Solved

DNS problem with new Domain Controller

Posted on 2013-06-12
9
322 Views
Last Modified: 2016-11-23
Hi,

I have a small problem with one of my DCs.
I recently built a new DC using a Dell 2850, running Windows Server 2008 R2 x64. I was given a project to upgrade all our training infrastructure to x64 bit.

The DC has been built and works okay, however I'm having real difficulties with DNS, AD Replication.

I'm unable to do a replication to the new DC, as it complains about RPC errors. I know the IP addressing that I've used is fine as the server can be pinged from any of the other servers.

I ran the DNS tests from a command prompt but to no avail. I have attached both files as well to make it easier to see what I have done.

From server 1 I can create an object in AD and have it replicate successfully. However it does not work the other way. I am going to demote the old DC and transfer its roles, DHCP etc...

I know there is a Windows Migration tool in Server 2008 to do this but I am not clued up in Powershell well enough to do this yet.

So everyone is clear, the setup currently is:

DC1 - Server 2003 R2 (Schema Master etc)
DC2 - Server 2008 R2 x64 (Normal DC/GC server)

Any help would be appreciated.
dcdiag.txt
dnstest.log
0
Comment
Question by:ambri5h
  • 5
  • 3
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39242711
Is KHC-STU-DC4 the new DC?
0
 
LVL 2

Author Comment

by:ambri5h
ID: 39242744
nope, its HCBETA-BHS-DC1

Basically KHC-STU-DC3 and KHC-STU-DC4 are remote, i.e. in a data centre and between a DMZ some place.

KHC-STU-DC2 and HCBETA-BHS-DC1 are in the same building.

KHC-STU-DC0 is in another building
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39242762
Can you run repadmin /showreps and repadmin /showrepl from BHS-DC1?

Thanks

Mike
0
 
LVL 2

Author Comment

by:ambri5h
ID: 39242791
repadmin /showreps - output:
C:\Users\administrator.HCBETA>repadmin /showreps
Holborn-College\HCBETA-BHS-DC1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 9fc724d9-37c7-41a1-991d-87af5865240e
DSA invocationID: 2f7a237b-4c69-49a5-a758-50b74c879ace

==== INBOUND NEIGHBORS ======================================

DC=hcbeta,DC=com
    Holborn-College\KHC-STU-DC2 via RPC
        DSA object GUID: a0bce9d5-ef37-4ccc-af02-cdfdaa4c4707
        Last attempt @ 2013-06-12 21:48:48 was successful.
    InTech-DC-DMZ\KHC-STU-DC4 via RPC
        DSA object GUID: 7583b48b-e979-4ac6-af27-3f4660f0abe8
        Last attempt @ 2013-06-12 22:18:48 was successful.

CN=Configuration,DC=hcbeta,DC=com
    Holborn-College\KHC-STU-DC2 via RPC
        DSA object GUID: a0bce9d5-ef37-4ccc-af02-cdfdaa4c4707
        Last attempt @ 2013-06-12 21:48:48 was successful.
    InTech-DC-DMZ\KHC-STU-DC4 via RPC
        DSA object GUID: 7583b48b-e979-4ac6-af27-3f4660f0abe8
        Last attempt @ 2013-06-12 22:18:48 was successful.

CN=Schema,CN=Configuration,DC=hcbeta,DC=com
    Holborn-College\KHC-STU-DC2 via RPC
        DSA object GUID: a0bce9d5-ef37-4ccc-af02-cdfdaa4c4707
        Last attempt @ 2013-06-12 21:48:48 was successful.
    InTech-DC-DMZ\KHC-STU-DC4 via RPC
        DSA object GUID: 7583b48b-e979-4ac6-af27-3f4660f0abe8
        Last attempt @ 2013-06-12 22:18:48 was successful.

DC=ForestDnsZones,DC=hcbeta,DC=com
    Holborn-College\KHC-STU-DC2 via RPC
        DSA object GUID: a0bce9d5-ef37-4ccc-af02-cdfdaa4c4707
        Last attempt @ 2013-06-12 21:48:48 was successful.
    InTech-DC-DMZ\KHC-STU-DC4 via RPC
        DSA object GUID: 7583b48b-e979-4ac6-af27-3f4660f0abe8
        Last attempt @ 2013-06-12 22:18:48 was successful.

DC=DomainDnsZones,DC=hcbeta,DC=com
    Holborn-College\KHC-STU-DC2 via RPC
        DSA object GUID: a0bce9d5-ef37-4ccc-af02-cdfdaa4c4707
        Last attempt @ 2013-06-12 21:48:48 was successful.
    InTech-DC-DMZ\KHC-STU-DC4 via RPC
        DSA object GUID: 7583b48b-e979-4ac6-af27-3f4660f0abe8
        Last attempt @ 2013-06-12 22:18:48 was successful.

