We help IT Professionals succeed at work.

problems adding a member server to w2k3 sp2 domain as dc

274 Views
Last Modified: 2011-10-19
My problem exists in dns,
the forward lookup zone is referencing the wrong ip association.  Additional server went on with know problem as a member server.Any help would be appreiciated. attached is result of dcdiag /test
dcidiag.bmp
Comment
Watch Question

Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

The record above normally exists as an Alias (CNAME) directly beneath the _msdcs folder. It is the responsibility of the NetLogon Service to register and maintain those records.

Does the record exist? If not, restart the NetLogon Service.

If the record still doesn't exist check the Event Log for associated errors.

Check that the record exists and is accurate in the netlogon.dns file under %systemroot%\system32\config.

Chris

Author

Commented:
calias record doesn't exist, checked netlon.dns file and it references dcidom.net all over the place. I restarted netlogon a few times. still the same problem. Is it possible to remove dns and start over from scratch?
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Have you renamed your Domain recently?

If so, you can simply replace dcidom.net with dci-dom.dom in the netlogon.dns file. After doing so, restart the NetLogon service and it should correctly register the DNS records.

Chris

Author

Commented:
I tried your solution . ran dcdiag /test:connectivity and got the same result. Could there possibly be something in the registry that is referncing this?

Author

Commented:
The domain name I haven't a clue if it was changed I just took over the network a few months ago and am trying to straigten it out.
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

But you have renamed your domain?

I take it restarting the netlogon service still fails to register the entries? And can you confirm that the entries haven't reset back to the original values?

Can you also check the Event Log for registration errors?

Chris
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Ahh cool, that makes sense :) Ignore that question then, we'll just go with what is.

Chris

Author

Commented:
event log just registers a warning about not loading the zone and will retry on next time out.I see in my dns forward lookup a reference to dcidom.net in the soa records .
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
That doesn't sound all that good.

If you open up AD Users and Computers the domain name there is listing as dci-dom.dom? And that matches the Primary DNS Suffix for the machine (ipconfig /all)?

And that exists as a Forward Lookup Zone and allows Secure Dynamic Updates?

What Replication Scope is that set to?

Does running the rest of DCDiag show any other pertinent errors?

And does NetDiag show any interesting errors?

Chris

Author

Commented:
users and computers shows dci-dom
ipconfig /all show nothing as dns but it lists dns server ip address
all dns servers for replication
that is the only error in dcdiag the rest run with no errors
netdiag reports can not find authoritive server dcidom.net

Author

Commented:
ran ipconfig /all and no connection specific dns server listed
 
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

It should show the primary DNS Suffix in the header section of ipconfig. e.g.:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SomeServer
  Primary Dns Suffix  . . . . . . . : Domain.com

We just need to make sure that's correct.

I don't like that NetDiag is looking for dcidom.net, not exactly what I'd hoped for.

Chris

Author

Commented:
still no primary dns suffix listed just a dns ip address
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

That's odd.

Open up the properties for My Computers, select the Computer Name tab. Is the Full Computer Name and Domain Name tab correctly populated there?

You can see the value for the Primary DNS Suffix as well if you select Change (accept the warning), the press More.

Chris

Author

Commented:
problem seems to be in the ladp section ms-srv not responding so its skippped

Author

Commented:
computer name points dcidom.net but the domain is dci-dom
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

Well, it's difficult to determine what he root cause is if you've not been there long :)

There's an MS Article relating to fixing disjointed namespaces like this. See:

http://support.microsoft.com/kb/257623

The script in there can potentially be used to fix it.

As with any operation like this you should ensure you have a full backup prior to doing anything. I would hate to be even partially responsible for breaking things ;)

Chris

Author

Commented:
I will try the article looks like it maybe a long day. I was wanting to get this other server into the domain to replicate AD so i wouldn't lose my users and all of that stuff. Thanks for your help.
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.