Adding 2nd DC to Server R2 Existing Domain

That's nothing worrying if you install your first DNS server (DC + DNS). This is because server points to itself as DNS server. When you set up additional DNS server, first you have to be sure that you properly configured NIC settings of that new box. Check if you set up IP address in DNS section of your existing server. Then during promotion process you shouldn't see that message.

Regards,
Krzysztof

well on my new DC i am trying to add the DC role to it is not anything yet. No dns no nothing. So i have a static ip set and it of course is pointing for DNS to my #1 DC that also runs dns.

So you are saying this is why i am getting the message?

Should i cancel this wizard and set up DNS by itself then come back and run dcpromo?

No no, definitively you should point in DNS section to your existing DNS server. Then run dcpromo and follow with wizard. Make you new DC as DNS and Global Catalog server and don't worry, everything will be fine! :)

Regards,
Krzysztof

when the install is done do i set my new DC to look at itself for DNS then and list the other as its second choice?

Yes, just make sure that by "others", you don't mean external sources.

Yes, i meant by others as in my internal dns server which was the first DC on my domain till this one.

Set up NIC's properties in DNS section

Primary DNS IP address: current DC
Alternative DNS IP address: second DC

Do not configure external forwarders on new DC, only set up forwarders to old DC which contains external (probably ISP) DNS server. Then all unresolved queries from new DC's DNS will be redirected to old DC and it will send them to ISP's DNS server for the Internet access (I hope I wrote it clear ;) )

Additionally, modify option no. 006 in your DHCP server's scope. Add there second DNS IP address of your new DC

Regards,
Krzysztof

So, you are getting this error for a reason.

Check your DNS Console do you have a msdcs.domain.com zone? Do you have a domain.com zone with the msdcs folder grayed out?

Darius, yes i have all thse things you listed.

actually let me clarify darius. I have 2 of my own zones listed in dns. I do not see msdcs.domain.com in the root that holds all my zones.

However under my one zone i have a folder called msdsc and it is no greyed out.

Ok good so you have a domain.com or domain.local zone with the msdcs folder listed under this zone that is not grayed out, right?

You need to make sure that all DNS servers have this zone with this folder not being grayed out. Check your other DNS servers.

Yes, both servers have that folder not greyed out under my main domain name.

Good. Run dcdiag /fix

Do you have records in these folders?

Records of what? What am i looking for. Here is my dcdiag /fix.

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = VALDC2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\VALDC2
      Starting test: Connectivity
         ......................... VALDC2 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\VALDC2
      Starting test: Advertising
         ......................... VALDC2 passed test Advertising
      Starting test: FrsEvent
         ......................... VALDC2 passed test FrsEvent
      Starting test: DFSREvent
         ......................... VALDC2 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... VALDC2 passed test SysVolCheck
      Starting test: KccEvent
         ......................... VALDC2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... VALDC2 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... VALDC2 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=valmatic,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=valmatic,DC=com
         ......................... VALDC2 failed test NCSecDesc
      Starting test: NetLogons
         ......................... VALDC2 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... VALDC2 passed test ObjectsReplicated
      Starting test: Replications
         ......................... VALDC2 passed test Replications
      Starting test: RidManager
         ......................... VALDC2 passed test RidManager
      Starting test: Services
         ......................... VALDC2 passed test Services
      Starting test: SystemLog
         ......................... VALDC2 passed test SystemLog
      Starting test: VerifyReferences
         ......................... VALDC2 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : valmatic
      Starting test: CheckSDRefDom
         ......................... valmatic passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... valmatic passed test CrossRefValidation

   Running enterprise tests on : valmatic.com
      Starting test: LocatorCheck
         ......................... valmatic.com passed test LocatorCheck
      Starting test: Intersite
         ......................... valmatic.com passed test Intersite

well there are subfolders in those folders and a couple of cname entries.

You can safely discard the error on NCSecDesc, as that only has to do with using RODCs.  If you don't plan on using them, this is irrelevant.

Good that is what we are looking for now start the promotion process if you get the error stating it could not create the delegation record that is fine proceed

yeah no RODCs here. Thanks. Hopefully everyting is good. I guess i just have to turn off my main server when i have a chance and see if the second one can log people in and do dns to get to the web.

i did promote this one to a DC is there anyway to check that it is functioning as my backup.?

so if the first main dc i have that has every roles goes down, will this one not work unless i manually switch the roles?

If the server which contains the FSMO roles fails, you will have to seize the roles on another server.  It will continue to work in a diminished state before that is done, but not well.

so basically logons and dns requests will take a few minutes. Well that kind of stinks, i would think it is more streamed line since having multiples dcs is the usual? Should i balance the roles or do you see no benefit?

Thanks for the input Justin. I will take a look at those articles.