Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Replication issues between Domain Controllers

Posted on 2013-01-08
8
Medium Priority
?
822 Views
Last Modified: 2013-01-08
Hello everyone,
We are having an issue with 2 - Windows 2008 Domain Controllers Replicating. I just added a second writable Domain controller and during the promotion I ran into the following warning "A delegation for the DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server...You can manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain. Do you wish to continue?" I double checked DNS and made sure everything looked good. I ran DCPROMO again and still got the error but continued. The second DC is a GC as well. When it was complete I opened up DNS on the second DC and took a look at everything. all the records for the forward and reverse zones look like they created. The zone is AD integrated. I then ran a DCDIAG on both DC's and noticed some errors. I want to know how to clean these errors up and want to make sure the second DC is properly replicating. Also I checked Sites and Services and noticed the second DC did not have a connection to DC1 but DC1 had a connection to DC2. Not sure if I needed to do it but I created a manual connection from DC2 to DC1. If I run repadmin /sync all on DC1 or DC2 they both finish successfully. I will include DCDIAGS. Also there are RODC's but they seem to be working properly. Thanks for any help!
DC1.txt
DC2.txt
0
Comment
Question by:Abacus IT
8 Comments
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 38755562
Are you sure that you used the correct FQDN for the second DC? It looks like your DC1 is in citizens.com AD domain while DC2 is trying to use domain.com
0
 
LVL 1

Author Comment

by:Abacus IT
ID: 38755578
that was a typo. I tried to take citizens (the actual domain name out of the txt files and replace it with a standard domain.com. my bad i was rushing over here. thanks though. Also some more history. This domain was migrated from a 2003 SBS domain to a windows 2008 standard domain. the 2008 server was joined to the SBS domain and upgraded then the 2003 SBS was decommissioned.
0
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 1400 total points
ID: 38755587
Hi,

This is not really an error.
What DCPROMO tells you is that it can't locate any DNS parent zone and then can not create delegation records for you brand new DNS domain.

Of course, this is not an error if you're installing a root domain (the first domain in your forest) because in this case IT IS ABSOLUTLY NORMAL that no parent exists !

So you can just ignore this message and proceed with your DCPROMO.



No you should not have created a manual connection between servers.
Make sure that in IP settings each DC interrogates at first the other DC as DNS server (in IP settings on DC1 make sure that first DNS server is DC2 and the second is DC1, and vice versa).
Remove the manual connection your created.
Wait for a while (ten minutes or more) and refresh the "AD Sites and Services" console to waith for a auto-generated connection to appear.

Verify with NET SHARE on each DC that SYSVOL share exists. If not wait a while again.

When all look OK, you can reverse DNS server order in IP settings if you want (make things so that each DC interrogates itself at first).


Have a good day.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38755616
Hi again ,

I forgot to mention: each time your change DNS order in IP settings you should make a IPCONFIG /FLUSHDNS on each DC to force it to reinterrogate DNS servers.
0
 
LVL 1

Author Comment

by:Abacus IT
ID: 38755622
Thanks I deleted the manually created connection and will wait and see if the KCC creates a automatic one. If not should I recreate the manual? I checked IP settings and have changed them. I also checked Sysvol and Netlogon and they are both there as well with the continent too. What about the errors in the DCDIAG are these ok? Specifically DC2 (EventID: 0x000727AA, EventID: 0x0000A001, EventID: 0x000003EE, etc...) I want to make sure there is nothing to worry about and everything is working properly. Thanks again!
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 600 total points
ID: 38755645
The errors in dcdiag can be ignored
To verify dc & replication health just run repadmin /replsum and there should not be any errors

run net share on both DC's and you should get sysvol and netlogon shared
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38755674
Ok,

To be sure about DNS records (may be they are bad on one DC and that doesn't permit replication to occur correctly, and if there is no replication there won't be DNS correction) let's make thing so that only DC is used as a DNS server :
1) on DC2 IP settings, only mention DC2 as a DNS server, remove DC1 if it is present in the list of DNS servers. Doing like that DC2 will only interrogates itself as a DNS server.
2) on DC1 IP settings, only mention DC2 as a DNS server, remove DC1 if it is present in the list. Doing like that DC1 will only interrogate DC2 as a DNS server and WILL NOT interrogates its own DNS zone that might not be up to date.
3) On each DC type IPCONFIG /FLUSHDNS in a CMD console
4) Reboot DC1 so that it will check and if necessary recreate its DNS records on DC2 DNS server DNS zone.
5) Redo a DCDIAG on each server and compare.
6) Wait a while for replication connections to appear on each side in "AD sites and services console".
7) When your sure all is OK, you can get back to a standard IP settings: Each DC interrogates itself as first DNS server and the other DC as secondary server.
0
 
LVL 1

Author Closing Comment

by:Abacus IT
ID: 38756092
Thanks for the help. All Replication looks good. Just wanted to check into those errors.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question