Solved

Newly installed domain controller cannot contact global catalog server

Posted on 2008-10-03
24
1,600 Views
Last Modified: 2012-08-13
I just installed a second DC in a subdomain of an existing Server 2008 domain. However, I'm getting errors for AD Domain Services and DNS Server on the new domain, and I can't seem to do things I want to do (like create a new DNS zone and delegation). I'm getting an error saying that AD DS (on the new server) is not able to contact the global catalog server. I've tried the following troubleshooting steps (from MS help):
1. Checked network connectivity of DC reporting the error: It's OK, and both DCs can ping each other by IP address or hostname. (One thing I noted, though, is that when pinging by hostname, the address that is returned is an IPv6 address instead of the IPv4 address that I have configured for the server. Could that be related to the problem?)
2. Tested connectivity from new DC to global catalog server using this command: nltest /server:newServer /dsgetdc:mydomain.com. This returns an "ERROR NO SUCH DOMAIN" error.
3. Ensured that my main DC is in fact configured as a global catalog server and that the NTDS service is running. This checked out OK.
4. Tried to test connectivity from the new server to the GC server by right-clicking the server name in Active Directory Users and Computers, clicking Change Domain Controller, and then typing in the GC server's IP address and port (e.g., 192.168.0.211:3268). This failed, as the server status is listed as Unavailable.

I'm at my wit's end, and this is time critical, so any help would be greatly appreciated!
0
Comment
Question by:johnnyb10
  • 9
  • 7
  • 4
  • +2
24 Comments
 
LVL 8

Assisted Solution

by:jtdebeer
jtdebeer earned 70 total points
Comment Utility
Have you setup your replication topology in Sites and Services ?
0
 

Author Comment

by:johnnyb10
Comment Utility
No, not specifically. I'm following along with a book and no steps were given to do that. Is that a required step that has been omitted? If so, can you tell me what to do? Thanks.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
Comment Utility
Try using portqry

http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=89811747-C74B-4638-A2D5-AC828BDC6983&displaylang=en

Check the ports

portqry -n 192.168.0.211 -e 3268
also check LDAP portqry -n 192.168.0.211 -e 389

If those are ok I'd use wireshark and netmon to sniff the traffic, that can give you a lot of clues too.
0
 
LVL 8

Assisted Solution

by:jtdebeer
jtdebeer earned 70 total points
Comment Utility
Once you have ensured the ports are open, and still having issues try the following:

Are both you DCs in the same subnet / LAN ?

Go to Acitve Directory Sites and Services, you must specify some details here:
Start with Subnets and setup the subnet/s. ie 192.168.1.0/24
Then create a Site and link the Site to the subnet what ever your IP range is. If your servers are on the same subnet make sure both is listed under the same Site.
Now setup InterSiteTransport, Create a new Site Link and add both sites.
This should get your replication going.

Keep an eye on the EventLog as this will guide you in the right direction.
0
 

Author Comment

by:johnnyb10
Comment Utility
@mkline71: Thanks. The response to both Portqry commands was "LISTENING", so the ports appear to be open.

@jtdebeer: Yes, both DCs are in the same subnet. Their IPs are 192.168.0.211 and 192.168.0.111.
I checked Sites and Services, and the 192.168.1.0/24 subnet exists. However, there is no subnet for 192.168.0.x. Is this my problem? (FYI, as I noted, these DCs are on a virtual network within Virtual Server. The virtual network adapters that they are using are on 192.168.0.x. The 192.168.1.x subnet is my LAN; it's what the host machine uses. So it seems weird that this is the only subnet listed here.)
Do I need to change this 192.168.1 subnet to 192.168.0? Or should I ADD the 192.168.0 subnet? I'm not sure how to add or edit a subnet here. Thanks...
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
Comment Utility
Add the 192.168.0 subnet.

Open active directory sites and services in Administrative tools.

RIght click on Subnets (last folder) and select New Subnet.  You will then enter the Address, and the subnet mask.

