSmb
    Binding Paths:

    Component Name : WINS Client(TCP/IP) Protocol
    Bind Name: NetBT
    Binding Paths:
        Owner of the binding path : WINS Client(TCP/IP) Protocol
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: NVIDIA nForce Networking Controller

        Owner of the binding path : WINS Client(TCP/IP) Protocol
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis1394
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: 1394 Net Adapter

        Owner of the binding path : WINS Client(TCP/IP) Protocol
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)


    Component Name : Internet Protocol (TCP/IP)
    Bind Name: Tcpip
    Binding Paths:
        Owner of the binding path : Internet Protocol (TCP/IP)
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: NVIDIA nForce Networking Controller

        Owner of the binding path : Internet Protocol (TCP/IP)
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndis1394
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: 1394 Net Adapter

        Owner of the binding path : Internet Protocol (TCP/IP)
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)


    Component Name : Client for Microsoft Networks
    Bind Name: LanmanWorkstation
    Binding Paths:
        Owner of the binding path : Client for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios_smb
            Upper Component: Client for Microsoft Networks
            Lower Component: Message-oriented TCP/IP Protocol (SMB session)

        Owner of the binding path : Client for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: Client for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: NVIDIA nForce Networking Controller

        Owner of the binding path : Client for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: Client for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis1394
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: 1394 Net Adapter

        Owner of the binding path : Client for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: Client for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)


    Component Name : WebClient
    Bind Name: WebClient
    Binding Paths:

    Component Name : Wireless Configuration
    Bind Name: wzcsvc
    Binding Paths:

    Component Name : Network Load Balancing
    Bind Name: Wlbs
    Binding Paths:
        Owner of the binding path : Network Load Balancing
        Binding Enabled: No
    Interfaces of the binding path:
        -Interface Name: ndis5
            Upper Component: Network Load Balancing
            Lower Component: NVIDIA nForce Networking Controller


    Component Name : Steelhead
    Bind Name: RemoteAccess
    Binding Paths:

    Component Name : Dial-Up Server
    Bind Name: msrassrv
    Binding Paths:

    Component Name : Remote Access Connection Manager
    Bind Name: RasMan
    Binding Paths:

    Component Name : Dial-Up Client
    Bind Name: msrascli
    Binding Paths:

    Component Name : File and Printer Sharing for Microsoft Networks
    Bind Name: LanmanServer
    Binding Paths:
        Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios_smb
            Upper Component: File and Printer Sharing for Microsoft Networks
            Lower Component: Message-oriented TCP/IP Protocol (SMB session)

        Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: File and Printer Sharing for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: NVIDIA nForce Networking Controller

        Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: File and Printer Sharing for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis1394
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: 1394 Net Adapter

        Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: File and Printer Sharing for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)


    Component Name : NetBIOS Interface
    Bind Name: NetBIOS
    Binding Paths:
        Owner of the binding path : NetBIOS Interface
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: NetBIOS Interface
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: NVIDIA nForce Networking Controller

        Owner of the binding path : NetBIOS Interface
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: NetBIOS Interface
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis1394
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: 1394 Net Adapter

        Owner of the binding path : NetBIOS Interface
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: NetBIOS Interface
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)


    Component Name : Generic Packet Classifier
    Bind Name: Gpc
    Binding Paths:

    Component Name : Application Layer Gateway
    Bind Name: ALG
    Binding Paths:

    Component Name : NVIDIA nForce Networking Controller
    Bind Name: {6D38A578-1C86-414B-817B-13FEAC1F3878}
    Binding Paths:

    Component Name : WAN Miniport (IP)
    Bind Name: NdisWanIp
    Binding Paths:

    Component Name : Direct Parallel
    Bind Name: {63503349-F02C-4DD6-A4EF-701532CD601A}
    Binding Paths:

    Component Name : WAN Miniport (PPPOE)
    Bind Name: {571618E3-9DBA-44F3-A2EB-0F942F2EFBD1}
    Binding Paths:

    Component Name : WAN Miniport (PPTP)
    Bind Name: {FFF68E91-B8D0-4BF4-A819-0F9BB7A55BDD}
    Binding Paths:

    Component Name : WAN Miniport (L2TP)
    Bind Name: {20454C27-19AC-450D-A25E-FA35C9CBC57A}
    Binding Paths:

    Component Name : RAS Async Adapter
    Bind Name: {DB06811D-6E95-43E3-8635-0DBC4A1696A3}
    Binding Paths:

