Solved

The RPC Server is unavailable on dcpromo

Posted on 2014-07-23
9
1,074 Views
Last Modified: 2014-07-25
Hi guys,

I'm trying to set up the first server/DC in a new domain on a new forest. All I've done so far is install the server, and then run updates and set a static IP and then install AD DS and run DCpromo. Everything else is left as is.

As per Microsoft's instructions, I set the FQDN to mydomain.mycompany.com, and at the end of DCpromo (it also install DNS as it's the first server), I get the following error:

"DCpromo was unable to create a DNS delegation in the parent zone: mycompany.com. This is because you do not have permissions to do so, or because the zone is hosted on a server that does not run Windows.  To ensure that the domain controller can be found by other computers on the network, you must create a DNS delegation in the parent zone for this domain.  To do so, contact an administrator who is responsible for the DNS zone: mycompany.com

The RPC server is unavailable."

I have ensured that all RPC services are running, the Server service is running and, just to be on the safe side, set my network to private rather than public.

However, if I do it all again and set my FQDN to mydomain.local, everything works fine. So it has to be something to do with including mycompany.com. But I'm following Microsoft's guidelines, it's a new server/domain/forest and everything else is set to default options, so I'm not sure why I'm getting this message and how to resolve it?

I'm fairly new to setting up DCs, so thanks for your help in advance!
0
Comment
Question by:granite03
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40213705
Thats not an error because you try to join (not really only to explain) to mycompany.com but there you do not have any rights.

Buy the way never ever use that setting for any real production domain.

better use mycompany.local
0
 

Author Comment

by:granite03
ID: 40213757
While that may be easier, is it not best practice now to use mydomain.mycompany.com?

As referenced by Microsoft:
http://social.technet.microsoft.com/wiki/contents/articles/17974.active-directory-domain-naming-considerations.aspx
http://www.mdmarra.com/2012/11/why-you-shouldnt-use-local-in-your.html

Hence, why I am trying to avoid using mycompany/mydomain.local  :-)
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 40213799
you are trying to add a subdomain to mycompany.com so mycompany.com domain controllers have to be available and you must be able to authenticate with them. Since this is a lab first create the mycompany.com domain and then you can add the second domain controller with the domain of mydomain.mycompany.com
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:granite03
ID: 40213923
Thanks. Although I see where you're coming from, if this was a live network with a single DC, how would I get around it?

What I'm really trying to say is that, from everything I've read into this, best practices points to naming the domain mydomain.mycompany.com.

For example, from the link in my last message:

"The correct way to name an Active Directory domain is to create a subdomain that is the delegation of a parent domain that you have registered and have control over. As an example, if I ever started a consulting business and used the Internet-facing website mdmarra.com as my company's site, I should name my Active Directory domain ad.mdmarra.com or internal.mdmarra.com, or something similar. "

This link is taken directly from a Microsfot site. Microsoft also mention something very similar. So it's all pretty confusing to a relative newbie!
0
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40214157
There are a lot of opinions about. I try to explain and why. For example your company is named acme. So propably your internet domain (website) is reachable under acme.com.

So in the old days you could choose acme.local, but this is not good anymore because maybe in the public view .local will be used soon. So everybody is giving the hint to use ad.acme.com.

so to logon in windows you have to use ad\user or user@ad.acme.com so the decission is up to you.

I am a friend to use as domain myacme.com or better myacme.us the thing is that the user can better associate with. all other confused them too much.

BUT
never ever use the same domain name like your internet site.

After a lot of typing you can be creative but think that you always have to type it.

A small side aspect if you think already about a maildomain maybe thats the right name for it.

macme.com is the maildomain user@macme.com then in the future if you use a messanger the users have to remeber only one logon name their emailadress. I know a lot of corps are using their internetadress as mailaddy but i think is a creative decission as well.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 40215696
Don't worry about that DNS delegation error. What it's saying is that your server was unable to contact an authoritative DNS server for mycompany.com and create a delegation record on it. This is a normal condition in your case, as your server doesn't have permission to do so. If your environment contained another AD domain named mycompany.com and you were in the process of creating a child domain beneath it, then this error may be cause for concern.

Also, you can proceed with using mydomain.mycompany.com as your AD domain name. This is now considered a best practice, as you said, in place of using a suffix like .local (which can cause extra work down the road in some scenarios, like wanting to access internal resources from outside via SSL).

Even though your AD domain looks like a subdomain of your external domain from a DNS standpoint, they are actually two completely separate entities, and you don't have to connect them (via a delegation or whatever) at all if you don't want to.
0
 

Author Comment

by:granite03
ID: 40216262
Thanks, DrDave242. Makes sense. So I can safely ignore this error and proceed with my domain set up?
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 40218329
Yep, exactly.
0
 

Author Comment

by:granite03
ID: 40219178
Excellent, thank you. I'll carry it out based on your recommendation .

If I do come across issues, I'll try to update it here, but mainly for informational purposes in case somebody has similar problems to me.

Thanks.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question