Solved

Problem after using adprep & "delete nc" on server 2003

Posted on 2008-06-20
9
736 Views
Last Modified: 2012-06-21
I was attempting to install server 2008 DC into an existing domain. I took adprep from the 2008 cd and started it on each DC. Upon performing "/rodcprep" I was given some errors about orphaned partitions. My thought process was I would delete them and recreate them. I deleted "DC=ForestDnsZones,DC=buildersmetal,DC=local" & "DC=DomainDnsZones,DC=buildersmetal,DC=local". I recreated them but it didn't fix anything. Now I'm getting more errors.

Here are my event log errors:

ESource: Netlogon
EID: 5781

Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.buildersmetal.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

ESource: Netlogon
EID: 5781

Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.buildersmetal.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

ESource: Netlogon
EID: 5781

Dynamic registration or deletion of one or more DNS records associated with DNS domain 'buildersmetal.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

ESource: NTDS Replication
EID:2088

Active Directory could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.

You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.

Alternate server name:
builders-dc0
Failing DNS host name:
60cb60a4-0e6f-463e-86d4-1ed4e95119d6._msdcs.buildersmetal.local

ESource: NTDS General
EID: 1126

Active Directory was unable to establish a connection with the global catalog.

ESource: DNS
EID: 4011

The DNS server was unable to add or write an update of domain name builders-dc3 in zone builders-dc3.buildersmetal.local to the Active Directory. Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is "0000208D: NameErr: DSID-031001cd, problem 2001 (NO_OBJECT), date 0, best match of: 'CN=MicrosoftDNS,DC=DomainDnsZones,DC=buildersmetal,DC=local'". The event data contains the error.

ESource: DNS
EID: 800

The zone buildersmetal is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates.



Additionally a dcdiag fails at two areas:
The host 3fc295ac-20d2-400c-bb4f-075fdedc819c._mscds.buildersmetal.local could not be resolved to an IP address.
FsmoCheck:
DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 A Global Catalog Server could not be located - All GC's are down.


I did check to make sure that the secondary server (builders-dc0) does have the catalog checkbox. So I'm at a loss on what's going on. I really wish I had made a backup/system state before I attempted this. I guess I won't make that mistake next time.
0
Comment
Question by:drilus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21832631
Do a netdiag /fix on the system.
0
 
LVL 5

Author Comment

by:drilus
ID: 21833037
I did try that, but it didn't fix either problem.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21833067
Do this below and post the results? This will give us a starting point.

From a command prompt try running netdiag /fix this could
repopulate the dns records for your dc

If you don't have the support tools installed, install them from your server
install disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take
into account slow links to dc's will also add to the testing time.

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be output
in notepad text files that pop up automagically.

The script is located in the download section on my website at
http://www.pbbergs.com/windows/downloads.htm#DCDIAG

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Author Comment

by:drilus
ID: 21833490
Here is the output of dcdiag & netdiag (1 for each server. 2 total). repadmin passed with no errors. dc* failed so I used the actual name of my dc.
diag-errors.txt
netdiag-errors1.txt
netdiag-errors2.txt
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21833655
0
 
LVL 5

Author Comment

by:drilus
ID: 21833819
I wish I had seen that sooner. Now I just need to get my DNS fixed. I can't join any computers to the domain and I can't run DCPROMO on the 2008 server because of how I went about doing it.

I'm not sure if the fSMORoleOwner would fix the dns issues I'm having.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21834136
Does of your DNS servers working correctly?
0
 
LVL 5

Author Comment

by:drilus
ID: 21899328
DNS is working correctly. It's the active directory dns that isn't. I can ping the IP address or machine name but trying to join a computer to a domain fails.

I'm going to attempt to delete all the DNS information and have it re-register to hopefully fix the problem.
0
 
LVL 5

Accepted Solution

by:
drilus earned 0 total points
ID: 21984705
I solved this by recreating the deleted zones and having AD repopulate. Took a couple hours for the replication to take effect across all servers. After that I could make the necessary changes I needed.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

731 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question