asked on

Rename Domain (Win2003, DNS, Active Directory, Simple Domain, Internal DNS Server)

Hello,

I have a Win2003 SP1 domain called abcd. When the domain controller was created and active directory configured, the person used abcd.com, which

resolved to 192.168.100.100 on our LAN. Our configuration is very simple... One domain controller, server.abcd.com (192.168.100.100), that serves DNS

to the local LAN. All the computers on our LAN point to DNS on the server.abcd.com for domain name resolution. The internal DNS server forwards to our

DSL's DNS servers. Our e-mail (mail.abcd.com) and website (www.abcd.com) are hosted at Network Solutions so our abcd.com registered domain name

points to their resources. dcdiag and netdiag reported no errors.

When I started working on this system, we were receiving "non-existent domain" nslookup errors when we tried to access www.abcd.com or mail.abcd.com

on the DC and computers on the LAN. I debugged and determined that the issue was that the internal DNS server was trying to resolve www.abcd.com when it

really should be handled the the external DNS servers at our ISP. I am not a DNS expert, but I don't think that we can have abcd.com on internal and

external DNS servers at the same time.
So, I deleted the abcd.com zone on our internal DNS server and created abcd.local. I renamed the DC and rebooted. Voila! Now, the DNS system is

working correctly! I can ping the DC by "server", which is its hostname... by server.abcd.local... and by its IP address, 192.168.100.100. In IE,

www.abcd.com brings up our website and mail.abcd.com loads the webmail login page at Network solutions. Oh, we are currently using static networking

parameters on the clients. DHCP is being served on the router, but once I get things cleaned up, I want to use DHCP on the DC.

So, here is the rub...

Now, I am getting Active Directory errors because the original abcd.com zone no longer exists on the internal DNS, which resolved to the DC, it is

resolving to an external IP address at Network Solutions. The culprit seems to be the _msdcs.abcd.com zone. I am also receiving Active Directory errors

when I reboot the server.

Since my domain is so simple, I am wondering whether it would be easier to just use the rename domain feature in Win2003 to correct things. Feed it

abc.local... I really do not want to have to reinstall the DC to get things to work correctly. I would appreciate any guidance on how to clean up this

mess. I have included the event errors at boot time, my current dcdiag and netdiag logs.

Thanks in advance,

Mike

*******************************************
***************** EVENTS ******************
*******************************************
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4015
Date:            3/20/2006
Time:            11:23:17 PM
User:            N/A
Computer:      SERVER
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug

information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 00 00 00 Q...
----------------------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            3/20/2006
Time:            11:23:17 PM
User:            N/A
Computer:      SERVER
Description:
The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active

Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the

zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
--------------------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            3/20/2006
Time:            11:23:17 PM
User:            N/A
Computer:      SERVER
Description:
The DNS server was unable to complete directory service enumeration of zone _msdcs.abc.com. This DNS server is configured to use information obtained

from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat

enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help

and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
--------------------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            3/20/2006
Time:            11:23:17 PM
User:            N/A
Computer:      SERVER
Description:
The DNS server was unable to complete directory service enumeration of zone 100.168.192.in-addr.arpa. This DNS server is configured to use information

obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat

enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help

and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
------------------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            3/20/2006
Time:            11:23:17 PM
User:            N/A
Computer:      SERVER
Description:
The DNS server was unable to complete directory service enumeration of zone abc.local. This DNS server is configured to use information obtained from

Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of

the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support

Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
----------------------------------

******************************************************************
************************* DCDIAG LOG *****************************
******************************************************************

C:\Documents and Settings\Administrator>cd\

C:\>dcdiag /c

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Replications
......................... SERVER passed test Replications
Starting test: Topology
......................... SERVER passed test Topology
Starting test: CutoffServers
......................... SERVER passed test CutoffServers
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
......................... SERVER passed test Services
Starting test: OutboundSecureChannels
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SERVER passed test OutboundSecureChannels
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER passed test frssysvol
Starting test: frsevent
......................... SERVER passed test frsevent
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
......................... SERVER passed test systemlog
Starting test: VerifyReplicas
......................... SERVER passed test VerifyReplicas
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SERVER passed test VerifyEnterpriseReferences

Starting test: CheckSecurityError
[SERVER] No security related replication errors were found on this DC!
To target the connection to a specific source DC use /ReplSource:<DC>.
......................... SERVER passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : abcd
Starting test: CrossRefValidation
......................... abcd passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... abcd passed test CheckSDRefDom

