Solved

Replication issues between Domain Controllers

Posted on 2013-01-08
8
809 Views
Last Modified: 2013-01-08
Hello everyone,
We are having an issue with 2 - Windows 2008 Domain Controllers Replicating. I just added a second writable Domain controller and during the promotion I ran into the following warning "A delegation for the DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server...You can manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain. Do you wish to continue?" I double checked DNS and made sure everything looked good. I ran DCPROMO again and still got the error but continued. The second DC is a GC as well. When it was complete I opened up DNS on the second DC and took a look at everything. all the records for the forward and reverse zones look like they created. The zone is AD integrated. I then ran a DCDIAG on both DC's and noticed some errors. I want to know how to clean these errors up and want to make sure the second DC is properly replicating. Also I checked Sites and Services and noticed the second DC did not have a connection to DC1 but DC1 had a connection to DC2. Not sure if I needed to do it but I created a manual connection from DC2 to DC1. If I run repadmin /sync all on DC1 or DC2 they both finish successfully. I will include DCDIAGS. Also there are RODC's but they seem to be working properly. Thanks for any help!
DC1.txt
DC2.txt
0
Comment
Question by:Abacus IT
8 Comments
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 38755562
Are you sure that you used the correct FQDN for the second DC? It looks like your DC1 is in citizens.com AD domain while DC2 is trying to use domain.com
0
 
LVL 1

Author Comment

by:Abacus IT
ID: 38755578
that was a typo. I tried to take citizens (the actual domain name out of the txt files and replace it with a standard domain.com. my bad i was rushing over here. thanks though. Also some more history. This domain was migrated from a 2003 SBS domain to a windows 2008 standard domain. the 2008 server was joined to the SBS domain and upgraded then the 2003 SBS was decommissioned.
0
 
LVL 16

Accepted Solution

by:
PaciB earned 350 total points
ID: 38755587
Hi,

This is not really an error.
What DCPROMO tells you is that it can't locate any DNS parent zone and then can not create delegation records for you brand new DNS domain.

Of course, this is not an error if you're installing a root domain (the first domain in your forest) because in this case IT IS ABSOLUTLY NORMAL that no parent exists !

So you can just ignore this message and proceed with your DCPROMO.



No you should not have created a manual connection between servers.
Make sure that in IP settings each DC interrogates at first the other DC as DNS server (in IP settings on DC1 make sure that first DNS server is DC2 and the second is DC1, and vice versa).
Remove the manual connection your created.
Wait for a while (ten minutes or more) and refresh the "AD Sites and Services" console to waith for a auto-generated connection to appear.

Verify with NET SHARE on each DC that SYSVOL share exists. If not wait a while again.

When all look OK, you can reverse DNS server order in IP settings if you want (make things so that each DC interrogates itself at first).


Have a good day.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 16

Expert Comment

by:PaciB
ID: 38755616
Hi again ,

I forgot to mention: each time your change DNS order in IP settings you should make a IPCONFIG /FLUSHDNS on each DC to force it to reinterrogate DNS servers.
0
 
LVL 1

Author Comment

by:Abacus IT
ID: 38755622
Thanks I deleted the manually created connection and will wait and see if the KCC creates a automatic one. If not should I recreate the manual? I checked IP settings and have changed them. I also checked Sysvol and Netlogon and they are both there as well with the continent too. What about the errors in the DCDIAG are these ok? Specifically DC2 (EventID: 0x000727AA, EventID: 0x0000A001, EventID: 0x000003EE, etc...) I want to make sure there is nothing to worry about and everything is working properly. Thanks again!
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 150 total points
ID: 38755645
The errors in dcdiag can be ignored
To verify dc & replication health just run repadmin /replsum and there should not be any errors

run net share on both DC's and you should get sysvol and netlogon shared
0
 
LVL 16

Expert Comment

by:PaciB
ID: 38755674
Ok,

To be sure about DNS records (may be they are bad on one DC and that doesn't permit replication to occur correctly, and if there is no replication there won't be DNS correction) let's make thing so that only DC is used as a DNS server :
1) on DC2 IP settings, only mention DC2 as a DNS server, remove DC1 if it is present in the list of DNS servers. Doing like that DC2 will only interrogates itself as a DNS server.
2) on DC1 IP settings, only mention DC2 as a DNS server, remove DC1 if it is present in the list. Doing like that DC1 will only interrogate DC2 as a DNS server and WILL NOT interrogates its own DNS zone that might not be up to date.
3) On each DC type IPCONFIG /FLUSHDNS in a CMD console
4) Reboot DC1 so that it will check and if necessary recreate its DNS records on DC2 DNS server DNS zone.
5) Redo a DCDIAG on each server and compare.
6) Wait a while for replication connections to appear on each side in "AD sites and services console".
7) When your sure all is OK, you can get back to a standard IP settings: Each DC interrogates itself as first DNS server and the other DC as secondary server.
0
 
LVL 1

Author Closing Comment

by:Abacus IT
ID: 38756092
Thanks for the help. All Replication looks good. Just wanted to check into those errors.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question