DrPcKen
asked on
AD integrated DNS not working after transitioning domain controller from Server 2003 to Server 2008 R2
I've promoted a new Server 2008 R2 server to a domain controller (single forest domain). My old domain controller is Server 2003 and will be decommissioned once this problem is solved. It is also my DNS and DHCP. Now DNS is Active Directory integrated and has replicated to my new domain controller, but for some reason doesn't work. Any clients I point to the Svr2008 DNS doesn't resolve hosts.
Here's what I've done thus far:
-Added new Svr2008 to the domain.
-Prepped domain with adprep (forest and domain)
-Promoted Svr2008 to Domain Controller and installed AD DS.
-Transferred all FSMO roles to new Svr2008 and made Svr2008 a Global Catalog Server as well. (both new and old servers are GC Servers)
-Confirmed Replication between two domain controllers.
I'm looking at the DNS role on the Svr2008 and it shows all my zones replicated. My main zone looks like this:
My Events Viewer summary for DNS isn't showing any errors at the moment. I have a single client pointing to this DNS server but it cannot resolve anything. My OLD DNS is still up and running for now and I have a new DHCP scope thats waiting to be activate with the new DNS server address for my clients.
The only thing I can see that is a problem is my Best Practices Analyzer has a single error:
_msdcs does exist but as a subzone of my main domain zone. I'm not sure what the problem is. What am I missing? THANKS!
Here's what I've done thus far:
-Added new Svr2008 to the domain.
-Prepped domain with adprep (forest and domain)
-Promoted Svr2008 to Domain Controller and installed AD DS.
-Transferred all FSMO roles to new Svr2008 and made Svr2008 a Global Catalog Server as well. (both new and old servers are GC Servers)
-Confirmed Replication between two domain controllers.
I'm looking at the DNS role on the Svr2008 and it shows all my zones replicated. My main zone looks like this:
-domain.local
-_msdcs
-_sites
-_tcp
-_udp
-_domaindnszones
-_forstdnszones
My Events Viewer summary for DNS isn't showing any errors at the moment. I have a single client pointing to this DNS server but it cannot resolve anything. My OLD DNS is still up and running for now and I have a new DHCP scope thats waiting to be activate with the new DNS server address for my clients.
The only thing I can see that is a problem is my Best Practices Analyzer has a single error:
Title:
DNS: Zone _msdcs.domain.local is an Active Directory integrated DNS Zone and must be available.
Severity:
Error
Date:
2/20/2011 11:41:21 AM
Category:
Configuration
Issue:
The Active Directory integrated DNS zone _msdcs.domain.local was not found.
Impact:
DNS queries for the Active Directory integrated zone _msdcs.domain.local might fail.
Resolution:
Restore the Active Directory integrated DNS zone _msdcs.domain.local.
More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=189238
_msdcs does exist but as a subzone of my main domain zone. I'm not sure what the problem is. What am I missing? THANKS!
ASKER
Summary of troubleshooting:
I ran dcdiag /test:dns on my Srv2003 machine
The Warning for Dyn is
I also ran dcdiag /test:dns on my new Srv2008 and got the following:
Moving through more troubleshooting steps now.
I ran dcdiag /test:dns on my Srv2003 machine
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: domain.local
Svr2003 PASS PASS PASS PASS WARN PASS n/a
......................... domain.local passed test DNS
The Warning for Dyn is
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure
domain.local.
I also ran dcdiag /test:dns on my new Srv2008 and got the following:
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record i
n zone domain.local
Svr2008 PASS PASS PASS PASS WARN PASS n/a
......................... domain.local passed test DNS
Moving through more troubleshooting steps now.
ASKER
Ok I think the whole problem has to do with the fact that my _msdcs is a subzone of my main domain.local zone. Is it possible to 'move' it or delete it and recreate it as a main zone?
Apparently in Win2000 it is suppose to be a subzone, but in 2003 and up it is suppose to be its own zone.
Apparently in Win2000 it is suppose to be a subzone, but in 2003 and up it is suppose to be its own zone.
ASKER
Ok I ran dcdiag /a on my Svr2008 and here are the results. I'm not sure if the problem is what I mentioned above or maybe a server time error.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Svr2008
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Domain\Svr2003
Starting test: Connectivity
......................... Svr2003 passed test Connectivity
Testing server: Domain\Svr2008
Starting test: Connectivity
......................... Svr2008 passed test Connectivity
Doing primary tests
Testing server: Domain\Svr2003
Starting test: Advertising
Warning: Svr2003 is not advertising as a time server.
