Link to home
Start Free TrialLog in
Avatar of Abacus IT
Abacus ITFlag for United States of America

asked on

Replication issues between Domain Controllers

Hello everyone,
We are having an issue with 2 - Windows 2008 Domain Controllers Replicating. I just added a second writable Domain controller and during the promotion I ran into the following warning "A delegation for the DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server...You can manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain. Do you wish to continue?" I double checked DNS and made sure everything looked good. I ran DCPROMO again and still got the error but continued. The second DC is a GC as well. When it was complete I opened up DNS on the second DC and took a look at everything. all the records for the forward and reverse zones look like they created. The zone is AD integrated. I then ran a DCDIAG on both DC's and noticed some errors. I want to know how to clean these errors up and want to make sure the second DC is properly replicating. Also I checked Sites and Services and noticed the second DC did not have a connection to DC1 but DC1 had a connection to DC2. Not sure if I needed to do it but I created a manual connection from DC2 to DC1. If I run repadmin /sync all on DC1 or DC2 they both finish successfully. I will include DCDIAGS. Also there are RODC's but they seem to be working properly. Thanks for any help!
DC1.txt
DC2.txt
Avatar of Ugo Mena
Ugo Mena
Flag of United States of America image

Are you sure that you used the correct FQDN for the second DC? It looks like your DC1 is in citizens.com AD domain while DC2 is trying to use domain.com
Avatar of Abacus IT

ASKER

that was a typo. I tried to take citizens (the actual domain name out of the txt files and replace it with a standard domain.com. my bad i was rushing over here. thanks though. Also some more history. This domain was migrated from a 2003 SBS domain to a windows 2008 standard domain. the 2008 server was joined to the SBS domain and upgraded then the 2003 SBS was decommissioned.
ASKER CERTIFIED SOLUTION
Avatar of Bruno PACI
Bruno PACI
Flag of France image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi again ,

I forgot to mention: each time your change DNS order in IP settings you should make a IPCONFIG /FLUSHDNS on each DC to force it to reinterrogate DNS servers.
Thanks I deleted the manually created connection and will wait and see if the KCC creates a automatic one. If not should I recreate the manual? I checked IP settings and have changed them. I also checked Sysvol and Netlogon and they are both there as well with the continent too. What about the errors in the DCDIAG are these ok? Specifically DC2 (EventID: 0x000727AA, EventID: 0x0000A001, EventID: 0x000003EE, etc...) I want to make sure there is nothing to worry about and everything is working properly. Thanks again!
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok,

To be sure about DNS records (may be they are bad on one DC and that doesn't permit replication to occur correctly, and if there is no replication there won't be DNS correction) let's make thing so that only DC is used as a DNS server :
1) on DC2 IP settings, only mention DC2 as a DNS server, remove DC1 if it is present in the list of DNS servers. Doing like that DC2 will only interrogates itself as a DNS server.
2) on DC1 IP settings, only mention DC2 as a DNS server, remove DC1 if it is present in the list. Doing like that DC1 will only interrogate DC2 as a DNS server and WILL NOT interrogates its own DNS zone that might not be up to date.
3) On each DC type IPCONFIG /FLUSHDNS in a CMD console
4) Reboot DC1 so that it will check and if necessary recreate its DNS records on DC2 DNS server DNS zone.
5) Redo a DCDIAG on each server and compare.
6) Wait a while for replication connections to appear on each side in "AD sites and services console".
7) When your sure all is OK, you can get back to a standard IP settings: Each DC interrogates itself as first DNS server and the other DC as secondary server.
Thanks for the help. All Replication looks good. Just wanted to check into those errors.