    Component Name : 1394 Net Adapter
    Bind Name: {3EC3479A-81AA-48DE-8DD1-865FED2F67D3}
    Binding Paths:



WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
0
Comment
Question by:mjgardne
  • 10
  • 6
  • 2
18 Comments
 

Author Comment

by:mjgardne
ID: 16252457
**********************************************************
********************* IPCONFIG /ALL **************************
**********************************************************

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : server
   Primary Dns Suffix  . . . . . . . : abcd.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : abcd.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-14-85-3A-C3-4D
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.100.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.100.2
   DNS Servers . . . . . . . . . . . : 192.168.100.100
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 16253910
Long question ... :)

What you need to do is to recover your AD specific DNS records. I.E., re-register your AD dns records.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd10.mspx#EAEAC

Let us know how you are going on...

cheers
0
 

Author Comment

by:mjgardne
ID: 16254389
Hi and thank you for the response...  In Active Directory Sites and Services->Sites->Default-First-Site-Name->Servers->SERVER (my DC/DNS/AD server), it shows the domain as being abcd.com, but I think that I need to rename the domain to abcd.local so my disjoint world is mended (DC: server.abcd.local, Domain: abcd.com).  Here is the result of the diagnostic command in the document that you mentioned, with inline comments.  Netdiag /fix complained loudly, too...  DNS test failed with "failed to fix: DC DNS entry... DNS Error code: 0x00002339" entries.  I scoured the web looking for methods to re-register AD DNS records, but only found diagnostic tests.  I found details concerning demoting my domain, fixing the suffix to abcd.local, and then promoting it again.  I would really like to avoid that process or and the renaming the domain procedure, if possible.  What do you think I should do next?

Thanks for your help,

Mike


=================== DCDIAG ======================
C:\>dcdiag /test:registerindns /dnsdomain:abc /v
   Starting test: RegisterInDNS
      This domain controller cannot register domain controller Locator DNS
      records. This is because it cannot locate a DNS server authoritative for
      the zone abcd. This is due to one of the following:

      1. One or more DNS servers involved in the name resolution of the
      abcd name are not responding or contain incorrect delegation of the
      DNS zones; or    >>> ONLY ONE DC, NO DELEGATION

      2. The DNS server that this computer is configured with contains
      incorrect root hints.  >>> NORMAL ROOT HINTS SERVER LIST

      The list of such DNS servers might include the DNS servers with which
      this computer is configured for name resolution and the DNS servers
      responsible for the following zones: abcd

      Verify the correctness of the specified domain name and contact your
      network/DNS administrator to fix the problem.

      You can also manually add the records specified in the
      %systemroot%\system32\config\netlogon.dns file.    >>> ???


      ......................... server failed test RegisterInDNS
=======================================================


**********************************************************
*********************** NETDIAG ***************************
*********************************************************
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>netdiag /fix

.....................................

    Computer Name: SERVER
    DNS Host Name: server.abcd.local
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 47 Stepping 2, AuthenticAMD
    List of installed hotfixes :
        KB890046
        KB893756
        KB896358
        KB896422
        KB896424
        KB896428
        KB898715
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB904942
        KB905414
        KB905915
        KB908519
        KB909520
        KB910437
        KB911927
        KB912475
        KB912919
        KB912945
        KB913446
        Q147222


Netcard queries test . . . . . . . : Passed
    [WARNING] The net card '1394 Net Adapter' may not be working because it has
not received any packets.



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server
        IP Address . . . . . . . . : 192.168.100.100
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.100.2
        Dns Servers. . . . . . . . : 192.168.100.100


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{6D38A578-1C86-414B-817B-13FEAC1F3878}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
    [FATAL] Failed to fix: DC DNS entry abcd.com. re-registeration on DNS se
rver '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry DomainDnsZones.abcd.com. re-register
ation on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry ForestDnsZones.abcd.com. re-register
ation on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.abcd.com. re-registeratio
n on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.abcd.com. re-registeration on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.abcd.com. re-register
ation on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.abcd.com. re-registeration on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.abcd.com. re-registeration
on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.
abcd.com. re-registeration on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.abcd.com. re-register
ation on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.abcd.com. re-registera
tion on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.abcd.com. re-registera
tion on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.abcd.com.
re-registeration on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.DomainDnsZones.abcd.com. re-registeration on DNS server '192.168.100.100'
failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones.abcd.com.
re-registeration on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.ForestDnsZones.abcd.com. re-registeration on DNS server '192.168.100.100'
failed.
DNS Error code: 0x00002339
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '192.168.100.100'.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{6D38A578-1C86-414B-817B-13FEAC1F3878}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{6D38A578-1C86-414B-817B-13FEAC1F3878}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Documents and Settings\Administrator>
C:\>
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 71

Expert Comment

by:Chris Dent
ID: 16256018
Hi Mike,

First of all, if it will let you, put the domain back to abcd.com - you'll need everything working before you can consider a rename.

