Solved

setup backup DNS server

Posted on 2012-03-09
23
431 Views
Last Modified: 2012-03-13
Hi,
  I have SBS2011 Server running DNS server and like to create a backup DNS server on a separate 2008 server box.
  Can someone give me step by step instructions?

Thanks.
0
Comment
Question by:sglee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 9
  • 2
  • +1
23 Comments
 
LVL 9

Assisted Solution

by:meko72
meko72 earned 125 total points
ID: 37703901
on the existing server, under 'namesrevers' tab, add the new name server.
on the existing server, under 'zone transfer' ensure that transers are permitted to only the servers on the name servers tab

on the new server, create a new secondary zone.
add the ip address of the current master server.

it should automatically replicate.

Also here is a technet Article  http://technet.microsoft.com/en-us/library/cc816885(v=ws.10).aspx
0
 
LVL 40

Assisted Solution

by:footech
footech earned 375 total points
ID: 37705735
If all you want to do is have a backup DNS, the advice from meko72 is good.  But if the SBS is your only domain controller, then I would recommend setting up your additional server as a DC and DNS server.  This will give you much better redundancy than just a second DNS.

The process is simple.  Install the OS.  Add the Active Directory Domain Services role.  On the installation results page click the link to run DCPromo.  Choose the option to add a DC to an existing domain.  You will have the option to install DNS as an additional option (selected by by default).  Set a static IP for the machine if you haven't already done so.
Here's a link with more info.
http://technet.microsoft.com/en-us/library/cc753720%28v=ws.10%29.aspx

You won't need to make any change to your DNS settings.  It will all be AD-integrated so you won't have to mess around with zone transfers or anything.  The DNS zones will show up on your new server as soon as the data is replicated over, which should happen very quickly.

Afterwards, on the SBS you should open the DHCP console and edit the option for DNS servers and add the IP for the new server.
0
 
LVL 14

Expert Comment

by:shahzoor
ID: 37706335
Use any third party imaging software like Acronis
Simple to use and reliable
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:sglee
ID: 37707069
Ldap 389 error
When I run Active Directory Domain Serviecs Installation Wizard, I get the above error.
0
 
LVL 9

Expert Comment

by:meko72
ID: 37707410
you can allow and exception to that port on your firewall on the SBS also disble or allow that port aswell on the DC that your running DCpromo on.
if you have a good router/firewall, I would disable the firewalls on both the SBS and DC to elevate any replication issues.
0
 
LVL 40

Assisted Solution

by:footech
footech earned 375 total points
ID: 37707643
Is this a new machine that you're trying to install the AD DS role on or is there other software installed on it?  Is the new OS 2008 or 2008 R2?  Any other roles already installed?
You can use a command like "netstat -ano -p TCP" to see if the machine is using TCP 389 (you could exclude the -p switch if you want to check UDP as well).  If you find an entry with that port, match the PID to the process name using Task Manager or Process Explorer.  Or you could use TCPView for a GUI which should show you all on one screen.
You could try opening the port manually on the new machine, but the install process should take care of configuring the firewall automatically if you're using Windows Firewall.  Are you running another firewall?  I don't believe there is any need to modify anything on the SBS.
0
 

Author Comment

by:sglee
ID: 37707746
This is NOT on SBS20011. I am trying to set up windows 2008 std (not R2) as backup domain controller. I have no firewall either on the router or this w2008 server.
0
 

Author Comment

by:sglee
ID: 37707782
roles currently installedHere is screenshot of roles currently installed
0
 

Author Comment

by:sglee
ID: 37707792
Here is the result of "netstat -ano -p TCP"  where port number 389 was found.
Where do I go from here?

  TCP    127.0.0.1:389          127.0.0.1:49193        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:49346        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:57626        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:57627        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:57749        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:57750        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:57876        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:57877        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:58163        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:58164        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:58271        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:58272        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:58402        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:58403        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:58512        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:58513        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:58778        ESTABLISHED     1328
  TCP    127.0.0.1:389          127.0.0.1:58779        ESTABLISHED     1328
0
 
LVL 40

Expert Comment

by:footech
ID: 37708011
You match the PID (1328) to whatever is the process name as I mentioned in my previous post.  Basically what we're trying to do is determine what software is using port 389.  Once found you can decide whether it's something you need or not.

But I can almost definitely tell you that it is related to the having the AD LDS role installed.  You don't by any chance have VMware vCenter installed on this machine do you?
0
 

Author Comment

by:sglee
ID: 37709656
"You don't by any chance have VMware vCenter installed on this machine do you?" --> I am glad you asked. Yes. I have VMWare ESXi V5 and Windows 2008 Std. Server is one of the Virtual Machines. I should have mentioned it in my original posting. Sorry about that.
0
 
LVL 40

Accepted Solution

by:
footech earned 375 total points
ID: 37711037
In that case, please read this link:
http://www.petenetlive.com/KB/Article/0000379.htm

I have little experience with VMware, but it looks like AD LS is required by vCenter, so it can not be installed on a domain controller.

So it looks like you either need to:
1) setup another machine as a DC
2) put vCenter on some other machine
3) abandon the thought of a second DC and just set up DNS
My personal preference would be to go with option 1 or 2, because of the advantages you get with having a second DC, but the choice is yours.
0
 

Author Comment

by:sglee
ID: 37711061
Let me repeat what you are saying.
I am experiencing this error because I am trying to set up this W2008 Server as domain controller within VMWare server?
0
 
LVL 40

Expert Comment

by:footech
ID: 37711474
What I said was that you can't have vCenter installed on the same OS as a domain controller (apparently).  Going back through posts, I asked if you had this installed, and you said yes.  But maybe you only meant that you have a host running VMware, and on that host you have the guest VM running 2008.

So, to clarify, I'll ask, is the vCenter software installed on this guest VM?  If not, what other software is installed on it?
0
 

Author Comment

by:sglee
ID: 37711574
VcenterOh... I understand your question now. Yes I have VCenter installed on this Windows 2008 STD that is at the same time a Virtual Machine.
0
 
LVL 40

Expert Comment

by:footech
ID: 37711672
OK, so that's where the block comes from.  Not really from vCenter itself, but when you install it it adds the AD LDS role, and that's the one that using port 389 and blocking the install of AD DS.

So we're back to the 3 options that I mentioned before.
0
 

Author Comment

by:sglee
ID: 37711708
OK. If the only reason I get this error is because VCenter, then I can un-install it from this W2008 and install it on another W2008 VM (with no VCenter). I don't have to run VCenter from this Windows 2008/Virtual Machine.
0
 
LVL 40

Expert Comment

by:footech
ID: 37711746
OK.  Sounds good.  Not sure if the uninstall will automatically remove the AD LDS role, you may have to remove it manually.
0
 

Author Comment

by:sglee
ID: 37712841
OK. I uninstalled every role ever installed on this W2008 Server. Restarted the server and it showed no roll installed. I am going to follow the suggestions below and post any questions.

"The process is simple.  Install the OS.  Add the Active Directory Domain Services role.  On the installation results page click the link to run DCPromo.  Choose the option to add a DC to an existing domain.  You will have the option to install DNS as an additional option (selected by by default).  Set a static IP for the machine if you haven't already done so.
Here's a link with more info.
http://technet.microsoft.com/en-us/library/cc753720%28v=ws.10%29.aspx

You won't need to make any change to your DNS settings.  It will all be AD-integrated so you won't have to mess around with zone transfers or anything.  The DNS zones will show up on your new server as soon as the data is replicated over, which should happen very quickly.

Afterwards, on the SBS you should open the DHCP console and edit the option for DNS servers and add the IP for the new server."
0
 

Author Comment

by:sglee
ID: 37713854
OK. I completed creating new domain controller on this Win2008 Server. I attached post installation screen shots in WORD document and can you tell me if all looks good here?
DomainControllerServiceWizard.doc
0
 
LVL 40

Expert Comment

by:footech
ID: 37717196
Didn't see anything that screamed at me.  You can use either 127.0.0.1 or the actual IP of the VM as the secondary DNS server.  Both will do the same thing.  Some people recommend to put itself as primary and another DNS server as secondary, but the latest recommendations from Microsoft are to do the reverse.  You may even see itself as the secondary, and 127.0.0.1 as the tertiary.

I assume you got past the first warning message that you posted.  DHCP looks good.

You should now be able to open the DNS console on either machine and see all the records.  Let me know if this is not the case.
0
 

Author Comment

by:sglee
ID: 37717500
I checked DNS on both SBS2011 and new DC and they all look the same to me.
I also ran IPCONFIG /RENEW and it added an IP address of new DC:
--------------------------------------------------------------------------------------
      IP Address. . . . . . . . . . . . : 192.168.1.179
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Default Gateway . . . . . . . . . : 192.168.1.1
      DHCP Server . . . . . . . . . . . : 192.168.1.9
      DNS Servers . . . . . . . . . . . : 192.168.1.9
                                          192.168.1.3
--------------------------------------------------------------------------------------
Thanks for your help and let me close  the case now.
0
 
LVL 40

Expert Comment

by:footech
ID: 37717817
Thanks.  It's also always a good idea (IMO) to run DCDIAG and DCDIAG /TEST:DNS on both machines after a setting up a new domain controller.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS problems and now some PC can't connect to \\servername 14 69
VMWare 101 9 90
Forwarding with Microsoft DNS 11 37
Block Hacker? 2 32
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question