We help IT Professionals succeed at work.

Cannot find a primary authoritative DNS server and GC not replicating

stewartje
stewartje asked
on
2,238 Views
Last Modified: 2012-05-05
I recently added a SBS 2003 R2 to our domain.  Before I added the SBS box the domain consisted of 2 Server 2000 boxes.  I prepped the domain by following the MS instructions, article 884453.  No problems up until the point at which I was instructed to make the SBS a GC server and then wait for an Even ID to let me know that the SBS was indeed a GC.  That never happened on the SBS box.  I did check the Server 2000 box and found an Event ID 1869 saying that it, the server 2000 box has located a GC server and then it gave the name FQDN of the new SBS.  According to MS there should be an even in the SBS log stating that it was now a GC server.  So I do some troubleshooting and find that after running Netdiag on the SBS it comes back with one error relating to DNS.  The error is as follows"
DNS test . . . . . . . . . . . . . : Passed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'mail.mydomain.local.'. [ERROR_TIMEOUT]
            The name 'mail.mydomain.local.' may not be registered in DNS.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.x.xx
' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.x.xx
' and other DCs also have some of the names registered.

My questions are:
1.  Did the GC replication work on the SBS?
2. Is the DNS a problem now?  The server 2000 box still has the FSMO roles because I have not gotten to that step in the MS article.  I am supposed to make the SBHS a GC before I do that.

Please help.
Comment
Watch Question

Hi
Goto Active Directory Sites and Services Sites, expand Default-First-Site-Name, expand Servers, expand your SBS 2003 server, right-click NTDS Settings, and then goto the Properties click the General tab is the Global catalog check box selected?

Author

Commented:
Yes the box is checked for the GC.
You should continue on with the steps in the MS KB looks like the event logs just havent been written

Author

Commented:
ok, thanks.  

What about the DNS error that I received after running Netdiag?
Have you setup DNS on the SBS? If not configure it now

Author

Commented:
I setup DNS before the GC issue.  DNS is installed and running on the SBS box.
Have you setup the DNS to be AD integrated?
Have a look at www.sbsmigration.com.
It gives you a step by step explanation of what's going on. It's worth the few $.
OlafDC

Author

Commented:
DNS is AD integrated.
I am not migrating to a new server but appreciate the url link.  
The migration documents actually explain the DC to PDC process very well with possible problems. It was just a suggestion.
Can you run a DCdiag and post?
OlafDC
You should continue on with the steps in the MS KB and we can sort any DNS problem out then.

Author

Commented:
dcdiag results:
Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site\MAIL
      Starting test: Connectivity
         ......................... MAIL passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site\MAIL
      Starting test: Replications
         ......................... MAIL passed test Replications
      Starting test: NCSecDesc
         ......................... MAIL passed test NCSecDesc
      Starting test: NetLogons
         ......................... MAIL passed test NetLogons
      Starting test: Advertising
         ......................... MAIL passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... MAIL passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... MAIL passed test RidManager
      Starting test: MachineAccount
         ......................... MAIL passed test MachineAccount
      Starting test: Services
         ......................... MAIL passed test Services
      Starting test: ObjectsReplicated
         ......................... MAIL passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... MAIL passed test frssysvol
      Starting test: frsevent
         ......................... MAIL passed test frsevent
      Starting test: kccevent
         ......................... MAIL passed test kccevent
      Starting test: systemlog
         ......................... MAIL passed test systemlog
      Starting test: VerifyReferences
         ......................... MAIL passed test VerifyReferences

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidati
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefV
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRe

   Running partition tests on : XXXX
      Starting test: CrossRefValidation
         ......................... XXXX passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... XXXX passed test CheckSDRefDom

   Running enterprise tests on : XXXX.local
      Starting test: Intersite
         ......................... XXXX.local passed test Intersite
      Starting test: FsmoCheck
         ......................... XXXX.local passed test FsmoCheck

Author

Commented:
The next step in the process is to remove othe GCs from the Domain.
 Should I really do this?  Can I skip it?  
What if I leave a Server 2000 GC and then move the FSMO roles to the SBS 2003 R2?
Thoughts? Experiences?
You have to remove all other GC's. SBS needs to be the only GC on the network. Make sure you have replicated your AD and allowed enough time.
The 4 most common DC Promotion problems are: Use of single-label domain names (company instead of company.local) , All network adapters must point DNS requests to Primary lan IP, FRS Journal wrap error (Stops further replication), SMB signing issues.

So look for the following symptoms before proceeding:
DC never establishes a shared sysvol or netlogon, DCdiag indicates new DC can't contact a Global catalog server but DC is a GC,FRS Event log entry 13516 never appears, sysvol has no files.
It's important the dcpromo was 100% successfull before continuing.
OlafDC
 

Author

Commented:
I verified that all 5 roles are on the SBS.  I am not using a single level domain.  No FRS errors.

I tried to continue the SBS setup and could not because the SBS box told me, "Could not contact all DC's"

I look over a MS article and according to it I shoudl be ok.  What caould be holding this up?
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
I've already answered your other question which has the reason for this problem... you need to turn off the Windows Firewall on the SBS's NICs which got automatically installed when following the steps in KB884453.

But I can tell you that if you start second guessing ANY of the steps in that article, or modifying them in any manner, you will end up with a failed installation.  

Jeff
TechSoEasy

Author

Commented:
Firewall was turned off after the GC step in the MS article.  I still have the problem.
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
So are the other two servers still DC's?  And you've updated their Shema to Windows 2003 R2?

If so, can you please post a complete IPCONFIG /ALL from all of your servers?  (the SBS and the two S2K's).

Also... where were you looking for Event ID 1119 or 1869?  These should be in the Directory Services Event log, not the System Event or Application logs.

Jeff
TechSoEasy

Author

Commented:
I solved the problem.  I went to MS and had one their engineers look at the SBS box.  They found that I had done everything correctly and that following the MS article for this task was the right thing to do.  They had 2 people work on this case and in the end then "reprogrammed" the SBS OS to make the error go away.  I wish I could give more detail but they were in areas of the OS I have never seen before.

For others out there, this approach does work but as Eric stated it is not the preferred.  Had I to do it all over again, I would have created a new local domain, and then rejoined the clients to the new SBS.  Overall not a bad lesson.
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Glad you got it working.... would have been nice to know what they did though.

I'm also glad that you understand now why I stated that it's not a preferred method... but who's Eric?

Jeff
TechSoEasy

Author

Commented:
sorry meant to say, "Jerff and not Eric"

Author

Commented:
problem fixed by MS rep.  No points awarded due to this reason
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.