Having issues with my new DC?

I am having issues with my new DC that I am trying to use to replace an old DC to make into a file server only.
I have dcpromoed it and everything seems to be working execpt when I run the netdiag.exe, I get failures in the DNS Test
[FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.

and in the Redir and Browser Test
[FATAL] Cannot send mailslot message to 'Domain' via browser. [ERROR_INVALID_FUNCTION]

and in the Kerberos Test
[FATAL] Cannot lookup package Kerberos.
The error occurred was: (null)
Everything else passed.

Also, I decided to do an ipconfig /displaydns
because well, I thought it was a dns issue.

And I received this

Name does not exist.

However, the servers exist but just not with the _ldap._tcp part.
I moved the FSMO roles (IP, SMTP) bridgehead roles to the new DC and have yet to demote the old DC, fear of no safety net, until I can resolve these issues.

Can anyone help?

Thanks for your time.

rsnellmanIT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian PiercePhotographerCommented:
Did you install DNS on the new machine ?
Did you chnage all of the clients and the DC itself to point to itself as the preferred DNS server ?
Did you install Global Catalog ?
Brian PiercePhotographerCommented:
You need to make sure that all the services required are installed on the additional DC - that includes the Global Catalog, and DNS - and possibly DHCP.

All cleints need to have the IP the NEW servers as the preferred DNS server in their  TCP/IP settings - this can be set manually in the TCP/IP properties of the network connection - or specified in the DHCP Options.

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rsnellmanIT ManagerAuthor Commented:
I have installed DNS on the new machine.
I have changed the DC to point to itself as the preferred DNS server.
I have made it a Global Catalog.

I have setup DHCP Server on it too, and making sure the DNS Server is set to it.

I did install AD first then installed the DNS as integrated DNS from the AD.  So, it pulled the DNS records from the current DC.  I went through and verified every single record matched.

The only differences is the new DC is 64-bit 2003 Server with Symantech EndPoint v.11.

I have went through step-by-step following this guide...


But when I get to the netdiag part that is where I see the failures previously described.

I am just not sure what I am missing or what I did wrong.

10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Brian PiercePhotographerCommented:
netlogon.dns holds the SRV records to be registered - check that this is present and that the SYSTEM has full access to it
rsnellmanIT ManagerAuthor Commented:
Yes, SYSTEM has full access to the netlogon.dns file.

Also, I can replicate across the AD, just fine.
rsnellmanIT ManagerAuthor Commented:
I am looking at the System Event Logs and found this...

Event ID: 8009  Source: BROWSER
The browser was unable to promote itself to master browser.  The computer that currently believes it is the master browser is (My current DC - which I will be demoting soon.)

And about 5 times a day I receive this...

Event ID: 4321  Source: NetBT
The name "Domain       :1d" could not be registered on the Interface with IP address (New Server DC). The machine with the IP address (OLD Current DC) did not allow the name to be claimed by this machine.

Any ideas?
rsnellmanIT ManagerAuthor Commented:
Could WINS be causing this?  I do not run WINS, but the Event ID: 4321 says it is due to no WINS server registered.

rsnellmanIT ManagerAuthor Commented:
Any more ideas?
rsnellmanIT ManagerAuthor Commented:
Ok, I installed the 64-bit Support Tools from the CD and now the tests pass just fine.  Duh...

Thanks to all for your assistance.

Have a great day.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.