static ip machines unable to log on to second DC

raffie613
raffie613 used Ask the Experts™
on
I have two DC. I want to replace the one that currently holds the FSMO roles so I wanted to transfer them to my other DC. However, before I did that, I tried to just change the static DNS ip on a few machines, and they were no longer able to log onto the domain, untill I changed their static Ip in DNS back to the main DC ip.

Is there something in the DNS setting I should look for on the second DC? I think I made it a secondary zone when I put DNS on there. would that make any difference?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2011

Commented:
Make DNS AD integrated. Check to make sure replication is working.  Do the following:
Repadmin /showrepls

Author

Commented:
How do I make it intergrated?
replication looks to be working as all the host A records are showing up in DNS forward lookup zone on the second DC.

Author

Commented:
where should I run the Repadmin /showrepls command? just in the command prompt on the second dc?
Top Expert 2011

Commented:
Yes, on both DCs.  Is the dNS1 ad integrated? It will tell u in the properties

Author

Commented:
results from Repadmin /showrepls

Camnt01 (older server with FSMO roles)
 
C:\WINNT\Profiles\rroleson>repadmin /showreps
Default-First-Site-Name\CAMNT01
DC Options: IS_GC
Site Options: (none)
DC object GUID: 56b2097b-f894-4efe-a1b1-582380714278
DC invocationID: 56b2097b-f894-4efe-a1b1-582380714278
 
==== INBOUND NEIGHBORS ======================================
 
DC=compcams,DC=com
    Default-First-Site-Name\COMP2003 via RPC
        DC object GUID: 65c1370e-1606-4c50-ad8f-b5947a69a72d
        Last attempt @ 2011-08-04 13:15:14 failed, result 8614 (0x21a6):
            The Active Directory cannot replicate with this server because the t
ime since the last replication with this server has exceeded the tombstone lifet
ime.
        4141 consecutive failure(s).
        Last success @ 2011-03-07 07:15:05.
    Default-First-Site-Name\CAM20 via RPC
        DC object GUID: 2f13132d-3e15-4319-90fa-6dfb79836005
        Last attempt @ 2011-08-04 13:35:24 was successful.
 
CN=Configuration,DC=compcams,DC=com
    Default-First-Site-Name\COMP2003 via RPC
        DC object GUID: 65c1370e-1606-4c50-ad8f-b5947a69a72d
        Last attempt @ 2011-08-04 12:48:50 was successful.
    Default-First-Site-Name\CAM20 via RPC
        DC object GUID: 2f13132d-3e15-4319-90fa-6dfb79836005
        Last attempt @ 2011-08-04 13:33:12 was successful.
 
CN=Schema,CN=Configuration,DC=compcams,DC=com
    Default-First-Site-Name\CAM20 via RPC
        DC object GUID: 2f13132d-3e15-4319-90fa-6dfb79836005
        Last attempt @ 2011-08-04 12:48:50 was successful.
    Default-First-Site-Name\COMP2003 via RPC
        DC object GUID: 65c1370e-1606-4c50-ad8f-b5947a69a72d
        Last attempt @ 2011-08-04 12:48:50 failed, result 8614 (0x21a6):
            The Active Directory cannot replicate with this server because the t
ime since the last replication with this server has exceeded the tombstone lifet
ime.
        3598 consecutive failure(s).
        Last success @ 2011-03-07 06:59:51.
 
DC=DomainDnsZones,DC=compcams,DC=com
    Default-First-Site-Name\CAM20 via RPC
        DC object GUID: 2f13132d-3e15-4319-90fa-6dfb79836005
        Last attempt @ 2011-08-04 13:21:10 was successful.
 
DC=ForestDnsZones,DC=compcams,DC=com
    Default-First-Site-Name\CAM20 via RPC
        DC object GUID: 2f13132d-3e15-4319-90fa-6dfb79836005
        Last attempt @ 2011-08-04 12:48:51 was successful.
 
Source: Default-First-Site-Name\COMP2003
******* 4141 CONSECUTIVE FAILURES since 2011-03-07 07:15:05
Last error: 8614 (0x21a6):
            The Active Directory cannot replicate with this server because the t
ime since the last replication with this server has exceeded the tombstone lifet
ime.
 
 
CAM20
 
 
C:\Documents and Settings\rroleson>"C:\Program Files (x86)\Windows Resource Kits
\Tools\FRSDiag\repadmin.exe" /showreps
Default-First-Site-Name\CAM20
DSA Options : IS_GC
objectGuid  : 2f13132d-3e15-4319-90fa-6dfb79836005
invocationID: eca1f271-850c-4bd8-b8dc-2131d40a12d1
 
==== INBOUND NEIGHBORS ======================================
 
DC=compcams,DC=com
    Default-First-Site-Name\COMP2003 via RPC
        objectGuid: 65c1370e-1606-4c50-ad8f-b5947a69a72d
        Last attempt @ 2011-08-04 13:28.29 failed, result 1722:
            The RPC server is unavailable.
        Last success @ 2011-03-07 07:15.38.
        14730 consecutive failure(s).
    Default-First-Site-Name\CAMNT01 via RPC
        objectGuid: 56b2097b-f894-4efe-a1b1-582380714278
        Last attempt @ 2011-08-04 13:40.26 was successful.
 
