Link to home
Create AccountLog in
Avatar of Filip Heens
Filip HeensFlag for Belgium

asked on

Adding a 2nd DC to a SBS 2008 fails

Hi When I try i dcpromo a Windows 2008R2 server as an extra DC in my SBS 2008 domain, it fails with this error.
"active directory domain services could not create the NTDS settings object for this Active Directory Domain Controller"
The first DC (the SBS server itself) has ip 192.168.59.10 the secondary server has ip 192.168.64.2.
There is nothing blocked on ip base (tcp and udp) we can ping from .64. to .59. and vice versa.
We can SMB connect from the .64. to the .59. server (there is only one) but not from the .59. to the .64. servers, we can connect from the .64. servers to each other.
I have also enabled a second nic on the server into a .28. subnet without a firewall in between and i can connect from any server in the .28. subnet onto the SBS server, but also not from the .28. nic from the SBS server onto any .28. server
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

You need to explain the problem better.

First, the SBS server does NOT support multiple NICs - you should not be enabling any second (or additional) NICs on the SBS server.

Next, why are you using 192.168.59.x and 192.168.64.x and where did this .28 subnet come into play? It would be helpful if you could create a small graphic (ms paint) to illustrate your network configuration and settings.
Avatar of Filip Heens

ASKER

Server 2 want to become secondary DC but it fails with the error "active directory domain services could not create the NTDS settings object for this Active Directory Domain Controller"
Server 2 and 3 are proparly booted into the domain via the firewall (so that should be ok + is checked and double checked several times) and can connect via SMB to Server 1
server 1 can't connect to server 2 or 3.

Server 4 is just a temporary test, because we can't connect from server 1 to any other server via SMB, and wanted to excluded the firewall. The secondary nic with the testip is also disabled directly after the test, so that can't give any problems (the ip is also not in the dnsserver...)

correct-drawing.pdf
Disable all NICs except one NIC. Make sure the NIC has the DNS settings pointing to your existing DCs.

Did you run adprep to prep for Windows 2008 Server R2?

Run dcdiag on existing DCs to check health.
ther is only one nic enabled (the second was only for a test AFTER I tried everything else, it was disabeld directly after the test)
I did run the adprep /forestprep, adprep /domainprep, adprep /domainprep /gpprep, addprep /rodcprep all without errors
included the dcdiag from server 1 and 2
Server2 seems to have rpc errors, but I can't find out where, I can connect to server 1 from server 2 via \\server1\c$ server2.txt
server1.txt
Post ipconfig /all
ASKER CERTIFIED SOLUTION
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
the extra ipaddresses are neccessary for iis and different sites (host headers are no option here...)
all other NIC are disabled...
If the extra IPs are necessary for web sites, then I think you need another server - it's never a good idea to run a server in an unsupported configuration when there are clear options to do otherwise (not necessarily free options).
The overall problem is the multiple IP addresses running on one NIC.

There are NICs that are enabled that needed to be disabled

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected

Look over this link http://support.microsoft.com/kb/975808/EN-US
I think, i'm going to have to open a case with MS on monday... :(
Non of my other customers with similar environments have the same problem...
Understand, if you insist on using multiple IP addresses, MS may tell you it's unsupported in which case, they likely won't help.  Furthermore, sometimes, MS techs don't know what they are talking about... (I've had some horrible ones... and some great ones).  If you get the former, you could spend hours or days on this until they escalate it to someone who goes "multiple IPs on SBS?  That's not supported!" So I would suggest starting off by being completely honest and telling them up front you have multiple IPs and want to make sure this is a supported configuration before troubleshooting in further detail.  Otherwise, you could waste your time.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
No problemen I talk with them regulary (we certified partner and we get some calls in the package...) and they have provide me with great help most of the time. Sometimes just brainstorming with them is sufficient...
problem was solved by adding the 2nd, 3th and 4th ipadress to an extra nic and not on the first nic.
also don't let that nic publish it's ipadresses to the DNS server
So you can use multiple ipadresses on a DC, even with SBS. But you have to do a little trick.