You have to associate a site with it and then you are done.
0
 

Author Comment

by:johnnyb10
Comment Utility
Actually, I now see how to create Sites and Subnets. (I was logged on to the second server as local admin and didn't have domain admin credentials. Now that I'm accessing Sites and Services on the first server as a domain admin, I can add Sites/Subnets.)
So my questions are:
1. Should I keep the .1.x subnet, or delete it and just add the .0.x subnet.
2. I've created a new Site, linked the new subnet to it. You say I should make sure my servers are in the new site. How do I get them there? Do I drag them from their existing location (they are both in Default-First-Site-Name), or do I do point to New, click Server, and then type their names?
0
 
LVL 8

Assisted Solution

by:jtdebeer
jtdebeer earned 70 total points
Comment Utility
I suggest you add the 192.168.0.x subnet.
Right click on Subnets and add. It is quite easy you should add 192.168.0.0/24

0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 260 total points
Comment Utility
Run a dcdiag /v then post results. This will help troubleshoot the issue
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
Comment Utility
You should be able to slect the server and then select action (or right click) then select move and then move it to the site.
0
 

Author Comment

by:johnnyb10
Comment Utility
Ok , I  set up the new subnet and site and ran dcdiag /v from the original DC and here' s what I got:

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>dcdiag  /v

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine Server11, is a Directory Server.
   Home Server = Server11
   * Connecting to directory service on server Server11.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=W2k8ad11,DC=co
m,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=W2k8ad11,DC=com
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=JEBsite,CN=Sites,CN=Con
figuration,DC=W2k8ad11,DC=com
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=W2k8ad11,DC=co
m,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=SERVER11,CN=Servers,CN
=JEBsite,CN=Sites,CN=Configuration,DC=W2k8ad11,DC=com
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=SERVER111,CN=Servers,C
N=JEBsite,CN=Sites,CN=Configuration,DC=W2k8ad11,DC=com
   objectGuid obtained
   InvocationID obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: JEBsite\SERVER11
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         Determining IP6 connectivity
         * Active Directory RPC Services Check
         ......................... SERVER11 passed test Connectivity

Doing primary tests

   Testing server: JEBsite\SERVER11
      Starting test: Advertising
         The DC SERVER11 is advertising itself as a DC and having a DS.
         The DC SERVER11 is advertising as an LDAP server
         The DC SERVER11 is advertising as having a writeable directory
         The DC SERVER11 is advertising as a Key Distribution Center
         The DC SERVER11 is advertising as a time server
         The DS SERVER11 is advertising as a GC.
         ......................... SERVER11 passed test Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Starting test: FrsEvent
         * The File Replication Service Event log test
         Skip the test because the event log File Replication Service does not e
xist.
         ......................... SERVER11 passed test FrsEvent
      Starting test: DFSREvent
         The DFS Replication Event Log.
         ......................... SERVER11 passed test DFSREvent
      Starting test: SysVolCheck
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... SERVER11 passed test SysVolCheck
      Starting test: KccEvent
         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 min
utes.
         ......................... SERVER11 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SERVER11,CN=Servers,CN=JEBsite,
CN=Sites,CN=Configuration,DC=W2k8ad11,DC=com
         Role Domain Owner = CN=NTDS Settings,CN=SERVER11,CN=Servers,CN=JEBsite,
CN=Sites,CN=Configuration,DC=W2k8ad11,DC=com
         Role PDC Owner = CN=NTDS Settings,CN=SERVER11,CN=Servers,CN=JEBsite,CN=
Sites,CN=Configuration,DC=W2k8ad11,DC=com
         Role Rid Owner = CN=NTDS Settings,CN=SERVER11,CN=Servers,CN=JEBsite,CN=
Sites,CN=Configuration,DC=W2k8ad11,DC=com
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER11,CN=Serv
ers,CN=JEBsite,CN=Sites,CN=Configuration,DC=W2k8ad11,DC=com
         ......................... SERVER11 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         Checking machine account for DC SERVER11 on DC SERVER11.
         * SPN found :LDAP/Server11.W2k8ad11.com/W2k8ad11.com
         * SPN found :LDAP/Server11.W2k8ad11.com
         * SPN found :LDAP/SERVER11
         * SPN found :LDAP/Server11.W2k8ad11.com/W2K8AD11
         * SPN found :LDAP/1e32c0bc-5cf1-4aa6-9811-ec191bcb2d74._msdcs.W2k8ad11.
com
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1e32c0bc-5cf1-4aa6-98
11-ec191bcb2d74/W2k8ad11.com
         * SPN found :HOST/Server11.W2k8ad11.com/W2k8ad11.com
         * SPN found :HOST/Server11.W2k8ad11.com
         * SPN found :HOST/SERVER11
         * SPN found :HOST/Server11.W2k8ad11.com/W2K8AD11
         * SPN found :GC/Server11.W2k8ad11.com/W2k8ad11.com
         ......................... SERVER11 passed test MachineAccount
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC SERVER11.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=W2k8ad11,DC=com
            (NDNC,Version 3)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=W2k8ad11,DC=com
            (NDNC,Version 3)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=W2k8ad11,DC=com
            (Schema,Version 3)
         * Security Permissions Check for
           CN=Configuration,DC=W2k8ad11,DC=com
            (Configuration,Version 3)
         * Security Permissions Check for
           DC=W2k8ad11,DC=com
            (Domain,Version 3)
         ......................... SERVER11 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\SERVER11\netlogon
         Verified share \\SERVER11\sysvol
         ......................... SERVER11 passed test NetLogons
      Starting test: ObjectsReplicated
         SERVER11 is in domain DC=W2k8ad11,DC=com
         Checking for CN=SERVER11,OU=Domain Controllers,DC=W2k8ad11,DC=com in do
main DC=W2k8ad11,DC=com on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SERVER11,CN=Servers,CN=JEBsite,CN=Site
s,CN=Configuration,DC=W2k8ad11,DC=com in domain CN=Configuration,DC=W2k8ad11,DC=
com on 1 servers
            Object is up-to-date on all servers.
         ......................... SERVER11 passed test ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
         ......................... SERVER11 passed test Replications
      Starting test: RidManager
         * Available RID Pool for the Domain is 1600 to 1073741823
         * Server11.W2k8ad11.com is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1100 to 1599
         * rIDPreviousAllocationPool is 1100 to 1599
         * rIDNextRID: 1123
         ......................... SERVER11 passed test RidManager
      Starting test: Services
         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: DFSR
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SERVER11 passed test Services
      Starting test: SystemLog
         * The System Event log test
         ......................... SERVER11 failed test SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Starting test: VerifyReferences
         The system object reference (serverReference)
         CN=SERVER11,OU=Domain Controllers,DC=W2k8ad11,DC=com and backlink on
         CN=SERVER11,CN=Servers,CN=JEBsite,CN=Sites,CN=Configuration,DC=W2k8ad11
,DC=com
         are correct.
         The system object reference (serverReferenceBL)
         CN=SERVER11,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,
CN=System,DC=W2k8ad11,DC=com
         and backlink on
         CN=NTDS Settings,CN=SERVER11,CN=Servers,CN=JEBsite,CN=Sites,CN=Configur
ation,DC=W2k8ad11,DC=com
         are correct.
         ......................... SERVER11 passed test VerifyReferences
      Test omitted by user request: VerifyReplicas