I haven't spent a lot of time looking at your errors so forgive me if I missed anything. But you have two options going forward from there:

1. Add a www record for abcd.com to your internal DNS Server (there's no problem with doing that, just means you have to keep it up to date if the site address changes). The domain remains abcd.com.

2. Use the Domain Rename Tool. There is an extensive amount of documentation to cover for Domain Rename, and a fair number of requirements before you can even consider using it:

http://www.microsoft.com/technet/downloads/winsrvr/domainrename.mspx

Chris
0
 

Author Comment

by:mjgardne
ID: 16260115
Hi Chris,

So, here is option 1:

1) Rename my DC back to abcd.com.
2) Reboot
3) Add a host (A) record "www" with IP 111.111.111.11 to the to "abcd.com" foward lookup zone on my internal DNS server.
4) Add a host (A) record "mail" with IP  222.222.2.2 to the "abcd.com" forward lookup zone on my internal DSN server.
5) Open IE on the DNS server and try to access www.abcd.com and mail.abcd.com.

This should permit these domain names to be resolved internally rather than externally as it is doing now, right?

Since I am returning the system back to the original naming of abcd.com, is there any reason to do the domain rename if we can resolve the www and mail domain names?  Do most people create something like I was starting to do (abcd.local) with simple networks (1 DC, external email, external website, internal DNS),  and have their registered domain name (abcd.com) being resolved by external DNS servers.  It seems that this design prevents the need to edit (A) files if the company hosting our email and www change IP addresses.  What do you think?

0
 

Author Comment

by:mjgardne
ID: 16260149
In other words, is it a better design to do the domain rename to abcd.local, so I will want to do the domain rename at the end of the steps that I previously listed (assuming that dcdiag /fix and netdiag /fix do not report any errors)?

Thanks,

Mike
0
 

Author Comment

by:mjgardne
ID: 16260231
Sorry, the last post was unclear...  The steps that I listed in returning the DC to the abcd.com domain will permit the successful resolution of our www and mail domain names, but it may require changes to the (A) host records over time.  On the other hand, if I rename the domain to abcd.local after renaming my DC back to abcd.com (assuming dcdiag /fix and netdiag /fix do not report errors), queries for www.abcd.com and mail.abcd.com will be resolved by external DNS servers (i.e. my DSL provider's servers).  Is this correct, Chris?  Will there be authoritative issues with having my internal DNS server using "abcd.com" and the registered domain "abcd.com" being resolved to an address at Network Solutions by external DNS servers?  This is the real issue that started all my work.

Thanks,

Mike
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 16260489
Hi Mike,

> So, here is option 1:
> ...

Yes, that's correct. I'm not entirely sure if it'll be quite happy now even with the rename back, but it's certainly worth a try - can't really hurt it anymore.

> In other words, is it better design to do the domain rename ...

Well there are lots of different opinions on the matter, and none of them are wrong. Microsoft lists three different options:

You can have a abcd.local domain name (.local is reserved private so will never be used for public domains). If you were building the domain from scratch I would recommend it. But I always like to keep AD completely seperate from any public domain names, so that naming convention is, in my mind, the neatest.

abcd.com is also a perfectly legitimate AD domain name, and the easiest way to resolve the problem you've run into is to add the public records you need to your own DNS. A very very common situation so you're far from alone with it. It should be noted that there is absolutely nothing technically wrong with the domain name, all the problems it brings up can be resolved.

The final option is to use a Child Domain of abcd.com, i.e. LAN.abcd.com. Again nothing wrong with configuring it like that.

So basically, there's nothing wrong with the domain name you have, it just requires a little more configuration. That's not to say that additional configuration isn't ever needed for the other options, it all depends on how your network works.

> if I rename the domain to abcd.local after renaming my DC back to abcd.com ...

If you were to rename the domain to abcd.local then you are correct, your external DNS server will give you the answers for www and mail provided that you remove the abcd.com zone from your Internal DNS Server.

> Will there be authoritative issues with having my internal DNS server using ...

Not to a great extent. Certainly nothing that would effect the rest of the world.

