Solved

Need help from AD integrated DNS wizard - replacing one DC with another

Posted on 2008-06-11
19
222 Views
Last Modified: 2010-04-18
Hi,

I'm in the process of replacing one Windows Server 2003 domain controller with another.

I'm using this article as a guide:

How to replace single domain controller in domain with a single domain controller?
http://support.microsoft.com/kb/555549

The problem is with setting up DNS on the 2nd (replacement) server, which is step 4 in the instructions.

There isn't very much detail given about HOW to set up DNS. And I'm not a DNS expert.

It references two other articles which don't apply to this specific situation - replacing one DC with another. They're more for setting up a new DC, and don't deal with DNS replication issues.

Which probably explains why DNS error 4015 and File Replication NTFRS error 13508 are showing up in the event log....

I've also seen this: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_23000158.html. Again, no detail on HOW to set up DNS. i.e. what to answer in the configuration questions. You'd think that everything just happens all by itself. Well.... it isn't.

To get points for this question, the respondent should tell me exactly how to set up DNS on the new (replacement) DC (step 4), so that during the brief time that the two DC's are up together, I get a CLEAN event log. I do not want to proceed further unless the two DC's are cooperating.

And if an event log entry is unavoidable due to the nature of the task, please explain why...

Thanks in advance.
0
Comment
Question by:danmb
  • 8
  • 4
  • 4
  • +1
19 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 21764249
Replacing a DC should be a simple process

The process is as follows

Install Windows 2003 on the new machine

Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2
you need to run

adprep /forestprep
and
adprep /domainprep

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

If necessary install DHCP on the new DC. You can do this through Add/Remove Programs->Windows Components->Networking Services->DHCP.

You will then need to remove any existing DHCP prior to authorising the new DHCP Server. When setting up the new DHCP server dont forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set the new domain controller.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and the domain could function for a while at least should any one of them fail.

If you really want rid of the old DC then:-

Transfer all the FSMO roles to the new DC: See http://www.petri.co.il/transferring_fsmo_roles.htm

Check that you have:-
Made the other DC a global catalog:
Installed DHCP on the new DC, set up the scope and authorise it. (If using DHCP)
Make sure that all clients use the new DC as their Preferred DNS server (either by static or DHCP options)

Power down to old DC and make sure that all is well, once satisfied power on the old DC again, then run DCPROMO for remove it's domain controller status. This is essential to avoid replication errors

If you want to remove the machine from the domain then you can do so one it's DC role has been removed
0
 
LVL 24

Accepted Solution

by:
ryansoto earned 275 total points
ID: 21764295
This article covers it -
http://support.microsoft.com/default.aspx?scid=kb;en-us;814591

Install DNS this is to install the service onto this new domain controller.  I cant make this easier as it is step by step but it works perfect
1. Open Windows Components Wizard. To do so, use the following steps: a.  Click Start, click Control Panel, and then click Add or Remove Programs.  
b.  Click Add/Remove Windows Components.
 
2. In Components, select the Networking Services check box, and then click Details.  
3. InSubcomponents of Networking Services, select the Domain Name System (DNS) check box, click OK, and then click Next.  
4. If you are prompted, in Copy files from, type the full path of the distribution files, and then click OK.

After DNS is installed the only real config you need to do is your forwarders.
Go into DNS then you will see your new server.  Right click it then go to properties.
Go to the forwarder tab.  Enter in the IP's of your ISP's DNS servers.  You can get this from your existing servers properties under the same tab.
Once you have this done the zones from the old machine will automatically replicate to your new machine.

You can verify this is occuring by expanding the zones on the new machine and they should have the same folders and same records as the old machine.  Once you verify that if you still get event issues post the events.
Also run a netdiag and a dcdiag on the new machine and see what errors come back.
0
 
LVL 1

Author Comment

by:danmb
ID: 21764803
To: KCTS

Please re-read my question. Specifically, this:

=====================

To get points for this question, the respondent should tell me exactly how to set up DNS on the new (replacement) DC (step 4), so that during the brief time that the two DC's are up together, I get a CLEAN event log. I do not want to proceed further unless the two DC's are cooperating.

And if an event log entry is unavoidable due to the nature of the task, please explain why...

=====================

I'm not going to give you points for simply cutting and pasting something which I have already seen. Try answering the question. Thanks anyway.
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 175 total points
ID: 21764839
Setting up DNS should be very, Very simple. Prior to installing Active Directory and DNS on the new machine, you need to point it at the existing DNS server for its preferred DNS server. Once you have made the new machine a domain controller then , assuming you are using AD Integrated DNS. all you need do is install DNS on the new DC as outlined. Once DNS in installed on the New DC, then you need to configure the new machine to point to itself as preferred DNS server.

Obviously all clients also need to be pointed at the new machine as their preferred DNS server also

There may be some errors during the transition until AD and DNS are fully replicated and clients register with the new DNS server but they should quickly be resolved without any intervention.
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 50 total points
ID: 21764865
have  a read my guide here - its step by step
http://www.block.net.au/help/replace-dc/

you shouldnt get any errors in DNS if you do it step by step following KCTS instructions, and/or mine
0
 
LVL 1

Author Comment

by:danmb
ID: 21764866
To ryansoto:

OK, this seems to be the key to what I need:

================

After DNS is installed the only real config you need to do is your forwarders.
Go into DNS then you will see your new server.  Right click it then go to properties.
Go to the forwarder tab.  Enter in the IP's of your ISP's DNS servers.  You can get this from your existing servers properties under the same tab.
Once you have this done the zones from the old machine will automatically replicate to your new machine.

