danmb
asked on
Need help from AD integrated DNS wizard - replacing one DC with another
Hi,
I'm in the process of replacing one Windows Server 2003 domain controller with another.
I'm using this article as a guide:
How to replace single domain controller in domain with a single domain controller?
http://support.microsoft.com/kb/555549
The problem is with setting up DNS on the 2nd (replacement) server, which is step 4 in the instructions.
There isn't very much detail given about HOW to set up DNS. And I'm not a DNS expert.
It references two other articles which don't apply to this specific situation - replacing one DC with another. They're more for setting up a new DC, and don't deal with DNS replication issues.
Which probably explains why DNS error 4015 and File Replication NTFRS error 13508 are showing up in the event log....
I've also seen this: https://www.experts-exchange.com/questions/23000158/Remove-a-domain-controller-from-server-2003-and-set-up-a-new-domain-controller-in-AD.html. Again, no detail on HOW to set up DNS. i.e. what to answer in the configuration questions. You'd think that everything just happens all by itself. Well.... it isn't.
To get points for this question, the respondent should tell me exactly how to set up DNS on the new (replacement) DC (step 4), so that during the brief time that the two DC's are up together, I get a CLEAN event log. I do not want to proceed further unless the two DC's are cooperating.
And if an event log entry is unavoidable due to the nature of the task, please explain why...
Thanks in advance.
I'm in the process of replacing one Windows Server 2003 domain controller with another.
I'm using this article as a guide:
How to replace single domain controller in domain with a single domain controller?
http://support.microsoft.com/kb/555549
The problem is with setting up DNS on the 2nd (replacement) server, which is step 4 in the instructions.
There isn't very much detail given about HOW to set up DNS. And I'm not a DNS expert.
It references two other articles which don't apply to this specific situation - replacing one DC with another. They're more for setting up a new DC, and don't deal with DNS replication issues.
Which probably explains why DNS error 4015 and File Replication NTFRS error 13508 are showing up in the event log....
I've also seen this: https://www.experts-exchange.com/questions/23000158/Remove-a-domain-controller-from-server-2003-and-set-up-a-new-domain-controller-in-AD.html. Again, no detail on HOW to set up DNS. i.e. what to answer in the configuration questions. You'd think that everything just happens all by itself. Well.... it isn't.
To get points for this question, the respondent should tell me exactly how to set up DNS on the new (replacement) DC (step 4), so that during the brief time that the two DC's are up together, I get a CLEAN event log. I do not want to proceed further unless the two DC's are cooperating.
And if an event log entry is unavoidable due to the nature of the task, please explain why...
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
To: KCTS
Please re-read my question. Specifically, this:
=====================
To get points for this question, the respondent should tell me exactly how to set up DNS on the new (replacement) DC (step 4), so that during the brief time that the two DC's are up together, I get a CLEAN event log. I do not want to proceed further unless the two DC's are cooperating.
And if an event log entry is unavoidable due to the nature of the task, please explain why...
=====================
I'm not going to give you points for simply cutting and pasting something which I have already seen. Try answering the question. Thanks anyway.
Please re-read my question. Specifically, this:
=====================
To get points for this question, the respondent should tell me exactly how to set up DNS on the new (replacement) DC (step 4), so that during the brief time that the two DC's are up together, I get a CLEAN event log. I do not want to proceed further unless the two DC's are cooperating.
And if an event log entry is unavoidable due to the nature of the task, please explain why...
=====================
I'm not going to give you points for simply cutting and pasting something which I have already seen. Try answering the question. Thanks anyway.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
To ryansoto:
OK, this seems to be the key to what I need:
================
After DNS is installed the only real config you need to do is your forwarders.
Go into DNS then you will see your new server. Right click it then go to properties.
Go to the forwarder tab. Enter in the IP's of your ISP's DNS servers. You can get this from your existing servers properties under the same tab.
Once you have this done the zones from the old machine will automatically replicate to your new machine.
================
See, my hangup was, if DNS was supposed to come over automagically from the first DC, then after setting up DNS, why do I have to enter anything at all?
So when the Config dialog box came up, I cancelled and rebooted.
I will try entering a forwarder as you described....
One other thing. In my original question, I also mentioned File Replication NTFRS error 13508.
In addition, netdiag /test:dns said that replication wasn't complete. After running dcpromo, replication seemed to take a very long time (about an hour) for such a small domain. I figured that I should wait until replication is complete before setting up DNS.
Is there any way to speed up replication? I'm getting NTFRS 13508's after every step....
Thanks.
