Solved

Replication issues between Domain Controllers

Posted on 2013-01-08
8
806 Views
Last Modified: 2013-01-08
Hello everyone,
We are having an issue with 2 - Windows 2008 Domain Controllers Replicating. I just added a second writable Domain controller and during the promotion I ran into the following warning "A delegation for the DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server...You can manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain. Do you wish to continue?" I double checked DNS and made sure everything looked good. I ran DCPROMO again and still got the error but continued. The second DC is a GC as well. When it was complete I opened up DNS on the second DC and took a look at everything. all the records for the forward and reverse zones look like they created. The zone is AD integrated. I then ran a DCDIAG on both DC's and noticed some errors. I want to know how to clean these errors up and want to make sure the second DC is properly replicating. Also I checked Sites and Services and noticed the second DC did not have a connection to DC1 but DC1 had a connection to DC2. Not sure if I needed to do it but I created a manual connection from DC2 to DC1. If I run repadmin /sync all on DC1 or DC2 they both finish successfully. I will include DCDIAGS. Also there are RODC's but they seem to be working properly. Thanks for any help!
DC1.txt
DC2.txt
0
Comment
Question by:Abacus IT
8 Comments
 
LVL 13

Expert Comment

by:Ugo Mena
Comment Utility
Are you sure that you used the correct FQDN for the second DC? It looks like your DC1 is in citizens.com AD domain while DC2 is trying to use domain.com
0
 
LVL 1

Author Comment

by:Abacus IT
Comment Utility
that was a typo. I tried to take citizens (the actual domain name out of the txt files and replace it with a standard domain.com. my bad i was rushing over here. thanks though. Also some more history. This domain was migrated from a 2003 SBS domain to a windows 2008 standard domain. the 2008 server was joined to the SBS domain and upgraded then the 2003 SBS was decommissioned.
0
 
LVL 16

Accepted Solution

by:
PaciB earned 350 total points
Comment Utility
Hi,

This is not really an error.
What DCPROMO tells you is that it can't locate any DNS parent zone and then can not create delegation records for you brand new DNS domain.

Of course, this is not an error if you're installing a root domain (the first domain in your forest) because in this case IT IS ABSOLUTLY NORMAL that no parent exists !

So you can just ignore this message and proceed with your DCPROMO.



No you should not have created a manual connection between servers.
Make sure that in IP settings each DC interrogates at first the other DC as DNS server (in IP settings on DC1 make sure that first DNS server is DC2 and the second is DC1, and vice versa).
Remove the manual connection your created.
Wait for a while (ten minutes or more) and refresh the "AD Sites and Services" console to waith for a auto-generated connection to appear.

Verify with NET SHARE on each DC that SYSVOL share exists. If not wait a while again.

When all look OK, you can reverse DNS server order in IP settings if you want (make things so that each DC interrogates itself at first).


Have a good day.
0
 
LVL 16

Expert Comment

by:PaciB
Comment Utility
Hi again ,

I forgot to mention: each time your change DNS order in IP settings you should make a IPCONFIG /FLUSHDNS on each DC to force it to reinterrogate DNS servers.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:Abacus IT
Comment Utility
Thanks I deleted the manually created connection and will wait and see if the KCC creates a automatic one. If not should I recreate the manual? I checked IP settings and have changed them. I also checked Sysvol and Netlogon and they are both there as well with the continent too. What about the errors in the DCDIAG are these ok? Specifically DC2 (EventID: 0x000727AA, EventID: 0x0000A001, EventID: 0x000003EE, etc...) I want to make sure there is nothing to worry about and everything is working properly. Thanks again!
0
 
LVL 18

Assisted Solution

by:sarang_tinguria
sarang_tinguria earned 150 total points
Comment Utility
The errors in dcdiag can be ignored
To verify dc & replication health just run repadmin /replsum and there should not be any errors

run net share on both DC's and you should get sysvol and netlogon shared
0
 
LVL 16

Expert Comment

by:PaciB
Comment Utility
Ok,

To be sure about DNS records (may be they are bad on one DC and that doesn't permit replication to occur correctly, and if there is no replication there won't be DNS correction) let's make thing so that only DC is used as a DNS server :
1) on DC2 IP settings, only mention DC2 as a DNS server, remove DC1 if it is present in the list of DNS servers. Doing like that DC2 will only interrogates itself as a DNS server.
2) on DC1 IP settings, only mention DC2 as a DNS server, remove DC1 if it is present in the list. Doing like that DC1 will only interrogate DC2 as a DNS server and WILL NOT interrogates its own DNS zone that might not be up to date.
3) On each DC type IPCONFIG /FLUSHDNS in a CMD console
4) Reboot DC1 so that it will check and if necessary recreate its DNS records on DC2 DNS server DNS zone.
5) Redo a DCDIAG on each server and compare.
6) Wait a while for replication connections to appear on each side in "AD sites and services console".
7) When your sure all is OK, you can get back to a standard IP settings: Each DC interrogates itself as first DNS server and the other DC as secondary server.
0
 
LVL 1

Author Closing Comment

by:Abacus IT
Comment Utility
Thanks for the help. All Replication looks good. Just wanted to check into those errors.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now