Solved

AD integrated DNS not working after transitioning domain controller from Server 2003 to Server 2008 R2

Posted on 2011-02-20
18
2,423 Views
Last Modified: 2012-05-11
I've promoted a new Server 2008 R2 server to a domain controller (single forest domain).  My old domain controller is Server 2003 and will be decommissioned once this problem is solved.  It is also my DNS and DHCP.  Now DNS is Active Directory integrated and has replicated to my new domain controller, but for some reason doesn't work.  Any clients I point to the Svr2008 DNS doesn't resolve hosts.

Here's what I've done thus far:

-Added new Svr2008 to the domain.
-Prepped domain with adprep (forest and domain)
-Promoted Svr2008 to Domain Controller and installed AD DS.
-Transferred all FSMO roles to new Svr2008 and made Svr2008 a Global Catalog Server as well. (both new and old servers are GC Servers)
-Confirmed Replication between two domain controllers.

I'm looking at the DNS role on the Svr2008 and it shows all my zones replicated.  My main zone looks like this:

-domain.local
    -_msdcs
    -_sites
    -_tcp
    -_udp
    -_domaindnszones
    -_forstdnszones

Open in new window



My Events Viewer summary for DNS isn't showing any errors at the moment.  I have a single client pointing to this DNS server but it cannot resolve anything.  My OLD DNS is still up and running for now and I have a new DHCP scope thats waiting to be activate with the new DNS server address for my clients.

The only thing I can see that is a problem is my Best Practices Analyzer has a single error:
Title:
DNS: Zone _msdcs.domain.local is an Active Directory integrated DNS Zone and must be available.

Severity:
Error

Date:
2/20/2011 11:41:21 AM

Category:
Configuration

Issue:
The Active Directory integrated DNS zone _msdcs.domain.local was not found.

Impact:
DNS queries for the Active Directory integrated zone _msdcs.domain.local might fail.

Resolution:
Restore the Active Directory integrated DNS zone _msdcs.domain.local.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=189238

Open in new window


_msdcs does exist but as a subzone of my main domain zone.  I'm not sure what the problem is.  What am I missing?  THANKS!
0
Comment
Question by:DrPcKen
  • 13
  • 5
18 Comments
 
LVL 41

Expert Comment

by:Amit
ID: 34938116
Check replication is working properly or not.

Some troubleshooting KB
http://support.microsoft.com/kb/824449
0
 
LVL 1

Author Comment

by:DrPcKen
ID: 34938224
Summary of troubleshooting:
I ran dcdiag /test:dns on my Srv2003 machine
         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: domain.local
               Svr2003                      PASS PASS PASS PASS WARN PASS n/a

         ......................... domain.local passed test DNS

Open in new window


The Warning for Dyn is  
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure
domain.local.

Open in new window



I also ran dcdiag /test:dns on my new Srv2008 and got the following:
               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record i
n zone domain.local

               Svr2008                          PASS PASS PASS PASS WARN PASS n/a
         ......................... domain.local passed test DNS

Open in new window


Moving through more troubleshooting steps now.
0
 
LVL 1

Author Comment

by:DrPcKen
ID: 34938255
Ok I think the whole problem has to do with the fact that my _msdcs is a subzone of my main domain.local zone.  Is it possible to  'move' it or delete it and recreate it as a main zone?

Apparently in Win2000 it is suppose to be a subzone, but in 2003 and up it is suppose to be its own zone.
0
 
LVL 1

Author Comment

by:DrPcKen
ID: 34938418
Ok I ran dcdiag /a on my Svr2008 and here are the results.  I'm not sure if the problem is what I mentioned above or maybe a server time error.
Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = Svr2008

   * Identified AD Forest. 
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Domain\Svr2003

      Starting test: Connectivity

         ......................... Svr2003 passed test Connectivity

   
   Testing server: Domain\Svr2008

      Starting test: Connectivity

         ......................... Svr2008 passed test Connectivity



Doing primary tests

   
   Testing server: Domain\Svr2003

      Starting test: Advertising

         Warning: Svr2003 is not advertising as a time server.

         ......................... Svr2003 failed test Advertising

      Starting test: FrsEvent

         ......................... Svr2003 passed test FrsEvent

      Starting test: DFSREvent

         ......................... Svr2003 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... Svr2003 passed test SysVolCheck

      Starting test: KccEvent

         ......................... Svr2003 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... Svr2003 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... Svr2003 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... Svr2003 passed test NCSecDesc

      Starting test: NetLogons

         ......................... Svr2003 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... Svr2003 passed test ObjectsReplicated

      Starting test: Replications

         ......................... Svr2003 passed test Replications

      Starting test: RidManager

         ......................... Svr2003 passed test RidManager

      Starting test: Services

            Invalid service type: RpcSs on Svr2003, current value

            WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS

         ......................... Svr2003 failed test Services

      Starting test: SystemLog

         A warning event occurred.  EventID: 0x825A002F

            Time Generated: 02/20/2011   12:47:37

            (Event String (event log = System) could not be retrieved, error

            0x13d)

         An error event occurred.  EventID: 0xC25A001D

            Time Generated: 02/20/2011   12:47:37

            (Event String (event log = System) could not be retrieved, error

            0x13d)