OK, this seems to be the key to what I need:
================
After DNS is installed the only real config you need to do is your forwarders.
Go into DNS then you will see your new server. Right click it then go to properties.
Go to the forwarder tab. Enter in the IP's of your ISP's DNS servers. You can get this from your existing servers properties under the same tab.
Once you have this done the zones from the old machine will automatically replicate to your new machine.
================
See, my hangup was, if DNS was supposed to come over automagically from the first DC, then after setting up DNS, why do I have to enter anything at all?
So when the Config dialog box came up, I cancelled and rebooted.
I will try entering a forwarder as you described....
One other thing. In my original question, I also mentioned File Replication NTFRS error 13508.
In addition, netdiag /test:dns said that replication wasn't complete. After running dcpromo, replication seemed to take a very long time (about an hour) for such a small domain. I figured that I should wait until replication is complete before setting up DNS.
Is there any way to speed up replication? I'm getting NTFRS 13508's after every step....
Thanks.
"""See, my hangup was, if DNS was supposed to come over automagically from the first DC, then after setting up DNS, why do I have to enter anything at all? ""
Because a forwarder is not an integrated part of DNS, you are not replicating the DNS server, you are replicating the DNS zones.....
And root hints are the stock standard components of a DNS servers forwarding....you dont have to have a forwarder to get out, you can use root hints,
Because a forwarder is not an integrated part of DNS, you are not replicating the DNS server, you are replicating the DNS zones.....
And root hints are the stock standard components of a DNS servers forwarding....you dont have to have a forwarder to get out, you can use root hints,
You can force replication. Open AD sites and sevices, expand the site, expand the servers, expand NTDS settings, right click on the links and "replicate now"
While my instructions are what you were looking for both KCTS and Jay have some very good info on further configuration beyond your 'step 4'
You have to enter forwarders as thse are not replicated automatically - you many not want all DNS servers to forward in some scenarios - thats just the way it is...
ASKER
To Jay_Jay70:
I noticed you don't have installation of DNS as a separate step like the other guides I've seen. (would be between steps 2 and 3)
May I ask why (since DNS is not installed by default in server 2003)?
I noticed you don't have installation of DNS as a separate step like the other guides I've seen. (would be between steps 2 and 3)
May I ask why (since DNS is not installed by default in server 2003)?
i figured it was a fairly self explanatory point - you want DNS, you need to install it :)
you want to host a website, you need to install IIS :)
Probably should have included it, it just never really came to mind that it would be a step I needed to input - welcome feedback if you think it should be updated??
you want to host a website, you need to install IIS :)
Probably should have included it, it just never really came to mind that it would be a step I needed to input - welcome feedback if you think it should be updated??
ASKER
OK, listen up. This is what I did.
On the 2nd DC, the first thing I did was give it a static IP, and point its DNS server to the 1st DC.
Then I installed DNS. Installing DNS consists of 2 steps: installing it, and the configuration wizard. When the configuration wizard came up, I canceled it. So I have DNS installed with no zones. No biggie, since it's not being used yet (DNS is still pointing to the 1st server, remember?)
I then joined it to the domain, and waited for SYSVOL share to show up as an indication that replication completed. It takes its sweet time. About an hour for a tiny domain. No amount of goosing it with Replicate Now seems to help. In the meantime, ntfrs is bitching and moaning with 13508 having trouble replicating, then 13509 established after repeated retries, then finally 13516 replication complete. Honestly, I don't know what its problem is. But my mistake the first time was not being patient and waiting for SYSVOL to show up.
But lo and behold after SYSVOL shows up, the DNS integrated forward lookup zones were there. They came over all by themselves.
The only thing is, when I run the DNS on the 2nd DC, although the forward lookup zones from the 1st DC are there, it still says "Configure a DNS server". It knows that I didn't run the wizard. Oh my. LOL. Now what?
On the 2nd DC, the first thing I did was give it a static IP, and point its DNS server to the 1st DC.
Then I installed DNS. Installing DNS consists of 2 steps: installing it, and the configuration wizard. When the configuration wizard came up, I canceled it. So I have DNS installed with no zones. No biggie, since it's not being used yet (DNS is still pointing to the 1st server, remember?)
I then joined it to the domain, and waited for SYSVOL share to show up as an indication that replication completed. It takes its sweet time. About an hour for a tiny domain. No amount of goosing it with Replicate Now seems to help. In the meantime, ntfrs is bitching and moaning with 13508 having trouble replicating, then 13509 established after repeated retries, then finally 13516 replication complete. Honestly, I don't know what its problem is. But my mistake the first time was not being patient and waiting for SYSVOL to show up.
