Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1053
  • Last Modified:

DNS Not replicating - Error Message

Hi there - Help!

I have a new Dc server which I have don a dcpromo on and it is now a global catalogue but when the dcpromo was started DNS was not installed (doh!) so it was installed afterwards.  Now when I do a dcpromo on the old dc it it throwing dns error messages being:

The DNS server has encountered a critical error from the active directory check that the active directory is functioning properly.  the extended error information (which may be empty) is "000020DE: SvcErr: DSID-030F00E4, problem 5001 (Busy), data 0". The event data contains the error.

Can I just do a forced removal dc promo on the old DC or do I have to be careful here..?  

Because the DNS has not been replicated I created a new zone in DNS on the new DC, should that bee good enough..?

Please help!!!
0
philipgecko
Asked:
philipgecko
  • 10
  • 7
1 Solution
 
philipgeckoAuthor Commented:
I have another error saying:

"The DSA operation is unable to proceed because of a DNS lookup failure"

Any ideas as to resolve this..?
0
 
NJComputerNetworksCommented:
by default, DNS in a domain is usually active directory integrated.  This means that the DNS database is stored on each doman controller (regardless of whether the DC runs the DNS service).  So you can ADD DNS after the DCPROMO...this is no problem.  However, you will have to wait 15 minutes or so before you will see the DNS database on the new DC.  This is because replication of active directory must take place before the zones will appear on the new server.

0
 
NJComputerNetworksCommented:
""""Now when I do a dcpromo on the old dc it it throwing dns error messages being:

The DNS server has encountered a critical error from the active directory check that the active directory is functioning properly.  the extended error information (which may be empty) is "000020DE: SvcErr: DSID-030F00E4, problem 5001 (Busy), data 0". The event data contains the error.""""

Don't run DCPROMO on the server yet...wait...
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
NJComputerNetworksCommented:
It sounds like, at this point, you have two DC's in your environment.  If I were you, you would point the TCP/IP DNS properties of each DC to the IP address of the original DC/DNS server.

Server Name:  OriginalDC
IP: 10.10.10.5
subnet: 255.255.255.0
gateway: 10.10.10.1
DNS: 10.10.10.5


Server name: NewDC
IP:  10.10.10.8
subnet: 255.255.255.0
gateway: 10.10.10.1
DNS: 10.10.10.5

Set this up...and just wait.....  The DNS service should be installed on both DC's.... on the new DC, check the DNS Console for the zones to replicate from your original server.

0
 
philipgeckoAuthor Commented:
I have changed the new DC DNS to read 10.8.100.2 which is the old DC DNS

SO IP address on the new server is

10.8.100.83
subnet 255.255.255.0
Gateway 10.8.100.1
DNS 10.8.100.2
DNS2 212.85.15.40

Do I just wait and this will replicate the DNS across, is that right..?

Yes I do have 2 DC's on the same domain, basically I have just introduced a new server to take over the role of the old one.  
0
 
ADExpertCommented:
Hi

First of all, make sure the new DC is pointing to itself as a Primary DNS server in TCP/IP properties. It should not point to the ISP's DNS server. You can mention the ISP's DNS server IP address on Forwarders tab in DNS snap in.

You can forcefully demote the old dc using "dcpromo /forceremoval" command. But before doing that make sure you've taken a recent system state backup.

After demoting the box, you can follow the steps mentioned in the following kb article to remove the metadata of the old dc from the active directory on new dc:

http://support.microsoft.com/kb/216498/

Finally, seize all the FSMO roles on the new DC (http://support.microsoft.com/kb/255504/).

Feel free to post any suggestions or queries.

ADExpert
0
 
philipgeckoAuthor Commented:
thanks,

I have changed the DNS of the new DC to itself and I am currently doing a system state backup before commencing with the forced DC promo on the old dc

I would like to rename this new DC to be the same as the old DC, is this easy to do or will this complicate things..?

Many thanks for your help and quick response.

Phil
0
 
NJComputerNetworksCommented:
REnaming a dc is easy to do... but make sure that your old DC is completely out of your domain.  Check for the old computer account and make sure it is no longer seen in DNS.

