Problem related to Domain controller 2008 in our local network

Hello Experts,

Sub:-  Problem related to Domain controller 2008 in our local network

Currently I am using 10.30.30.0/23 that's means 510 cleint's are available in our network.

But in future, We will using around 200 client systems in our network.

So, I will decided to reconfigured our network to 10.30.30.0/22.  

If I reconfigured  my network my domain controller is not work properly.

What should I do.Please provide me the solution ASAP.

Kind Regards,
Ravi Pratap



Ravi SinghAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JamesSenior Cloud Infrastructure EngineerCommented:
Your Domain Controller is doing DHCP. If you are reconfiguring your Network and you the deleting the DHCP Scope and creating a new one? This would be the best way of doing it. Then create the scope options and exclusions for the static systems such as your Domain Controller.
JamesSenior Cloud Infrastructure EngineerCommented:
It would also be advisable to reboot your Domain Controller after such configurations are made.
Darius GhassemCommented:
You need to make changes to your Domain Controller's IP address as well. Once you have changed these settings you need to run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

JamesSenior Cloud Infrastructure EngineerCommented:
@dariusq rebooting the server will flush the dns cache. Also, in my comment I said to create exclusions.
Darius GhassemCommented:
JBond I wasn't talking about exclusions. What if the author never changed the IP address of the DC to the correct subnet or IP Scheme? Second you should NOT have to reboot a Domain Controller there are commands that should be run instead.

JamesSenior Cloud Infrastructure EngineerCommented:
If he creates a new scope essentially he will be creating a new ip address schema for the Server. This why I suggested rebooting the Server.
JamesSenior Cloud Infrastructure EngineerCommented:
@dariusq Rebooting the Server would be the easiest for the Author and he mightn't be familar with the commands.
Darius GhassemCommented:
I posted the commands rebooting a Domain Controller with improper IP Scheme could cause the DC not to be able to login in anymore. Again you should never reboot a DC unless you have tried all other solutions because there is a possibility it will not come backup properly.

If you he creates a new scope this will not automatically change the Domain Controller's IP Scheme within the TCP\IP properties. If the subnet and network has been changed for the clients and network then the Domain Controller's TCP\IP configuration should be changed as well.
JamesSenior Cloud Infrastructure EngineerCommented:
@Dariusaq I think your confusing the senario here and you are not understanding of my comments.
Ravi SinghAuthor Commented:
Hello Guru,

Currentlly I am using static tcp/ip pool in my network and no dhcp server is running in my domain controller with 10.30.30.0/23

And in future I want change my domain controller preferred IP address on 10.30.30.0/22

Is it possible to reconfigure domain controller 2008 IP address(in which DNS is configured).

Kind Regards,
Ravi Pratap

 
Darius GhassemCommented:
Yes, that is fine you would need to change the TCP\IP just make sure you change the DNS server IP address as well.

Run ipconfig /flushdns
ipconfig /registerdns
dcdiag /fix

You will be good to go after that.
Ravi SinghAuthor Commented:
Dear Genius,

Current TCP/IP configuration of Domain controller in which DNS is configured

IP :- 10.x.x.x with subnet 255.255.255.254(23 bit)

and two ADC is already exits in my network

with 510 client in our live production network.


Proposed TCP/IP configuration of Domain controller
IP :- 10.x.x.x with subnet 255.255.252.0( on 22 bit)

After reconfigured the proposed TCP/IP setting will nslookup and active directory works properly.

Waiting for your quick response.

Kind Regards,
Ravi Pratap


Darius GhassemCommented:
Yes all will work as long as you run commands above
Glen KnightCommented:
Dariusg is absolutely right there is no need to restated a domain controller when changing it's IP address.

Jbond2010 > what if it's the only DC and it's servicing clients on your network? 20-30 minutes to reboot is acceptable?? My guess is 5 minutes would be better.

Step 1 > Change IP & Subnet
Step 2 > Restarting Netligon Service
Step 3 > run DCDIAG /FIX
Step 4 > run NETDIAG /FIX

You might want to run IPCONFIG /REGISTERDNS followed by IPCONFIG /FLUSHDNS just to make sure.

Then it should bs A OK!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ravi SinghAuthor Commented:
Dear All,

I will going to to change our dc ip and subnet as well as our network from 10.x.x.x/23 to 10.x.x.x/22

And the process of changing IP and subnet of DC after the network upgradation of my firewall,pix and router.

I will forward the proposed solution of DC ip address and subnet mask to my Manager and once they approved.

I will go ahead with the proposed solution.So please threat this question as active basis.

Thanks for your great support.

Ravi Pratap
Darius GhassemCommented:
Ravi SinghAuthor Commented:
Thanks a lot Genius

Definately I have forward these document to my manager for approval.

Kind Regards,
Ravi Pratap
 
Ravi SinghAuthor Commented:
Hello Genius,

I have made all the changes as suggested by you but still nslookup is not working on DC and shows the messages
request time out:- 2 sec
Default server :- unknown
IP :- New with different subnet.

Kind Regards,
Ravi Pratap

       
Glen KnightCommented:
Do you have a reverse lookup zone configured for the new IP range in your internal DNS?
Ravi SinghAuthor Commented:
Yes genius

I have a reverse lookup zone configured in internal DNS.