================

See, my hangup was, if DNS was supposed to come over automagically from the first DC, then after setting up DNS, why do I have to enter anything at all?

So when the Config dialog box came up, I cancelled and rebooted.

I will try entering a forwarder as you described....

One other thing. In my original question, I also mentioned File Replication NTFRS error 13508.

In addition, netdiag /test:dns said that replication wasn't complete. After running dcpromo, replication seemed to take a very long time (about an hour) for such a small domain. I figured that I should wait until replication is complete before setting up DNS.

Is there any way to speed up replication? I'm getting NTFRS 13508's after every step....

Thanks.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21764881
"""See, my hangup was, if DNS was supposed to come over automagically from the first DC, then after setting up DNS, why do I have to enter anything at all? ""

Because a forwarder is not an integrated part of DNS, you are not replicating the DNS server, you are replicating the DNS zones.....

And root hints are the stock standard components of a DNS servers forwarding....you dont have to have a forwarder to get out, you can use root hints,
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21764882
You can force replication. Open AD sites and sevices, expand the site, expand the servers, expand NTDS settings, right click on the links and "replicate now"
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 21764884
While my instructions are what you were looking for both KCTS and Jay have some very good info on further configuration beyond your 'step 4'
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21764894
You have to enter forwarders as thse are not replicated automatically - you many not want all DNS servers to forward in some scenarios - thats just the way it is...
0
 
LVL 1

Author Comment

by:danmb
ID: 21764942
To Jay_Jay70:

I noticed you don't have installation of DNS as a separate step like the other guides I've seen. (would be between steps 2 and 3)

May I ask why (since DNS is not installed by default in server 2003)?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21764963
i figured it was a fairly self explanatory point - you want DNS, you need to install it :)

you want to host a website, you need to install IIS :)

Probably should have included it, it just never really came to mind that it would be a step I needed to input - welcome feedback if you think it should be updated??
0
 
LVL 1

Author Comment

by:danmb
ID: 21768507
OK, listen up. This is what I did.

On the 2nd DC, the first thing I did was give it a static IP, and point its DNS server to the 1st DC.

Then I installed DNS. Installing DNS consists of 2 steps: installing it, and the configuration wizard. When the configuration wizard came up, I canceled it. So I have DNS installed with no zones. No biggie, since it's not being used yet (DNS is still pointing to the 1st server, remember?)

I then joined it to the domain, and waited for SYSVOL share to show up as an indication that replication completed. It takes its sweet time. About an hour for a tiny domain. No amount of goosing it with Replicate Now seems to help. In the meantime, ntfrs is bitching and moaning with 13508 having trouble replicating, then 13509 established after repeated retries, then finally 13516 replication complete. Honestly, I don't know what its problem is. But my mistake the first time was not being patient and waiting for SYSVOL to show up.

But lo and behold after SYSVOL shows up, the DNS integrated forward lookup zones were there. They came over all by themselves.

The only thing is, when I run the DNS on the 2nd DC, although the forward lookup zones from the 1st DC are there, it still says "Configure a DNS server". It knows that I didn't run the wizard. Oh my. LOL. Now what?
0
 
LVL 1

Author Comment

by:danmb
ID: 21768555
ok i basically ran the wizard but answered the questions in such a way as not to create any zones or forwarders. once the wizard completes it doesn't say "configure a dns server" anymore. it'll use root hints for forwarding. it's happy. i'm happy.

but i still need to create a reverse lookup zone for 192.168.1 since the reverse lookup zones didn't come over (not AD integrated, I presume).
0
 
LVL 1

Author Comment

by:danmb
ID: 21769019
Just as a note: in my original question I also mentioned this:

"Which probably explains why DNS error 4015 and File Replication NTFRS error 13508 are showing up in the event log...."

The DNS 4015 seems to happen when the DNS address of the 1st DC is 127.0.0.1 and not the actual IP.

This is mentioned here: http://eventid.net/display.asp?eventid=4015&eventno=333&source=DNS&phase=1 comment by Anonymous. I changed the 1st DC's preferred DNS IP from 127.0.0.1 to the actual IP, and DNS 4015 on the 2nd DC went away.

Before I close this out, anyone want to speculate on what's causing the NTFRS error 13508 and why it takes an hour for SYSVOL to show up?
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 21769859
Both DC's should point to themselves for the preferred server then you can add another DC as a secondary.
This is probably causing your errors.
0
 
LVL 1

Author Comment

by:danmb
ID: 21770956
To Jay_Jay70:

Yes, you should update your guide.
0
 
LVL 1

Author Comment

by:danmb
ID: 21771640
Patience, patience, patience.....

I can't overemphasize the importance of patience, at two steps in particular:

1) After running dcpromo on the 2nd DC, wait until SYSVOL show up in Net Share before proceeding.

2) After transferring FSMO to the 2nd DC and demoting the 1st DC from global catalog, reboot and wait for things to settle down. At this point both DC's will fail dcdiag until things settle down. It took a good 15, 20 minutes on my little domain. That's what really had me going....
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21774766
a lot of people have used my guide and not commented on the DNS portion so i will review it - thanks

Take it easy
0

Join & Write a Comment

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now