We help IT Professionals succeed at work.

I cannot create Active Directory Integrated DNS zones.

clcurri
clcurri asked
on
16,490 Views
1 Endorsement
Last Modified: 2010-11-10
How do I remedy this situation, I am unable to create an active directory integrated zone in an all windows server 2003 forest. this error comes up on both of my domain controllers.

There is very little information on the internet on resolving this issue.

Comment
Watch Question

Can you post the error...... Are you logged on as an enterprise admin?

Author

Commented:
Here is the pop up error message:
The zone cannot be created. There was a server failure.

Author

Commented:
Yes I am logged on as an eneterprise administrator, I am also able to create zones that are not active directory integrated.
What happens if you create a non AD intergrated zone and then try to AD intergrate it?
CERTIFIED EXPERT
Top Expert 2006

Commented:
youch - have you tried reinstalling DNS?

Author

Commented:
I havent tried reinstalling dns since this was a new os install. But when I try to AD integrate I get the following replication error:
" the replication scope could not be set. For more information, see 'DNS zone replication in Active Directory' in Help and Support. The error was: There was a server failure."
CERTIFIED EXPERT
Top Expert 2006

Commented:
i would reinstall DNS personally - usually gets most things sorted

Author

Commented:
I also just tried reinstalling the dns component through add/remove program and I still get the same error.
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
> But when I try to AD integrate I get the following replication error:

What replication scope where you trying to set there? There are 3 different places it can store DNS data, each with a specific replication scope. It may just be one of those that's unhappy.

Anyway, it implies a problem exists within Active Directory itself. Please run DCDiag and NetDiag and check for underlying errors.

Chris
did you try creating a zone and then AD intergrating it?

Author

Commented:
Thanks for the replies, I was able to create a non AD zone then I was able to change it to an ad zone but it only allows me to replicate to all domain controllers in the active directory domain.

I get the same replication scope can not be set error when I try to replicate to either of the two options to replicate to all dns servers in AD forest nor AD domain.

Below are my dcdiags and netdiags:

 Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\NETSERVER1
      Starting test: Connectivity
         ......................... NETSERVER1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\NETSERVER1
      Starting test: Replications
         ......................... NETSERVER1 passed test Replications
      Starting test: NCSecDesc
         ......................... NETSERVER1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... NETSERVER1 passed test NetLogons
      Starting test: Advertising
         ......................... NETSERVER1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... NETSERVER1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... NETSERVER1 passed test RidManager
      Starting test: MachineAccount
         ......................... NETSERVER1 passed test MachineAccount
      Starting test: Services
         ......................... NETSERVER1 passed test Services
      Starting test: ObjectsReplicated
         ......................... NETSERVER1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... NETSERVER1 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... NETSERVER1 failed test frsevent
      Starting test: kccevent
         ......................... NETSERVER1 passed test kccevent
      Starting test: systemlog
         ......................... NETSERVER1 passed test systemlog
      Starting test: VerifyReferences
         ......................... NETSERVER1 passed test VerifyReferences

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : ilcuboard
      Starting test: CrossRefValidation
         ......................... ilcuboard passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ilcuboard passed test CheckSDRefDom

   Running enterprise tests on : ilcuboard.local
      Starting test: Intersite
         ......................... ilcuboard.local passed test Intersite
      Starting test: FsmoCheck
         ......................... ilcuboard.local passed test FsmoCheck

C:\Documents and Settings\Administrator.CUB_DOMAIN>


===============================================================================


C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag/fix

......................................