Running enterprise tests on : abcd.com
Starting test: Intersite
......................... abcd.com passed test Intersite
Starting test: FsmoCheck
......................... abcd.com passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: server.abcd.local
Domain: abcd.com

TEST: Basic (Basc)
Warning: adapter [00000008] NVIDIA nForce Networking Controlle
r has invalid DNS server: 192.168.100.100 (<name unavailable>)
Error: all DNS servers are invalid
Warning: The Active Directory zone on this DC/DNS server was n
ot found (probably a misconfiguration)

TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network a
dapters

Summary of test results for DNS servers used by the above domain contro
llers:

DNS server: 192.168.100.100 (<name unavailable>)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.abcd.com. faile
d on the DNS server 192.168.100.100

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: abcd.com
server PASS FAIL PASS n/a PASS FAIL n/a

......................... abcd.com failed test DNS

**************************************************************
*********************** NETDIAG ******************************
**************************************************************
Bind Name: NetbiosSmb
Binding Paths:

Component Name : WINS Client(TCP/IP) Protocol
Bind Name: NetBT
Binding Paths:
Owner of the binding path : WINS Client(TCP/IP) Protocol
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: NVIDIA nForce Networking Controller

Owner of the binding path : WINS Client(TCP/IP) Protocol
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis1394
Upper Component: Internet Protocol (TCP/IP)
Lower Component: 1394 Net Adapter

Owner of the binding path : WINS Client(TCP/IP) Protocol
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)

Component Name : Internet Protocol (TCP/IP)
Bind Name: Tcpip
Binding Paths:
Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: NVIDIA nForce Networking Controller

Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndis1394
Upper Component: Internet Protocol (TCP/IP)
Lower Component: 1394 Net Adapter

Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)

Component Name : Client for Microsoft Networks
Bind Name: LanmanWorkstation
Binding Paths:
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios_smb
Upper Component: Client for Microsoft Networks
Lower Component: Message-oriented TCP/IP Protocol (SMB session)

Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: NVIDIA nForce Networking Controller

Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis1394
Upper Component: Internet Protocol (TCP/IP)
Lower Component: 1394 Net Adapter

Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)

Component Name : WebClient
Bind Name: WebClient
Binding Paths:

Component Name : Wireless Configuration
Bind Name: wzcsvc
Binding Paths:

Component Name : Network Load Balancing
Bind Name: Wlbs
Binding Paths:
Owner of the binding path : Network Load Balancing
Binding Enabled: No
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Network Load Balancing
Lower Component: NVIDIA nForce Networking Controller

Component Name : Steelhead
Bind Name: RemoteAccess
Binding Paths:

Component Name : Dial-Up Server
Bind Name: msrassrv
Binding Paths:

Component Name : Remote Access Connection Manager
Bind Name: RasMan
Binding Paths:

Component Name : Dial-Up Client
Bind Name: msrascli
Binding Paths:

Component Name : File and Printer Sharing for Microsoft Networks
Bind Name: LanmanServer
Binding Paths:
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios_smb
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: Message-oriented TCP/IP Protocol (SMB session)

Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: NVIDIA nForce Networking Controller

Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis1394
Upper Component: Internet Protocol (TCP/IP)
Lower Component: 1394 Net Adapter

Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)

Component Name : NetBIOS Interface
Bind Name: NetBIOS
Binding Paths:
Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: NVIDIA nForce Networking Controller

Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis1394
Upper Component: Internet Protocol (TCP/IP)
Lower Component: 1394 Net Adapter

Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)

Component Name : Generic Packet Classifier
Bind Name: Gpc
Binding Paths:

Component Name : Application Layer Gateway
Bind Name: ALG
Binding Paths:

Component Name : NVIDIA nForce Networking Controller
Bind Name: {6D38A578-1C86-414B-817B-13FEAC1F3878}
Binding Paths:

Component Name : WAN Miniport (IP)
Bind Name: NdisWanIp
Binding Paths:

Component Name : Direct Parallel
Bind Name: {63503349-F02C-4DD6-A4EF-701532CD601A}
Binding Paths:

Component Name : WAN Miniport (PPPOE)
Bind Name: {571618E3-9DBA-44F3-A2EB-0F942F2EFBD1}
Binding Paths:

