Solved

Adding 2012 DC to SBS 2003 Domain - 2012 can not talk to the 2003 DNS

Posted on 2013-11-14
4
637 Views
Last Modified: 2014-03-07
I have a client with a 2003 SBS domain. Their server is finally failing and we are replacing it with a 2012 standard x64 server. We are having DNS issues that I can't explain.

If you try to add the new 2012 DNS server to the 2003 DNS applet, I get an access denied error.

If I try to add the 2003 DNS server to the 2012 DNS applet it works fine. But I get "The DNS server encountered a problem while attempting to load the zone. The transfer of zone data from the master server failed.

I have set up new and have migrated MS Servers going all the way back to NT 3.1, I have never had any issues like this. In fact we had to totally remove the new DNS yesterday and pay Microsoft to help clean up so we could try again.

Has anyone experienced this? Can anyone help me?

Thanks
In advance

- SBS Server is x32 and at service pack 2 (not an R2)
- 2012 server is x64 and standard.
- exchange is being eliminated
- servers are on same subnet, I can RDP into either from the other so they are talking
- all Windows Firewalls are off
- dcdiag on the SBS 2003 reads
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\LM-MAIN
      Starting test: Connectivity
         ......................... LM-MAIN passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\LM-MAIN
      Starting test: Replications
         ......................... LM-MAIN passed test Replications
      Starting test: NCSecDesc
         ......................... LM-MAIN passed test NCSecDesc
      Starting test: NetLogons
         ......................... LM-MAIN passed test NetLogons
      Starting test: Advertising
         ......................... LM-MAIN passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... LM-MAIN passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... LM-MAIN passed test RidManager
      Starting test: MachineAccount
         ......................... LM-MAIN passed test MachineAccount
      Starting test: Services
            IsmServ Service is stopped on [LM-MAIN]
         ......................... LM-MAIN failed test Services
      Starting test: ObjectsReplicated
         ......................... LM-MAIN passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... LM-MAIN passed test frssysvol
      Starting test: frsevent
         ......................... LM-MAIN passed test frsevent
      Starting test: kccevent
         ......................... LM-MAIN passed test kccevent
      Starting test: systemlog
         ......................... LM-MAIN passed test systemlog
      Starting test: VerifyReferences
         ......................... LM-MAIN passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : landmark
      Starting test: CrossRefValidation
         ......................... landmark passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... landmark passed test CheckSDRefDom

   Running enterprise tests on : landmark.pri
      Starting test: Intersite
         ......................... landmark.pri passed test Intersite
      Starting test: FsmoCheck
         ......................... landmark.pri passed test FsmoCheck

DCDIAG on new server: --------------------------------------------------------------

C:\Users\Administrator.LANDMARK>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   ***Error: landmarkdc is not a Directory Server.  Must specify /s:<Directory
   Server> or  /n:<Naming Context> or nothing to use the local machine.
   ERROR: Could not find home server.

Running Dcdiag on new server with switches --------------------------------------
C:\Users\Administrator.LANDMARK>dcdiag /s:lm-main

Directory Server Diagnosis

Performing initial setup:
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\LM-MAIN
      Starting test: Connectivity
         ......................... LM-MAIN passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\LM-MAIN
      Starting test: Advertising
         ......................... LM-MAIN passed test Advertising
      Starting test: FrsEvent
         ......................... LM-MAIN passed test FrsEvent
      Starting test: DFSREvent
         ......................... LM-MAIN passed test DFSREvent
      Starting test: SysVolCheck
         ......................... LM-MAIN passed test SysVolCheck
      Starting test: KccEvent
         ......................... LM-MAIN passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... LM-MAIN passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... LM-MAIN passed test MachineAccount
      Starting test: NCSecDesc
         ......................... LM-MAIN passed test NCSecDesc
      Starting test: NetLogons
         ......................... LM-MAIN passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... LM-MAIN passed test ObjectsReplicated
      Starting test: Replications
         ......................... LM-MAIN passed test Replications
      Starting test: RidManager
         ......................... LM-MAIN passed test RidManager
      Starting test: Services
            Invalid service type: RpcSs on LM-MAIN, current value
            WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS
            Invalid service startup type: IsmServ on LM-MAIN, current value
            DISABLED, expected value AUTO_START
            IsmServ Service is stopped on [LM-MAIN]
         ......................... LM-MAIN failed test Services
      Starting test: SystemLog
         ......................... LM-MAIN passed test SystemLog
      Starting test: VerifyReferences
         ......................... LM-MAIN passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : landmark
      Starting test: CheckSDRefDom
         ......................... landmark passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... landmark passed test CrossRefValidation

   Running enterprise tests on : landmark.pri
      Starting test: LocatorCheck
         ......................... landmark.pri passed test LocatorCheck
      Starting test: Intersite
         ......................... landmark.pri passed test Intersite

C:\Users\Administrator.LANDMARK>
0
Comment
Question by:newmanme
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39649548
When you promoted the 2012 server as a DC did you also make sure that this server is a DNS server a long with Global Catalog server as well?

If you try to add the new 2012 DNS server to the 2003 DNS applet, I get an access denied error.

Based on the above comment it does not look like the 2012 server is part of the Name Servers in DNS for this particular Zone. If the 2012 server is not a name server this is why you are getting this message. Also, if this server is already a DNS server is it AD-integrated? If not, make sure that it is.

Will.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39649842
yes, it sounds like you are attempting to use the 2012 server to have a secondary zone from the 2003 server but the 2003 server is not configured to allow zone transfers which would cause that error

Zone transfers from a secondary DNS server fail
http://technet.microsoft.com/en-us/library/cc776973%28v=ws.10%29.aspx

as Will said, integrate your dns and you won't have this issue as dns will replicate between each other automatically with AD

it is not necessary to configure a separate DNS replication topology that uses ordinary DNS zone transfers because all zone data is replicated automatically by means of Active Directory replication
http://technet.microsoft.com/en-us/library/cc731204%28v=ws.10%29.aspx
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39650031
Have you checked the dns zone on new DC are the zone loaded correctly with all srv records?
What about the FSMO role uis it on SBS server or Win2012.If you are not planning to remove SBS then you need to place FSMO role on SBS server due ti its limitation.

Can you post the dcdiag /q  and repadmin /replsum of both sbs and new DC.Also printscreen of Win2012 DC DNS console with expanded folders.

Ensure you have set the DNS as below.
Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39913771
what was the solution?
multiple suggestions were made and no comment as to what the root cause was
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question