    Computer Name: NETSERVER1
    DNS Host Name: netserver1.ilcuboard.local
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
    List of installed hotfixes :
        KB924667-v2
        KB925398_WMP64
        KB925876
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB938127
        KB938127-IE7
        KB941202
        KB941569
        KB941644
        KB941672
        KB941693
        KB942763
        KB943055
        KB943460
        KB943485
        KB943729
        KB944338
        KB944653
        KB945553
        KB946026
        KB948496
        KB948590
        KB948745
        KB949014
        KB950759
        KB950759-IE7
        KB950760
        KB950762
        KB951698
        KB951746
        KB951748
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : netserver1
        IP Address . . . . . . . . : 192.168.100.87
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.100.1
        Primary WINS Server. . . . : 192.168.100.87
        Dns Servers. . . . . . . . : 192.168.100.87
                                     192.168.100.94
                                     192.168.100.77


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
            No remote names have been found.

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.100.
87' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Documents and Settings\Administrator.CUB_DOMAIN>
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

> Thanks for the replies, I was able to create a non AD zone then I wasable to change it to
> an ad zone but it only allows me to replicate toall domain controllers in the active directory domain.

All your Domain Controllers are Windows 2003?

I wonder if it's just not created the partitions for the other replication scopes. You can force it to create them with:

dnscmd /CreateBuiltinDirectoryPartitions /AllDomains

DNSCMD is included in the Windows Support Tools if it's not already installed. Use this command to see the full set of options for the above:

dnscmd /CreateBuiltinDirectoryPartitions /?

Chris
Or, using DNS manager, you could right click on the DNS server and select "Create default Active Directory  Partitions"

Author

Commented:
All Domain Controllers are Windows 2003 but one is of the R2 variety and is the secondary DC and the primary DC is Windows Server 2003 SP2.

I have the following event errors in the event viewer for DNS events:

4015, 4007, and 4521 but they seem to be referring to our old zone name which I deleted and did a metadata cleanup.

System  events:
10009, 5774

directory Events:
2087

The problem I saw with these is that they were refferring to either the zones ilcub.local and cubnet.com which are no longer present.

I think all my problems are because I changed the zone name and thought I cleaned up all the metadata but Im not sure how now. I only changed the zones because my server crashed before and it seemed like this was the only way to bring it back

This is a very small network of 5 servers and 30 desktops and 10 laptops for our non-profit org.


Author

Commented:
I also did the right click on the DNS server and got the following error:

The partition to replicate zone data to all DNS servers in the Active Directory domain was not created. The specified directory partition already exists.

I believe I created this whole problem with the previous zone name changes from cubnet.com, to ilcub.local and finally back to our accepted ilcuboard.local

Author

Commented:
So is there anyway to completely delete all traces of my old domain names from my server. I thought when I wiped the drive clean and did a fresh install this wouldn't matter but apparently the domain controller where I had to restore from kept some information from the old domain name. But now I am stuck and not sure of what to do so does anybody know where I should start there are so many errors in the event log in the system, application, dns, directory, etc. but I am really confused on where to start.
First of all, changing the zone name does not affect the AD Application partition.  You have an AD Partition that stores DNS zones.  If you change the name of a zone you are not changing the name of the Application Partition.  Using NTDSUTIL, Domain Management, see what NC's exist and report back to me.

Author

Commented:
OK thanks for that information I did not know that. But here is the nc information listed on the primary domain controller
ntdsutil: domain management
domain management: list nc information
Error 80070057 parsing input - illegal syntax?
domain management: list
Not connected to a server - use "Connections"
domain management: connections
server connections: connect to server netserver1
Binding to netserver1 ...
Connected to netserver1 using credentials of locally logged on user.
server connections: q
domain management: list
Note: Directory partition names with International/Unicode characters will only
display correctly if appropriate fonts and language support are loaded
Found 5 Naming Context(s)
0 - DC=ilcuboard,DC=local
1 - CN=Configuration,DC=ilcuboard,DC=local
2 - CN=Schema,CN=Configuration,DC=ilcuboard,DC=local
3 - DC=ForestDnsZones,DC=ilcuboard,DC=local
4 - DC=DomainDnsZones,DC=ilcuboard,DC=local
domain management: list nc information netserver1
Could find no special info for this Partition
domain management: list nc information %netserver1
Could find no special info for this Partition
domain management: list nc information %snetserver1
Could find no special info for this Partition
domain management: list nc information
Error 80070057 parsing input - illegal syntax?
domain management:

Author

Commented:
Also do you or anyone know how to stop active directory from looking up old dns zone information?
I am not sure what you mean by old DNS zone information.  Are you seeing old zones in the DNS manager?

