Solved

Adding 2012 DC to SBS 2003 Domain - 2012 can not talk to the 2003 DNS

Posted on 2013-11-14
4
620 Views
Last Modified: 2014-03-07
I have a client with a 2003 SBS domain. Their server is finally failing and we are replacing it with a 2012 standard x64 server. We are having DNS issues that I can't explain.

If you try to add the new 2012 DNS server to the 2003 DNS applet, I get an access denied error.

If I try to add the 2003 DNS server to the 2012 DNS applet it works fine. But I get "The DNS server encountered a problem while attempting to load the zone. The transfer of zone data from the master server failed.

I have set up new and have migrated MS Servers going all the way back to NT 3.1, I have never had any issues like this. In fact we had to totally remove the new DNS yesterday and pay Microsoft to help clean up so we could try again.

Has anyone experienced this? Can anyone help me?

Thanks
In advance

- SBS Server is x32 and at service pack 2 (not an R2)
- 2012 server is x64 and standard.
- exchange is being eliminated
- servers are on same subnet, I can RDP into either from the other so they are talking
- all Windows Firewalls are off
- dcdiag on the SBS 2003 reads
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\LM-MAIN
      Starting test: Connectivity
         ......................... LM-MAIN passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\LM-MAIN
      Starting test: Replications
         ......................... LM-MAIN passed test Replications
      Starting test: NCSecDesc
         ......................... LM-MAIN passed test NCSecDesc
      Starting test: NetLogons
         ......................... LM-MAIN passed test NetLogons
      Starting test: Advertising
         ......................... LM-MAIN passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... LM-MAIN passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... LM-MAIN passed test RidManager
      Starting test: MachineAccount
         ......................... LM-MAIN passed test MachineAccount
      Starting test: Services
            IsmServ Service is stopped on [LM-MAIN]
         ......................... LM-MAIN failed test Services
      Starting test: ObjectsReplicated
         ......................... LM-MAIN passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... LM-MAIN passed test frssysvol
      Starting test: frsevent
         ......................... LM-MAIN passed test frsevent
      Starting test: kccevent
         ......................... LM-MAIN passed test kccevent
      Starting test: systemlog
         ......................... LM-MAIN passed test systemlog
      Starting test: VerifyReferences
         ......................... LM-MAIN passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : landmark
      Starting test: CrossRefValidation
         ......................... landmark passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... landmark passed test CheckSDRefDom

   Running enterprise tests on : landmark.pri
      Starting test: Intersite
         ......................... landmark.pri passed test Intersite
      Starting test: FsmoCheck
         ......................... landmark.pri passed test FsmoCheck

DCDIAG on new server: --------------------------------------------------------------

C:\Users\Administrator.LANDMARK>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   ***Error: landmarkdc is not a Directory Server.  Must specify /s:<Directory
   Server> or  /n:<Naming Context> or nothing to use the local machine.
   ERROR: Could not find home server.

Running Dcdiag on new server with switches --------------------------------------
C:\Users\Administrator.LANDMARK>dcdiag /s:lm-main

Directory Server Diagnosis

Performing initial setup:
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\LM-MAIN
      Starting test: Connectivity
         ......................... LM-MAIN passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\LM-MAIN
      Starting test: Advertising
         ......................... LM-MAIN passed test Advertising
      Starting test: FrsEvent
         ......................... LM-MAIN passed test FrsEvent
      Starting test: DFSREvent
         ......................... LM-MAIN passed test DFSREvent
      Starting test: SysVolCheck
         ......................... LM-MAIN passed test SysVolCheck
      Starting test: KccEvent
         ......................... LM-MAIN passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... LM-MAIN passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... LM-MAIN passed test MachineAccount
      Starting test: NCSecDesc
         ......................... LM-MAIN passed test NCSecDesc
      Starting test: NetLogons
         ......................... LM-MAIN passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... LM-MAIN passed test ObjectsReplicated
      Starting test: Replications
         ......................... LM-MAIN passed test Replications
      Starting test: RidManager
         ......................... LM-MAIN passed test RidManager
      Starting test: Services
            Invalid service type: RpcSs on LM-MAIN, current value
            WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS
            Invalid service startup type: IsmServ on LM-MAIN, current value
            DISABLED, expected value AUTO_START
            IsmServ Service is stopped on [LM-MAIN]
         ......................... LM-MAIN failed test Services
      Starting test: SystemLog
         ......................... LM-MAIN passed test SystemLog
      Starting test: VerifyReferences
         ......................... LM-MAIN passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : landmark
      Starting test: CheckSDRefDom
         ......................... landmark passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... landmark passed test CrossRefValidation

   Running enterprise tests on : landmark.pri
      Starting test: LocatorCheck
         ......................... landmark.pri passed test LocatorCheck
      Starting test: Intersite
         ......................... landmark.pri passed test Intersite

C:\Users\Administrator.LANDMARK>
0
Comment
Question by:newmanme
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
When you promoted the 2012 server as a DC did you also make sure that this server is a DNS server a long with Global Catalog server as well?

If you try to add the new 2012 DNS server to the 2003 DNS applet, I get an access denied error.

Based on the above comment it does not look like the 2012 server is part of the Name Servers in DNS for this particular Zone. If the 2012 server is not a name server this is why you are getting this message. Also, if this server is already a DNS server is it AD-integrated? If not, make sure that it is.

Will.
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
yes, it sounds like you are attempting to use the 2012 server to have a secondary zone from the 2003 server but the 2003 server is not configured to allow zone transfers which would cause that error

Zone transfers from a secondary DNS server fail
http://technet.microsoft.com/en-us/library/cc776973%28v=ws.10%29.aspx

as Will said, integrate your dns and you won't have this issue as dns will replicate between each other automatically with AD

it is not necessary to configure a separate DNS replication topology that uses ordinary DNS zone transfers because all zone data is replicated automatically by means of Active Directory replication
http://technet.microsoft.com/en-us/library/cc731204%28v=ws.10%29.aspx
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
Comment Utility
Have you checked the dns zone on new DC are the zone loaded correctly with all srv records?
What about the FSMO role uis it on SBS server or Win2012.If you are not planning to remove SBS then you need to place FSMO role on SBS server due ti its limitation.

Can you post the dcdiag /q  and repadmin /replsum of both sbs and new DC.Also printscreen of Win2012 DC DNS console with expanded folders.

Ensure you have set the DNS as below.
Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
what was the solution?
multiple suggestions were made and no comment as to what the root cause was
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now