DNS Not replicating - Error Message

Hi there - Help!

I have a new Dc server which I have don a dcpromo on and it is now a global catalogue but when the dcpromo was started DNS was not installed (doh!) so it was installed afterwards.  Now when I do a dcpromo on the old dc it it throwing dns error messages being:

The DNS server has encountered a critical error from the active directory check that the active directory is functioning properly.  the extended error information (which may be empty) is "000020DE: SvcErr: DSID-030F00E4, problem 5001 (Busy), data 0". The event data contains the error.

Can I just do a forced removal dc promo on the old DC or do I have to be careful here..?  

Because the DNS has not been replicated I created a new zone in DNS on the new DC, should that bee good enough..?

Please help!!!
philipgeckoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

philipgeckoAuthor Commented:
I have another error saying:

"The DSA operation is unable to proceed because of a DNS lookup failure"

Any ideas as to resolve this..?
0
NJComputerNetworksCommented:
by default, DNS in a domain is usually active directory integrated.  This means that the DNS database is stored on each doman controller (regardless of whether the DC runs the DNS service).  So you can ADD DNS after the DCPROMO...this is no problem.  However, you will have to wait 15 minutes or so before you will see the DNS database on the new DC.  This is because replication of active directory must take place before the zones will appear on the new server.

0
NJComputerNetworksCommented:
""""Now when I do a dcpromo on the old dc it it throwing dns error messages being:

The DNS server has encountered a critical error from the active directory check that the active directory is functioning properly.  the extended error information (which may be empty) is "000020DE: SvcErr: DSID-030F00E4, problem 5001 (Busy), data 0". The event data contains the error.""""

Don't run DCPROMO on the server yet...wait...
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

NJComputerNetworksCommented:
It sounds like, at this point, you have two DC's in your environment.  If I were you, you would point the TCP/IP DNS properties of each DC to the IP address of the original DC/DNS server.

Server Name:  OriginalDC
IP: 10.10.10.5
subnet: 255.255.255.0
gateway: 10.10.10.1
DNS: 10.10.10.5


Server name: NewDC
IP:  10.10.10.8
subnet: 255.255.255.0
gateway: 10.10.10.1
DNS: 10.10.10.5

Set this up...and just wait.....  The DNS service should be installed on both DC's.... on the new DC, check the DNS Console for the zones to replicate from your original server.

0
philipgeckoAuthor Commented:
I have changed the new DC DNS to read 10.8.100.2 which is the old DC DNS

SO IP address on the new server is

10.8.100.83
subnet 255.255.255.0
Gateway 10.8.100.1
DNS 10.8.100.2
DNS2 212.85.15.40

Do I just wait and this will replicate the DNS across, is that right..?

Yes I do have 2 DC's on the same domain, basically I have just introduced a new server to take over the role of the old one.  
0
ADExpertCommented:
Hi

First of all, make sure the new DC is pointing to itself as a Primary DNS server in TCP/IP properties. It should not point to the ISP's DNS server. You can mention the ISP's DNS server IP address on Forwarders tab in DNS snap in.

You can forcefully demote the old dc using "dcpromo /forceremoval" command. But before doing that make sure you've taken a recent system state backup.

After demoting the box, you can follow the steps mentioned in the following kb article to remove the metadata of the old dc from the active directory on new dc:

http://support.microsoft.com/kb/216498/

Finally, seize all the FSMO roles on the new DC (http://support.microsoft.com/kb/255504/).

Feel free to post any suggestions or queries.

ADExpert
0
philipgeckoAuthor Commented:
thanks,

I have changed the DNS of the new DC to itself and I am currently doing a system state backup before commencing with the forced DC promo on the old dc

I would like to rename this new DC to be the same as the old DC, is this easy to do or will this complicate things..?

Many thanks for your help and quick response.

Phil
0
NJComputerNetworksCommented:
REnaming a dc is easy to do... but make sure that your old DC is completely out of your domain.  Check for the old computer account and make sure it is no longer seen in DNS.

For example, use NSLOOKUP...  

type

nslookup domain.local <enter>

The IP addresses of your DC's should display...

