Promoted a server to DC but nothing in Sites and Services
I have added another 2003 DC to my domain, however I have noticed that in sites and services, the server has not shown up.
The users and computers shows all the up to date account information and gpo. Accounts appear to be authenticating to it. Everything seems to be ok except this.
So, here's the whole story. We are transitioning to a new subnet. our old subnet was 172.18.20.0/22. The new subnet that the servers will be on is 10.36.25.0/24
The old (Current) DC's are at 172.18.20.235 and 172.18.20.243
The new DC is 10.36.25.145
It did the DC Promo ok, and the clients on the new 10 network seem to be authenticating ok to the new DC, however now I want to make the new DC a global catalog and I want to start transferring FSMO roles to the new DC. If I pull up sites and services on any of the three domain controllers I only see reference to the original two machines on the 172 network.
Any advice on how I can get DC3 listed in sites and services and setup the appropriate replication with the other two boxes and make it a global catalog?
Everything is server 2003 r2 right now.
Thanks
The users and computers shows all the up to date account information and gpo. Accounts appear to be authenticating to it. Everything seems to be ok except this.
So, here's the whole story. We are transitioning to a new subnet. our old subnet was 172.18.20.0/22. The new subnet that the servers will be on is 10.36.25.0/24
The old (Current) DC's are at 172.18.20.235 and 172.18.20.243
The new DC is 10.36.25.145
It did the DC Promo ok, and the clients on the new 10 network seem to be authenticating ok to the new DC, however now I want to make the new DC a global catalog and I want to start transferring FSMO roles to the new DC. If I pull up sites and services on any of the three domain controllers I only see reference to the original two machines on the 172 network.
Any advice on how I can get DC3 listed in sites and services and setup the appropriate replication with the other two boxes and make it a global catalog?
Everything is server 2003 r2 right now.
Thanks
ASKER
NLTest does not run on the new DC, file not found
IF i run NLTest on DC2, I get two results:
nltest /server:DC2 /DSgetSiteCov
Shows me all the sites in the forest. A long list.
if I run
nltest /server:DC3 /DSgetSiteCov (which is the new DC that isnt in sites and services)
I get
DsGetDcSiteCoverage failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE
IF i run NLTest on DC2, I get two results:
nltest /server:DC2 /DSgetSiteCov
Shows me all the sites in the forest. A long list.
if I run
nltest /server:DC3 /DSgetSiteCov (which is the new DC that isnt in sites and services)
I get
DsGetDcSiteCoverage failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE
You are on two different subnets. They will not be able to communicate without a router. Right now, you have two domains on two subnets and some clients are seeing the NEW domain.
ASKER
It is a routed network, they can see eachother.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Very well:
If it's not showing up in AD Sites and Services, it doesn't sound like it promoted well into the domain. It sounds like it created a completely separate domain with the same domain name. Have you downloaded the server support tools and ran DCdiag /v to see if it recognizes the old PDCe as the FSMO role holder?
If it's not showing up in AD Sites and Services, it doesn't sound like it promoted well into the domain. It sounds like it created a completely separate domain with the same domain name. Have you downloaded the server support tools and ran DCdiag /v to see if it recognizes the old PDCe as the FSMO role holder?
ASKER
All have made excellent suggestions, I will work them all now and post results in a bit. Thanks again!
ASKER
ChiefIT: The new DC does see the old DCs and FSMO holders as they are. In addition, if I ping/nslookup the domain either netbios name or full name it responds with the original servers. I can also log into the server and map drives to all my old servers on the same subnet as the original PDC's.
When I run DCDiag /v it shows that the last time my server replicated with any of the other DC's in teh forest was on the 27th of September (Coincidentally when I did the dcpromo). The dcdiag /v was full of messages that indicated communication issues. The one that was able to capture that was most obvious to me was:
Sandeshdubey:
The DNS was not pointing to itself, rather it was pointing to the original DC/DNS on the 172 subnet. I have adjusted the primary dns to be 10.36.25.145 and set the dns forwarder to be the 172 dns server.
Now when I do a:
nltest /server:DC2 /DSgetSiteCov
I get a response, but not for any of my typical sitesI have in my forest, it has found a VPN portal at head office.
The other two servers when I issue that command get a list of about 25 sites, and none of them include the VPN portal. Strange.
I only have one NIC active at this time, no teaming, no firewall.
mkline71: The repadmin /replsummary is still running 16 minutes later. I will report the results.
