Avatar of rpeppler

asked on 

Help creating a test domain (AD and DNS problems)

Hi guys,

I'm trying to create a duplicate test domain following the steps I found at this website: http://www.pbbergs.com/windows/articles/TestDomain.html. However I'm having a few problems.

I got to the point where I restored the System State from backup, but after I reboot it takes forever for the server to start up saying that it's preparing network connections and applying computer settings for about 20 minutes. Once I finally log on DNS doesn't work and says "The DNS server was unable to open active directory..." and AD says "Naming information cannot be located because: the specified domain either does not exist or cannot be contacted". On that website however, I should have been able to load DNS at least...

So anyway, I decided to blow away the server and start again.  Now I've gone a bit slower this time and I'm at the point where I've pointed the DNS server to itself and decided to do a reboot.  Again the server takes forever to start up saying that it's preparing network connections and applying computer settings again for another 20 minutes.  Once I log in, I can see the following warnings in the event logs:

The Security System detected an authentication error for the server ldap/test-env.<domain name>.local.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. [shouldn't it be a logon server now that it is a DC and is running DNS?]

Dynamic registration or deletion of one or more DNS records associated with DNS domain '<domain name>.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).


Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.

at this point the server can ping everything else, but nothing can ping it.  I would have thought that at this point I could just physically remove the server from the network and DNS and AD would be there, but I'm suck with the same problems as before (ie can't see AD or DNS). What am I doing wrong?

FYI we have a 2003 domain with 2 DC controllers already which are both running DNS also in an DNS integrated AD environment.

Any help would be much appreciated!
Active DirectoryDNSWindows Server 2003

Avatar of undefined
Last Comment

8/22/2022 - Mon