Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1013
  • Last Modified:

DNS Setting for 2 active directory servers

    I am tring to provide redundancy to our domin by installing another domain controller.  We currently have a Windows 2003 DC that is functioning properly (as far as I can tell).  I have added a Windows server 2008 R2 server, joined it to the domain, activated the DNS role, and then activated domain services.  Everything seems to be OK - no error during install, active directory users and computers are visible; however it seems that the new domain controller is not discoverable on the network (maybe DNS issue?).  I run dcdiag /test:registerindns /dnsdomain:FQDN /v and I get this:

Starting test: RegisterInDNS
      This domain controller cannot register domain controller Locator DNS
      records. This is because it cannot locate a DNS server authoritative for
      the zone FQDN. This is due to one of the following:

      1. One or more DNS servers involved in the name resolution of the FQDN
      name are not responding or contain incorrect delegation of the DNS zones;

      2. The DNS server that this computer is configured with contains
      incorrect root hints.

      The list of such DNS servers might include the DNS servers with which
      this computer is configured for name resolution and the DNS servers
      responsible for the following zones: FQDN

      Verify the correctness of the specified domain name and contact your
      network/DNS administrator to fix the problem.

      You can also manually add the records specified in the
      %systemroot%\system32\config\netlogon.dns file.

I see some suggestions to fix the issue, but could really use a more basic/direct example of what needs to be done or a better way to determine the root of the problem.  Any help is greatly appreciated.

4 Solutions
How you are trying to access R2 server? Is it by doing \\server name...If yes. It is an indication of Secure Channel Broken. Try to reset using MS KB article. (If not) Then try this enable Netbios option over Network Interface on both the servers and restart TCP/IP Netbios service from services.msc. Make sure R2 is pointing to itself for DNS and PDC for secondary DNS.

Krzysztof PytkoActive Directory EngineerCommented:

what do you mean by saying [...]joined it to the domain, activated the DNS role, and then activated domain services[...]

I understood it that you installed DNS role and Active Directory: Domain Services role only. That doen't make your server Domain Controller. You need to use DCPROMO to make it working.

Please follow an artilce on my blog how to do that at

after that everything should work fine.

Did you perform "DCPROMO" on 2008R2 to promote it as DC? I hope, you are aware that apart from AD DS role installation you need use DCPROMO too. You may use "netdom query dc" to verify the available DCs in network.

Post "ipconfig /all" of each DC or ensure the following:
1. Each DC / DNS server points to its private IP address as primary DNS server and other internal DNS servers as secondary ones
2. Each DC has just one IP address and one network adapter is enabled.
3. Contact your ISP and get valid DNS IPs from them and add it in to the forwarders, Do not set public DNS server in TCP/IP setting.
4. Once you are done, run "ipconfig /flushdns & ipconfig /registerdns", restart DNS and NETLOGON service each DC.

Once you are done with above run "dcdiag /q" on each and post result.
blkburnAuthor Commented:
I did run DCPROMO on the new DC - I think the issue here is more DNS related.  Anyway, I was able to do some testing over the weekend and the new DC appears to be functional.  I'll work on these dcdiag issues and let you know when I find a fix.  Thanks for all the suggestions.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now