Component Name : WAN Miniport (PPTP)
Bind Name: {FFF68E91-B8D0-4BF4-A819-0F9BB7A55BDD}
Binding Paths:

Component Name : WAN Miniport (L2TP)
Bind Name: {20454C27-19AC-450D-A25E-FA35C9CBC57A}
Binding Paths:

Component Name : RAS Async Adapter
Bind Name: {DB06811D-6E95-43E3-8635-0DBC4A1696A3}
Binding Paths:

Component Name : 1394 Net Adapter
Bind Name: {3EC3479A-81AA-48DE-8DD1-865FED2F67D3}
Binding Paths:

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully

mjgardne

ASKER

**********************************************************
********************* IPCONFIG /ALL **************************
**********************************************************

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : server
Primary Dns Suffix . . . . . . . : abcd.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abcd.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-14-85-3A-C3-4D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.2
DNS Servers . . . . . . . . . . . : 192.168.100.100

rafael_acc

Long question ... :)

What you need to do is to recover your AD specific DNS records. I.E., re-register your AD dns records.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd10.mspx#EAEAC

Let us know how you are going on...

cheers

mjgardne

ASKER

Hi and thank you for the response... In Active Directory Sites and Services->Sites->Default-First-Site-Name->Servers->SERVER (my DC/DNS/AD server), it shows the domain as being abcd.com, but I think that I need to rename the domain to abcd.local so my disjoint world is mended (DC: server.abcd.local, Domain: abcd.com). Here is the result of the diagnostic command in the document that you mentioned, with inline comments. Netdiag /fix complained loudly, too... DNS test failed with "failed to fix: DC DNS entry... DNS Error code: 0x00002339" entries. I scoured the web looking for methods to re-register AD DNS records, but only found diagnostic tests. I found details concerning demoting my domain, fixing the suffix to abcd.local, and then promoting it again. I would really like to avoid that process or and the renaming the domain procedure, if possible. What do you think I should do next?

Thanks for your help,

Mike

=================== DCDIAG ======================
C:\>dcdiag /test:registerindns /dnsdomain:abc /v
Starting test: RegisterInDNS
This domain controller cannot register domain controller Locator DNS
records. This is because it cannot locate a DNS server authoritative for
the zone abcd. This is due to one of the following:

1. One or more DNS servers involved in the name resolution of the
abcd name are not responding or contain incorrect delegation of the
DNS zones; or >>> ONLY ONE DC, NO DELEGATION

2. The DNS server that this computer is configured with contains
incorrect root hints. >>> NORMAL ROOT HINTS SERVER LIST

The list of such DNS servers might include the DNS servers with which
this computer is configured for name resolution and the DNS servers
responsible for the following zones: abcd

Verify the correctness of the specified domain name and contact your
network/DNS administrator to fix the problem.

You can also manually add the records specified in the
%systemroot%\system32\config\netlogon.dns file. >>> ???

......................... server failed test RegisterInDNS
=======================================================

**********************************************************
*********************** NETDIAG ***************************
*********************************************************
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>netdiag /fix

.....................................

Computer Name: SERVER
DNS Host Name: server.abcd.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 47 Stepping 2, AuthenticAMD
List of installed hotfixes :
KB890046
KB893756
KB896358
KB896422
KB896424
KB896428
KB898715
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB904942
KB905414
KB905915
KB908519
KB909520
KB910437
KB911927
KB912475
KB912919
KB912945
KB913446
Q147222

Netcard queries test . . . . . . . : Passed
[WARNING] The net card '1394 Net Adapter' may not be working because it has
not received any packets.

Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server
IP Address . . . . . . . . : 192.168.100.100
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.100.2
Dns Servers. . . . . . . . : 192.168.100.100

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{6D38A578-1C86-414B-817B-13FEAC1F3878}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry abcd.com. re-registeration on DNS se
rver '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry DomainDnsZones.abcd.com. re-register
ation on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry ForestDnsZones.abcd.com. re-register
ation on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.abcd.com. re-registeratio
n on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.abcd.com. re-registeration on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.abcd.com. re-register
ation on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.abcd.com. re-registeration on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _gc._tcp.abcd.com. re-registeration
on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.
abcd.com. re-registeration on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.abcd.com. re-register
ation on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.abcd.com. re-registera
tion on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.abcd.com. re-registera
tion on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.abcd.com.
re-registeration on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.DomainDnsZones.abcd.com. re-registeration on DNS server '192.168.100.100'
failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones.abcd.com.
re-registeration on DNS server '192.168.100.100' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.ForestDnsZones.abcd.com. re-registeration on DNS server '192.168.100.100'
failed.
DNS Error code: 0x00002339
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '192.168.100.100'.
[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{6D38A578-1C86-414B-817B-13FEAC1F3878}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{6D38A578-1C86-414B-817B-13FEAC1F3878}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully

C:\Documents and Settings\Administrator>
C:\>

Chris Dent

Hi Mike,

First of all, if it will let you, put the domain back to abcd.com - you'll need everything working before you can consider a rename.

I haven't spent a lot of time looking at your errors so forgive me if I missed anything. But you have two options going forward from there:

1. Add a www record for abcd.com to your internal DNS Server (there's no problem with doing that, just means you have to keep it up to date if the site address changes). The domain remains abcd.com.

2. Use the Domain Rename Tool. There is an extensive amount of documentation to cover for Domain Rename, and a fair number of requirements before you can even consider using it:

http://www.microsoft.com/technet/downloads/winsrvr/domainrename.mspx

Chris

mjgardne

ASKER

Hi Chris,

So, here is option 1:

1) Rename my DC back to abcd.com.
2) Reboot
3) Add a host (A) record "www" with IP 111.111.111.11 to the to "abcd.com" foward lookup zone on my internal DNS server.
4) Add a host (A) record "mail" with IP 222.222.2.2 to the "abcd.com" forward lookup zone on my internal DSN server.
5) Open IE on the DNS server and try to access www.abcd.com and mail.abcd.com.

This should permit these domain names to be resolved internally rather than externally as it is doing now, right?

Since I am returning the system back to the original naming of abcd.com, is there any reason to do the domain rename if we can resolve the www and mail domain names? Do most people create something like I was starting to do (abcd.local) with simple networks (1 DC, external email, external website, internal DNS), and have their registered domain name (abcd.com) being resolved by external DNS servers. It seems that this design prevents the need to edit (A) files if the company hosting our email and www change IP addresses. What do you think?

mjgardne

ASKER

In other words, is it a better design to do the domain rename to abcd.local, so I will want to do the domain rename at the end of the steps that I previously listed (assuming that dcdiag /fix and netdiag /fix do not report any errors)?

Thanks,

Mike

mjgardne

ASKER

Sorry, the last post was unclear... The steps that I listed in returning the DC to the abcd.com domain will permit the successful resolution of our www and mail domain names, but it may require changes to the (A) host records over time. On the other hand, if I rename the domain to abcd.local after renaming my DC back to abcd.com (assuming dcdiag /fix and netdiag /fix do not report errors), queries for www.abcd.com and mail.abcd.com will be resolved by external DNS servers (i.e. my DSL provider's servers). Is this correct, Chris? Will there be authoritative issues with having my internal DNS server using "abcd.com" and the registered domain "abcd.com" being resolved to an address at Network Solutions by external DNS servers? This is the real issue that started all my work.

Thanks,

Mike

Chris Dent

Hi Mike,

> So, here is option 1:
> ...

Yes, that's correct. I'm not entirely sure if it'll be quite happy now even with the rename back, but it's certainly worth a try - can't really hurt it anymore.

> In other words, is it better design to do the domain rename ...

Well there are lots of different opinions on the matter, and none of them are wrong. Microsoft lists three different options:

You can have a abcd.local domain name (.local is reserved private so will never be used for public domains). If you were building the domain from scratch I would recommend it. But I always like to keep AD completely seperate from any public domain names, so that naming convention is, in my mind, the neatest.

abcd.com is also a perfectly legitimate AD domain name, and the easiest way to resolve the problem you've run into is to add the public records you need to your own DNS. A very very common situation so you're far from alone with it. It should be noted that there is absolutely nothing technically wrong with the domain name, all the problems it brings up can be resolved.

The final option is to use a Child Domain of abcd.com, i.e. LAN.abcd.com. Again nothing wrong with configuring it like that.

So basically, there's nothing wrong with the domain name you have, it just requires a little more configuration. That's not to say that additional configuration isn't ever needed for the other options, it all depends on how your network works.

> if I rename the domain to abcd.local after renaming my DC back to abcd.com ...