      Test omitted by user request: DNS
      Test omitted by user request: DNS

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : W2k8ad11
      Starting test: CheckSDRefDom
         ......................... W2k8ad11 passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... W2k8ad11 passed test CrossRefValidation

   Running enterprise tests on : W2k8ad11.com
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Starting test: LocatorCheck
         GC Name: \\Server11.W2k8ad11.com
         Locator Flags: 0xe00013fd
         PDC Name: \\Server11.W2k8ad11.com
         Locator Flags: 0xe00013fd
         Time Server Name: \\Server11.W2k8ad11.com
         Locator Flags: 0xe00013fd
         Preferred Time Server Name: \\Server11.W2k8ad11.com
         Locator Flags: 0xe00013fd
         KDC Name: \\Server11.W2k8ad11.com
         Locator Flags: 0xe00013fd
         ......................... W2k8ad11.com passed test LocatorCheck
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site JEBsite, this site is outside the scope provided by the
         command line arguments provided.
         ......................... W2k8ad11.com passed test Intersite

C:\Users\Administrator>
0
 

Author Comment

by:johnnyb10
Comment Utility
And this is what I got when I ran dcdiag on the new server (the one that can't seem to connect to the  GC server):

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>dcdiag /v

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine Server111, is a Directory Server.
   Home Server = Server111
   * Connecting to directory service on server Server111.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=W2k8ad11,DC=co
m,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=W2k8ad11,DC=com
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=W2k8ad11,DC=co
m,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=SERVER11,CN=Servers,CN
=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=W2k8ad11,DC=com
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=SERVER111,CN=Servers,C
N=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=W2k8ad11,DC=com
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER111
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         The host c9312475-d974-4ff6-8ef1-35d3d214909f._msdcs.W2k8ad11.com
         could not be resolved to an IP address. Check the DNS server, DHCP,
         server name, etc.
         ......................... SERVER111 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER111
      Skipping all tests, because server SERVER111 is not responding to
      directory service requests.
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas

