Active Directory partition-DNS-RPC

Gonna just post the short version of the nightmare.

I had the following configuration.

Server A
Running a Windows 2003 standard server with AD, DNS, File and print sharing on a box that at 8 years 27 days failed.  

Server B
Exchange 2003 on Windows 2003 standard on a seperate box.

Server C
Windows 2003 server with what looks like is just portion of AD on it.

When server A failed I logged into server C and seized the FMSO roles.
Domain Naming,
RID,
Infrastructure,
PDC
Schema

When I run dcdiag I get the following

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER-2K3
      Starting test: Connectivity
         The host 3833b0f4-7bd0-438a-aa90-2072c76acf3c._msdcs.domain.local could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (3833b0f4-7bd0-438a-aa90-2072c76acf3c._msdcs.domain.local)

          couldn't be resolved, the server name
         (server-2k3.domain.local) resolved to the IP address
         (192.168.32.37) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... SERVER-2K3 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER-2K3
      Skipping all tests, because server SERVER-2K3 is
      not responding to directory service requests

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : domain
      Starting test: CrossRefValidation
         ......................... domain passed test CrossRefValid
ation
      Starting test: CheckSDRefDom
         ......................... domain passed test CheckSDRefDom


   Running enterprise tests on : Osceolacancercenter.local
      Starting test: Intersite
         ......................... domain.local passed test Intersi
te
      Starting test: FsmoCheck
         ......................... domain.local passed test FsmoChe
ck
 



When I run dcdiag /fix I get similar results and a portion is posted below

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER-2K3
      Starting test: Connectivity
         The host 3833b0f4-7bd0-438a-aa90-2072c76acf3c._msdcs.domain.local could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (3833b0f4-7bd0-438a-aa90-2072c76acf3c._msdcs.domain.local)

          couldn't be resolved, the server name
         (server-2k3.domain.local) resolved to the IP address
         (192.168.32.37) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... SERVER-2K3 failed test Connectivity


When I went into DNS on Server C, I created the forward (ad intregrated) lookup zones. These zones however do not have the sub folders for an AD zone.

When I try to create a Default Application directory Partition I get a error message that one already exists.


Any Ideas?
GatorbasherAsked:
Who is Participating?
 
Sarang TinguriaSr EngineerCommented:
If the Server C was a DC and part of same domain as A was, then your DNS should have zones in Server C

However in your case its not..but partition exist (correct me if am wrong)

Please create two forward lookup zone named as domain.local and _msdcs.domain.local
Restart netlogon and DNS services run ipconfig /flushdns & ipconfig /registerdns and try running dcdiag again
0
 
ZenVenkyArchitectCommented:
SERVER-2K3 failed test Connectivity is an indication of DNS misconfiguration or incorrect DNS pointings on the server. I would suggest you to check the DNS configuration in DNS console and NIC properties using below link.

As you've seized roles, how many DCs are there in the domain now? is it 2 DCs or 3 DCs.

As you've seized the roles to Server C, did you made this server as authoritative Time Server for Domain. If not do this on priority.

Authoritative Time Server

DNS Best Practices
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
SandeshdubeySenior Server EngineerCommented:
I will agree with other ensure that correct dns setting is configured on  DC and ensure that old server metadata cleanup is also performed.

Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

Medatacleanup
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Dont forget to configure authorative time server on the PDC role holder server .http://support.microsoft.com/kb/816042
0
 
GatorbasherAuthor Commented:
sarang you are correct.

The directory partition is said to already exist but it is not available.

When I create the two forward zones, none of the sub folders for pdc, _msdcs, sites, _tcp, _udp, domaindnszones or forestdnszones are created.

No workstations are able to register in DNS.

When I preform dnsflush and registerdns on the exchange server I get the following in the event viewer.

Event Type:      Warning
Event Source:      DnsApi
Event Category:      None
Event ID:      11165
Date:            6/3/2013
Time:            7:15:06 AM
User:            N/A
Computer:      EXCHANGE
Description:
The system failed to register host (A) resource records (RRs) for network adapter
with settings:

   Adapter Name : {1266BC2C-9F75-4F88-9A79-C1ADFA5ABD63}
   Host Name : exchange
   Primary Domain Suffix : domain.local
   DNS server list :
           192.168.32.37
   Sent update to server : <?>
   IP Address(es) :
     192.168.32.36

 The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.

 To register the DNS host (A) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

Zenvensky
Before I started to worry about the health of the server there was only Server A to serve the AD needs. I brought server C in as a backup to server A. Server B is just running Exchange and the Exchange services are unable to start and the following appears in the exchange servers event log.

Event Type:      Error
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2104
Date:            6/3/2013
Time:            7:50:26 AM
User:            N/A
Computer:      EXCHANGE
Description:
Process INETINFO.EXE (PID=1672). All the DS Servers in domain are not responding.

For more information, click http://www.microsoft.com/contentredirect.asp.
0
 
SandeshdubeySenior Server EngineerCommented:
0
 
GatorbasherAuthor Commented:
DNS servers in both the Exchange & server-2k3 both point to 192.168.32.37 which is the ip of server-2k3.
0
 
SandeshdubeySenior Server EngineerCommented:
Have checked does the zone exist or there is duplicate zone once forward lookup zone is created just restart the nelogon and dns service  and run ipconfig /flushdns and ipconfig /registerdns the records should register.
0
 
ZenVenkyArchitectCommented:
So can I assume Server A is removed from AD database, if yes then as mentioned before did you change Time Server settings on PDC emulator. Also as Sandesh mentioned, did you perform metadata cleanup.

Before you proceed any furhter to work on this issue, I would suggest you to cross check DNS settings and Time Server settings. If all the settings are in place then check KDC / Kerberose and Netlogon events in system logs on Exchange server.
0
 
GatorbasherAuthor Commented:
Yes Zenvenky, Server A has been remove in the metadata and active directory sites and services.

I did not see any KDC / Kerberose or netlogon errors in the exchange event log.

I restarted the netlogon on the exchange server and checked the event log and opserved the following.

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5719
Date:            6/3/2013
Time:            9:53:42 AM
User:            N/A
Computer:      EXCHANGE
Description:
This computer was not able to set up a secure session with a domain controller in domain DOMAIN due to the following:
There are currently no logon servers available to service the logon request.  
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..
0
 
GatorbasherAuthor Commented:
Sandeshdubey,

When I attempt to use ADSIEDIT and go under connection settings and connect to
DC=ForestDNSZones, DC=Domain, DC=Local I get, "A referal was returned from the server".

When I accept the Default connection and drill down under,
Domain [server-2k3.domain.local]
   CN=System
      CN=MicrosoftDNS
          DC=domain.local

I find a refenence to the failed DNS server called server.
0
 
ZenVenkyArchitectCommented:
0
 
GatorbasherAuthor Commented:
Looks like that may have resolved it Sandeshdubey. THANK YOU, THANK YOU, THANK YOU....
0
 
GatorbasherAuthor Commented:
It worked....
0
 
SandeshdubeySenior Server EngineerCommented:
Great...Nice to hear that issue is resolved.

Have a nice day ahead
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.