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
philipgeckoAuthor Commented:
ok, thanks, I will let you know how it goes!!

Are you around for the next hour..?

Thanks

Phil
0
NJComputerNetworksCommented:
"Do I just wait and this will replicate the DNS across, is that right..?"  Yes...

Yes I do have 2 DC's on the same domain, basically I have just introduced a new server to take over the role of the old one.

I would suggest not doing the forceremoval...  Wait until DNS replicates...  Then do the following:

1) transer the FSMO roles to you new DC : http://support.microsoft.com/default.aspx?kbid=324801&product=winsvr2003

2) enable the new DC a global catalog.  Remove the global catalog role from your old server:
http://technet2.microsoft.com/WindowsServer/en/Library/7b1c3e1c-ef32-4b8e-b4c4-e73910575f611033.mspx

3) run DCPROMo on your old DC and select remote DC.

4) delete the computer account for your old DC in AD Users and Computers

5) check DNS for the old DC A record.  delete it if you find it...

6) rename the new DC to the old name

0
philipgeckoAuthor Commented:
ok.

1) How long will it take for DNS to replicate?
2) I have already transferred the FSMo roles over, all went well there yesterday
3) The new DC is the global catalgue
4) I have tried to do this but it fails, I will try again in a minute
5) OK, I will delete the old DC in the computer account in ADU&C
6) How do I check the A record? Is this checking on the new dc or the old?
7) ok

Once I understand what you are saying I will do this straight away.

Thanks again
0
philipgeckoAuthor Commented:
BINGO - the DNS has replicated - yesssssssssssssssssssssssssssssssssssss!!
0
NJComputerNetworksCommented:
OK now do this... ( I added a step or two)


1) transer the FSMO roles to you new DC or at least verify that the new DC holds these: http://support.microsoft.com/default.aspx?kbid=324801&product=winsvr2003

2) enable the new DC a global catalog.  Remove the global catalog role from your old server:
http://technet2.microsoft.com/WindowsServer/en/Library/7b1c3e1c-ef32-4b8e-b4c4-e73910575f611033.mspx

2a) Point all TCP/IP DNS settings to point to the NEW DC...now that it has the database.....  very important...

3) run DCPROMo on your old DC and select remote DC.

4) delete the computer account for your old DC in AD Users and Computers

5) check DNS for the old DC A record.  delete it if you find it...

6) rename the new DC to the old name

0
philipgeckoAuthor Commented:
I cannot rename the new dc as it says that the name already exists but when i go to ad u&c its not there!!!

What should i do..?
0
NJComputerNetworksCommented:
1) Reboot you new DC....  

2) check your DNS forward lookup zone for the old DC.  Go into the DNS console, and look for the old server name under your forward lookup zone.

3) from a cmd prompt type:  NSLOOKUP yourdomainname.local  (IP addresses of your current domain controllers should be listed.  If you see the old DC IP address listed, you may have a problem)

because you say, in AD USers and computers the old DC computer account is gone, you don't have to recheck this.  But if it was still there, you will have to manually delete it by right clicking on it and choose delete.  It will be under the DOMAIN CONTROLLERS OU.

If you do the above, and all checks out to be OK... then I would recommend running this to clear out your domain of knowing anything about your old DC:

http://www.petri.co.il/delete_failed_dcs_from_ad.htm


Hope this helps...
0
philipgeckoAuthor Commented:
the server name of the new DC is fbspdc001 and I can see this in the forward look up zone.  The name i want to call it is fbspdc01 and that is not there at all.

0
philipgeckoAuthor Commented:
I have done a nslookup and it has said:

server : unknown
address: 10.8.100.2
name: friern.barnet.sch.uk
adresses 10.8.100.5 (backup domain controller, not mentioned sorry), 10.8.100.2 (new DC)

Is this ok?
0
philipgeckoAuthor Commented:
I have been able to rename the server to fbspdc01 which is what i wanted, i think itwas because the old dc was still in the ad sites and services which i removed, all ok.  the server is rebooting now so i will let you know :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.