Solved

Stub Zone Problems 2008 R2 DNS Servers (windows 2008 r2 dns stub zone validation error: Please try again later))

Posted on 2010-09-08
6
5,708 Views
Last Modified: 2012-05-10
I'm trying to setup a Trust between domains but before I can do that I need to setup a Stub Zone on both DC/DNS servers on both domains.

I can setup a Stub Zone on the new DNS/DC to our old DNS/DC server but I can't setup a Stub Zone on our old network to point to the new network.  Everytime I try to setup a Stub Zone it gives me the windows 2008 r2 dns stub zone validation error: Please try again later).

I don't know what could be causing this to work on one server and not another.  Already checked the obvious firewall issue and basic TCP/IP connectivity between servers.
0
Comment
Question by:ChocolateRain
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33631598
Do you have IPSec and DNSSec configured on the new domain?

Any 'interesting' errors in the DNS Log on either DCs?
0
 
LVL 1

Author Comment

by:ChocolateRain
ID: 33631683
I didn't setup IPSec or DNSSec on the new domain controller.  

On the old DC I have a Warning Event when i run the DNS BPA tool but i don't have any warnings or errors in the event log for the old DC/DNS server.

The warning on this old server is: Title:
DNS: Valid network interfaces should precede invalid interfaces in the binding order

Severity:
Warning

Date:
9/8/2010 2:23:40 PM

Category:
Configuration

Issue:
A disabled or invalid adapter precedes a valid adapter in the network interface binding order list.

Impact:
The binding order determines when network interfaces will be used to make network connections by the computer. A disabled adapter high in the binding order can degrade performance.

Resolution:
Click Start, click Network, click Network and Sharing Center, and then click Manage Network Connections to move all disabled and invalid interfaces to the bottom of the binding order list.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=121966

This is a funny error message to receive since there are no other adapters in this machine (it is a virtual machine btw).
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33631712
Have you went here to check the binding order?

Click Start, click Network, click Network and Sharing Center, and then click Manage Network Connections to move all disabled and invalid interfaces to the bottom of the binding order list.

Make sure that your primary NIC is listed first.
0
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 
LVL 1

Author Comment

by:ChocolateRain
ID: 33631985
There is only 1 network connection under the standard options as well as the Binding options.
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 33632439
Okay, this is a weird one.
I'm sure you've already checked them a hundred times, but double check:
a. you aren't miskeying the IP address of the remote DNS server.
b. confirm the remote DNS server is authoritative for the zone you are attempting to configure the stub for.

If both of those check out...  granting Zone Transfer permissions shouldn't be necessary, but on the new DC, grant zone transfer to the old DC.  Like I said, that shouldn't make a difference, but... ya know... this is a weird one.

This VM, it's the old DC?  Hyper-V or VMWare?  Are the new DCs virtual too?  On the same hosts?
0
 
LVL 1

Author Comment

by:ChocolateRain
ID: 33637891
I have 3 old DCs that all do this when trying to connect to the new DC.

Everything is virtualized using VMware.

I got it working by checking the allow Zone Transfers box and had to select the "Allow Zone Transfers" and select the option box "To Any Server".  If I tried to isolate this by Hostname, FQDN or IP address it errored out.

Can you see why I'm getting rid of the old domain?

=]
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question