===================================================================

repadmin /showrepl - output:
C:\Users\administrator.HCBETA>repadmin /showreps
Holborn-College\HCBETA-BHS-DC1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 9fc724d9-37c7-41a1-991d-87af5865240e
DSA invocationID: 2f7a237b-4c69-49a5-a758-50b74c879ace

==== INBOUND NEIGHBORS ======================================

DC=hcbeta,DC=com
    Holborn-College\KHC-STU-DC2 via RPC
        DSA object GUID: a0bce9d5-ef37-4ccc-af02-cdfdaa4c4707
        Last attempt @ 2013-06-12 21:48:48 was successful.
    InTech-DC-DMZ\KHC-STU-DC4 via RPC
        DSA object GUID: 7583b48b-e979-4ac6-af27-3f4660f0abe8
        Last attempt @ 2013-06-12 22:18:48 was successful.

CN=Configuration,DC=hcbeta,DC=com
    Holborn-College\KHC-STU-DC2 via RPC
        DSA object GUID: a0bce9d5-ef37-4ccc-af02-cdfdaa4c4707
        Last attempt @ 2013-06-12 21:48:48 was successful.
    InTech-DC-DMZ\KHC-STU-DC4 via RPC
        DSA object GUID: 7583b48b-e979-4ac6-af27-3f4660f0abe8
        Last attempt @ 2013-06-12 22:18:48 was successful.

CN=Schema,CN=Configuration,DC=hcbeta,DC=com
    Holborn-College\KHC-STU-DC2 via RPC
        DSA object GUID: a0bce9d5-ef37-4ccc-af02-cdfdaa4c4707
        Last attempt @ 2013-06-12 21:48:48 was successful.
    InTech-DC-DMZ\KHC-STU-DC4 via RPC
        DSA object GUID: 7583b48b-e979-4ac6-af27-3f4660f0abe8
        Last attempt @ 2013-06-12 22:18:48 was successful.

DC=ForestDnsZones,DC=hcbeta,DC=com
    Holborn-College\KHC-STU-DC2 via RPC
        DSA object GUID: a0bce9d5-ef37-4ccc-af02-cdfdaa4c4707
        Last attempt @ 2013-06-12 21:48:48 was successful.
    InTech-DC-DMZ\KHC-STU-DC4 via RPC
        DSA object GUID: 7583b48b-e979-4ac6-af27-3f4660f0abe8
        Last attempt @ 2013-06-12 22:18:48 was successful.

DC=DomainDnsZones,DC=hcbeta,DC=com
    Holborn-College\KHC-STU-DC2 via RPC
        DSA object GUID: a0bce9d5-ef37-4ccc-af02-cdfdaa4c4707
        Last attempt @ 2013-06-12 21:48:48 was successful.
    InTech-DC-DMZ\KHC-STU-DC4 via RPC
        DSA object GUID: 7583b48b-e979-4ac6-af27-3f4660f0abe8
        Last attempt @ 2013-06-12 22:18:48 was successful.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 9

Assisted Solution

by:Zenvenky
Zenvenky earned 250 total points
ID: 39243410
It is a DNS mis-configuration issue. As per the logs I see connectivity issues on KHC-STU-DC4, PWHCBADC01, HCBETA-BHS-DC1. Use below link and correct DNS settings and restart DNS and Netlogon. Once everything is done and if you see any errors in repadmin /replsum and dcdiag /test:dns log let us know.

DNS Best Practices

Authoritative Time Server
0
 
LVL 2

Author Comment

by:ambri5h
ID: 39244052
repadmin /replsum results:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.HCBETA>repadmin /replsum
Replication Summary Start Time: 2013-06-13 11:41:16

Beginning data collection for replication summary, this may take awhile:
  .........


Source DSA          largest delta    fails/total %%   error
 KHC-STU-DC0               20m:24s    0 /  10    0
 KHC-STU-DC2               51m:10s    3 /  22   13  (1722) The RPC server is una
vailable.
 KHC-STU-DC3               20m:23s    0 /   6    0
 KHC-STU-DC4               20m:21s    0 /  15    0


Destination DSA     largest delta    fails/total %%   error
 HCBETA-BHS-DC1            51m:13s    0 /  10    0
 KHC-STU-DC0               04m:04s    0 /   5    0
 KHC-STU-DC2               19m:25s    0 /  13    0
 KHC-STU-DC3               11m:25s    0 /   3    0
 KHC-STU-DC4               17m:57s    3 /   5   60  (1722) The RPC server is una
vailable.
 PWHCBADC01                20m:25s    0 /  17    0


dcdiag /test:dns results
please see logfile
dcdiag-13june2013.log
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 39244211
Also look at this technet KB for the RPC issue

http://support.microsoft.com/kb/2102154

Thanks

Mike
0
 
LVL 2

Assisted Solution

by:ambri5h
ambri5h earned 0 total points
ID: 39252495
Hi guys,

I actually did some more Googling and found this website: http://www.petenetlive.com/KB/Article/0000301.htm

Step 1 seems to have fixed things for me. I'm going to monitor this over the course of the week and will update this question later on this week.
0
 
LVL 2

Author Closing Comment

by:ambri5h
ID: 39366340
Provided another source of information for potential other users.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now