Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Stub Zone Problems 2008 R2 DNS Servers (windows 2008 r2 dns stub zone validation error: Please try again later))

Posted on 2010-09-08
6
Medium Priority
?
5,917 Views
Last Modified: 2012-05-10
I'm trying to setup a Trust between domains but before I can do that I need to setup a Stub Zone on both DC/DNS servers on both domains.

I can setup a Stub Zone on the new DNS/DC to our old DNS/DC server but I can't setup a Stub Zone on our old network to point to the new network.  Everytime I try to setup a Stub Zone it gives me the windows 2008 r2 dns stub zone validation error: Please try again later).

I don't know what could be causing this to work on one server and not another.  Already checked the obvious firewall issue and basic TCP/IP connectivity between servers.
0
Comment
Question by:ChocolateRain
  • 3
  • 2
6 Comments
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33631598
Do you have IPSec and DNSSec configured on the new domain?

Any 'interesting' errors in the DNS Log on either DCs?
0
 
LVL 1

Author Comment

by:ChocolateRain
ID: 33631683
I didn't setup IPSec or DNSSec on the new domain controller.  

On the old DC I have a Warning Event when i run the DNS BPA tool but i don't have any warnings or errors in the event log for the old DC/DNS server.

The warning on this old server is: Title:
DNS: Valid network interfaces should precede invalid interfaces in the binding order

Severity:
Warning

Date:
9/8/2010 2:23:40 PM

Category:
Configuration

Issue:
A disabled or invalid adapter precedes a valid adapter in the network interface binding order list.

Impact:
The binding order determines when network interfaces will be used to make network connections by the computer. A disabled adapter high in the binding order can degrade performance.

Resolution:
Click Start, click Network, click Network and Sharing Center, and then click Manage Network Connections to move all disabled and invalid interfaces to the bottom of the binding order list.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=121966

This is a funny error message to receive since there are no other adapters in this machine (it is a virtual machine btw).
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33631712
Have you went here to check the binding order?

Click Start, click Network, click Network and Sharing Center, and then click Manage Network Connections to move all disabled and invalid interfaces to the bottom of the binding order list.

Make sure that your primary NIC is listed first.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 1

Author Comment

by:ChocolateRain
ID: 33631985
There is only 1 network connection under the standard options as well as the Binding options.
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 2000 total points
ID: 33632439
Okay, this is a weird one.
I'm sure you've already checked them a hundred times, but double check:
a. you aren't miskeying the IP address of the remote DNS server.
b. confirm the remote DNS server is authoritative for the zone you are attempting to configure the stub for.

If both of those check out...  granting Zone Transfer permissions shouldn't be necessary, but on the new DC, grant zone transfer to the old DC.  Like I said, that shouldn't make a difference, but... ya know... this is a weird one.

This VM, it's the old DC?  Hyper-V or VMWare?  Are the new DCs virtual too?  On the same hosts?
0
 
LVL 1

Author Comment

by:ChocolateRain
ID: 33637891
I have 3 old DCs that all do this when trying to connect to the new DC.

Everything is virtualized using VMware.

I got it working by checking the allow Zone Transfers box and had to select the "Allow Zone Transfers" and select the option box "To Any Server".  If I tried to isolate this by Hostname, FQDN or IP address it errored out.

Can you see why I'm getting rid of the old domain?

=]
0

Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question