But lo and behold after SYSVOL shows up, the DNS integrated forward lookup zones were there. They came over all by themselves.
The only thing is, when I run the DNS on the 2nd DC, although the forward lookup zones from the 1st DC are there, it still says "Configure a DNS server". It knows that I didn't run the wizard. Oh my. LOL. Now what?
ASKER
ok i basically ran the wizard but answered the questions in such a way as not to create any zones or forwarders. once the wizard completes it doesn't say "configure a dns server" anymore. it'll use root hints for forwarding. it's happy. i'm happy.
but i still need to create a reverse lookup zone for 192.168.1 since the reverse lookup zones didn't come over (not AD integrated, I presume).
but i still need to create a reverse lookup zone for 192.168.1 since the reverse lookup zones didn't come over (not AD integrated, I presume).
ASKER
Just as a note: in my original question I also mentioned this:
"Which probably explains why DNS error 4015 and File Replication NTFRS error 13508 are showing up in the event log...."
The DNS 4015 seems to happen when the DNS address of the 1st DC is 127.0.0.1 and not the actual IP.
This is mentioned here: http://eventid.net/display.asp?eventid=4015&eventno=333&source=DNS&phase=1 comment by Anonymous. I changed the 1st DC's preferred DNS IP from 127.0.0.1 to the actual IP, and DNS 4015 on the 2nd DC went away.
Before I close this out, anyone want to speculate on what's causing the NTFRS error 13508 and why it takes an hour for SYSVOL to show up?
"Which probably explains why DNS error 4015 and File Replication NTFRS error 13508 are showing up in the event log...."
The DNS 4015 seems to happen when the DNS address of the 1st DC is 127.0.0.1 and not the actual IP.
This is mentioned here: http://eventid.net/display.asp?eventid=4015&eventno=333&source=DNS&phase=1 comment by Anonymous. I changed the 1st DC's preferred DNS IP from 127.0.0.1 to the actual IP, and DNS 4015 on the 2nd DC went away.
Before I close this out, anyone want to speculate on what's causing the NTFRS error 13508 and why it takes an hour for SYSVOL to show up?
Both DC's should point to themselves for the preferred server then you can add another DC as a secondary.
This is probably causing your errors.
This is probably causing your errors.
ASKER
To Jay_Jay70:
Yes, you should update your guide.
Yes, you should update your guide.
ASKER
Patience, patience, patience.....
I can't overemphasize the importance of patience, at two steps in particular:
1) After running dcpromo on the 2nd DC, wait until SYSVOL show up in Net Share before proceeding.
2) After transferring FSMO to the 2nd DC and demoting the 1st DC from global catalog, reboot and wait for things to settle down. At this point both DC's will fail dcdiag until things settle down. It took a good 15, 20 minutes on my little domain. That's what really had me going....
I can't overemphasize the importance of patience, at two steps in particular:
1) After running dcpromo on the 2nd DC, wait until SYSVOL show up in Net Share before proceeding.
2) After transferring FSMO to the 2nd DC and demoting the 1st DC from global catalog, reboot and wait for things to settle down. At this point both DC's will fail dcdiag until things settle down. It took a good 15, 20 minutes on my little domain. That's what really had me going....
a lot of people have used my guide and not commented on the DNS portion so i will review it - thanks
Take it easy
Take it easy
The process is as follows
Install Windows 2003 on the new machine
Assign the new computer an IP address and subnet mask on the existing network
Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)
Join the new machine to the existing domain as a member server
If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2
you need to run
adprep /forestprep
and
adprep /domainprep
From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain
Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS. If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.
Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)
If necessary install DHCP on the new DC. You can do this through Add/Remove Programs->Windows Components->Networking Services->DHCP.
You will then need to remove any existing DHCP prior to authorising the new DHCP Server. When setting up the new DHCP server dont forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set the new domain controller.
Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and the domain could function for a while at least should any one of them fail.
If you really want rid of the old DC then:-
Transfer all the FSMO roles to the new DC: See http://www.petri.co.il/transferring_fsmo_roles.htm
Check that you have:-
Made the other DC a global catalog:
Installed DHCP on the new DC, set up the scope and authorise it. (If using DHCP)
Make sure that all clients use the new DC as their Preferred DNS server (either by static or DHCP options)
Power down to old DC and make sure that all is well, once satisfied power on the old DC again, then run DCPROMO for remove it's domain controller status. This is essential to avoid replication errors
If you want to remove the machine from the domain then you can do so one it's DC role has been removed