Author

Commented:
The DNS logs are filled with these warnings below referring to "." and it used to list zones that I have deleted but I am assuming that is cleared up some how.


Event Type:      Warning
Event Source:      DNS
Event Category:      None
Event ID:      9999
Date:            7/15/2008
Time:            11:09:18 AM
User:            N/A
Computer:      NETSERVER1
Description:
The DNS server has encountered numerous run-time events. To determine the initial cause of these run-time events, examine the DNS server event log entries that preceded these run-time events. The data is the number of events that have been suppressed in the last 60 minute interval.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 14 00 00 00               ....    


------------------------------------------------------------------------------------------------------------------------------
Event Type:      Warning
Event Source:      DNS
Event Category:      None
Event ID:      4521
Date:            7/15/2008
Time:            6:30:18 PM
User:            N/A
Computer:      NETSERVER1
Description:
The DNS server encountered error 9002 attempting to load zone . from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Has this domain been upgraded from a windows 2000 domain.  The "." domain is the root domain.  Windows 2000 used to create this zone during a DCPROMO.  If you server has this zone it will cease to use Root Hints to resolve names outside of zones that exist on the dns server (a process called recursion).   Can you use dnscmd /zonedelete to delete the "." zone?

Author

Commented:
Yes it was upgraded from a windows 2000 domain but that was 4 years ago and i checked the zones on all the servers and there was no "." zone so it is completely puzzling. Also is it a problem to have 2 global catalog servers running on the same domain/forest (we only have one forest/domain)?
No.....if you only have one Domain within your forest it is recommended that you make all DC's global catalog servers.
Can you run dnscmd /enumzones and post the output?

Author

Commented:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CUB_DOMAIN>dnscmd /enumzones
Enumerated zone list:

        Zone count = 3

 Zone name                      Type       Storage         Properties

 .                              Cache      AD-Domain
 100.168.192.in-addr.arpa       Primary    AD-Legacy       Secure Rev
 ilcuboard.local                Primary    AD-Legacy       Update Aging

Command completed successfully.

C:\Documents and Settings\Administrator.CUB_DOMAIN>
Are you familiar with using ADSIEdit.  If so, under your Domain[ilcuboard.local] , cn=system, cn=microsoftDNS, see if the DC=. container exists.  If so delete it. You should then connect to the DC=ForestDnsZones,DC=ILCUBOARD,DC=LOCAL and DC=DomainDnsZones,DC=ILCUBOARD,DC=LOCAL  application partitions and under cn=microsoftDNS in each of those do the same.

Author

Commented:
I just tried to delete the "." zone from the cache but I get errors.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CUB_DOMAIN>dnscmd /enumzones
Enumerated zone list:

        Zone count = 3

 Zone name                      Type       Storage         Properties

 .                              Cache      AD-Domain
 100.168.192.in-addr.arpa       Primary    AD-Legacy       Secure Rev
 ilcuboard.local                Primary    AD-Legacy       Update Aging

Command completed successfully.

C:\Documents and Settings\Administrator.CUB_DOMAIN>dnscmd /enumzones
Enumerated zone list:

        Zone count = 3

 Zone name                      Type       Storage         Properties

 .                              Cache      AD-Domain
 100.168.192.in-addr.arpa       Primary    AD-Legacy       Secure Rev
 ilcuboard.local                Primary    AD-Legacy       Update Aging

Command completed successfully.

C:\Documents and Settings\Administrator.CUB_DOMAIN>dnscmd /zonedelete
Usage: DnsCmd  /ZoneDelete  [/DsDel] [/f]
  /DsDel   -- Delete Zone from DS
  /f       -- Execute without asking for confirmation
  Default: delete zone from DNS sever, but NOT from DS

Command failed:  ERROR_INVALID_PARAMETER     87  (00000057)

Check the required arguments and format of your command.