         ......................... Svr2003 failed test SystemLog

      Starting test: VerifyReferences

         ......................... Svr2003 passed test VerifyReferences

   
   Testing server: Domain\Svr2008

      Starting test: Advertising

         ......................... Svr2008 passed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems. 
         ......................... Svr2008 passed test FrsEvent

      Starting test: DFSREvent

         ......................... Svr2008 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... Svr2008 passed test SysVolCheck

      Starting test: KccEvent

         ......................... Svr2008 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... Svr2008 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... Svr2008 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... Svr2008 passed test NCSecDesc

      Starting test: NetLogons

         ......................... Svr2008 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... Svr2008 passed test ObjectsReplicated

      Starting test: Replications

         ......................... Svr2008 passed test Replications

      Starting test: RidManager

         ......................... Svr2008 passed test RidManager

      Starting test: Services

         ......................... Svr2008 passed test Services

      Starting test: SystemLog

         ......................... Svr2008 passed test SystemLog

      Starting test: VerifyReferences

         ......................... Svr2008 passed test VerifyReferences

   
   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : domain

      Starting test: CheckSDRefDom

         ......................... domain passed test

         CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... domain passed test

         CrossRefValidation

   
   Running enterprise tests on : domain.local

      Starting test: LocatorCheck

         ......................... domain.local passed test

         LocatorCheck

      Starting test: Intersite

         Doing intersite inbound replication test on site Default-Site: 
         ......................... domain.local passed test

         Intersite

Open in new window

0
 
LVL 41

Expert Comment

by:Amit
ID: 34938677
Run DCDiag with /v and post it here
0
 
LVL 1

Author Comment

by:DrPcKen
ID: 34938744
this is off the 2008 server.

Host names are as follows:
PDC = New 2008 server
PXE-PDC = old 2003 server

http://pastebin.com/C6V5eQs5


Thank you!
0
 
LVL 41

Expert Comment

by:Amit
ID: 34938771
Thanks for posting the details.

I can see lot of disk write errors. Check hardware, where you have disk issue on 2008 server. I assume to due to disk write error, AD information is unable to replicate completly.

I encountered same issue in past and after disk issue was fixed, replication completed and all was back to normal.
0
 
LVL 41

Expert Comment

by:Amit
ID: 34938784
hey check one more this. Logs show

FRS is not running on pxe-pdc.domain.local.

Start the service. Let replication finish, then rerun the dcdiag again..
0
 
LVL 1

Author Comment

by:DrPcKen
ID: 34938832
I hope there isn't a disk issues, it is a brand new server.  I do see this in ADDS Event Viewer.

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          2/20/2011 11:15:19 AM
Event ID:      1539
Task Category: Service Control
Level:         Warning
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      pdc.domain.local
Description:
Active Directory Domain Services could not disable the software-based disk write cache on the following hard disk.
 
Hard disk:
d:
 
Data might be lost during system failures.

Could that be the problem?  I'll start FRS now.  THANK YOU FOR LOOKING AT THIS!!
0
 
LVL 41

Accepted Solution

by:
Amit earned 400 total points
ID: 34938874
0
 
LVL 1

Author Comment

by:DrPcKen
ID: 34938877
Hmm FRS was running on PXE-PDC.  I checked on PDC also and it is on there too.  Restarted them both.  Here's new dcdiag log:

http://pastebin.com/LYyWZUiU

Oh and don't worrya bout the MATRIX site, I need to remove it once I get all this working. We dont' use that site anymore.
0
 
LVL 1

Author Comment

by:DrPcKen
ID: 34938918
Ok let me run some disk checks.  Thank you!!!
0
 
LVL 1

Author Comment

by:DrPcKen
ID: 34939007
I think it has to do with enabling write cache on the disks and I'm not able to turn it off.  Let me work on it more.

Thank you for pointing me in the right direction!
0
 
LVL 1

Author Comment

by:DrPcKen
ID: 34939585
Ok I FINALLY got write cache turned off (long story).  Can you look through my dcdiag now and tell me what you see? I've looked but you might see something I don't.  DNS on new server still isn't working.  AGAIN ignore the Matrix site in the log. THanks!!

http://tinypaste.com/67d59

Oh and how can I purge old events from showing up in the dcdiag /v?  it is still showing old event errors even though i cleared the log.
0
 
LVL 1

Author Comment

by:DrPcKen
ID: 34939626
Also, I found event iD 2088 in the event viewer of the server2003 domain controller

Alternate server name:
 pdc
Failing DNS host name:
 cd30c224-fe86-49b9-a8a8-38b678662240._msdcs.domain.local


I'm convinced that it has something to do with the _msdcs zone as a subzone of the main zone, but I'm not sure how to fix it.
0
 
LVL 1

Author Comment

by:DrPcKen
ID: 34939990
If it helps at all, all clients pointing to my new domain controller can resolve hostnames internally.  Just not anything on the net.
0
 
LVL 1

Assisted Solution

by:DrPcKen
DrPcKen earned 0 total points
ID: 34947924
Ok so I found the problem.  Turns out there was no Pointer record for my New server in the reverse lookup zone.  

0
 
LVL 1

Author Closing Comment

by:DrPcKen
ID: 34986616
Helped me narrow down my issue with the hard disks.
0

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now