sglee
asked on
setup backup DNS server
Hi,
I have SBS2011 Server running DNS server and like to create a backup DNS server on a separate 2008 server box.
Can someone give me step by step instructions?
Thanks.
I have SBS2011 Server running DNS server and like to create a backup DNS server on a separate 2008 server box.
Can someone give me step by step instructions?
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you can allow and exception to that port on your firewall on the SBS also disble or allow that port aswell on the DC that your running DCpromo on.
if you have a good router/firewall, I would disable the firewalls on both the SBS and DC to elevate any replication issues.
if you have a good router/firewall, I would disable the firewalls on both the SBS and DC to elevate any replication issues.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is NOT on SBS20011. I am trying to set up windows 2008 std (not R2) as backup domain controller. I have no firewall either on the router or this w2008 server.
ASKER
Here is the result of "netstat -ano -p TCP" where port number 389 was found.
Where do I go from here?
TCP 127.0.0.1:389 127.0.0.1:49193 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:49346 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:57626 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:57627 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:57749 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:57750 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:57876 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:57877 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58163 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58164 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58271 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58272 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58402 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58403 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58512 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58513 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58778 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58779 ESTABLISHED 1328
Where do I go from here?
TCP 127.0.0.1:389 127.0.0.1:49193 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:49346 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:57626 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:57627 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:57749 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:57750 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:57876 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:57877 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58163 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58164 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58271 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58272 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58402 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58403 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58512 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58513 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58778 ESTABLISHED 1328
TCP 127.0.0.1:389 127.0.0.1:58779 ESTABLISHED 1328
You match the PID (1328) to whatever is the process name as I mentioned in my previous post. Basically what we're trying to do is determine what software is using port 389. Once found you can decide whether it's something you need or not.
But I can almost definitely tell you that it is related to the having the AD LDS role installed. You don't by any chance have VMware vCenter installed on this machine do you?
But I can almost definitely tell you that it is related to the having the AD LDS role installed. You don't by any chance have VMware vCenter installed on this machine do you?
ASKER
"You don't by any chance have VMware vCenter installed on this machine do you?" --> I am glad you asked. Yes. I have VMWare ESXi V5 and Windows 2008 Std. Server is one of the Virtual Machines. I should have mentioned it in my original posting. Sorry about that.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Let me repeat what you are saying.
I am experiencing this error because I am trying to set up this W2008 Server as domain controller within VMWare server?
I am experiencing this error because I am trying to set up this W2008 Server as domain controller within VMWare server?
What I said was that you can't have vCenter installed on the same OS as a domain controller (apparently). Going back through posts, I asked if you had this installed, and you said yes. But maybe you only meant that you have a host running VMware, and on that host you have the guest VM running 2008.
So, to clarify, I'll ask, is the vCenter software installed on this guest VM? If not, what other software is installed on it?
So, to clarify, I'll ask, is the vCenter software installed on this guest VM? If not, what other software is installed on it?
ASKER
OK, so that's where the block comes from. Not really from vCenter itself, but when you install it it adds the AD LDS role, and that's the one that using port 389 and blocking the install of AD DS.
So we're back to the 3 options that I mentioned before.
So we're back to the 3 options that I mentioned before.
ASKER
OK. If the only reason I get this error is because VCenter, then I can un-install it from this W2008 and install it on another W2008 VM (with no VCenter). I don't have to run VCenter from this Windows 2008/Virtual Machine.
OK. Sounds good. Not sure if the uninstall will automatically remove the AD LDS role, you may have to remove it manually.
ASKER
OK. I uninstalled every role ever installed on this W2008 Server. Restarted the server and it showed no roll installed. I am going to follow the suggestions below and post any questions.
"The process is simple. Install the OS. Add the Active Directory Domain Services role. On the installation results page click the link to run DCPromo. Choose the option to add a DC to an existing domain. You will have the option to install DNS as an additional option (selected by by default). Set a static IP for the machine if you haven't already done so.
Here's a link with more info.
http://technet.microsoft.com/en-us/library/cc753720%28v=ws.10%29.aspx
You won't need to make any change to your DNS settings. It will all be AD-integrated so you won't have to mess around with zone transfers or anything. The DNS zones will show up on your new server as soon as the data is replicated over, which should happen very quickly.
Afterwards, on the SBS you should open the DHCP console and edit the option for DNS servers and add the IP for the new server."
"The process is simple. Install the OS. Add the Active Directory Domain Services role. On the installation results page click the link to run DCPromo. Choose the option to add a DC to an existing domain. You will have the option to install DNS as an additional option (selected by by default). Set a static IP for the machine if you haven't already done so.
Here's a link with more info.
http://technet.microsoft.com/en-us/library/cc753720%28v=ws.10%29.aspx
You won't need to make any change to your DNS settings. It will all be AD-integrated so you won't have to mess around with zone transfers or anything. The DNS zones will show up on your new server as soon as the data is replicated over, which should happen very quickly.
Afterwards, on the SBS you should open the DHCP console and edit the option for DNS servers and add the IP for the new server."
ASKER
OK. I completed creating new domain controller on this Win2008 Server. I attached post installation screen shots in WORD document and can you tell me if all looks good here?
DomainControllerServiceWizard.doc
DomainControllerServiceWizard.doc
Didn't see anything that screamed at me. You can use either 127.0.0.1 or the actual IP of the VM as the secondary DNS server. Both will do the same thing. Some people recommend to put itself as primary and another DNS server as secondary, but the latest recommendations from Microsoft are to do the reverse. You may even see itself as the secondary, and 127.0.0.1 as the tertiary.
I assume you got past the first warning message that you posted. DHCP looks good.
You should now be able to open the DNS console on either machine and see all the records. Let me know if this is not the case.
I assume you got past the first warning message that you posted. DHCP looks good.
You should now be able to open the DNS console on either machine and see all the records. Let me know if this is not the case.
ASKER
I checked DNS on both SBS2011 and new DC and they all look the same to me.
I also ran IPCONFIG /RENEW and it added an IP address of new DC:
-------------------------- ---------- ---------- ---------- ---------- ---------- ----------
IP Address. . . . . . . . . . . . : 192.168.1.179
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.9
DNS Servers . . . . . . . . . . . : 192.168.1.9
192.168.1.3
-------------------------- ---------- ---------- ---------- ---------- ---------- ----------
Thanks for your help and let me close the case now.
I also ran IPCONFIG /RENEW and it added an IP address of new DC:
--------------------------
IP Address. . . . . . . . . . . . : 192.168.1.179
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.9
DNS Servers . . . . . . . . . . . : 192.168.1.9
192.168.1.3
--------------------------
Thanks for your help and let me close the case now.
Thanks. It's also always a good idea (IMO) to run DCDIAG and DCDIAG /TEST:DNS on both machines after a setting up a new domain controller.
Simple to use and reliable