C:\Documents and Settings\Administrator.CUB_DOMAIN>dnscmd /zonedelete .
Are you sure you want to DeleteZone? (y/n) y


Command failed:  ERROR_INVALID_PARAMETER     87  (00000057)

Check the required arguments and format of your command.

C:\Documents and Settings\Administrator.CUB_DOMAIN>dnscmd /enumzones
Enumerated zone list:

        Zone count = 3

 Zone name                      Type       Storage         Properties

 .                              Cache      AD-Domain
 100.168.192.in-addr.arpa       Primary    AD-Legacy       Secure Rev
 ilcuboard.local                Primary    AD-Legacy       Update Aging

Command completed successfully.

C:\Documents and Settings\Administrator.CUB_DOMAIN>dnscmd /zonedelete .
Are you sure you want to DeleteZone? (y/n) y


Command failed:  ERROR_INVALID_PARAMETER     87  (00000057)

Check the required arguments and format of your command.

C:\Documents and Settings\Administrator.CUB_DOMAIN>dnscmd /zonedelete /?
Usage: DnsCmd  /ZoneDelete  [/DsDel] [/f]
  /DsDel   -- Delete Zone from DS
  /f       -- Execute without asking for confirmation
  Default: delete zone from DNS sever, but NOT from DS

C:\Documents and Settings\Administrator.CUB_DOMAIN>dnscmd /zonedelete . /DsDel
Are you sure you want to DeleteZoneFromDs? (y/n) y


Command failed:  ERROR_INVALID_PARAMETER     87  (00000057)

Check the required arguments and format of your command.

C:\Documents and Settings\Administrator.CUB_DOMAIN>dnscmd /zonedelete . /f

Command failed:  ERROR_INVALID_PARAMETER     87  (00000057)

Check the required arguments and format of your command.

C:\Documents and Settings\Administrator.CUB_DOMAIN>dnscmd netserver1 /zonedelete
 . /DsDel
Are you sure you want to DeleteZoneFromDs? (y/n) y


Command failed:  ERROR_INVALID_PARAMETER     87  (00000057)

Check the required arguments and format of your command.

C:\Documents and Settings\Administrator.CUB_DOMAIN>

Any idea on how I can delete the "." zone?
The "." zone that you are seeing is not an actual zone.  DNSCMD on your server is not seeing a "." zone.  If you use ADSIedit you will be able to see if there is any AD container that represents the "." zone.  If so delete it, if not, get back to me.

Author

Commented:
i couldn't find the zone there
Did you also look in both forestdnszones and domaindnszones?
If so, try creating the "." zone and AD intergrating it. Just want to see if it lets you do it.

Author

Commented:
I checked for the "." zone both forestdnszones and domaindnszones under configuration and didnt find it.
I created the "." zone with ad integration and I am only able to set it for domain replication but not to all dns servers.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
When doing this on a production server is this something i should wait to do on the weekend? I do have a secondary server but im not sure what precautions i should take
As your DNS server has nothing stored in these partitions it should not affect your server if you delete them.  If you want to wait until the weekend I understand.  The choice is yours.

Author

Commented:
I'll report the results this weekend.
Good Luck

Author

Commented:
OK, I couldnt wait until the weekend so I took some precautions and tried your suggestion, I was able to create the ad integrated zone without a problem and it replicated to all dns servers. But the weird thing that happened was the secondary domain controller changed from a secondary zone to a primary and this secondary dc and zone changed all its secondary properties to primary. Im not sure if there should be two primary zones with the same name for one forest, is this ok? I configured this server to specifically be a secondary dns server with secondary zones with the same name and overnight it changed to primary.

I keep getting rpc errors when i try to replicate from this secondary dc.

