Solved

The RPC Server is unavailable on dcpromo

Posted on 2014-07-23
9
1,032 Views
Last Modified: 2014-07-25
Hi guys,

I'm trying to set up the first server/DC in a new domain on a new forest. All I've done so far is install the server, and then run updates and set a static IP and then install AD DS and run DCpromo. Everything else is left as is.

As per Microsoft's instructions, I set the FQDN to mydomain.mycompany.com, and at the end of DCpromo (it also install DNS as it's the first server), I get the following error:

"DCpromo was unable to create a DNS delegation in the parent zone: mycompany.com. This is because you do not have permissions to do so, or because the zone is hosted on a server that does not run Windows.  To ensure that the domain controller can be found by other computers on the network, you must create a DNS delegation in the parent zone for this domain.  To do so, contact an administrator who is responsible for the DNS zone: mycompany.com

The RPC server is unavailable."

I have ensured that all RPC services are running, the Server service is running and, just to be on the safe side, set my network to private rather than public.

However, if I do it all again and set my FQDN to mydomain.local, everything works fine. So it has to be something to do with including mycompany.com. But I'm following Microsoft's guidelines, it's a new server/domain/forest and everything else is set to default options, so I'm not sure why I'm getting this message and how to resolve it?

I'm fairly new to setting up DCs, so thanks for your help in advance!
0
Comment
Question by:granite03
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40213705
Thats not an error because you try to join (not really only to explain) to mycompany.com but there you do not have any rights.

Buy the way never ever use that setting for any real production domain.

better use mycompany.local
0
 

Author Comment

by:granite03
ID: 40213757
While that may be easier, is it not best practice now to use mydomain.mycompany.com?

As referenced by Microsoft:
http://social.technet.microsoft.com/wiki/contents/articles/17974.active-directory-domain-naming-considerations.aspx
http://www.mdmarra.com/2012/11/why-you-shouldnt-use-local-in-your.html

Hence, why I am trying to avoid using mycompany/mydomain.local  :-)
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40213799
you are trying to add a subdomain to mycompany.com so mycompany.com domain controllers have to be available and you must be able to authenticate with them. Since this is a lab first create the mycompany.com domain and then you can add the second domain controller with the domain of mydomain.mycompany.com
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:granite03
ID: 40213923
Thanks. Although I see where you're coming from, if this was a live network with a single DC, how would I get around it?

What I'm really trying to say is that, from everything I've read into this, best practices points to naming the domain mydomain.mycompany.com.

For example, from the link in my last message:

"The correct way to name an Active Directory domain is to create a subdomain that is the delegation of a parent domain that you have registered and have control over. As an example, if I ever started a consulting business and used the Internet-facing website mdmarra.com as my company's site, I should name my Active Directory domain ad.mdmarra.com or internal.mdmarra.com, or something similar. "

This link is taken directly from a Microsfot site. Microsoft also mention something very similar. So it's all pretty confusing to a relative newbie!
0
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40214157
There are a lot of opinions about. I try to explain and why. For example your company is named acme. So propably your internet domain (website) is reachable under acme.com.

So in the old days you could choose acme.local, but this is not good anymore because maybe in the public view .local will be used soon. So everybody is giving the hint to use ad.acme.com.

so to logon in windows you have to use ad\user or user@ad.acme.com so the decission is up to you.

I am a friend to use as domain myacme.com or better myacme.us the thing is that the user can better associate with. all other confused them too much.

BUT
never ever use the same domain name like your internet site.

After a lot of typing you can be creative but think that you always have to type it.

A small side aspect if you think already about a maildomain maybe thats the right name for it.

macme.com is the maildomain user@macme.com then in the future if you use a messanger the users have to remeber only one logon name their emailadress. I know a lot of corps are using their internetadress as mailaddy but i think is a creative decission as well.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 40215696
Don't worry about that DNS delegation error. What it's saying is that your server was unable to contact an authoritative DNS server for mycompany.com and create a delegation record on it. This is a normal condition in your case, as your server doesn't have permission to do so. If your environment contained another AD domain named mycompany.com and you were in the process of creating a child domain beneath it, then this error may be cause for concern.

Also, you can proceed with using mydomain.mycompany.com as your AD domain name. This is now considered a best practice, as you said, in place of using a suffix like .local (which can cause extra work down the road in some scenarios, like wanting to access internal resources from outside via SSL).

Even though your AD domain looks like a subdomain of your external domain from a DNS standpoint, they are actually two completely separate entities, and you don't have to connect them (via a delegation or whatever) at all if you don't want to.
0
 

Author Comment

by:granite03
ID: 40216262
Thanks, DrDave242. Makes sense. So I can safely ignore this error and proceed with my domain set up?
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 40218329
Yep, exactly.
0
 

Author Comment

by:granite03
ID: 40219178
Excellent, thank you. I'll carry it out based on your recommendation .

If I do come across issues, I'll try to update it here, but mainly for informational purposes in case somebody has similar problems to me.

Thanks.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question