Link to home
Start Free TrialLog in
Avatar of DrPcKen
DrPcKen

asked on

AD integrated DNS not working after transitioning domain controller from Server 2003 to Server 2008 R2

I've promoted a new Server 2008 R2 server to a domain controller (single forest domain).  My old domain controller is Server 2003 and will be decommissioned once this problem is solved.  It is also my DNS and DHCP.  Now DNS is Active Directory integrated and has replicated to my new domain controller, but for some reason doesn't work.  Any clients I point to the Svr2008 DNS doesn't resolve hosts.

Here's what I've done thus far:

-Added new Svr2008 to the domain.
-Prepped domain with adprep (forest and domain)
-Promoted Svr2008 to Domain Controller and installed AD DS.
-Transferred all FSMO roles to new Svr2008 and made Svr2008 a Global Catalog Server as well. (both new and old servers are GC Servers)
-Confirmed Replication between two domain controllers.

I'm looking at the DNS role on the Svr2008 and it shows all my zones replicated.  My main zone looks like this:

-domain.local
    -_msdcs
    -_sites
    -_tcp
    -_udp
    -_domaindnszones
    -_forstdnszones

Open in new window



My Events Viewer summary for DNS isn't showing any errors at the moment.  I have a single client pointing to this DNS server but it cannot resolve anything.  My OLD DNS is still up and running for now and I have a new DHCP scope thats waiting to be activate with the new DNS server address for my clients.

The only thing I can see that is a problem is my Best Practices Analyzer has a single error:
Title:
DNS: Zone _msdcs.domain.local is an Active Directory integrated DNS Zone and must be available.

Severity:
Error

Date:
2/20/2011 11:41:21 AM

Category:
Configuration

Issue:
The Active Directory integrated DNS zone _msdcs.domain.local was not found.

Impact:
DNS queries for the Active Directory integrated zone _msdcs.domain.local might fail.

Resolution:
Restore the Active Directory integrated DNS zone _msdcs.domain.local.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=189238

Open in new window


_msdcs does exist but as a subzone of my main domain zone.  I'm not sure what the problem is.  What am I missing?  THANKS!
Avatar of Amit
Amit
Flag of India image

Check replication is working properly or not.

Some troubleshooting KB
http://support.microsoft.com/kb/824449
Avatar of DrPcKen
DrPcKen

ASKER

Summary of troubleshooting:
I ran dcdiag /test:dns on my Srv2003 machine
         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: domain.local
               Svr2003                      PASS PASS PASS PASS WARN PASS n/a

         ......................... domain.local passed test DNS

Open in new window


The Warning for Dyn is  
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure
domain.local.

Open in new window



I also ran dcdiag /test:dns on my new Srv2008 and got the following:
               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record i
n zone domain.local

               Svr2008                          PASS PASS PASS PASS WARN PASS n/a
         ......................... domain.local passed test DNS

Open in new window


Moving through more troubleshooting steps now.
Avatar of DrPcKen

ASKER

Ok I think the whole problem has to do with the fact that my _msdcs is a subzone of my main domain.local zone.  Is it possible to  'move' it or delete it and recreate it as a main zone?

Apparently in Win2000 it is suppose to be a subzone, but in 2003 and up it is suppose to be its own zone.
Avatar of DrPcKen

ASKER

Ok I ran dcdiag /a on my Svr2008 and here are the results.  I'm not sure if the problem is what I mentioned above or maybe a server time error.
Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = Svr2008

   * Identified AD Forest. 
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Domain\Svr2003

      Starting test: Connectivity

         ......................... Svr2003 passed test Connectivity

   
   Testing server: Domain\Svr2008

      Starting test: Connectivity

         ......................... Svr2008 passed test Connectivity



Doing primary tests

   
   Testing server: Domain\Svr2003

      Starting test: Advertising

         Warning: Svr2003 is not advertising as a time server.

         ......................... Svr2003 failed test Advertising

      Starting test: FrsEvent

         ......................... Svr2003 passed test FrsEvent

      Starting test: DFSREvent

         ......................... Svr2003 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... Svr2003 passed test SysVolCheck

      Starting test: KccEvent

         ......................... Svr2003 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... Svr2003 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... Svr2003 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... Svr2003 passed test NCSecDesc

      Starting test: NetLogons

         ......................... Svr2003 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... Svr2003 passed test ObjectsReplicated

      Starting test: Replications

         ......................... Svr2003 passed test Replications

      Starting test: RidManager

         ......................... Svr2003 passed test RidManager

      Starting test: Services

            Invalid service type: RpcSs on Svr2003, current value

            WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS

         ......................... Svr2003 failed test Services

      Starting test: SystemLog

         A warning event occurred.  EventID: 0x825A002F

            Time Generated: 02/20/2011   12:47:37

            (Event String (event log = System) could not be retrieved, error

            0x13d)