Also I am still getting this error frsevent failed for replication in the dcdiag test.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag

........................................

    Computer Name: NETSERVER1
    DNS Host Name: netserver1.ilcuboard.local
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
    List of installed hotfixes :
        KB924667-v2
        KB925398_WMP64
        KB925876
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB938127
        KB938127-IE7
        KB941202
        KB941569
        KB941644
        KB941672
        KB941693
        KB942763
        KB943055
        KB943460
        KB943485
        KB943729
        KB944338
        KB944653
        KB945553
        KB946026
        KB948496
        KB948590
        KB948745
        KB949014
        KB950759
        KB950759-IE7
        KB950760
        KB950762
        KB951698
        KB951746
        KB951748
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : netserver1
        IP Address . . . . . . . . : 192.168.100.87
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.100.1
        Primary WINS Server. . . . : 192.168.100.87
        Dns Servers. . . . . . . . : 192.168.100.87
                                     192.168.100.77
                                     192.168.100.94


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.100.
87' and other DCs also have some of the names registered.
       [WARNING] The DNS entries for this DC cannot be verified right now on DNS
 server 192.168.100.77, ERROR_TIMEOUT.
       [WARNING] The DNS entries for this DC cannot be verified right now on DNS
 server 192.168.100.94, ERROR_TIMEOUT.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
====================================================================================
C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\NETSERVER1
      Starting test: Connectivity
         ......................... NETSERVER1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\NETSERVER1
      Starting test: Replications
         ......................... NETSERVER1 passed test Replications
      Starting test: NCSecDesc
         ......................... NETSERVER1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... NETSERVER1 passed test NetLogons
      Starting test: Advertising
         ......................... NETSERVER1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... NETSERVER1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... NETSERVER1 passed test RidManager
      Starting test: MachineAccount
         ......................... NETSERVER1 passed test MachineAccount
      Starting test: Services
         ......................... NETSERVER1 passed test Services
      Starting test: ObjectsReplicated
         ......................... NETSERVER1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... NETSERVER1 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... NETSERVER1 failed test frsevent
      Starting test: kccevent
         ......................... NETSERVER1 passed test kccevent
      Starting test: systemlog
         ......................... NETSERVER1 passed test systemlog
      Starting test: VerifyReferences
         ......................... NETSERVER1 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : ilcuboard
      Starting test: CrossRefValidation
         ......................... ilcuboard passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ilcuboard passed test CheckSDRefDom

   Running enterprise tests on : ilcuboard.local
      Starting test: Intersite
         ......................... ilcuboard.local passed test Intersite
      Starting test: FsmoCheck
         ......................... ilcuboard.local passed test FsmoCheck

C:\Documents and Settings\Administrator.CUB_DOMAIN>

Author

Commented:
if i need to open a new thread for the rpc errors thats fine with me but im not sure if its related.
This is different.

Firstly, in AD there is no such thing as a Primary and Secondary DC.  All DCs are considered primary, that means that both domain controllers have a read/write copy of the database.  Before you make any changes to AD you should make sure that both DC's can replicate with each other correctly.

Secondly, in DNS you still have Primary and Secondary zones.  A primary zone is where all changes are made to the zone and then pulled down to the secondary zone.

A primary zone can be stored in AD (AD intergrated) but a secondary cannot.  You can only AD intergrate a zone if the DNS service is running on a DC.  You can store a zone in AD and replicate it to your second DC.  That zone is considered a primary zone on both servers.  Changes can be made on either server and then replicated to the other.

Are all your DNS servers running on DCs?
Can all your DCs resolve eace other?  If not point the all DNS resolves to a single DNS server.  Restart the NETLOGON service on each DC and run IPCONFIG /REGISTERDNS.
Verify replication is working
Then report back to me

Author

Commented:
How do I check to see if they can resolve each other?

Author

Commented:
Thanks for clearing the primary secondary confusion.

I have 3 dns servers 2 of which are domain controllers.