CN=Configuration,DC=compcams,DC=com
    Default-First-Site-Name\COMP2003 via RPC
        objectGuid: 65c1370e-1606-4c50-ad8f-b5947a69a72d
        Last attempt @ 2011-08-04 13:28.50 failed, result 1722:
            The RPC server is unavailable.
        Last success @ 2011-08-04 13:13.08.
        1 consecutive failure(s).
    Default-First-Site-Name\CAMNT01 via RPC
        objectGuid: 56b2097b-f894-4efe-a1b1-582380714278
        Last attempt @ 2011-08-04 13:33.33 was successful.
 
CN=Schema,CN=Configuration,DC=compcams,DC=com
    Default-First-Site-Name\CAMNT01 via RPC
        objectGuid: 56b2097b-f894-4efe-a1b1-582380714278
        Last attempt @ 2011-08-04 13:28.50 was successful.
    Default-First-Site-Name\COMP2003 via RPC
        objectGuid: 65c1370e-1606-4c50-ad8f-b5947a69a72d
        Last attempt @ 2011-08-04 13:29.11 failed, result 1722:
            The RPC server is unavailable.
        Last success @ 2011-03-07 07:15.38.
        14417 consecutive failure(s).
 
DC=DomainDnsZones,DC=compcams,DC=com
    Default-First-Site-Name\CAMNT01 via RPC
        objectGuid: 56b2097b-f894-4efe-a1b1-582380714278
        Last attempt @ 2011-08-04 13:29.11 was successful.
 
DC=ForestDnsZones,DC=compcams,DC=com
    Default-First-Site-Name\CAMNT01 via RPC
        objectGuid: 56b2097b-f894-4efe-a1b1-582380714278
        Last attempt @ 2011-08-04 13:29.11 was successful.
 
==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
 
DC=compcams,DC=com
    Default-First-Site-Name\COMP2003 via RPC
        objectGuid: 65c1370e-1606-4c50-ad8f-b5947a69a72d
    Default-First-Site-Name\CAMNT01 via RPC
        objectGuid: 56b2097b-f894-4efe-a1b1-582380714278
 
CN=Configuration,DC=compcams,DC=com
    Default-First-Site-Name\CAMNT01 via RPC
        objectGuid: 56b2097b-f894-4efe-a1b1-582380714278
    Default-First-Site-Name\COMP2003 via RPC
        objectGuid: 65c1370e-1606-4c50-ad8f-b5947a69a72d
 
CN=Schema,CN=Configuration,DC=compcams,DC=com
    Default-First-Site-Name\CAMNT01 via RPC
        objectGuid: 56b2097b-f894-4efe-a1b1-582380714278
    Default-First-Site-Name\COMP2003 via RPC
        objectGuid: 65c1370e-1606-4c50-ad8f-b5947a69a72d
 
DC=DomainDnsZones,DC=compcams,DC=com
    Default-First-Site-Name\CAMNT01 via RPC
        objectGuid: 56b2097b-f894-4efe-a1b1-582380714278
 
DC=ForestDnsZones,DC=compcams,DC=com
    Default-First-Site-Name\CAMNT01 via RPC
        objectGuid: 56b2097b-f894-4efe-a1b1-582380714278
 

Author

Commented:
The cam2003 server is an old DC that we are going to force remove so you can ignore that. The one I am trying to get to work right is the cam20. that has DNS on it.
Top Expert 2011

Commented:
You do have replication errors.  Do a dcdiag /v/f:dcdiag1.txt on both DCs and attach the files? Name the second one dcdiag2.txt  
Top Expert 2011

Commented:
Just read your last message.  Do me a dcdiag for the new server

Author

Commented:
but the replication errors are for a dc that I am getting rid of and has supassed the tomebstone records for replication. that is the cam2003.

The cam20 is the one I want to be the main DNS and FSMO controller but is having the issue.
Sandesh DubeyTechnical Lead
Top Expert 2011

Commented:
As the server has reached the tombstone it will not replicate.The only solution is to demote and promote the DC.

As you have mentioned that you are planning to remove the old DC which is holding the role,you need to do the forceful demotion as the server has reached tombstone lifetime.You cannot transfer the roles,you need to sieze the role on other DC.

Once you sieze the role on other DC and do forcefully demotion of old DC,you need to ran metadata cleanup on other DC to remove the instances of old DC from the Server.

Note:Before carrying out any activity on the DC take the systemstate backup of both the DC.

Author

Commented:
Sandeshdubey:
I am aware of that issue for that old DC.
This is a different issue with the FSMO DC and the new server that is running DNS, but that will not allow workstations to log into the domain with it being their primary DNS server.
Thanks.
Sandesh DubeyTechnical Lead
Top Expert 2011

Commented:
For the new server ran dcdiag /q and repamin /replsum on both fsmo role holder DC and new Server and post the log this will give clear picture.

Author

Commented:
here is the dcdiag output from the server I want to make the FSMO
dcdiag-cam20.txt
Technical Lead
Top Expert 2011
Commented:
CAM20 has not replicated with COMP2003 as the latency is over the Tombstone Lifetime of 60 days!

As you have mentioned that if you point the client to CAM20 they cannot login.

As the Server CAM20 has reached the tombstone lifetime demote it and promote it back.

Normal demotion of CAM20 is not possible you have to demote the server forcefully.

Ran metadata cleanup on server COMP2003 which is the current FSMO role holder server to remove the instance of server CAM20.

Once done you can promote the Server CAM20 again as a DC.After the replication between the DC is done you can transfer the role from server COMP2003 to CAM20 .

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial