?
Solved

Adding Member DC

Posted on 2008-10-23
31
Medium Priority
?
679 Views
Last Modified: 2013-12-05
I have a Windows 2000 DC, which we installed 4-5 years ago. When we promoted it to DC, we made a mistake naming it properly. Here is what it says under System Properties -> Network Identification
Full Computer Name: Server1.
Domain: COMPANY.LOCAL

I cannot change the Full computer name (to Server1.COMPANY.LOCAL) as this server is a DC in production environment. I have about 100 user accounts & can't really blow the AD. Now I got a new server & it is Windows 2003 R2. I am trying to make it a Member Server & it cannot see the old Windows 2000 DC. I am certain that it is because the Win2K server name is not in correct format. I successfully ran adprep, domainprep & forestprep commands on Win2k server.

The whole idea is to make Windows 2003 server a member server & then transfer roles to it. wonder if someone can help me out!!  Thank you.
0
Comment
Question by:jbara
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 13
  • 7
  • 4
  • +3
31 Comments
 
LVL 7

Expert Comment

by:Mikealcl
ID: 22789242
Random Idea but what about using a LMHOST file to specify the domain controller?
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22789621
Nope..   That idea hasn't been feasible since the NT days..  AD requires LDAP, GC, Kerberos, and many other DNS records in order to function..  Simply giving it a NETBIOS name and IP won't solve that.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 22790752
Actually, if the domain is in Mixed Mode, then it MIGHT work.   But I would suspect the problem here is DNS.  As in the servers DNS are incorrectly configured.

Make sure the TCP/IP properties of BOTH servers point to the LAN IP address of the existing DC.  There should be NO OTHER DNS servers listed.  The server name is fine.  That's how it's supposed to look from memory and I don't recall EVER seeing an instance where the SERVER NAME caused problems joining the domain.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 18

Expert Comment

by:exx1976
ID: 22796558
I thought it looked funny, so I checked an old 2000 server I have floating around here..  The Full Computer Name is listed as   Server.Domain.Local...   He has only Server1.            <no domain.local>

Interesting to say the least.  Sorry that I have no more ideas, but I am interested to see how it gets resolved..
0
 

Author Comment

by:jbara
ID: 22800591
Thank you for your comments/suggestions so far. Here is some more info.....
I see there is also problem with my DNS on my Windows 2000 (old) server. When I try to run dcpromo on my 2003 server, I get the following error:
-----------------------------------------------------
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain DOMAIN.LOCAL:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.DOMAIN.LOCAL

Common causes of this error include the following:

- The DNS SRV records required to locate a domain controller for the domain are not registered in DNS. These records are registered with a DNS server automatically when a domain controller is added to a domain. They are updated by the domain controller at set intervals. This computer is configured to use DNS servers with following IP addresses:

192.168.1.11

- One or more of the following zones do not include delegation to its child zone:

DOMAIN.LOCAL
LOCAL
. (the root zone)
 
For information about correcting this problem, click Help.
---------------------------------------------------
When I look under DNS on my 2000 server it does not have any entries under Forward Lookup Zone -> DOMAIN.LOCAL for:
_msdcs
_sites
_tcp
_udp
DNS says that it is Active Dirictori-Integraed. I did try removing & installing DNS after posting my original question, but no change. I have 2 more Windows 2000 servers at different locations & they do have all these records & are working fine. Also their names are in correct format.
I hope there is a solution out there. I do not want to rebuild AD from sctatch. Thank you everyone for your help!!  jbara
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 22801279
Please post a cut-and-paste or graphic image of the results of IPCONFIG /ALL on the Existing DC and the new server.
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22801817
Uhh, yeah.  if you have no entries under any of the _ records, then you are pretty hosed up.

You could TRY to manually create them, using one of the other DC's as a template, but I'm not 100% convinced that will solve your problem.

Unless someone knows a magic trick, I'm thinking that a reinstall is going to be the way to go.

The good news is at least it's a small domain, right?  I mean, I sure hope it is, otherwise why only have one DC?

