• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 275
  • Last Modified:

Having issues with my new DC?

Hi,
I am having issues with my new DC that I am trying to use to replace an old DC to make into a file server only.
I have dcpromoed it and everything seems to be working execpt when I run the netdiag.exe, I get failures in the DNS Test
[FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.

and in the Redir and Browser Test
[FATAL] Cannot send mailslot message to 'Domain' via browser. [ERROR_INVALID_FUNCTION]

and in the Kerberos Test
[FATAL] Cannot lookup package Kerberos.
The error occurred was: (null)
Everything else passed.

Also, I decided to do an ipconfig /displaydns
because well, I thought it was a dns issue.

And I received this

_ldap._tcp.servername.domain
Name does not exist.

However, the servers exist but just not with the _ldap._tcp part.
I moved the FSMO roles (IP, SMTP) bridgehead roles to the new DC and have yet to demote the old DC, fear of no safety net, until I can resolve these issues.

Can anyone help?

Thanks for your time.

Bob
0
rsnellman
Asked:
rsnellman
  • 6
  • 3
3 Solutions
 
Brian PiercePhotographerCommented:
Did you install DNS on the new machine ?
Did you chnage all of the clients and the DC itself to point to itself as the preferred DNS server ?
Did you install Global Catalog ?
0
 
Brian PiercePhotographerCommented:
You need to make sure that all the services required are installed on the additional DC - that includes the Global Catalog, and DNS - and possibly DHCP.

All cleints need to have the IP the NEW servers as the preferred DNS server in their  TCP/IP settings - this can be set manually in the TCP/IP properties of the network connection - or specified in the DHCP Options.

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)
0
 
rsnellmanIT ManagerAuthor Commented:
I have installed DNS on the new machine.
I have changed the DC to point to itself as the preferred DNS server.
I have made it a Global Catalog.

I have setup DHCP Server on it too, and making sure the DNS Server is set to it.

I did install AD first then installed the DNS as integrated DNS from the AD.  So, it pulled the DNS records from the current DC.  I went through and verified every single record matched.

The only differences is the new DC is 64-bit 2003 Server with Symantech EndPoint v.11.

I have went through step-by-step following this guide...

http://www.block.net.au/help/replace-dc/

But when I get to the netdiag part that is where I see the failures previously described.

I am just not sure what I am missing or what I did wrong.

Bob
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Brian PiercePhotographerCommented:
netlogon.dns holds the SRV records to be registered - check that this is present and that the SYSTEM has full access to it
0
 
rsnellmanIT ManagerAuthor Commented:
Yes, SYSTEM has full access to the netlogon.dns file.

Also, I can replicate across the AD, just fine.
0
 
rsnellmanIT ManagerAuthor Commented:
I am looking at the System Event Logs and found this...

Event ID: 8009  Source: BROWSER
The browser was unable to promote itself to master browser.  The computer that currently believes it is the master browser is (My current DC - which I will be demoting soon.)

And about 5 times a day I receive this...

Event ID: 4321  Source: NetBT
The name "Domain       :1d" could not be registered on the Interface with IP address (New Server DC). The machine with the IP address (OLD Current DC) did not allow the name to be claimed by this machine.

Any ideas?
0
 
rsnellmanIT ManagerAuthor Commented:
Could WINS be causing this?  I do not run WINS, but the Event ID: 4321 says it is due to no WINS server registered.

0
 
rsnellmanIT ManagerAuthor Commented:
Any more ideas?
0
 
rsnellmanIT ManagerAuthor Commented:
Ok, I installed the 64-bit Support Tools from the CD and now the tests pass just fine.  Duh...

Thanks to all for your assistance.

Have a great day.

Bob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now