lucado01
asked on
DNS not replicatiing properly Windows 2000 domain
Last weekend, I promoted two Windows 2000 dc's in a remote site. I also demoted the original dc (also Windows 2000) in that site. I installed DNS on both servers and configured DHCP on one of those servers to hand out the new DNS servers to the clients. I set up replication in Sites and Services, the remote clients could get to everything. All was good.
In the beginning of the week, I noticed on my main dc (Windows 2000) that the DNS server for that site was still showing the old server, although it had a red X through it. That server had been dcpromo'd out of the domain.
Even though I had installed DNS on the two newly promoted DC's in the remote site, I did nothing to configure them. Needless to say, the new DNS server(s) weren't showing up under DNS manager on our main dc.
Today, I logged on to my main dc, opened DNS manager and noticed that another remote site, that we did no work on, had a DNS server object in the manager, but was stating the message "Configure DNS Server" on the right window pane. The next time I checked it today, the same message was being displayed for the server I was logged on to, the main one. All of the DNS servers under DNS manager were still showing the zones and all of the hosts. However only two dc's weren't displaying the "Configure DNS Server" message and the SOA had changed to our other main office DC (Windows 2000).
Later this day I had a user who lost network functionality. I had them reboot and after 20 minutes it still hadn't displayed their logon screen. I immediately knew she had a DNS issue. I went back down to the main DC, right clicked on the server object, clicked on Configure this server, told it there was already a zone and then hit finish. Now when I click on the server, it just displays the folders for the zones.
I went back up to the users machine, it was still loading settings, turned off the computer, unplugged the network cable, logged on locally to the box, did a repair on the network card, logged out, had the user log on to their domain account and all of their functionality was back.
Here are my questions:
What could cause the existing DNS servers in the domain to present the "Configure DNS screen"? What could possibly cause that to happen?
Should I be able to see all DNS servers in the domain regardless of which DC I log on to when I open DNS manager?
I'm supposed to reboot everything for security patching in the next 48 hours, should I allow more time for DNS to replicate to all DC's?
How do I avoid the hell of coming in on Monday morning and have users report that it's taking 30 minutes for their computers to get to the CTRL + ALT + DEL screen?
THANK YOU IN ADVANCE!
In the beginning of the week, I noticed on my main dc (Windows 2000) that the DNS server for that site was still showing the old server, although it had a red X through it. That server had been dcpromo'd out of the domain.
Even though I had installed DNS on the two newly promoted DC's in the remote site, I did nothing to configure them. Needless to say, the new DNS server(s) weren't showing up under DNS manager on our main dc.
Today, I logged on to my main dc, opened DNS manager and noticed that another remote site, that we did no work on, had a DNS server object in the manager, but was stating the message "Configure DNS Server" on the right window pane. The next time I checked it today, the same message was being displayed for the server I was logged on to, the main one. All of the DNS servers under DNS manager were still showing the zones and all of the hosts. However only two dc's weren't displaying the "Configure DNS Server" message and the SOA had changed to our other main office DC (Windows 2000).
Later this day I had a user who lost network functionality. I had them reboot and after 20 minutes it still hadn't displayed their logon screen. I immediately knew she had a DNS issue. I went back down to the main DC, right clicked on the server object, clicked on Configure this server, told it there was already a zone and then hit finish. Now when I click on the server, it just displays the folders for the zones.
I went back up to the users machine, it was still loading settings, turned off the computer, unplugged the network cable, logged on locally to the box, did a repair on the network card, logged out, had the user log on to their domain account and all of their functionality was back.
Here are my questions:
What could cause the existing DNS servers in the domain to present the "Configure DNS screen"? What could possibly cause that to happen?
Should I be able to see all DNS servers in the domain regardless of which DC I log on to when I open DNS manager?
I'm supposed to reboot everything for security patching in the next 48 hours, should I allow more time for DNS to replicate to all DC's?
How do I avoid the hell of coming in on Monday morning and have users report that it's taking 30 minutes for their computers to get to the CTRL + ALT + DEL screen?
THANK YOU IN ADVANCE!
ASKER
KCTS,
Where would I go to configure the new DNS servers in the remote site to use the main office DNS server as the preferred server?
a)- The server that was demoted and removed didn't hold any FSMO roles. It was the lone DC in a remote site.
b)- Yes, one of the servers was made a GC. Incidentally, one of the two new DC's in the remote site died (older hardware) so now I have just the one DC. My users out there can still do everything so it's fine but I'll have to use NTDSUTIL to remove the dead one. Once it died, I made the other
Thanks!
Where would I go to configure the new DNS servers in the remote site to use the main office DNS server as the preferred server?
a)- The server that was demoted and removed didn't hold any FSMO roles. It was the lone DC in a remote site.
b)- Yes, one of the servers was made a GC. Incidentally, one of the two new DC's in the remote site died (older hardware) so now I have just the one DC. My users out there can still do everything so it's fine but I'll have to use NTDSUTIL to remove the dead one. Once it died, I made the other
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Jay Jay70,
The zones are AD integrated. Any preferred switches that should be run with dcdiag? Forgive my incredible stupidity but OK to run this during production hours?
The zones are AD integrated. Any preferred switches that should be run with dcdiag? Forgive my incredible stupidity but OK to run this during production hours?
there is nothing stupid about that question :)
yes it ok to run, no specifif switches at this stage, just straight dcdiag
yes it ok to run, no specifif switches at this stage, just straight dcdiag
When you demoted the original DC did you
a) move the FSMO roles to another DC - If not then you will have to seize them http://www.petri.co.il/seizing_fsmo_roles.htm
b) did you make at least one of the new DCs a Global Catalog - see http://www.jsifaq.com/SF/Tips/Tip.aspx?id=4614