Having issues with my new DC?

Posted on 2008-11-05
Last Modified: 2012-05-05
I am having issues with my new DC that I am trying to use to replace an old DC to make into a file server only.
I have dcpromoed it and everything seems to be working execpt when I run the netdiag.exe, I get failures in the DNS Test
[FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.

and in the Redir and Browser Test
[FATAL] Cannot send mailslot message to 'Domain' via browser. [ERROR_INVALID_FUNCTION]

and in the Kerberos Test
[FATAL] Cannot lookup package Kerberos.
The error occurred was: (null)
Everything else passed.

Also, I decided to do an ipconfig /displaydns
because well, I thought it was a dns issue.

And I received this

Name does not exist.

However, the servers exist but just not with the _ldap._tcp part.
I moved the FSMO roles (IP, SMTP) bridgehead roles to the new DC and have yet to demote the old DC, fear of no safety net, until I can resolve these issues.

Can anyone help?

Thanks for your time.

Question by:rsnellman
    LVL 70

    Assisted Solution

    Did you install DNS on the new machine ?
    Did you chnage all of the clients and the DC itself to point to itself as the preferred DNS server ?
    Did you install Global Catalog ?
    LVL 70

    Accepted Solution

    You need to make sure that all the services required are installed on the additional DC - that includes the Global Catalog, and DNS - and possibly DHCP.

    All cleints need to have the IP the NEW servers as the preferred DNS server in their  TCP/IP settings - this can be set manually in the TCP/IP properties of the network connection - or specified in the DHCP Options.

    Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

    Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

    Author Comment

    I have installed DNS on the new machine.
    I have changed the DC to point to itself as the preferred DNS server.
    I have made it a Global Catalog.

    I have setup DHCP Server on it too, and making sure the DNS Server is set to it.

    I did install AD first then installed the DNS as integrated DNS from the AD.  So, it pulled the DNS records from the current DC.  I went through and verified every single record matched.

    The only differences is the new DC is 64-bit 2003 Server with Symantech EndPoint v.11.

    I have went through step-by-step following this guide...

    But when I get to the netdiag part that is where I see the failures previously described.

    I am just not sure what I am missing or what I did wrong.

    LVL 70

    Assisted Solution

    netlogon.dns holds the SRV records to be registered - check that this is present and that the SYSTEM has full access to it

    Author Comment

    Yes, SYSTEM has full access to the netlogon.dns file.

    Also, I can replicate across the AD, just fine.

    Author Comment

    I am looking at the System Event Logs and found this...

    Event ID: 8009  Source: BROWSER
    The browser was unable to promote itself to master browser.  The computer that currently believes it is the master browser is (My current DC - which I will be demoting soon.)

    And about 5 times a day I receive this...

    Event ID: 4321  Source: NetBT
    The name "Domain       :1d" could not be registered on the Interface with IP address (New Server DC). The machine with the IP address (OLD Current DC) did not allow the name to be claimed by this machine.

    Any ideas?

    Author Comment

    Could WINS be causing this?  I do not run WINS, but the Event ID: 4321 says it is due to no WINS server registered.


    Author Comment

    Any more ideas?

    Author Comment

    Ok, I installed the 64-bit Support Tools from the CD and now the tests pass just fine.  Duh...

    Thanks to all for your assistance.

    Have a great day.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now