If you were to rename the domain to abcd.local then you are correct, your external DNS server will give you the answers for www and mail provided that you remove the abcd.com zone from your Internal DNS Server.

> Will there be authoritative issues with having my internal DNS server using ...

Not to a great extent. Certainly nothing that would effect the rest of the world.

For public Domains DNS authority is effectively granted by the parent server, the parent servers for abcd.com are the .com servers, these tell everyone that authoritative answers for your domain can be found on your Public DNS.

When you're configuring a server on your internal network to with the name abcd.com it is true that you are making your server authoritative for the zone. In this case you end up with two different versions of the same zone, referred to as Split Brain DNS.

But this isn't much of a problem though, since everyone else in the world will only ever use your public name servers the private ones will only ever by queried by users on your internal network - and those are the ones you will have to update the www and mail records for if they ever change.

Hope I didn't miss anything.

Chris

mjgardne

ASKER

Wow! Thanks, Chris! In the split brain DNS situation we only had a problem with internal users, who pointed at our internal DNS server, not being able to resolve www.abcd.com and mail.abcd.com, "non-existent domain", even though the abcd.com zone forwarded to our ISP's DNS servers At my external office, no problem because I used by ISP's DNS servers. So, adding the (A) name records www and mail with the IP of the external servers would have permitted the internal users to resolve them? I remember an issue in my DNS event log, too... Something about my internal DNS server having a cyclic reference, or forwarding queries to itself. I didn't find any forwards, etc, doing it. When I renamed the DC to abcd.local, the issue disappeared.

So, I think the following is my plan:

1) Rename DC back to abcd.com, add forwards on abcd.com zone to my ISP's DNS
2) dcdiag /fix and netdiag /fix; clean up issues (hopefully minor)
3) try adding the www and mail host records, if everything works correctly and there are no cyclic DNS event records, we are done...

If cyclic errors or www.abcd.com is non-existent
1) Image server with TrueImage (worse case return point)
2) Rename the domain to abcd.local
3) Setup forwards on the abcd.local zone

Does this seem like a reasonable plan? If I rename the domain, will I lose all my AD users, etc? I don't believe that this is an issue...

Chris, thank you for all your help!

Mike

rafael_acc

Welll too late for me ... I can see Chris has taken care of this... Well done! :)

Cheers

mjgardne

ASKER

Thanks Rafael for checking in! I am going to try the action plan tonight that I've mentioned and see how things go... More to follow!

Mike

ASKER CERTIFIED SOLUTION

Chris Dent

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Chris Dent

Oh by the way, if you're having problems with cyclic queries it's often best (as a first step) to remove any forwarders you have configured.

Without forwarders configured DNS uses the Root Hints file to perform a recursive query starting with the Root Servers. If you take abcd.com as an example:

Client asks DNS Server for www.abcd.com
DNS Server checks local zones and cache
If nothing is found DNS Server goes to Root Servers and asks those for www.abcd.com
Root Servers respond with TLD Servers (for .com, .org, .co.uk, etc etc)
DNS Server asks TLD Servers for www.abcd.com
TLD Servers respond with DNS Servers authoritative for the zone
DNS Server asks Authoritative Server www.abcd.com
Authoritative Servers respond with www record

With Forwarders you basically shorten that to:

Client asks DNS Server for www.abcd.com
DNS Server checks local zones
If nothing is found DNS Server forwards request to Forwarder
Forwarder either responds from the Cache or performs a Recursive query on your behalf

Chris

mjgardne

ASKER

Hi Chris,

On my "firebox" in my office, I've renamed renamed its domain just to see if the process worked, and it worked without errors. Next, I tried renaming my DC using netdom. After doing the /add, I received a message saying that I had to wait for 30 minutes for DNS propagation. It seemed strange to think that the effect wouldn't be immediate since I only have one DNS server and it is on the DC. Anyway, afer 30 minutes, I checked my DC's name using nedom /enumerate and it didn't show the new and old names. The command returned an "RPC server is unavailable" result. So, I went into properties on My Computer and renamed it there, as well as the new domain suffix. The DC rename seems more difficult than the domain rename! :) I never completed the netdom /makeprimary or netdom /delete (old name). Here are the steps that I would have done to rename the DC from .com to .local:
      Rename Domain Controller:
       Netdom computername abohserver.a-bit-of-help.com /add:abohserver.a-bit-of-help.local
       Verify DNS changes were registered-About 30 minutes
Checking the name on the Computer Name tab of the Control Panel System OR
netdom computername abohserver.a-bit-of-help.local /enumerate
OUTPUT: old and new names
      Netdom computername abohserver. a-bit-of-help.com /makeprimary:abohserver.a-bit-of-help.local
      Reboot
      Netdom computername abohserver.a-bit-of-help.local /remove abohserver.a-bit-of-help.com

