New 2008 R2 DC in existing 2003 domain
Hello Experts
Ive started rolling out 2008 R2 across my sites and thought it was pretty painless but upon checking event logs im not so sure. Is it normal to get a 1202 error from ADWS at every reboot that states
"This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.
Directory instance: GC
Directory instance LDAP port: 3268
Directory instance SSL port: 3269"
Followed by events 1006, 1004, 1200 stating all is fine about 20 seconds later after startup. I also get a 4013 DNS warning
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
Also followed about 20 seconds later by events 2 and 4 stating all is ok. This happens after every reboot and there is nothing wrong with DNS nor AD, im just wondering if its normal as im getting it on the 3 servers at 3 different sites im trialing. Is everybody else getting these problems ?
Ive started rolling out 2008 R2 across my sites and thought it was pretty painless but upon checking event logs im not so sure. Is it normal to get a 1202 error from ADWS at every reboot that states
"This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.
Directory instance: GC
Directory instance LDAP port: 3268
Directory instance SSL port: 3269"
Followed by events 1006, 1004, 1200 stating all is fine about 20 seconds later after startup. I also get a 4013 DNS warning
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
Also followed about 20 seconds later by events 2 and 4 stating all is ok. This happens after every reboot and there is nothing wrong with DNS nor AD, im just wondering if its normal as im getting it on the 3 servers at 3 different sites im trialing. Is everybody else getting these problems ?
mattibutt
dns doesnt start at the boot time so thats why you catch all the errors
ASKER
I have tried either pointing to another source for dns as opposed to the server itself and it makes no difference when it starts up so i was thinking maybe id something wrong along the way.
On w2k3 server i used to make netlogon depend on dns at boot time which corrected most of these issues. I tried the same on 2k8 but it makes things worse. Additionally i used to put entries in the hosts file for my core servers. The combination of the two used to guarantee flawless startups as in some of my sites we have severe power problems outside our control that often cause an automated shutdown and eventual reboot of all servers.
There seems to be very little info about this on the web except for people who have actual DNS or AD problems. Im suprised that MS doesnt cater for this by design so it doesnt show up as errors in the logs
On w2k3 server i used to make netlogon depend on dns at boot time which corrected most of these issues. I tried the same on 2k8 but it makes things worse. Additionally i used to put entries in the hosts file for my core servers. The combination of the two used to guarantee flawless startups as in some of my sites we have severe power problems outside our control that often cause an automated shutdown and eventual reboot of all servers.
There seems to be very little info about this on the web except for people who have actual DNS or AD problems. Im suprised that MS doesnt cater for this by design so it doesnt show up as errors in the logs
well i suggest you test all business critical applications whether they all are running as you configured them after the reboot to see if there is any other problem i guess power problem is beyond your control and keep a close eye on this issue.
I have the same issue and here are the steps how i did solved it.
1) Make sure you have two domain controllers
2) Make all the site synchronize with one domain controller constrider DC01
3) Make the DC02 as GC only including other two FSMO roles i.e schema master and DNM
4) First always restart the GC which is in terms of site connected to DC01 only.
5) It will take only 8 minutes for the entire domain to get initialized instead of even hours as i used to wait for 1.5 hours.
6) Once the GC is restarted and you are able launch the AD app then start the other DCs i.e DC01 etc...
1) Make sure you have two domain controllers
2) Make all the site synchronize with one domain controller constrider DC01
3) Make the DC02 as GC only including other two FSMO roles i.e schema master and DNM
4) First always restart the GC which is in terms of site connected to DC01 only.
5) It will take only 8 minutes for the entire domain to get initialized instead of even hours as i used to wait for 1.5 hours.
6) Once the GC is restarted and you are able launch the AD app then start the other DCs i.e DC01 etc...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
but to avoid waiting for longer the solution i have given in the first step is perfect enough to avoid the time related issue.....
Run dcdiag to check for errors it looks like the first replication never took place properly.
ASKER
I ran dcdiags after the I found the errors but as i stated initially it all seems fine a couple of minutes after bootup. All dcdiag test passed successfully
Make sure that you have the server pointing to itself for DNS.
ASKER
As i said above it already is pointing to itself as either 127.0.0.1 or its real ip as well as other dns servers but it made no difference, i would have thought changing the priority of the dns another server would have made it better for a test run but it didnt help
Try disabling IPv6. Run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix
ASKER
Already have ipv6 disabled across all my 2k8 and 2k8 r8 servers
ASKER
Whilst my issues still persist, im inclined to agree with mojotech. I still havent found any more info around resolving the issue, but at least have seen many other people with the same issue now