For example, use NSLOOKUP...  

type

nslookup domain.local <enter>

The IP addresses of your DC's should display...

0
 
philipgeckoAuthor Commented:
ok, thanks, I will let you know how it goes!!

Are you around for the next hour..?

Thanks

Phil
0
 
NJComputerNetworksCommented:
"Do I just wait and this will replicate the DNS across, is that right..?"  Yes...

Yes I do have 2 DC's on the same domain, basically I have just introduced a new server to take over the role of the old one.

I would suggest not doing the forceremoval...  Wait until DNS replicates...  Then do the following:

1) transer the FSMO roles to you new DC : http://support.microsoft.com/default.aspx?kbid=324801&product=winsvr2003

2) enable the new DC a global catalog.  Remove the global catalog role from your old server:
http://technet2.microsoft.com/WindowsServer/en/Library/7b1c3e1c-ef32-4b8e-b4c4-e73910575f611033.mspx

3) run DCPROMo on your old DC and select remote DC.

4) delete the computer account for your old DC in AD Users and Computers

5) check DNS for the old DC A record.  delete it if you find it...

6) rename the new DC to the old name

0
 
philipgeckoAuthor Commented:
ok.

1) How long will it take for DNS to replicate?
2) I have already transferred the FSMo roles over, all went well there yesterday
3) The new DC is the global catalgue
4) I have tried to do this but it fails, I will try again in a minute
5) OK, I will delete the old DC in the computer account in ADU&C
6) How do I check the A record? Is this checking on the new dc or the old?
7) ok

Once I understand what you are saying I will do this straight away.

Thanks again
0
 
philipgeckoAuthor Commented:
BINGO - the DNS has replicated - yesssssssssssssssssssssssssssssssssssss!!
0
 
NJComputerNetworksCommented:
OK now do this... ( I added a step or two)


1) transer the FSMO roles to you new DC or at least verify that the new DC holds these: http://support.microsoft.com/default.aspx?kbid=324801&product=winsvr2003

2) enable the new DC a global catalog.  Remove the global catalog role from your old server:
http://technet2.microsoft.com/WindowsServer/en/Library/7b1c3e1c-ef32-4b8e-b4c4-e73910575f611033.mspx

2a) Point all TCP/IP DNS settings to point to the NEW DC...now that it has the database.....  very important...

3) run DCPROMo on your old DC and select remote DC.

4) delete the computer account for your old DC in AD Users and Computers

5) check DNS for the old DC A record.  delete it if you find it...

6) rename the new DC to the old name

0
 
philipgeckoAuthor Commented:
I cannot rename the new dc as it says that the name already exists but when i go to ad u&c its not there!!!

What should i do..?
0
 
NJComputerNetworksCommented:
1) Reboot you new DC....  

2) check your DNS forward lookup zone for the old DC.  Go into the DNS console, and look for the old server name under your forward lookup zone.

3) from a cmd prompt type:  NSLOOKUP yourdomainname.local  (IP addresses of your current domain controllers should be listed.  If you see the old DC IP address listed, you may have a problem)

because you say, in AD USers and computers the old DC computer account is gone, you don't have to recheck this.  But if it was still there, you will have to manually delete it by right clicking on it and choose delete.  It will be under the DOMAIN CONTROLLERS OU.

If you do the above, and all checks out to be OK... then I would recommend running this to clear out your domain of knowing anything about your old DC:

http://www.petri.co.il/delete_failed_dcs_from_ad.htm


Hope this helps...
0
 
philipgeckoAuthor Commented:
the server name of the new DC is fbspdc001 and I can see this in the forward look up zone.  The name i want to call it is fbspdc01 and that is not there at all.

0
 
philipgeckoAuthor Commented:
I have done a nslookup and it has said:

server : unknown
address: 10.8.100.2
name: friern.barnet.sch.uk
adresses 10.8.100.5 (backup domain controller, not mentioned sorry), 10.8.100.2 (new DC)

Is this ok?
0
 
philipgeckoAuthor Commented:
I have been able to rename the server to fbspdc01 which is what i wanted, i think itwas because the old dc was still in the ad sites and services which i removed, all ok.  the server is rebooting now so i will let you know :)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 10
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now