For public Domains DNS authority is effectively granted by the parent server, the parent servers for abcd.com are the .com servers, these tell everyone that authoritative answers for your domain can be found on your Public DNS.

When you're configuring a server on your internal network to with the name abcd.com it is true that you are making your server authoritative for the zone. In this case you end up with two different versions of the same zone, referred to as Split Brain DNS.

But this isn't much of a problem though, since everyone else in the world will only ever use your public name servers the private ones will only ever by queried by users on your internal network - and those are the ones you will have to update the www and mail records for if they ever change.

Hope I didn't miss anything.

Chris
0
 

Author Comment

by:mjgardne
ID: 16260811
Wow!  Thanks, Chris!  In the split brain DNS situation we only had a problem with internal users, who pointed at our internal DNS server, not being able to resolve www.abcd.com and mail.abcd.com, "non-existent domain", even though the abcd.com zone forwarded to our ISP's DNS servers  At my external office, no problem because I used by ISP's DNS servers.  So, adding the (A) name records www and mail with the IP of the external servers would have permitted the internal users to resolve them?  I remember an issue in my DNS event log, too...  Something about my internal DNS server having a cyclic reference, or forwarding queries to itself.  I didn't find any forwards, etc, doing it.  When I renamed the DC to abcd.local, the issue disappeared.  

So, I think the following is my plan:

1) Rename DC back to abcd.com, add forwards on abcd.com zone to my ISP's DNS
2) dcdiag /fix and netdiag /fix; clean up issues (hopefully minor)
3) try adding the www and mail host records, if everything works correctly and there are no cyclic DNS event records, we are done...

If cyclic errors or www.abcd.com is non-existent
1) Image server with TrueImage (worse case return point)
2) Rename the domain to abcd.local
3) Setup forwards on the abcd.local zone

Does this seem like a reasonable plan?  If I rename the domain, will I lose all my AD users, etc?  I don't believe that this is an issue...

Chris, thank you for all your help!

Mike
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 16260873
Welll too late for me ... I can see Chris has taken care of this... Well done! :)

Cheers
0
 

Author Comment

by:mjgardne
ID: 16260932
Thanks Rafael for checking in!  I am going to try the action plan tonight that I've mentioned and see how things go...  More to follow!

Mike
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 16263045

Hi Mike,

It seems like a good plan. I wouldn't go straight for the Domain Rename if you run into problems after changing it back, it's not a simple process and should really be considered last resort.

We can probably work through any problems that occur on the DNS Server (or AD itself) after you've got it all back to the original name. DNS is really quite a simple system (fortunately) and there aren't really many (I would hesitate to say "any") problems that will completely kill a system.

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 16263152
Oh by the way, if you're having problems with cyclic queries it's often best (as a first step) to remove any forwarders you have configured.

Without forwarders configured DNS uses the Root Hints file to perform a recursive query starting with the Root Servers. If you take abcd.com as an example:

Client asks DNS Server for www.abcd.com
DNS Server checks local zones and cache
If nothing is found DNS Server goes to Root Servers and asks those for www.abcd.com
Root Servers respond with TLD Servers (for .com, .org, .co.uk, etc etc)
DNS Server asks TLD Servers for www.abcd.com
TLD Servers respond with DNS Servers authoritative for the zone
DNS Server asks Authoritative Server www.abcd.com
Authoritative Servers respond with www record

With Forwarders you basically shorten that to:

Client asks DNS Server for www.abcd.com
DNS Server checks local zones
If nothing is found DNS Server forwards request to Forwarder
Forwarder either responds from the Cache or performs a Recursive query on your behalf

Chris
0
 

Author Comment

by:mjgardne
ID: 16282580
Hi Chris,

On my "firebox" in my office, I've renamed renamed its domain just to see if the process worked, and it worked without errors.  Next, I tried renaming my DC using netdom.  After doing the /add, I received a message saying that I had to wait for 30 minutes for DNS propagation.  It seemed strange to think that the effect wouldn't be immediate since I only have one DNS server and it is on the DC.  Anyway, afer 30 minutes, I checked my DC's name using nedom /enumerate and it didn't show the new and old names.  The command returned an "RPC server is unavailable" result.  So, I went into properties on My Computer and renamed it there, as well as the new domain suffix.  The DC rename seems more difficult than the domain rename!  :)   I never completed the netdom /makeprimary or netdom /delete (old name).  Here are the steps that I would have done to rename the DC from .com to .local:
      Rename Domain Controller:
        Netdom computername abohserver.a-bit-of-help.com /add:abohserver.a-bit-of-help.local
        Verify DNS changes were registered-About 30 minutes
                      Checking the name on the Computer Name tab of the Control Panel System OR
                      netdom computername abohserver.a-bit-of-help.local /enumerate
                      OUTPUT: old and new names
      Netdom computername abohserver. a-bit-of-help.com /makeprimary:abohserver.a-bit-of-help.local
      Reboot
      Netdom computername abohserver.a-bit-of-help.local /remove abohserver.a-bit-of-help.com