When I run DCDiag /v it shows that the last time my server replicated with any of the other DC's in teh forest was on the 27th of September (Coincidentally when I did the dcpromo). The dcdiag /v was full of messages that indicated communication issues. The one that was able to capture that was most obvious to me was:
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
PDC Name: \\coecon00ad.mydomain.forest.com
Locator Flags: 0xe000017d
Time Server Name: \\coecon00ad.mydomain.forest.com
Locator Flags: 0xe000017d
Preferred Time Server Name: \\coecon01ad.mydomain.forest.com
Locator Flags: 0xe000017c
KDC Name: \\coecon01ad.mydomain.forest.com
Locator Flags: 0xe000017cSandeshdubey:
The DNS was not pointing to itself, rather it was pointing to the original DC/DNS on the 172 subnet. I have adjusted the primary dns to be 10.36.25.145 and set the dns forwarder to be the 172 dns server.
Now when I do a:
nltest /server:DC2 /DSgetSiteCov
I get a response, but not for any of my typical sitesI have in my forest, it has found a VPN portal at head office.
The other two servers when I issue that command get a list of about 25 sites, and none of them include the VPN portal. Strange.
I only have one NIC active at this time, no teaming, no firewall.
mkline71: The repadmin /replsummary is still running 16 minutes later. I will report the results.
ASKER
I dont know if this has anythign to do with it, but I found this:
The original site Mydomain has my two domain controllers, and when I look at hte properties of the site I see the subnets that I am used to.
I found my DC in another site associated to a VPN link, and when I look at the properties, it shows the entire 10 subnet. So, when I added my dc to the routed network, did the forest put it in that site automatically due to the subnet? And if so, how can I add my specific subnet to the mydomain site?
The original site Mydomain has my two domain controllers, and when I look at hte properties of the site I see the subnets that I am used to.
I found my DC in another site associated to a VPN link, and when I look at the properties, it shows the entire 10 subnet. So, when I added my dc to the routed network, did the forest put it in that site automatically due to the subnet? And if so, how can I add my specific subnet to the mydomain site?
Please provide:
DCdiag /test:DNS
You have DNS issues.
Are all of these servers set to be global catalogs? If not, please do so. I always recommend ALL domain servers as global catalog.
DCdiag /test:DNS
You have DNS issues.
Are all of these servers set to be global catalogs? If not, please do so. I always recommend ALL domain servers as global catalog.
One other thing:
Also go into your MMC console>>DNS snapin>> and see if you have any GREYED out MSDCS file folders:
A picture is worth a thousand words, so please look at this thread:
https://www.experts-exchange.com/questions/24349599/URGENT-MSDCS-records-registering-directly-under-FWD-lookup-zone-not-under-FQDN-name-space.html
Also go into your MMC console>>DNS snapin>> and see if you have any GREYED out MSDCS file folders:
A picture is worth a thousand words, so please look at this thread:
https://www.experts-exchange.com/questions/24349599/URGENT-MSDCS-records-registering-directly-under-FWD-lookup-zone-not-under-FQDN-name-space.html
ASKER
No greyed out itmes in DNS.
The DNS Test came as passed.
The site issue has been resolved and my new DC has been moved into the correct site, it shows on my current DC's but the new DC is not updating. It still believes it is in the VPN site.
My wan guy took a look a the rules associated to the new subnet and found some additional routing issues that he has now corrected.
All that being done it still was not updating. So, I did a repadmin /syncall /adep and that has been running nowfor 5 minutes with network errors.
CALLBACK MESSAGE: Error contacting server CN=NTDS Settings,CN=RIMDC1,CN=Serv
I was thinking about demoting the server and then attempting to re-promote it, however if the issue is with the wan then I think I will just orphan a bunch of records in my main domain controllers and create a different mess when I try to re-promote somethign that the primary domain thinks is still there.
There are some major changes to the network coming this weekend that will simplify routing and communications greatly internally to my facility, perhaps I will wait until then to see if that resolves the issue.
The DNS Test came as passed.
The site issue has been resolved and my new DC has been moved into the correct site, it shows on my current DC's but the new DC is not updating. It still believes it is in the VPN site.
My wan guy took a look a the rules associated to the new subnet and found some additional routing issues that he has now corrected.
All that being done it still was not updating. So, I did a repadmin /syncall /adep and that has been running nowfor 5 minutes with network errors.
CALLBACK MESSAGE: Error contacting server CN=NTDS Settings,CN=RIMDC1,CN=Serv
I was thinking about demoting the server and then attempting to re-promote it, however if the issue is with the wan then I think I will just orphan a bunch of records in my main domain controllers and create a different mess when I try to re-promote somethign that the primary domain thinks is still there.
There are some major changes to the network coming this weekend that will simplify routing and communications greatly internally to my facility, perhaps I will wait until then to see if that resolves the issue.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All good suggestions, but there was clearly a broken connection with the DCs. I demoted the new DC and re-promoted it once my site included the appropriate IP range and everything is working now.
On that server can you run
nltest /server:ServerName /DSgetSiteCov
What does that come back with?
Thanks
Mike