dcpromo doesnt setup DNS on new 2003 server
Help Experts!
I've run dcpromo on a new member server for a new branch office.
I successfully joined the domain, set iit to a fixed IP and installed DNS. dcpromo seems to work, but the DNS Forward Lookup Zones dont get filled in.
I can see that the system has put the Server into the right SItes & services site and it's been put in the Domain COntrollers OU in AD users and Computers. I can ping the main office server and vis-versa.
Looking at the DNS Event Logs, I can see an Event IF:800 notice saying
===The zone <subnet>.in-addr.arpa is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates.====
Looking at the DNS console, there is no forward lookup zone but one reverse lookup zone for the main sites subnet. I also get a NTFrs error 13508
=The File Replication Service is having trouble enabling replication from \\MainOfficeServer.mydomai
Following are some of the reasons you would see this warning.
1] FRS can not correctly resolve the DNS name \\MainOfficeServer.mydomai
[2] FRS is not running on \\MainOfficeServer.mydomai
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. . =
I'd really appreciate help in fixing this.
I've run dcpromo on a new member server for a new branch office.
I successfully joined the domain, set iit to a fixed IP and installed DNS. dcpromo seems to work, but the DNS Forward Lookup Zones dont get filled in.
I can see that the system has put the Server into the right SItes & services site and it's been put in the Domain COntrollers OU in AD users and Computers. I can ping the main office server and vis-versa.
Looking at the DNS Event Logs, I can see an Event IF:800 notice saying
===The zone <subnet>.in-addr.arpa is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates.====
Looking at the DNS console, there is no forward lookup zone but one reverse lookup zone for the main sites subnet. I also get a NTFrs error 13508
=The File Replication Service is having trouble enabling replication from \\MainOfficeServer.mydomai
Following are some of the reasons you would see this warning.
1] FRS can not correctly resolve the DNS name \\MainOfficeServer.mydomai
[2] FRS is not running on \\MainOfficeServer.mydomai
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. . =
I'd really appreciate help in fixing this.
- on your branchoffice server, check if the primany DNS server in TCP/IP properties is set to target the mainofficeserver (at least for the moment).
- on your mainofficeserver, open dns console and check the replication topology (all dns servers in the domain, the forest, all dc in the domain), is the zone integrated to AD or not, is accept secure or non-secure updates?
- on your mainofficeserver, open dns console and check the replication topology (all dns servers in the domain, the forest, all dc in the domain), is the zone integrated to AD or not, is accept secure or non-secure updates?
ASKER
Thanks for your comments. Yes I agree it's a DNS issue.
This is a DC for a new branch and so yes there are 2 DCs running DNS at the main site. I have already set the first DNS entry on the Branch Server to one of the 2 Main site DCs and set the second to itself.
THe zone is AD integrated What shoud the Secure/non-secure update setting be? I'll check the zones on the master DNS server for the topology. ANything specific to look for?
I dont understand this error as I've done this at 4 other sites exacly the same way and it worked fine.
This is a DC for a new branch and so yes there are 2 DCs running DNS at the main site. I have already set the first DNS entry on the Branch Server to one of the 2 Main site DCs and set the second to itself.
THe zone is AD integrated What shoud the Secure/non-secure update setting be? I'll check the zones on the master DNS server for the topology. ANything specific to look for?
I dont understand this error as I've done this at 4 other sites exacly the same way and it worked fine.
it can probably be due to a replication latency, or the DC not yet registered as a replication partner for the DNS NC (if integrated to AD).
you can run a repadmin /showrepl command to see if each NC is correctly replicated.
personaly i think this error isn't really one and you could skip it. but we can perform some checks to be sure. you can also run dcdiag on your dc.
you can run a repadmin /showrepl command to see if each NC is correctly replicated.
personaly i think this error isn't really one and you could skip it. but we can perform some checks to be sure. you can also run dcdiag on your dc.
ASKER
Tasmant, I've just logged in again to try out your suggestions and the DNS zones look to be populated.
The repadmin /showrepl commend gives a list of inbound Neighbors and shows link at 12:56 todaqy to the Mian site DC being successful. see attachment.
DCDiag shows successful on all tests.
Normally I promote a DC and the DNS gets updated within a few mins, I did the server around 4pm yesterday and it still didnt have zones in the DNS 12pm last night!
Is there any further check just to be sure?
Should I wait anylonger before switchin the DNS settings on the TCO box of the server so it points to itself first, then the main DC?
Cheers
John
The repadmin /showrepl commend gives a list of inbound Neighbors and shows link at 12:56 todaqy to the Mian site DC being successful. see attachment.
DCDiag shows successful on all tests.
Normally I promote a DC and the DNS gets updated within a few mins, I did the server around 4pm yesterday and it still didnt have zones in the DNS 12pm last night!
Is there any further check just to be sure?
Should I wait anylonger before switchin the DNS settings on the TCO box of the server so it points to itself first, then the main DC?
Cheers
John
C:\>repadmin /showrepl
repadmin running command /showrepl against server localhost
BrandhSite\BranchServerName
DC Options: (none)
Site Options: (none)
DC object GUID: 3ec1fcf8-fe0f-4c04-8f09-83dfe6b06aea
DC invocationID: 51796e6b-f9b0-428c-9642-42f7b0ea6d9f
==== INBOUND NEIGHBORS ======================================
DC=thedomain,DC=local
MainSite\MainDC via RPC
DC object GUID: 184c1286-15b0-4f43-be29-b4c27450d7a3
Last attempt @ 2011-03-04 12:56:53 was successful.
CN=Configuration,DC=thedomain,DC=local
MainSite\MainDC via RPC
DC object GUID: 184c1286-15b0-4f43-be29-b4c27450d7a3
Last attempt @ 2011-03-04 12:56:53 was successful.
CN=Schema,CN=Configuration,DC=thedomain,DC=local
MainSite\MainDC via RPC
DC object GUID: 184c1286-15b0-4f43-be29-b4c27450d7a3
Last attempt @ 2011-03-04 12:56:53 was successful.
DC=DomainDnsZones,DC=thedomain,DC=local
MainSite\MainDC via RPC
DC object GUID: 184c1286-15b0-4f43-be29-b4c27450d7a3
Last attempt @ 2011-03-04 12:56:53 was successful.
DC=ForestDnsZones,DC=thedomain,DC=local
MainSite\MainDC via RPC
DC object GUID: 184c1286-15b0-4f43-be29-b4c27450d7a3
Last attempt @ 2011-03-04 12:56:53 was successful.
C:\>ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Zones are AD integrated and set to secure updates only
that's fine
ASKER
Theres some weird bits in the enterprise check but I think they warrant another question.
THanks for the info, the check info is really appreciated.
Cheers.
THanks for the info, the check info is really appreciated.
Cheers.
Have a nice week-end ;)
Set 2 DNS entries in your TCP/IP settings, the first to your other DC and the second to the server you are working with.