Besides, I wouldn't want to have the entire future of my directory pinned on some hopefully proper repair job..

I know it sucks, and it's not the answer you're looking for, but if it were me, that would certainly be the route I'd take.

Sorry,
exx
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 22802067
humor me ... post the information I requested before you go through a big reinstall process
0
 

Author Comment

by:jbara
ID: 22807858
From Windows 2000 Server (Existing DC)
C:\>ipconfig /all
Windows 2000 IP Configuration
        Host Name . . . . . . . . . . . . : SERVER1
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 3:
        Media State . . . . . . . . . . . : Cable Disconnected
        Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter
        Physical Address. . . . . . . . . : 00-1B-21-0B-09-7A

Ethernet adapter D-Link Array - DLink Server Card Virtual Adapter:
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : D-Link Virtual Miniport Software for
 Ethernet
        Physical Address. . . . . . . . . : 00-05-5D-6D-A9-C1
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.1.11
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 192.168.1.11
C:\>
--------------------------------------------------------------
From Windows 2003 Server (New)
C:\>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : SERVER2
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client)
   Physical Address. . . . . . . . . : 00-1A-64-66-F6-D4
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.11
C:\>
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22823082
Set connection specific primary DNS suffix for DC in NIC->Properties->TCP/IP->Properties->Advanced->DNS
Ensure that the DNS-zone allows dynamic updates and run netdiag/fix on DC.
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22823923
That, and I'm seeing that 192.168.1.11 shows as "cable disconnected", but you have the other IP (that appears to be cabled/connected - 192.168.1.10) configured to use 192.168.1.11 as your DNS server..  ?
0
 

Author Comment

by:jbara
ID: 22824090
Cable disconnected - that is 2nd NIC in the old server (Windows 2000 DC) & it is disabled.
192.168.1.11 is connected & working fine. It is Windows 2000 DC.
192.168.1.10 is Windows 2003 (new) server and is pointed to my old server (192.168.1.11) for DNS.

Please let me know if you need any other info. Thank you.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22824674
Set connection specific DNS-suffix and run netdiag/fix to re-register SRV-records in DNS-zone.
0
 

Author Comment

by:jbara
ID: 22825393
I ran the netdiag /fix & DNS test failed. Please see the attachment.
Thanks,
jbara
Netdiag.doc
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22875604
Ensure that DNS-zone allows dynamic updates.
0
 

Author Comment

by:jbara
ID: 22876945
Yes, it is set up to allow dynamic updates. It's always been that way.

Please remember that I do not have any _records under DNS. Please check the Netdiag results in the attached file above. there are errors in that report.

Also, full computer name for my DC is: Server1.  (we made a mistake when we promoted it to a DC)
It was supposed to be Server1.COMPANY.LOCAL  

Thank you for looking into this issue!!
jbara
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 22880716
I would also run dcdiag in verbose mode to a log file and see what it says,\

Do it for each DC you have.


I hope this helps !
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22882317
LDAP test. . . . . . . . . . . . . : Failed
    [WARNING] The default SPN registration for 'HOST/SERVER1' is missing on DC 'SERVER1'.
    [FATAL] The default SPNs are not properly registered on any DCs.

Run 'setspn -r server1'
What is the output of 'setspn server1'?


Delete the DNS-records that can't be re-registered and re-run netdiag/fix
0
 

Author Comment

by:jbara
ID: 22892687
Hi,
This is the only DC in my Windows 2000 domain (in a production environment). I'll try to run these commands in about a day or so, after working hours. I'll post the results after. Please let me know if I should be careful about something.
Thank you,
jbara
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22898909
'setspn -R server1' will re-register HOST-SPN.
'setspn servername' will only display current SPNs for the server.

netdiag/fix (or restarting netlogon-service) re-registers missing SRV-records, so just make sure that the zone allows dynamic updates should be enough.
0
 

Author Comment

by:jbara
ID: 22914108
Hi,
I ran setspn & here are the results...
-------------------------------------------------------------------------
C:\Program Files\Resource Kit>setspn -r server1
Failed to crack name COMPANY\server1 into the FQDN, (0) 1 0x2

C:\Program Files\Resource Kit>
-------------------------------------------------------------------------
0
 

Author Comment

by:jbara
ID: 22914173
I also ran setspn -L & here are the results:
C:\Program Files\Resource Kit>setspn -L SERVER1
Registered ServicePrincipalNames for CN=SERVER1,OU=Domain Controllers,DC=COMPANY,DC=LOCAL:
    SMTPSVC/SERVER1
    NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/SERVER1
    DNS/SERVER1
    GC/SERVER1/COMPANY.LOCAL
    HOST/SERVER1/COMPANY
    HOST/SERVER1
    HOST/SERVER1/COMPANY.LOCAL
    E3514235-4B06-11D1-AB04-00C04FC2DCD2/625c8b6d-813c-46c5-a909-8706e47d1696/COMPANY.LOCAL
    LDAP/625c8b6d-813c-46c5-a909-8706e47d1696._msdcs.COMPANY.LOCAL
    LDAP/SERVER1/COMPANY
    LDAP/SERVER1
    LDAP/SERVER1/COMPANY.LOCAL

C:\Program Files\Resource Kit>
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 2000 total points
ID: 22914415
Well, it's pretty natural that it can't split out FQDN-part when the server doesn't have primary DNS suffix set.
As HOST-SPN with FQDN is missing, try to add it manual with the following command:
'setspn -a HOST/server1.domain.com server1'

One more thing to try is forcing the primary DNS suffix with GPO
Computer Configuration\Administrative Templates\System\DNS Client\Primary DNS Suffix
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/94006.mspx?mfr=true

or edit the registry manually
HKLM\System\CurrentControlSet\Services\TcpIp\Parameters
\NV Domain (REG_SZ)=domain.com
\Domain (REG_SZ)=domain.com
0
 

Author Comment

by:jbara
ID: 22914674
I am sorry to ask you this....
'setspn -a HOST/server1.domain.com server1' ------ in this command, does it have to be "domain.com" OR should I replace it with my domain name "COMPANY.LOCAL"

Also, I checked registry. The following entries has no value
\NV Domain (REG_SZ)
\Domain (REG_SZ)

Again, does it have to be "domain.com" OR it should be "COMPANY.LOCAL"

I just want to clarify this.
please & thanks.
jbara
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22915557
Yes, domain.com shall be replaced with your own FQDN domain.
The post should had been company.local to use same naming convention as earlier posts. Sorry for the confusion.
0
 

Author Comment

by:jbara
ID: 22956583
I am away from the office for few days. will make these changes close to next weekend & post the results. I do have the good feeling though. Now I have hope that it will work for me. Thank you. jbara
0
 

Author Comment

by:jbara
ID: 23009456
Hi,
I edited the registry & rebooted the server. It was very interesting to see the the _records showed up in DNS. Also, workstations started registering themselves. WOW, you are a genius. I can't thank you enough. I am pretty sure that I be able to add my 2k3 server as a member server. I did not have to run setspn-a command. Just editing the registry did the trick for DNS.  The only error I get in the System Event Viewer is 5781, which is just minor thing. I'll be running dcpromo on my 2k3 server over the weekend & I do not anticipate any problem. I'll let you know how it goes....

Your help is greatly appreciated.  Thank you ever so much!!
Cheers,
jbara
0
 

Author Closing Comment

by:jbara
ID: 31509346
henjoh09,
Thank you very much for helping me out. It saved me a lot of time & hassle of reconfiguring all workstations. Your help is greatly appreciated. There is no doubt that you are an real wizard. Please keep up the good work........
Sincerely,
jbara
0
 

Author Comment

by:jbara
ID: 23025532
henjoh09,
I ran dcpromo on my 2003 server & it worked. I was able to add 2k3 server as a member server. My AD is replicating. Thank you ever so much for helping me out.

Also, thanks to everyone else who participated & tried to help me out.
jbara
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses
Course of the Month9 days, 19 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question