Solved

Replication issues between Domain Controllers

Posted on 2013-01-08
8
810 Views
Last Modified: 2013-01-08
Hello everyone,
We are having an issue with 2 - Windows 2008 Domain Controllers Replicating. I just added a second writable Domain controller and during the promotion I ran into the following warning "A delegation for the DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server...You can manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain. Do you wish to continue?" I double checked DNS and made sure everything looked good. I ran DCPROMO again and still got the error but continued. The second DC is a GC as well. When it was complete I opened up DNS on the second DC and took a look at everything. all the records for the forward and reverse zones look like they created. The zone is AD integrated. I then ran a DCDIAG on both DC's and noticed some errors. I want to know how to clean these errors up and want to make sure the second DC is properly replicating. Also I checked Sites and Services and noticed the second DC did not have a connection to DC1 but DC1 had a connection to DC2. Not sure if I needed to do it but I created a manual connection from DC2 to DC1. If I run repadmin /sync all on DC1 or DC2 they both finish successfully. I will include DCDIAGS. Also there are RODC's but they seem to be working properly. Thanks for any help!
DC1.txt
DC2.txt
0
Comment
Question by:Abacus IT
8 Comments
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 38755562
Are you sure that you used the correct FQDN for the second DC? It looks like your DC1 is in citizens.com AD domain while DC2 is trying to use domain.com
0
 
LVL 1

Author Comment

by:Abacus IT
ID: 38755578
that was a typo. I tried to take citizens (the actual domain name out of the txt files and replace it with a standard domain.com. my bad i was rushing over here. thanks though. Also some more history. This domain was migrated from a 2003 SBS domain to a windows 2008 standard domain. the 2008 server was joined to the SBS domain and upgraded then the 2003 SBS was decommissioned.
0
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 350 total points
ID: 38755587
Hi,

This is not really an error.
What DCPROMO tells you is that it can't locate any DNS parent zone and then can not create delegation records for you brand new DNS domain.

Of course, this is not an error if you're installing a root domain (the first domain in your forest) because in this case IT IS ABSOLUTLY NORMAL that no parent exists !

So you can just ignore this message and proceed with your DCPROMO.



No you should not have created a manual connection between servers.
Make sure that in IP settings each DC interrogates at first the other DC as DNS server (in IP settings on DC1 make sure that first DNS server is DC2 and the second is DC1, and vice versa).
Remove the manual connection your created.
Wait for a while (ten minutes or more) and refresh the "AD Sites and Services" console to waith for a auto-generated connection to appear.

Verify with NET SHARE on each DC that SYSVOL share exists. If not wait a while again.

When all look OK, you can reverse DNS server order in IP settings if you want (make things so that each DC interrogates itself at first).


Have a good day.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38755616
Hi again ,

I forgot to mention: each time your change DNS order in IP settings you should make a IPCONFIG /FLUSHDNS on each DC to force it to reinterrogate DNS servers.
0
 
LVL 1

Author Comment

by:Abacus IT
ID: 38755622
Thanks I deleted the manually created connection and will wait and see if the KCC creates a automatic one. If not should I recreate the manual? I checked IP settings and have changed them. I also checked Sysvol and Netlogon and they are both there as well with the continent too. What about the errors in the DCDIAG are these ok? Specifically DC2 (EventID: 0x000727AA, EventID: 0x0000A001, EventID: 0x000003EE, etc...) I want to make sure there is nothing to worry about and everything is working properly. Thanks again!
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 150 total points
ID: 38755645
The errors in dcdiag can be ignored
To verify dc & replication health just run repadmin /replsum and there should not be any errors

run net share on both DC's and you should get sysvol and netlogon shared
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38755674
Ok,

To be sure about DNS records (may be they are bad on one DC and that doesn't permit replication to occur correctly, and if there is no replication there won't be DNS correction) let's make thing so that only DC is used as a DNS server :
1) on DC2 IP settings, only mention DC2 as a DNS server, remove DC1 if it is present in the list of DNS servers. Doing like that DC2 will only interrogates itself as a DNS server.
2) on DC1 IP settings, only mention DC2 as a DNS server, remove DC1 if it is present in the list. Doing like that DC1 will only interrogate DC2 as a DNS server and WILL NOT interrogates its own DNS zone that might not be up to date.
3) On each DC type IPCONFIG /FLUSHDNS in a CMD console
4) Reboot DC1 so that it will check and if necessary recreate its DNS records on DC2 DNS server DNS zone.
5) Redo a DCDIAG on each server and compare.
6) Wait a while for replication connections to appear on each side in "AD sites and services console".
7) When your sure all is OK, you can get back to a standard IP settings: Each DC interrogates itself as first DNS server and the other DC as secondary server.
0
 
LVL 1

Author Closing Comment

by:Abacus IT
ID: 38756092
Thanks for the help. All Replication looks good. Just wanted to check into those errors.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question