Domain DNS server can't find the AD DNS zones for the foerst
I have a forest with two domains. The servers are 2000 and 2003. Recently, the main server that contained the AD-integrated zone data for one of the domains crashed and had to be replaced. This server was one of two DC that were both Global Catalog servers for this domain. I created a new server, ran the metadata cleanup brought the server online with a different name and IP address to avaid any conflicts in AD.
My problem now is that I cannot create an AD-integrated DNS zone on either of the DCs in the Domain. When I try I get an error that the type is wrong. I have manually created the GUID records in the main AD-integrated DNS on the first domain to try and force the connection to work but no dice.
DCdiag shows a slew of RPC server errors which suggests Name/service resolution errors. This even when I have created a secondary DNS zone from the AD-integrated zone.
Any poiters on this would be greatly appreciated.
My problem now is that I cannot create an AD-integrated DNS zone on either of the DCs in the Domain. When I try I get an error that the type is wrong. I have manually created the GUID records in the main AD-integrated DNS on the first domain to try and force the connection to work but no dice.
DCdiag shows a slew of RPC server errors which suggests Name/service resolution errors. This even when I have created a secondary DNS zone from the AD-integrated zone.
Any poiters on this would be greatly appreciated.
ASKER
What I meant by:
"secondary DNS zone from the AD-integrated zone"
is that I created a standard secondary zone on a DNS server in the 2nd AD Domain using the AD-Integrated DNS server in the first domain as the Master.
When I tried to create an AD integrated zone on this DC, the error I got was:
"The zone type cannot be created.
The zone type is invalid."
It is significant to note that the server on which I am trying to create the AD integrated zone, cannot connect to the DNS server which holds the FSMO roles. I can ping it by name and number, but I cannot connect to it using the DNS MMC plugin. This even in light of the fact that I have listed the target servwer as the DNS Primary lookup server on the machine in question.
"secondary DNS zone from the AD-integrated zone"
is that I created a standard secondary zone on a DNS server in the 2nd AD Domain using the AD-Integrated DNS server in the first domain as the Master.
When I tried to create an AD integrated zone on this DC, the error I got was:
"The zone type cannot be created.
The zone type is invalid."
It is significant to note that the server on which I am trying to create the AD integrated zone, cannot connect to the DNS server which holds the FSMO roles. I can ping it by name and number, but I cannot connect to it using the DNS MMC plugin. This even in light of the fact that I have listed the target servwer as the DNS Primary lookup server on the machine in question.
ASKER
OK, I have deleted all zones from all servers to start over from scratch.
First I created AD integrated zones for domain1 and domain2 on the server that holds the FSMO roles and they showed up fine with all the service record entries and the like for domain1 and service record entries for the DC on dc1.domain2. On dc1.domain2 I have created AD-integrated zones for both domains, but no service records show up, nor do the _mscds, _sites,_tcp_udp, etc.. Maybe if I can solve this problem the others will fall into place.
Meanwhile, I am upping the points because people are starting to encounter issues associated with this.
Please Help!
First I created AD integrated zones for domain1 and domain2 on the server that holds the FSMO roles and they showed up fine with all the service record entries and the like for domain1 and service record entries for the DC on dc1.domain2. On dc1.domain2 I have created AD-integrated zones for both domains, but no service records show up, nor do the _mscds, _sites,_tcp_udp, etc.. Maybe if I can solve this problem the others will fall into place.
Meanwhile, I am upping the points because people are starting to encounter issues associated with this.
Please Help!
" On dc1.domain2 I have created AD-integrated zones for both domains, but no service records show up, nor do the _mscds, _sites,_tcp_udp, etc.. " How does the TCP/Ip settings look on the DC1.domain2? Where do you have DNS pointing to? To the what DNS server?
If you have a Forest presumably one of your domains is the Parent and the other the child?
The questions NJ has asked are really important though..
Chris
ASKER
First at the main server in Domain1 (call it DC1.Domain1.example.com) and next to itself.
As for the parent /child... the parent is Domain1.excample.com and the child is Domain2.example.com
As for the parent /child... the parent is Domain1.excample.com and the child is Domain2.example.com
ASKER
I finally got this working. I deleted all zones on all DNS servers and waited for AD to do its replication. I then created the AD-integrated zones on the DC/DNS server in the primary domain and configured it to replicate to all DNS servers in both domains. On the other DNS servers I made sure the Primary DNS server in the IP configuration was the Forest DNS server and sat back and waited. Eventually the replication was successful and all is working fine now.
Call this case closed.
Thaks,
Freymish
Call this case closed.
Thaks,
Freymish
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This bit puzzles me a little:
> secondary DNS zone from the AD-integrated zone
It sort of makes me wonder about the error you mentioned earlier on.
What exactly are you trying to make into an AD Integrated Zone? It just sounds a little like you're trying to make a Secondary Zone into an AD Integrated Zone?
If that's not the case can you post the error messages exactly as you have them on the screen for DNS?
Chris