Kind Regards,
Ravi Pratap
Glen KnightCommented:
Can you post NETDIAG results from your DC please?
Ravi SinghAuthor Commented:
Dear Genius,

Please find the netdiag result of DC is below mentioned :-

C:\Users\Administrator>netdiag

....................................

    Computer Name: WIN-7CQ0IOPK93W
    DNS Host Name: WIN-7CQ0IOPK93W.iservices.com
    System info : Windows Server (R) 2008 Standard (Build 6001)
    Processor : x86 Family 6 Model 23 Stepping 10, GenuineIntel
    Hotfixes : none detected


Netcard queries test . . . . . . . : Passed
    GetStats failed for 'isatap.{92EC1AF0-1390-468D-9FA3-F1C9E1A7B9A1}'. [ERROR_
GEN_FAILURE]



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : WIN-7CQ0IOPK93W
        IP Address . . . . . . . . : 10.30.180.22
        Subnet Mask. . . . . . . . : 255.255.252.0
        Default Gateway. . . . . . : 10.30.180.1
        Dns Servers. . . . . . . . : 10.30.180.22


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Failed
            No gateway reachable for this adapter.

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{92EC1AF0-1390-468D-9FA3-F1C9E1A7B9A1}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Failed

    [FATAL] NO GATEWAYS ARE REACHABLE.
    You have no connectivity to other network segments.
    If you configured the IP protocol manually then
    you need to add at least one valid gateway.


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.30.180.22
'.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{92EC1AF0-1390-468D-9FA3-F1C9E1A7B9A1}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{92EC1AF0-1390-468D-9FA3-F1C9E1A7B9A1}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Failed
        Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_
FOUND]


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Users\Administrator>



Glen KnightCommented:
Have you changed the subnet on the gateway device?
Ravi SinghAuthor Commented:
Genius,

Forward lookup host records of DC has been updated but reverse lookup zone records not updated .

Kind Regards.
Ravi Pratap

Glen KnightCommented:
My name is demazter, the Genius is simply my rank in this zone.

have you re-created the reverse lookup since your IP range change? As you are changing the mask the forward lookup zone will be different.
Ravi SinghAuthor Commented:
dcdiag result

C:\Users\Administrator>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\WIN-7CQ0IOPK93W
      Starting test: Connectivity
         ......................... WIN-7CQ0IOPK93W passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\WIN-7CQ0IOPK93W
      Starting test: Replications
         ......................... WIN-7CQ0IOPK93W passed test Replications
      Starting test: NCSecDesc
         ......................... WIN-7CQ0IOPK93W passed test NCSecDesc
      Starting test: NetLogons
         ......................... WIN-7CQ0IOPK93W passed test NetLogons
      Starting test: Advertising
         ......................... WIN-7CQ0IOPK93W passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... WIN-7CQ0IOPK93W passed test KnowsOfRoleHolder
s
      Starting test: RidManager
         ......................... WIN-7CQ0IOPK93W passed test RidManager
      Starting test: MachineAccount
         ......................... WIN-7CQ0IOPK93W passed test MachineAccount
      Starting test: Services
         ......................... WIN-7CQ0IOPK93W passed test Services
      Starting test: ObjectsReplicated
         ......................... WIN-7CQ0IOPK93W passed test ObjectsReplicated

      Starting test: frssysvol
         ......................... WIN-7CQ0IOPK93W passed test frssysvol
      Starting test: frsevent
         ......................... WIN-7CQ0IOPK93W passed test frsevent
      Starting test: kccevent
         ......................... WIN-7CQ0IOPK93W passed test kccevent
      Starting test: systemlog
         ......................... WIN-7CQ0IOPK93W passed test systemlog
      Starting test: VerifyReferences
         ......................... WIN-7CQ0IOPK93W passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : iservices
      Starting test: CrossRefValidation
         ......................... iservices passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... iservices passed test CheckSDRefDom

   Running enterprise tests on : iservices.com
      Starting test: Intersite
         ......................... iservices.com passed test Intersite
      Starting test: FsmoCheck
         ......................... iservices.com passed test FsmoCheck

C:\Users\Administrator>




Glen KnightCommented:
I don't need DCDIAG results, can you answer the above questions please?
Ravi SinghAuthor Commented:
And nslookup results are :-

C:\Users\Administrator>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
Address:  10.30.180.22

>
Ravi SinghAuthor Commented:
ok you want to change the reverse zone manually on my DC as new IP

Glen KnightCommented:
I would suggest you remove the reverse DNS zone and re-create it.
Ravi SinghAuthor Commented:
OK demazter,

I do that on my DC and update you shortely.

Kind Regards,
Ravi Pratap
Ravi SinghAuthor Commented:
Dear Demazter,

I have reconfigured the reverse lookup zone.

And after that nslookup is working fine on my DC.

Thanks a lot Genius

But one thing more what about my 512 cleints machine and two ADC they working fine with New DC IP or I need to rejoin to domain.

Kind Regards,
Ravi Pratap
Glen KnightCommented:
There should be absolutely no need to rejoin them to the domain.
Ravi SinghAuthor Commented:
OK Demazter fine

IF i Need further more assistance how shall I contact you related to other problem.

Kind Regards,
Ravi Pratap


Ravi SinghAuthor Commented:
Execellent suggestion

I do this all steps on virtual machine same scenario.

And I will do all steps on my live network on coming next week.

Thanks a lot  Expert/Genius

KInd Regards,
Ravi Pratap
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.