DCPROMO DNS error
Experts,
I want add win2008 as additional dc so first I ran adprep/forestprep and /domain prep on win2003 and it wen succesfully, then I did dcpromo on win2008 went through wizard and at end I am getting attached error, can someone please help me out.
Thank you so kindly.
ErrorDNS2-14-2009-2-09-36-PM.jpg
I want add win2008 as additional dc so first I ran adprep/forestprep and /domain prep on win2003 and it wen succesfully, then I did dcpromo on win2008 went through wizard and at end I am getting attached error, can someone please help me out.
Thank you so kindly.
ErrorDNS2-14-2009-2-09-36-PM.jpg
ASKER
After clicking ok on this error I rebooted all the DC's and attached is the screenshots of logs, looks like it is working okay, how can I check for sure.
DNSLogs.jpg
DNSLogs.jpg
ASKER
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I ran DCdiag on 2008
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = ADV-DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD
Starting test: Connectivity
......................... ADV-DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD
Starting test: Advertising
......................... ADV-DC1 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ADV-DC1 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ADV-DC1 failed test DFSREvent
Starting test: SysVolCheck
......................... ADV-DC1 passed test SysVolCheck
Starting test: KccEvent
......................... ADV-DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... ADV-DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... ADV-DC1 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=col,D
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=col,D
......................... ADV-DC1 failed test NCSecDesc
Starting test: NetLogons
......................... ADV-DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... ADV-DC1 passed test ObjectsReplicated
Starting test: Replications
......................... ADV-DC1 passed test Replications
Starting test: RidManager
......................... ADV-DC1 passed test RidManager
Starting test: Services
......................... ADV-DC1 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x000016AD
Time Generated: 02/14/2009 16:34:25
Event String:
The session setup from the computer NAS-01 failed to authenticate. T
he following error occurred:
......................... ADV-DC1 failed test SystemLog
Starting test: VerifyReferences
......................... ADV-DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : col
Starting test: CheckSDRefDom
......................... col passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... col passed test CrossRefValidation
Running enterprise tests on : col.cmpminc.com
Starting test: LocatorCheck
......................... col.cmpminc.com passed test LocatorCheck
Starting test: Intersite
......................... col.cmpminc.com passed test Intersite
Some errors can you please help
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = ADV-DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD
Starting test: Connectivity
......................... ADV-DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD
Starting test: Advertising
......................... ADV-DC1 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ADV-DC1 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ADV-DC1 failed test DFSREvent
Starting test: SysVolCheck
......................... ADV-DC1 passed test SysVolCheck
Starting test: KccEvent
......................... ADV-DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... ADV-DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... ADV-DC1 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=col,D
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=col,D
......................... ADV-DC1 failed test NCSecDesc
Starting test: NetLogons
......................... ADV-DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... ADV-DC1 passed test ObjectsReplicated
Starting test: Replications
......................... ADV-DC1 passed test Replications
Starting test: RidManager
......................... ADV-DC1 passed test RidManager
Starting test: Services
......................... ADV-DC1 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x000016AD
Time Generated: 02/14/2009 16:34:25
Event String:
The session setup from the computer NAS-01 failed to authenticate. T
he following error occurred:
......................... ADV-DC1 failed test SystemLog
Starting test: VerifyReferences
......................... ADV-DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : col
Starting test: CheckSDRefDom
......................... col passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... col passed test CrossRefValidation
Running enterprise tests on : col.cmpminc.com
Starting test: LocatorCheck
......................... col.cmpminc.com passed test LocatorCheck
Starting test: Intersite
......................... col.cmpminc.com passed test Intersite
Some errors can you please help
Looks like you need to run the adprep /rodcprep switch too (even though you don't have an RODC)
http://smtp25.blogspot.com
running adprep /rodcprep won't do any damage (it is safe to run)
Thanks
Mike
http://smtp25.blogspot.com
running adprep /rodcprep won't do any damage (it is safe to run)
Thanks
Mike
ASKER
mkline, So far I have done following
There were two 2003 DC, added one 2008DC rebooted all DC's then turned of server1(FSMO ROLES) to check client PC can login to 2008 dc it was succesfull. I turned server1(FSMO) back on then ran dcpromo on second DC (2003) and demoted went succesfull, so now I have two DC's one 2003(FSMO role holder) and second DC 2008.
Now I need to run adprep/rodcprep on 2003(FSMO) correct?
This will not create any issues since I have 2003 server on domain? and in near future when I add another 2008 DC transfer FSMO to 2008 and raise domain function level to 2008?
Just need to make sure.
Can you also tell me what are this errors:
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ADV-DC1 passed test FrsEvent
and this
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ADV-DC1 failed test DFSREvent
There were two 2003 DC, added one 2008DC rebooted all DC's then turned of server1(FSMO ROLES) to check client PC can login to 2008 dc it was succesfull. I turned server1(FSMO) back on then ran dcpromo on second DC (2003) and demoted went succesfull, so now I have two DC's one 2003(FSMO role holder) and second DC 2008.
Now I need to run adprep/rodcprep on 2003(FSMO) correct?
This will not create any issues since I have 2003 server on domain? and in near future when I add another 2008 DC transfer FSMO to 2008 and raise domain function level to 2008?
Just need to make sure.
Can you also tell me what are this errors:
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ADV-DC1 passed test FrsEvent
and this
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... ADV-DC1 failed test DFSREvent
Because you have that 13509 event you don't have to worry about those 13508 sysvol warnings
http://technet.microsoft.c
"A single FRS event ID 13508 does not mean anything is broken or not working, as long as it is followed by FRS event ID 13509, which indicates that the problem was resolved."
/rodcprep should not cause issues
Thanks
Mike
http://technet.microsoft.c
"A single FRS event ID 13508 does not mean anything is broken or not working, as long as it is followed by FRS event ID 13509, which indicates that the problem was resolved."
/rodcprep should not cause issues
Thanks
Mike
ASKER
Thank you for taking time. I also found this which basically says if I do not plan to run RODC then just ignore this errors, it is on third paragraph
http://technet.microsoft.com/en-us/library/cc754463.aspx
http://technet.microsoft.com/en-us/library/cc754463.aspx
Yeah you can safely ignore them if you want, either way is ok. If the errors start to annoy you then you can run the /rodcprep later
ASKER
Thank you very much.
No problem, glad to help out and great job on getting a 2008 domain controller into your live network!!
Thanks
Mike
Thanks
Mike
http://social.technet.micr