I did notice that renaming the domain did not automatically clean up old domain DNS entries.  I removed them and inserted a new zone.  I didn't bother with forwards, and domain names resolved well with nslookup.  For this test, the old domain name was fairbanks.a-bit-of-help.com and I renamed the domain to a-bit-of-help.local.

So, DCDIAG and NETDIAG are reporting the following errors:

      Starting test: systemlog
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 03/24/2006   08:36:47

DNS test . . . . . . . . . . . . . : Failed
    [FATAL] Failed to fix: DC DNS entry a-bit-of-help.com. re-registeration on D
NS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.a-bit-of-help.com. re-registe
ration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.a-bit-of-help.com. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.a-bit-of-help.com. re-reg
isteration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.a-bit-of-help.com. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.a-bit-of-help.com. re-registera
tion on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.
a-bit-of-help.com. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.a-bit-of-help.com. re-reg
isteration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.a-bit-of-help.com. re-regi
steration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.a-bit-of-help.com. re-regi
steration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '127.0.0.1'.
    [FATAL] No DNS servers have the DNS records for this DC registered.



***********************************************
************** IPCONFIG /ALL **********************
***********************************************
C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : abohserver
   Primary Dns Suffix  . . . . . . . : a-bit-of-help.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : a-bit-of-help.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VIA Rhine II Compatible Fast Ethernet Ada
pter
   Physical Address. . . . . . . . . : 00-13-D3-36-B3-29
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.2.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1
   DNS Servers . . . . . . . . . . . : 127.0.0.1


*******************************************
************* DCDIAG /FIX*********************
*******************************************
C:\Documents and Settings\Administrator>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\ABOHSERVER
      Starting test: Connectivity
         ......................... ABOHSERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\ABOHSERVER
      Starting test: Replications
         ......................... ABOHSERVER passed test Replications
      Starting test: NCSecDesc
         ......................... ABOHSERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... ABOHSERVER passed test NetLogons
      Starting test: Advertising
         ......................... ABOHSERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ABOHSERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... ABOHSERVER passed test RidManager
      Starting test: MachineAccount
         ......................... ABOHSERVER passed test MachineAccount
      Starting test: Services
         ......................... ABOHSERVER passed test Services
      Starting test: ObjectsReplicated
         ......................... ABOHSERVER passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... ABOHSERVER passed test frssysvol
      Starting test: frsevent
         ......................... ABOHSERVER passed test frsevent
      Starting test: kccevent
         ......................... ABOHSERVER passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 03/24/2006   08:36:47
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 03/24/2006   08:36:48
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 03/24/2006   08:36:48
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 03/24/2006   08:36:48
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 03/24/2006   08:36:49
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 03/24/2006   08:36:49
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 03/24/2006   08:36:49
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 03/24/2006   08:36:50
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 03/24/2006   08:36:50
            Event String: The dynamic registration of the DNS record
         An Error Event occured.  EventID: 0x0000168E
            Time Generated: 03/24/2006   08:36:50
            Event String: The dynamic registration of the DNS record
         ......................... ABOHSERVER failed test systemlog
      Starting test: VerifyReferences
         ......................... ABOHSERVER passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : a-bit-of-help
      Starting test: CrossRefValidation
         ......................... a-bit-of-help passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... a-bit-of-help passed test CheckSDRefDom

   Running enterprise tests on : a-bit-of-help.local
      Starting test: Intersite
         ......................... a-bit-of-help.local passed test Intersite
      Starting test: FsmoCheck
         ......................... a-bit-of-help.local passed test FsmoCheck


**********************************************
******************** NETDIAG /FIX ***************
**********************************************

C:\Documents and Settings\Administrator>netdiag /fix

.....................................

    Computer Name: ABOHSERVER
    DNS Host Name: abohserver.a-bit-of-help.local
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 6 Model 10 Stepping 0, AuthenticAMD
    List of installed hotfixes :
        KB890046
        KB893756
        KB896358
        KB896422
        KB896424
        KB896428
        KB898715
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB905414
        KB905915
        KB908519
        KB910437
        KB911927
        KB912919
        KB913446
        Q147222


Netcard queries test . . . . . . . : Passed
    [WARNING] The net card '1394 Net Adapter' may not be working because it has
not received any packets.