......................... Svr2003 failed test Advertising
Starting test: FrsEvent
......................... Svr2003 passed test FrsEvent
Starting test: DFSREvent
......................... Svr2003 passed test DFSREvent
Starting test: SysVolCheck
......................... Svr2003 passed test SysVolCheck
Starting test: KccEvent
......................... Svr2003 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... Svr2003 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... Svr2003 passed test MachineAccount
Starting test: NCSecDesc
......................... Svr2003 passed test NCSecDesc
Starting test: NetLogons
......................... Svr2003 passed test NetLogons
Starting test: ObjectsReplicated
......................... Svr2003 passed test ObjectsReplicated
Starting test: Replications
......................... Svr2003 passed test Replications
Starting test: RidManager
......................... Svr2003 passed test RidManager
Starting test: Services
Invalid service type: RpcSs on Svr2003, current value
WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS
......................... Svr2003 failed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x825A002F
Time Generated: 02/20/2011 12:47:37
(Event String (event log = System) could not be retrieved, error
0x13d)
An error event occurred. EventID: 0xC25A001D
Time Generated: 02/20/2011 12:47:37
(Event String (event log = System) could not be retrieved, error
0x13d)
......................... Svr2003 failed test SystemLog
Starting test: VerifyReferences
......................... Svr2003 passed test VerifyReferences
Testing server: Domain\Svr2008
Starting test: Advertising
......................... Svr2008 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... Svr2008 passed test FrsEvent
Starting test: DFSREvent
......................... Svr2008 passed test DFSREvent
Starting test: SysVolCheck
......................... Svr2008 passed test SysVolCheck
Starting test: KccEvent
......................... Svr2008 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... Svr2008 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... Svr2008 passed test MachineAccount
Starting test: NCSecDesc
......................... Svr2008 passed test NCSecDesc
Starting test: NetLogons
......................... Svr2008 passed test NetLogons
Starting test: ObjectsReplicated
......................... Svr2008 passed test ObjectsReplicated
Starting test: Replications
......................... Svr2008 passed test Replications
Starting test: RidManager
......................... Svr2008 passed test RidManager
Starting test: Services
......................... Svr2008 passed test Services
Starting test: SystemLog
......................... Svr2008 passed test SystemLog
Starting test: VerifyReferences
......................... Svr2008 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : domain
Starting test: CheckSDRefDom
......................... domain passed test
CheckSDRefDom
Starting test: CrossRefValidation
......................... domain passed test
CrossRefValidation
Running enterprise tests on : domain.local
Starting test: LocatorCheck
......................... domain.local passed test
LocatorCheck
Starting test: Intersite
Doing intersite inbound replication test on site Default-Site:
......................... domain.local passed test
Intersite
Run DCDiag with /v and post it here
ASKER
this is off the 2008 server.
Host names are as follows:
PDC = New 2008 server
PXE-PDC = old 2003 server
http://pastebin.com/C6V5eQs5
Thank you!
Host names are as follows:
PDC = New 2008 server
PXE-PDC = old 2003 server
http://pastebin.com/C6V5eQs5
Thank you!
Thanks for posting the details.
I can see lot of disk write errors. Check hardware, where you have disk issue on 2008 server. I assume to due to disk write error, AD information is unable to replicate completly.
I encountered same issue in past and after disk issue was fixed, replication completed and all was back to normal.
I can see lot of disk write errors. Check hardware, where you have disk issue on 2008 server. I assume to due to disk write error, AD information is unable to replicate completly.
I encountered same issue in past and after disk issue was fixed, replication completed and all was back to normal.
hey check one more this. Logs show
FRS is not running on pxe-pdc.domain.local.
Start the service. Let replication finish, then rerun the dcdiag again..
FRS is not running on pxe-pdc.domain.local.
Start the service. Let replication finish, then rerun the dcdiag again..
ASKER
I hope there isn't a disk issues, it is a brand new server. I do see this in ADDS Event Viewer.
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDi rectory_Do mainServic e
Date: 2/20/2011 11:15:19 AM
Event ID: 1539
Task Category: Service Control
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: pdc.domain.local
Description:
Active Directory Domain Services could not disable the software-based disk write cache on the following hard disk.
Hard disk:
d:
Data might be lost during system failures.
Could that be the problem? I'll start FRS now. THANK YOU FOR LOOKING AT THIS!!
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDi
Date: 2/20/2011 11:15:19 AM
Event ID: 1539
Task Category: Service Control
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: pdc.domain.local
Description:
Active Directory Domain Services could not disable the software-based disk write cache on the following hard disk.
Hard disk:
d:
Data might be lost during system failures.
Could that be the problem? I'll start FRS now. THANK YOU FOR LOOKING AT THIS!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hmm FRS was running on PXE-PDC. I checked on PDC also and it is on there too. Restarted them both. Here's new dcdiag log:
http://pastebin.com/LYyWZUiU
Oh and don't worrya bout the MATRIX site, I need to remove it once I get all this working. We dont' use that site anymore.
http://pastebin.com/LYyWZUiU
Oh and don't worrya bout the MATRIX site, I need to remove it once I get all this working. We dont' use that site anymore.
ASKER
Ok let me run some disk checks. Thank you!!!
ASKER
I think it has to do with enabling write cache on the disks and I'm not able to turn it off. Let me work on it more.
Thank you for pointing me in the right direction!
Thank you for pointing me in the right direction!
ASKER
Ok I FINALLY got write cache turned off (long story). Can you look through my dcdiag now and tell me what you see? I've looked but you might see something I don't. DNS on new server still isn't working. AGAIN ignore the Matrix site in the log. THanks!!
http://tinypaste.com/67d59
Oh and how can I purge old events from showing up in the dcdiag /v? it is still showing old event errors even though i cleared the log.
http://tinypaste.com/67d59
Oh and how can I purge old events from showing up in the dcdiag /v? it is still showing old event errors even though i cleared the log.
ASKER
Also, I found event iD 2088 in the event viewer of the server2003 domain controller
Alternate server name:
pdc
Failing DNS host name:
cd30c224-fe86-49b9-a8a8-38 b678662240 ._msdcs.do main.local
I'm convinced that it has something to do with the _msdcs zone as a subzone of the main zone, but I'm not sure how to fix it.
Alternate server name:
pdc
Failing DNS host name:
cd30c224-fe86-49b9-a8a8-38
I'm convinced that it has something to do with the _msdcs zone as a subzone of the main zone, but I'm not sure how to fix it.
ASKER
If it helps at all, all clients pointing to my new domain controller can resolve hostnames internally. Just not anything on the net.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Helped me narrow down my issue with the hard disks.
Some troubleshooting KB
http://support.microsoft.com/kb/824449