      Test omitted by user request: DNS
      Test omitted by user request: DNS

   Running partition tests on : sub11
      Starting test: CheckSDRefDom
         ......................... sub11 passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... sub11 passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running enterprise tests on : W2k8ad11.com
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Starting test: LocatorCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         PDC Name: \\Server111.sub11.W2k8ad11.com
         Locator Flags: 0xe00011b9
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
         1355
         A Good Time Server could not be located.
         KDC Name: \\Server111.sub11.W2k8ad11.com
         Locator Flags: 0xe00011b9
         ......................... W2k8ad11.com failed test LocatorCheck
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         ......................... W2k8ad11.com passed test Intersite

C:\Users\Administrator>
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 18

Assisted Solution

by:Jeremy Weisinger
Jeremy Weisinger earned 20 total points
Comment Utility
Setting up Sites And Services is pointless in a single site domain. I think that's drawing attention away from the issue.

Have we checked the firewall settings?
Are there other DCs in the domain?
Do the clients have issues contacting a GC?

In Server 2008 (and Vista) I'm still learning the quirks and configurations for the network so there maybe something in the configs that needs to be changed.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
Comment Utility
Are you seeing all the SRV records for the new domain controller in DNS?
 DNS is the next place I'd start checking.

How is the time looking on the two servers, verify they are in sync.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 260 total points
Comment Utility
Make sure the FRS Service is started on both servers. Make sure only local DNS servers are listed in the TCP\IP settings. Run a dcdiag /dns:test then post. Make sure the servers have each other listed in the DNS settings in TCP\IP.
0
 

Author Comment

by:johnnyb10
Comment Utility
I had to go out of town for a few days but I'm back and still having the same problem. I really appreciate all the help.

@My_Username:: Windows Firewall is off on both machines. There are only three computers in this network: My original DC, this new DC that I just added, and a Vista client. I'm not sure how to tell whether Vista can see the GC. I can ping the GC from Vista and I can log on to the domain from Vista (but I can do those things on the other DC as well). If I run ipconfig, I see that Vista has the original DC listed as its DNS server.

@mkline71: First of all, the time was OFF between the two servers, by three hours. The new server was set to PST, while my original server was set to EST. I changed the new server to EST so the times are now the same.
Regarding the SRV records: I'm not exactly sure where you mean for me to look. If I look in the DNS Console on the new server, under Forward Lookup Zones there is one SOA record, one NS record, and two A records, all for the new server itself. There also SRV records in the various subfolders ("_tcp", etc.). They are also all for the new server; should there be records here for the original DC as well? There don't seem to be any. (Apologies for my ignorance here.)

@dariusg: The FRS service was NOT running on either server. I started it on both servers but it doesn't seem to have had any effect. The DNS settings for the two servers are as follows:
Original DC: 127.0.0.1
Newly Added DC: 127.0.0.1
So in other words, they are each pointing at themselves as DNS servers.
Finally, here is the result of running dcdiag /dns:test on the new server (SERVER111):

C:\Users\Administrator>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Server111
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER111
      Starting test: Connectivity
         The host c9312475-d974-4ff6-8ef1-35d3d214909f._msdcs.W2k8ad11.com
         could not be resolved to an IP address. Check the DNS server, DHCP,
         server name, etc.
         ......................... SERVER111 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER111

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... SERVER111 passed test DNS

   Running partition tests on : sub11

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running enterprise tests on : W2k8ad11.com
      Starting test: DNS
         Test results for domain controllers:

            DC: Server111.sub11.W2k8ad11.com
            Domain: sub11.W2k8ad11.com


               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Warning: adapter
                  [00000006] Intel 21140-Based PCI Fast Ethernet Adapter (Emulat
ed)
                  has invalid DNS server: 127.0.0.1 (SERVER111)
                  Error: all DNS servers are invalid
                  No host records (A or AAAA) were found for this DC

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server:
                  a.root-servers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server:
                  a.root-servers.net. (2001:503:ba3e::2:30)
                  Error: Root hints list has invalid root hint server:
                  b.root-servers.net. (128.9.0.107)
                  Error: Root hints list has invalid root hint server:
                  b.root-servers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server:
                  c.root-servers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server:
                  d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server:
                  e.root-servers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server:
                  f.root-servers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server:
                  f.root-servers.net. (2001:500:2f::f)
                  Error: Root hints list has invalid root hint server:
                  g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server:
                  h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server:
                  h.root-servers.net. (2001:500:1::803f:235)
                  Error: Root hints list has invalid root hint server:
                  i.root-servers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server:
                  j.root-servers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server:
                  k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server:
                  l.root-servers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server:
                  m.root-servers.net. (202.12.27.33)