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : abohserver
        IP Address . . . . . . . . : 192.168.2.100
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.2.1
        Dns Servers. . . . . . . . : 127.0.0.1


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{FD34E95B-485A-4362-A6CD-144AD74C24FC}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
    [FATAL] Failed to fix: DC DNS entry a-bit-of-help.com. re-registeration on D
NS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.a-bit-of-help.com. re-registe
ration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.a-bit-of-help.com. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.a-bit-of-help.com. re-reg
isteration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.a-bit-of-help.com. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.a-bit-of-help.com. re-registera
tion on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.
a-bit-of-help.com. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.a-bit-of-help.com. re-reg
isteration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.a-bit-of-help.com. re-regi
steration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.a-bit-of-help.com. re-regi
steration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '127.0.0.1'.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{FD34E95B-485A-4362-A6CD-144AD74C24FC}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{FD34E95B-485A-4362-A6CD-144AD74C24FC}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

=================================
Tonight, I am still going to try to rename the DC on our production computer, but I would love to learn whether my netdom commands are correct and how to fix the errors in dcdiag and netdiag, just in case they pop up.

Thanks for all your help!

Mike


0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 16283900

Hi Mike,

I'm curious why you're using NetDom to try and rename the domain? Or is this to get it back to it's original domain name?

Chris
0
 

Author Comment

by:mjgardne
ID: 16284357
Hi Chris,

I used netdom to rename the domain controller, per MS' instructions...  Basically, I wanted to verify both processes on my junk computer in my office just to see what I may encounter on the production system.  I used MS' instruction for naming the domain, too.  My architecture is very simple...  Here is what I did to rename the domain:

Renaming the domain name for Windows 2003
ASSUMES SINGLE DC WITH DNS, AD, LOW COMPLEXITY
1)      Image the system
2)      Create restore point
3)      Install the domain rename tool
4)      Raise the domain’s functional level to 2003; Verify
5)      Raise the forest’s functional level to 2003; Verify
6)      On a workstation, not the DC
a.      Create c:\temp\DomainRename
b.       Generate the current Forest description using the rendom /list
"c:\Program Files\Microsoft Domain Rename Tools\rendom.exe" /list
OUTPUT IS DOMAINLIST.XML IN CURRENT DIRECTORY.
c.      Make backup copy of this file: Copy domainlist.xml domainlistORG.xml
d.       Change the DNSname entries to the new one
e.      In ForestRoot, enter the desired NETBIOSNAME (i.e. ABOH)
f.      Verify results: “c:\Program Files\Microsoft Domain Rename Tools\rendom.exe" /showforest
g.      Generate Domain Rename Instructions:
"c:\Program Files\Microsoft Domain Rename Tools\rendom.exe" /upload
OUTPUT: DcList.xml
h.      Verify readiness of Domain Controllers:
“C:\DomainRename>"c:\Program Files\Microsoft Domain Rename Tools\rendom.exe" /prepare
i.      Execute domain rename instructions:
“C:\DomainRename>"c:\Program Files\Microsoft Domain Rename Tools\rendom.exe" /execute
j.      DC restarted itself with 60 seconds notice.
k.      If curious, review the DcList.xml file, which now contains the new domain name and “done” status
l.      Attribute clean-up after domain rename was done as follows:
“C:\DomainRename>"c:\Program Files\Microsoft Domain Rename Tools\rendom.exe" /clean
m.      Add new forward zone in DNS for the new domain name;
n.      Remove former domain’s forward zone from DNS;
0
 

Author Comment

by:mjgardne
ID: 16290196
Hi Chris,

Well, on my production system, I verified that the DC rename was correct with the netdom commands and decided to rename the domain to match the DC.  The rename procedure was successful, but dcdiag generated some error records in the systemlog section;  I went to each domain computer, removed it from the domain to a workgroup, rebooted, joined it to the new domain, rebooted, logged in as the domain user, and all is well.  The final dcdiag and netdiag commands were clean.  nslookup is working correctly...  No error events being generated.  I think that we are done!  Thank you for your help and the sanity check!

Mike
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 16298619

Hi Mike,

Sorry I haven't responded for a few days, bit of a busy weekend.

Anyway, glad you have it all working now :-D

Chris
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question