I did notice that renaming the domain did not automatically clean up old domain DNS entries. I removed them and inserted a new zone. I didn't bother with forwards, and domain names resolved well with nslookup. For this test, the old domain name was fairbanks.a-bit-of-help.com and I renamed the domain to a-bit-of-help.local.

So, DCDIAG and NETDIAG are reporting the following errors:

Starting test: systemlog
An Error Event occured. EventID: 0x0000168E
Time Generated: 03/24/2006 08:36:47

DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry a-bit-of-help.com. re-registeration on D
NS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.a-bit-of-help.com. re-registe
ration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.a-bit-of-help.com. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.a-bit-of-help.com. re-reg
isteration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.a-bit-of-help.com. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _gc._tcp.a-bit-of-help.com. re-registera
tion on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.
a-bit-of-help.com. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.a-bit-of-help.com. re-reg
isteration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.a-bit-of-help.com. re-regi
steration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.a-bit-of-help.com. re-regi
steration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '127.0.0.1'.
[FATAL] No DNS servers have the DNS records for this DC registered.

***********************************************
************** IPCONFIG /ALL **********************
***********************************************
C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : abohserver
Primary Dns Suffix . . . . . . . : a-bit-of-help.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : a-bit-of-help.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VIA Rhine II Compatible Fast Ethernet Ada
pter
Physical Address. . . . . . . . . : 00-13-D3-36-B3-29
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 127.0.0.1

*******************************************
************* DCDIAG /FIX*********************
*******************************************
C:\Documents and Settings\Administrator>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\ABOHSERVER
Starting test: Connectivity
......................... ABOHSERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\ABOHSERVER
Starting test: Replications
......................... ABOHSERVER passed test Replications
Starting test: NCSecDesc
......................... ABOHSERVER passed test NCSecDesc
Starting test: NetLogons
......................... ABOHSERVER passed test NetLogons
Starting test: Advertising
......................... ABOHSERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... ABOHSERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... ABOHSERVER passed test RidManager
Starting test: MachineAccount
......................... ABOHSERVER passed test MachineAccount
Starting test: Services
......................... ABOHSERVER passed test Services
Starting test: ObjectsReplicated
......................... ABOHSERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... ABOHSERVER passed test frssysvol
Starting test: frsevent
......................... ABOHSERVER passed test frsevent
Starting test: kccevent
......................... ABOHSERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000168E
Time Generated: 03/24/2006 08:36:47
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 03/24/2006 08:36:48
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 03/24/2006 08:36:48
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 03/24/2006 08:36:48
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 03/24/2006 08:36:49
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 03/24/2006 08:36:49
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 03/24/2006 08:36:49
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 03/24/2006 08:36:50
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 03/24/2006 08:36:50
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 03/24/2006 08:36:50
Event String: The dynamic registration of the DNS record
......................... ABOHSERVER failed test systemlog
Starting test: VerifyReferences
......................... ABOHSERVER passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : a-bit-of-help
Starting test: CrossRefValidation
......................... a-bit-of-help passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... a-bit-of-help passed test CheckSDRefDom

Running enterprise tests on : a-bit-of-help.local
Starting test: Intersite
......................... a-bit-of-help.local passed test Intersite
Starting test: FsmoCheck
......................... a-bit-of-help.local passed test FsmoCheck

**********************************************
******************** NETDIAG /FIX ***************
**********************************************

C:\Documents and Settings\Administrator>netdiag /fix

.....................................

Computer Name: ABOHSERVER
DNS Host Name: abohserver.a-bit-of-help.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 6 Model 10 Stepping 0, AuthenticAMD
List of installed hotfixes :
KB890046
KB893756
KB896358
KB896422
KB896424
KB896428
KB898715
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB905414
KB905915
KB908519
KB910437
KB911927
KB912919
KB913446
Q147222

Netcard queries test . . . . . . . : Passed
[WARNING] The net card '1394 Net Adapter' may not be working because it has
not received any packets.

Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : abohserver
IP Address . . . . . . . . : 192.168.2.100
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.2.1
Dns Servers. . . . . . . . : 127.0.0.1

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{FD34E95B-485A-4362-A6CD-144AD74C24FC}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Failed
[FATAL] Failed to fix: DC DNS entry a-bit-of-help.com. re-registeration on D
NS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.a-bit-of-help.com. re-registe
ration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.a-bit-of-help.com. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.a-bit-of-help.com. re-reg
isteration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.a-bit-of-help.com. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _gc._tcp.a-bit-of-help.com. re-registera
tion on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.
a-bit-of-help.com. re-registeration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.a-bit-of-help.com. re-reg
isteration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.a-bit-of-help.com. re-regi
steration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.a-bit-of-help.com. re-regi
steration on DNS server '127.0.0.1' failed.
DNS Error code: 0x00002339
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '127.0.0.1'.
[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{FD34E95B-485A-4362-A6CD-144AD74C24FC}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{FD34E95B-485A-4362-A6CD-144AD74C24FC}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully

=================================
Tonight, I am still going to try to rename the DC on our production computer, but I would love to learn whether my netdom commands are correct and how to fix the errors in dcdiag and netdiag, just in case they pop up.

Thanks for all your help!

Mike

Chris Dent

Hi Mike,

I'm curious why you're using NetDom to try and rename the domain? Or is this to get it back to it's original domain name?

Chris

mjgardne

ASKER

Hi Chris,

I used netdom to rename the domain controller, per MS' instructions... Basically, I wanted to verify both processes on my junk computer in my office just to see what I may encounter on the production system. I used MS' instruction for naming the domain, too. My architecture is very simple... Here is what I did to rename the domain:

Renaming the domain name for Windows 2003
ASSUMES SINGLE DC WITH DNS, AD, LOW COMPLEXITY
1)      Image the system
2)      Create restore point
3)      Install the domain rename tool
4)      Raise the domain’s functional level to 2003; Verify
5)      Raise the forest’s functional level to 2003; Verify
6)      On a workstation, not the DC
a.      Create c:\temp\DomainRename
b.       Generate the current Forest description using the rendom /list
"c:\Program Files\Microsoft Domain Rename Tools\rendom.exe" /list
OUTPUT IS DOMAINLIST.XML IN CURRENT DIRECTORY.
c.      Make backup copy of this file: Copy domainlist.xml domainlistORG.xml
d.       Change the DNSname entries to the new one
e.      In ForestRoot, enter the desired NETBIOSNAME (i.e. ABOH)
f.      Verify results: “c:\Program Files\Microsoft Domain Rename Tools\rendom.exe" /showforest
g.      Generate Domain Rename Instructions:
"c:\Program Files\Microsoft Domain Rename Tools\rendom.exe" /upload
OUTPUT: DcList.xml
h.      Verify readiness of Domain Controllers:
“C:\DomainRename>"c:\Program Files\Microsoft Domain Rename Tools\rendom.exe" /prepare
i.      Execute domain rename instructions:
“C:\DomainRename>"c:\Program Files\Microsoft Domain Rename Tools\rendom.exe" /execute
j.      DC restarted itself with 60 seconds notice.
k.      If curious, review the DcList.xml file, which now contains the new domain name and “done” status
l.      Attribute clean-up after domain rename was done as follows:
“C:\DomainRename>"c:\Program Files\Microsoft Domain Rename Tools\rendom.exe" /clean
m.      Add new forward zone in DNS for the new domain name;
n.      Remove former domain’s forward zone from DNS;

mjgardne

ASKER

Hi Chris,

Well, on my production system, I verified that the DC rename was correct with the netdom commands and decided to rename the domain to match the DC. The rename procedure was successful, but dcdiag generated some error records in the systemlog section; I went to each domain computer, removed it from the domain to a workgroup, rebooted, joined it to the new domain, rebooted, logged in as the domain user, and all is well. The final dcdiag and netdiag commands were clean. nslookup is working correctly... No error events being generated. I think that we are done! Thank you for your help and the sanity check!

Mike

Chris Dent

Hi Mike,

Sorry I haven't responded for a few days, bit of a busy weekend.

Anyway, glad you have it all working now :-D

Chris