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network
               adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 128.63.2.53

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 128.8.10.90

            DNS server: 128.9.0.107 (b.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 128.9.0.107

            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 192.112.36.4

            DNS server: 192.168.0.111 (SERVER111)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 192.168.0.111

            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 192.203.230.10

            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 192.228.79.201

            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 192.33.4.12

            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 192.36.148.17

            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 192.5.5.241

            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 192.58.128.30

            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 193.0.14.129

            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 198.32.64.12

            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 198.41.0.4

            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235
             Name resolution is not functional. _ldap._tcp.W2k8ad11.com. failed
on the DNS server 2001:500:1::803f:235

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f
       Name resolution is not functional. _ldap._tcp.W2k8ad11.com. failed on the
 DNS server 2001:500:2f::f

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30
            Name resolution is not functional. _ldap._tcp.W2k8ad11.com. failed o
n the DNS server 2001:503:ba3e::2:30

            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.W2k8ad11.com. faile
d on the DNS server 202.12.27.33

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: sub11.W2k8ad11.com
               Server111                    PASS FAIL FAIL PASS PASS FAIL n/a

         ......................... W2k8ad11.com failed test DNS

And this is the result from running dcdiag /test:dns on the original server (SERVER11):
C:\Users\Administrator>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Server11
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: JEBsite\SERVER11
      Starting test: Connectivity
         ......................... SERVER11 passed test Connectivity

Doing primary tests

   Testing server: JEBsite\SERVER11

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... SERVER11 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : W2k8ad11

   Running enterprise tests on : W2k8ad11.com
      Starting test: DNS
         Test results for domain controllers:

            DC: Server11.W2k8ad11.com
            Domain: W2k8ad11.com


               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Intel 21140-Based PCI Fast Ethernet Adapter (Emulat
ed):

                     Warning:
                     Missing AAAA record at DNS server 192.168.0.211:
                     Server11.W2k8ad11.com

                     Warning:
                     Missing AAAA record at DNS server 192.168.0.211:
                     gc._msdcs.W2k8ad11.com

                     Warning:
                     Missing AAAA record at DNS server ::1:
                     Server11.W2k8ad11.com

                     Warning:
                     Missing AAAA record at DNS server ::1:
                     gc._msdcs.W2k8ad11.com

               Warning: Record Registrations not found in some network adapters

               Server11                     PASS WARN PASS PASS PASS WARN n/a
         ......................... W2k8ad11.com passed test DNS


Thanks in advance!
John


0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 260 total points
Comment Utility
First thing you need to do is remove the 127.0.0.1 in both DCs put the actual IP address in the preferred DNS server and put the second DNS server's ip address in for both DCs.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Sorry do a netdiag /fix on both servers after you made the changes to the TCP\IP settings.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
One more thing make sure your go to the IP v6 and remove the number 1 out of this config for both servers. You can uncheck this protocol to if you want.
0
 

Author Comment

by:johnnyb10
Comment Utility
dariusg, I'm a little unclear as to what you're saying the settings should be. Do you mean I should do this:

Server 1's DNS settings:
Preferred: (Server 1's actual IP address)
Alternate: (Server 2's actual IP address)

Server 2's DNS settings:
Preferred: (Server 1's actual IP address)
Alternate: (Server 2's actual IP address)

Thanks.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Correct. Then do a netdiag /fix.
0
 

Author Comment

by:johnnyb10
Comment Utility
Okay, I changed the DNS settings and unchecked IPv6, but netdiag does not appear to be built-in to Server 2008. Do you know where I can get it? I googled it and I see that it came with Windows 200 Support Tools but I don't see a similar thing for Server 2008.

(I need to run out and will be back working on this in about an hour or so. Thanks again for the help.)

John
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 260 total points
Comment Utility
Dcdiag /fix is for 2008.
0
 

Author Closing Comment

by:johnnyb10
Comment Utility
Success! I think changing the DNS servers on each network connection and running dcdiag /fix was ultimately what fixed it, but most of the comments were helpful in getting me there. Thanks very much.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now