         An error event occurred.  EventID: 0xC25A001D

            Time Generated: 02/20/2011   12:47:37

            (Event String (event log = System) could not be retrieved, error

            0x13d)

         ......................... Svr2003 failed test SystemLog

      Starting test: VerifyReferences

         ......................... Svr2003 passed test VerifyReferences

   
   Testing server: Domain\Svr2008

      Starting test: Advertising

         ......................... Svr2008 passed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems. 
         ......................... Svr2008 passed test FrsEvent

      Starting test: DFSREvent

         ......................... Svr2008 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... Svr2008 passed test SysVolCheck

      Starting test: KccEvent

         ......................... Svr2008 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... Svr2008 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... Svr2008 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... Svr2008 passed test NCSecDesc

      Starting test: NetLogons

         ......................... Svr2008 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... Svr2008 passed test ObjectsReplicated

      Starting test: Replications

         ......................... Svr2008 passed test Replications

      Starting test: RidManager

         ......................... Svr2008 passed test RidManager

      Starting test: Services

         ......................... Svr2008 passed test Services

      Starting test: SystemLog

         ......................... Svr2008 passed test SystemLog

      Starting test: VerifyReferences

         ......................... Svr2008 passed test VerifyReferences

   
   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : domain

      Starting test: CheckSDRefDom

         ......................... domain passed test

         CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... domain passed test

         CrossRefValidation

   
   Running enterprise tests on : domain.local

      Starting test: LocatorCheck

         ......................... domain.local passed test

         LocatorCheck

      Starting test: Intersite

         Doing intersite inbound replication test on site Default-Site: 
         ......................... domain.local passed test

         Intersite

Open in new window

Run DCDiag with /v and post it here
Avatar of DrPcKen

ASKER

this is off the 2008 server.

Host names are as follows:
PDC = New 2008 server
PXE-PDC = old 2003 server

http://pastebin.com/C6V5eQs5


Thank you!
Thanks for posting the details.

I can see lot of disk write errors. Check hardware, where you have disk issue on 2008 server. I assume to due to disk write error, AD information is unable to replicate completly.

I encountered same issue in past and after disk issue was fixed, replication completed and all was back to normal.
hey check one more this. Logs show

FRS is not running on pxe-pdc.domain.local.

Start the service. Let replication finish, then rerun the dcdiag again..
Avatar of DrPcKen

ASKER

I hope there isn't a disk issues, it is a brand new server.  I do see this in ADDS Event Viewer.

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          2/20/2011 11:15:19 AM
Event ID:      1539
Task Category: Service Control
Level:         Warning
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      pdc.domain.local
Description:
Active Directory Domain Services could not disable the software-based disk write cache on the following hard disk.
 
Hard disk:
d:
 
Data might be lost during system failures.

Could that be the problem?  I'll start FRS now.  THANK YOU FOR LOOKING AT THIS!!
ASKER CERTIFIED SOLUTION
Avatar of Amit
Amit
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of DrPcKen

ASKER

Hmm FRS was running on PXE-PDC.  I checked on PDC also and it is on there too.  Restarted them both.  Here's new dcdiag log:

http://pastebin.com/LYyWZUiU

Oh and don't worrya bout the MATRIX site, I need to remove it once I get all this working. We dont' use that site anymore.
Avatar of DrPcKen

ASKER

Ok let me run some disk checks.  Thank you!!!
Avatar of DrPcKen

ASKER

I think it has to do with enabling write cache on the disks and I'm not able to turn it off.  Let me work on it more.

Thank you for pointing me in the right direction!
Avatar of DrPcKen

ASKER

Ok I FINALLY got write cache turned off (long story).  Can you look through my dcdiag now and tell me what you see? I've looked but you might see something I don't.  DNS on new server still isn't working.  AGAIN ignore the Matrix site in the log. THanks!!

http://tinypaste.com/67d59

Oh and how can I purge old events from showing up in the dcdiag /v?  it is still showing old event errors even though i cleared the log.
Avatar of DrPcKen

ASKER

Also, I found event iD 2088 in the event viewer of the server2003 domain controller

Alternate server name:
 pdc
Failing DNS host name:
 cd30c224-fe86-49b9-a8a8-38b678662240._msdcs.domain.local


I'm convinced that it has something to do with the _msdcs zone as a subzone of the main zone, but I'm not sure how to fix it.
Avatar of DrPcKen

ASKER

If it helps at all, all clients pointing to my new domain controller can resolve hostnames internally.  Just not anything on the net.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of DrPcKen

ASKER

Helped me narrow down my issue with the hard disks.