DNS Setting for 2 active directory servers

Posted on 2011-10-26
Last Modified: 2012-05-12
    I am tring to provide redundancy to our domin by installing another domain controller.  We currently have a Windows 2003 DC that is functioning properly (as far as I can tell).  I have added a Windows server 2008 R2 server, joined it to the domain, activated the DNS role, and then activated domain services.  Everything seems to be OK - no error during install, active directory users and computers are visible; however it seems that the new domain controller is not discoverable on the network (maybe DNS issue?).  I run dcdiag /test:registerindns /dnsdomain:FQDN /v and I get this:

Starting test: RegisterInDNS
      This domain controller cannot register domain controller Locator DNS
      records. This is because it cannot locate a DNS server authoritative for
      the zone FQDN. This is due to one of the following:

      1. One or more DNS servers involved in the name resolution of the FQDN
      name are not responding or contain incorrect delegation of the DNS zones;

      2. The DNS server that this computer is configured with contains
      incorrect root hints.

      The list of such DNS servers might include the DNS servers with which
      this computer is configured for name resolution and the DNS servers
      responsible for the following zones: FQDN

      Verify the correctness of the specified domain name and contact your
      network/DNS administrator to fix the problem.

      You can also manually add the records specified in the
      %systemroot%\system32\config\netlogon.dns file.

I see some suggestions to fix the issue, but could really use a more basic/direct example of what needs to be done or a better way to determine the root of the problem.  Any help is greatly appreciated.

Question by:blkburn
    LVL 9

    Accepted Solution

    How you are trying to access R2 server? Is it by doing \\server name...If yes. It is an indication of Secure Channel Broken. Try to reset using MS KB article. (If not) Then try this enable Netbios option over Network Interface on both the servers and restart TCP/IP Netbios service from services.msc. Make sure R2 is pointing to itself for DNS and PDC for secondary DNS.
    LVL 39

    Assisted Solution

    by:Krzysztof Pytko

    what do you mean by saying [...]joined it to the domain, activated the DNS role, and then activated domain services[...]

    I understood it that you installed DNS role and Active Directory: Domain Services role only. That doen't make your server Domain Controller. You need to use DCPROMO to make it working.

    Please follow an artilce on my blog how to do that at

    after that everything should work fine.

    LVL 10

    Assisted Solution

    Did you perform "DCPROMO" on 2008R2 to promote it as DC? I hope, you are aware that apart from AD DS role installation you need use DCPROMO too. You may use "netdom query dc" to verify the available DCs in network.

    Post "ipconfig /all" of each DC or ensure the following:
    1. Each DC / DNS server points to its private IP address as primary DNS server and other internal DNS servers as secondary ones
    2. Each DC has just one IP address and one network adapter is enabled.
    3. Contact your ISP and get valid DNS IPs from them and add it in to the forwarders, Do not set public DNS server in TCP/IP setting.
    4. Once you are done, run "ipconfig /flushdns & ipconfig /registerdns", restart DNS and NETLOGON service each DC.

    Once you are done with above run "dcdiag /q" on each and post result.
    LVL 6

    Assisted Solution


    Author Comment

    I did run DCPROMO on the new DC - I think the issue here is more DNS related.  Anyway, I was able to do some testing over the weekend and the new DC appears to be functional.  I'll work on these dcdiag issues and let you know when I find a fix.  Thanks for all the suggestions.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Connect to wifi using GPO 6 34
    IPV6 and AWS 3 26
    Script to change ad office attribute bulk 10 22
    Active Directory Recycle Bin 4 21
    Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
    I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
    This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now