Having issues with my new DC?

Posted on 2008-11-05
Medium Priority
Last Modified: 2012-05-05
I am having issues with my new DC that I am trying to use to replace an old DC to make into a file server only.
I have dcpromoed it and everything seems to be working execpt when I run the netdiag.exe, I get failures in the DNS Test
[FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.

and in the Redir and Browser Test
[FATAL] Cannot send mailslot message to 'Domain' via browser. [ERROR_INVALID_FUNCTION]

and in the Kerberos Test
[FATAL] Cannot lookup package Kerberos.
The error occurred was: (null)
Everything else passed.

Also, I decided to do an ipconfig /displaydns
because well, I thought it was a dns issue.

And I received this

Name does not exist.

However, the servers exist but just not with the _ldap._tcp part.
I moved the FSMO roles (IP, SMTP) bridgehead roles to the new DC and have yet to demote the old DC, fear of no safety net, until I can resolve these issues.

Can anyone help?

Thanks for your time.

Question by:rsnellman
  • 6
  • 3
LVL 70

Assisted Solution

KCTS earned 2000 total points
ID: 22886250
Did you install DNS on the new machine ?
Did you chnage all of the clients and the DC itself to point to itself as the preferred DNS server ?
Did you install Global Catalog ?
LVL 70

Accepted Solution

KCTS earned 2000 total points
ID: 22886266
You need to make sure that all the services required are installed on the additional DC - that includes the Global Catalog, and DNS - and possibly DHCP.

All cleints need to have the IP the NEW servers as the preferred DNS server in their  TCP/IP settings - this can be set manually in the TCP/IP properties of the network connection - or specified in the DHCP Options.

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Author Comment

ID: 22886931
I have installed DNS on the new machine.
I have changed the DC to point to itself as the preferred DNS server.
I have made it a Global Catalog.

I have setup DHCP Server on it too, and making sure the DNS Server is set to it.

I did install AD first then installed the DNS as integrated DNS from the AD.  So, it pulled the DNS records from the current DC.  I went through and verified every single record matched.

The only differences is the new DC is 64-bit 2003 Server with Symantech EndPoint v.11.

I have went through step-by-step following this guide...


But when I get to the netdiag part that is where I see the failures previously described.

I am just not sure what I am missing or what I did wrong.

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

LVL 70

Assisted Solution

KCTS earned 2000 total points
ID: 22886974
netlogon.dns holds the SRV records to be registered - check that this is present and that the SYSTEM has full access to it

Author Comment

ID: 22887022
Yes, SYSTEM has full access to the netlogon.dns file.

Also, I can replicate across the AD, just fine.

Author Comment

ID: 22887073
I am looking at the System Event Logs and found this...

Event ID: 8009  Source: BROWSER
The browser was unable to promote itself to master browser.  The computer that currently believes it is the master browser is (My current DC - which I will be demoting soon.)

And about 5 times a day I receive this...

Event ID: 4321  Source: NetBT
The name "Domain       :1d" could not be registered on the Interface with IP address (New Server DC). The machine with the IP address (OLD Current DC) did not allow the name to be claimed by this machine.

Any ideas?

Author Comment

ID: 22887135
Could WINS be causing this?  I do not run WINS, but the Event ID: 4321 says it is due to no WINS server registered.


Author Comment

ID: 22888650
Any more ideas?

Author Comment

ID: 22896703
Ok, I installed the 64-bit Support Tools from the CD and now the tests pass just fine.  Duh...

Thanks to all for your assistance.

Have a great day.


Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question