I checked in the dns properties and both dcs were able to resolve the addresses of each other.

Its still failing the frsevent from dcdiag on both domain controllers but I am not receiving the rpc errors any more when trying to replicate from both domain controllers using the ad sites and services.

I havent noticed any new errors in the event viewer, the only thing Im concerned with is the dcdiag error for the frsevent which still shows up, should i be concerned with this error because it seems like replication is working as far as i know?

Author

Commented:
thanks for all your help but running the frsdiag tool gave me a bunch of errors (over 500) and pointed me in the direction of another article which I tried outlined here https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_21740439.html for me changing the registry values created more errors and my network went totally beserk so I called microsoft and the tech changed some values in dns which Im not sure what he did but he said I had corrupt values with the netlogon service and dns was not pointing properly to the other dc and he fixed the problem, now i have no errors.

Can points be awarded for time even if it didnt solve the core problem because I do appreciate the time you put in to help me out but I also dont want to mislead anybody else looking for help.


C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\NETSERVER1
      Starting test: Connectivity
         ......................... NETSERVER1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\NETSERVER1
      Starting test: Replications
         ......................... NETSERVER1 passed test Replications
      Starting test: NCSecDesc
         ......................... NETSERVER1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... NETSERVER1 passed test NetLogons
      Starting test: Advertising
         ......................... NETSERVER1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... NETSERVER1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... NETSERVER1 passed test RidManager
      Starting test: MachineAccount
         ......................... NETSERVER1 passed test MachineAccount
      Starting test: Services
         ......................... NETSERVER1 passed test Services
      Starting test: ObjectsReplicated
         ......................... NETSERVER1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... NETSERVER1 passed test frssysvol
      Starting test: frsevent
         ......................... NETSERVER1 passed test frsevent
      Starting test: kccevent
         ......................... NETSERVER1 passed test kccevent
      Starting test: systemlog
         ......................... NETSERVER1 passed test systemlog
      Starting test: VerifyReferences
         ......................... NETSERVER1 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : ilcuboard
      Starting test: CrossRefValidation
         ......................... ilcuboard passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ilcuboard passed test CheckSDRefDom

   Running enterprise tests on : ilcuboard.local
      Starting test: Intersite
         ......................... ilcuboard.local passed test Intersite
      Starting test: FsmoCheck
         ......................... ilcuboard.local passed test FsmoCheck

C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag

........................................

    Computer Name: NETSERVER1
    DNS Host Name: netserver1.ilcuboard.local
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
    List of installed hotfixes :
        KB924667-v2
        KB925398_WMP64
        KB925876
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB938127
        KB938127-IE7
        KB941202
        KB941569
        KB941644
        KB941672
        KB941693
        KB942763
        KB943055
        KB943460
        KB943485
        KB943729
        KB944338
        KB944653
        KB945553
        KB946026
        KB948496
        KB948590
        KB948745
        KB949014
        KB950759
        KB950759-IE7
        KB950760
        KB950762
        KB951698
        KB951746
        KB951748
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : netserver1
        IP Address . . . . . . . . : 192.168.100.87
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.100.1
        Primary WINS Server. . . . : 192.168.100.87
        Dns Servers. . . . . . . . : 192.168.100.87
                                     192.168.100.77
                                     192.168.100.94


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
            No remote names have been found.

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.100.
87' and other DCs also have some of the names registered.
       [WARNING] The DNS entries for this DC cannot be verified right now on DNS
 server 192.168.100.77, ERROR_TIMEOUT.
       [WARNING] The DNS entries for this DC cannot be verified right now on DNS
 server 192.168.100.94, ERROR_TIMEOUT.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Documents and Settings\Administrator.CUB_DOMAIN>


Author

Commented:
I awarded points because I reviewed my initial question and this was part of a two part solution. This solution did help me resolve creating an active directory integrated zone, many thanks and sorry for any confusion. I would hope that you provide your continued support in the future.

Thanks again.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.