Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

HELP: installed addl DC, now have DNS problem with Exchange

Posted on 2010-09-18
19
Medium Priority
?
850 Views
Last Modified: 2012-08-14
Recently I installed an Add'l DC on the company network.  The original DC is a Windows 2008 SBS and the second DC is a Windows 2008 R2.  The SBS server is also the Exchange server and the R2 DC is just a "backup."  All was going well until I had to reboot the SBS server last night for a software update.  

On boot up, now i get errors about the certificate authority and dns.  Can anyone help?
0
Comment
Question by:JLEmlet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 8
19 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33707942
Check firstly that the SBS server is using it's own IP address in the DNS configuration of the network card.

The new server should also be using the SBS servers IP address.

If you have to change this reboot both servers just to be sure then let's see where we are.
0
 

Author Comment

by:JLEmlet
ID: 33708333
I've confirmed the SBS server is using its own IP address as well as the R2 server.  However the R2 server is also using 127.0.0.1 as a secondary DNS server. Should I remove or change that?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33708341
Have you installed DNS on the new server?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:JLEmlet
ID: 33708347
Yes - I did that months ago.  It is a DC (the second in the domain).  I'm getting this error message on the SBS server (also exchange server).  The refernece to Bandit is the R2 server:

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=2148). Exchange Active Directory Provider failed to obtain an IP address for DS server BANDIT.dc.integral, error 11001 (WSAHOST_NOT_FOUND (Host was not found)).  This host will not be used as a DS server by Exchange Active Directory Provider.  
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33708396
0
 

Author Comment

by:JLEmlet
ID: 33708458
There wasn't anything in that group policy, so I added the domain\exchange servers and it is rebooting now.
0
 

Author Comment

by:JLEmlet
ID: 33708482
but something must be wrong with the setup of my second DC because i cannot communicate within the domain when the SBS server is rebooting.  
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33708489
You mean from the client machines? If so have you set the second DC in the DNS properties of DHCP so that the client machines receive both servers as DNS servers?

Did you make the new DC a global catalog server?
0
 

Author Comment

by:JLEmlet
ID: 33708491
On reboot I still have the same issue
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33708498
The topology discovery error?

OK, can you run DCDIAG on both servers and post the results please?
0
 

Author Comment

by:JLEmlet
ID: 33708518
Here are the results.  Simon is the SBS and Bandit is the Windows 2008 r2.
banditdcdiag.txt
simondcdiag.txt
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33708572
First thing, can you uninstall symantec endpoint then reboot.

Can you also post IPCONFIG /ALL from both servers.
0
 

Author Comment

by:JLEmlet
ID: 33711468
I uninstalled symantec, but now I cannot log onto the SBS server.  i get the log in screen, but when I log in, nothing I just get a black screen.  i can view the logs of the SBS server from the other DC and there are lots of DNS errors.  I'm attaching the system event log in xml format.
0
 

Author Comment

by:JLEmlet
ID: 33711486
I couldn't upload the event logs, but here are the two main errors that continue to appear in the system log:

The processing of Group Policy failed. Windows could not evaluate the Windows Management Instrumentation (WMI) filter for the Group Policy object CN={DA24C723-6A3A-40F9-9FD4-7471AE151F53},CN=POLICIES,CN=SYSTEM,DC=DC,DC=INTEGRAL. This could be caused by RSOP being disabled  or Windows Management Instrumentation (WMI) service being disabled, stopped, or other WMI errors. Make sure the WMI service is started and the startup type is set to automatic. New Group Policy objects or settings will not process until this event has been resolved.


The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{61738644-F196-11D0-9953-00C04FD919C1}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


And then in the DNS log I'm getting:

DNS server has updated its own host (A) records.  In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update, the record data is the error code.
 
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
 
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
 
To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact.  (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner.  It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

I've confirmed in the SBS DNS and the R2 DNS that the IP addresses are correct.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 33711524
Did you change the SBs servers IP address recently?

Can you configure both servers robust only the new server for DNS then restart.

If you cannot login to the SBS server can you boot in to safe mode?
0
 

Author Comment

by:JLEmlet
ID: 33711551
What does robust only mean.  Rebooting the sbs server now and have the other dc shutdown.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 2000 total points
ID: 33711566
Sorry not sure how that got in there.

It was supposed to say set both servers to use the new server for DNS then reboot them.
0
 

Author Comment

by:JLEmlet
ID: 33712305
So I rebooted the server with the R2 DC turned off.  I had started this process before I saw your post.  Now exchange is working again, but I cannot get the VPN to work.  When I try to start the service Routing And Remote Access, I get an error.

The Remote Access Connection Manager service terminated with the following error:
The specified module could not be found.

Then I get

Point to Point Protocol engine was unable to load the C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SymRasMan64.dll module. The specified module could not be found.

Then I get

The Control Protocol EAP in the Point to Point Protocol module C:\Windows\System32\rasppp.dll returned an error while initializing. The specified module could not be found.

And finally I get

Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.

Thoughts?  Since symantec is referenced, so I just reinstall Endpoint.
0
 

Author Closing Comment

by:JLEmlet
ID: 33720028
Thank you for your help.  I was able to get everything back online.  I think I still have an issue with my other DC, but will post a separate question for that.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question