Solved

HELP: installed addl DC, now have DNS problem with Exchange

Posted on 2010-09-18
19
848 Views
Last Modified: 2012-08-14
Recently I installed an Add'l DC on the company network.  The original DC is a Windows 2008 SBS and the second DC is a Windows 2008 R2.  The SBS server is also the Exchange server and the R2 DC is just a "backup."  All was going well until I had to reboot the SBS server last night for a software update.  

On boot up, now i get errors about the certificate authority and dns.  Can anyone help?
0
Comment
Question by:JLEmlet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 8
19 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33707942
Check firstly that the SBS server is using it's own IP address in the DNS configuration of the network card.

The new server should also be using the SBS servers IP address.

If you have to change this reboot both servers just to be sure then let's see where we are.
0
 

Author Comment

by:JLEmlet
ID: 33708333
I've confirmed the SBS server is using its own IP address as well as the R2 server.  However the R2 server is also using 127.0.0.1 as a secondary DNS server. Should I remove or change that?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33708341
Have you installed DNS on the new server?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:JLEmlet
ID: 33708347
Yes - I did that months ago.  It is a DC (the second in the domain).  I'm getting this error message on the SBS server (also exchange server).  The refernece to Bandit is the R2 server:

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=2148). Exchange Active Directory Provider failed to obtain an IP address for DS server BANDIT.dc.integral, error 11001 (WSAHOST_NOT_FOUND (Host was not found)).  This host will not be used as a DS server by Exchange Active Directory Provider.  
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33708396
0
 

Author Comment

by:JLEmlet
ID: 33708458
There wasn't anything in that group policy, so I added the domain\exchange servers and it is rebooting now.
0
 

Author Comment

by:JLEmlet
ID: 33708482
but something must be wrong with the setup of my second DC because i cannot communicate within the domain when the SBS server is rebooting.  
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33708489
You mean from the client machines? If so have you set the second DC in the DNS properties of DHCP so that the client machines receive both servers as DNS servers?

Did you make the new DC a global catalog server?
0
 

Author Comment

by:JLEmlet
ID: 33708491
On reboot I still have the same issue
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33708498
The topology discovery error?

OK, can you run DCDIAG on both servers and post the results please?
0
 

Author Comment

by:JLEmlet
ID: 33708518
Here are the results.  Simon is the SBS and Bandit is the Windows 2008 r2.
banditdcdiag.txt
simondcdiag.txt
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33708572
First thing, can you uninstall symantec endpoint then reboot.

Can you also post IPCONFIG /ALL from both servers.
0
 

Author Comment

by:JLEmlet
ID: 33711468
I uninstalled symantec, but now I cannot log onto the SBS server.  i get the log in screen, but when I log in, nothing I just get a black screen.  i can view the logs of the SBS server from the other DC and there are lots of DNS errors.  I'm attaching the system event log in xml format.
0
 

Author Comment

by:JLEmlet
ID: 33711486
I couldn't upload the event logs, but here are the two main errors that continue to appear in the system log:

The processing of Group Policy failed. Windows could not evaluate the Windows Management Instrumentation (WMI) filter for the Group Policy object CN={DA24C723-6A3A-40F9-9FD4-7471AE151F53},CN=POLICIES,CN=SYSTEM,DC=DC,DC=INTEGRAL. This could be caused by RSOP being disabled  or Windows Management Instrumentation (WMI) service being disabled, stopped, or other WMI errors. Make sure the WMI service is started and the startup type is set to automatic. New Group Policy objects or settings will not process until this event has been resolved.


The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{61738644-F196-11D0-9953-00C04FD919C1}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


And then in the DNS log I'm getting:

DNS server has updated its own host (A) records.  In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update, the record data is the error code.
 
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
 
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
 
To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact.  (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner.  It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

I've confirmed in the SBS DNS and the R2 DNS that the IP addresses are correct.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33711524
Did you change the SBs servers IP address recently?

Can you configure both servers robust only the new server for DNS then restart.

If you cannot login to the SBS server can you boot in to safe mode?
0
 

Author Comment

by:JLEmlet
ID: 33711551
What does robust only mean.  Rebooting the sbs server now and have the other dc shutdown.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 33711566
Sorry not sure how that got in there.

It was supposed to say set both servers to use the new server for DNS then reboot them.
0
 

Author Comment

by:JLEmlet
ID: 33712305
So I rebooted the server with the R2 DC turned off.  I had started this process before I saw your post.  Now exchange is working again, but I cannot get the VPN to work.  When I try to start the service Routing And Remote Access, I get an error.

The Remote Access Connection Manager service terminated with the following error:
The specified module could not be found.

Then I get

Point to Point Protocol engine was unable to load the C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SymRasMan64.dll module. The specified module could not be found.

Then I get

The Control Protocol EAP in the Point to Point Protocol module C:\Windows\System32\rasppp.dll returned an error while initializing. The specified module could not be found.

And finally I get

Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.

Thoughts?  Since symantec is referenced, so I just reinstall Endpoint.
0
 

Author Closing Comment

by:JLEmlet
ID: 33720028
Thank you for your help.  I was able to get everything back online.  I think I still have an issue with my other DC, but will post a separate question for that.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question