?
Solved

Unable to manually add a host record in Windows 2008 R2 DNS after DC Promo

Posted on 2014-07-17
7
Medium Priority
?
1,671 Views
Last Modified: 2014-07-23
Hi All,

      I have recently introduced a new Windows 2008 R2 DC in our Windows 2003 Domain Environment. I have a strange issue on adding a host A record on the new W2K8 R2 DC's DNS. Everytime I try to add a record, I would get the following error prompt:

The host record xxxx.mydomain.local cannot be created. Refused

If I look at the DNS event log on the W2K8 DC, it would show the following error event:

Event ID 4015 Source: DNS-Server-Service

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "0000051B: AtrErr: DSID-030F1F8D, #1:
      0: 0000051B: DSID-030F1F8D, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 20119 (nTSecurityDescriptor)". The event data contains the error.

---------------------------------------------------------------------------------------------------------------------------------------------------------


I can manually add the host record without any issue on the W2K3 DC, and it would replicated correctly to the W2K8 DC. Any idea how can I fix this issue?

Thank you.
0
Comment
Question by:livets
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 14

Expert Comment

by:Ben Hart
ID: 40203168
I'd say run a dcdiag on both machines and compare the results.  Also a replmon (2008) and repadmin /showrepl (2003).  Verify there's no errors anywhere.

Also what's your functional level?
0
 

Author Comment

by:livets
ID: 40203183
Hi Ben,

       Dcdiag on both W2K3 and W2K8 R2 dc pass without any error, repadmin /showrepl show success replication on both DC as well. My forest and domain functional level are Windows 2003.
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 40203196
Hmm.. did you move any FSMO roles to the 2008?  Did you run  adprep /forestprep and adprep /domainprep as well?
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:livets
ID: 40204214
I have move all FSMO to the W2K8 R2 DC, yes adprep has been ran.
0
 

Accepted Solution

by:
livets earned 0 total points
ID: 40204597
The issue has been resolved after restarting active directory domain service.
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 40204609
heh. I was going to ask you if you;d rebooted lately, but figured that'd have been a stupid question lol.
0
 

Author Closing Comment

by:livets
ID: 40213729
The solution was tested after restarting AD DS service, and it indeed fix the problem.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question