While promoting 2012 STD server to DC; "Delegation for this DNS server cannot be created..."
I had a 2003 (sbs) Domain. I added a 2012-R2-STD DC. Moved the FSMO roles to the 2012R2 server. Demoted and removed the 2003 SBS server.
I'm adding a second (2012Std) DC. I added "Active DIrectory Name Services" Role. When Promoting this server to as a Domain Controller I received the following Warning
"A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to to ensure reliable name resolution from outside the domain "erateoffice.net". Otherwise, no action is required."
What does this mean? In general, DNS looks ok on the new DC.
Thank you in advance.
I'm adding a second (2012Std) DC. I added "Active DIrectory Name Services" Role. When Promoting this server to as a Domain Controller I received the following Warning
"A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to to ensure reliable name resolution from outside the domain "erateoffice.net". Otherwise, no action is required."
What does this mean? In general, DNS looks ok on the new DC.
Thank you in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm afraid I don't quite agree with elchermans. You would continue to point clients in the child domain at the DNS servers for that domain.
To use his example, the delegation would be on the ABC.com domain. In the ABC.com zone, you would create a delegation for 123.ABC.com, and in the properties of this delegation you would have the name servers for the 123.ABC.com domain.
In a single domain environment, what you will usually see is a zone for your domain, and a zone for _msdcs.yourdomain.com. The _msdcs zone should have a replication scope of "all DNS servers in the forest". Inside the zone yourdomain.com will be the delegation for _msdcs. In the properties of that delegation just update it to include all your DNS servers.
To use his example, the delegation would be on the ABC.com domain. In the ABC.com zone, you would create a delegation for 123.ABC.com, and in the properties of this delegation you would have the name servers for the 123.ABC.com domain.
In a single domain environment, what you will usually see is a zone for your domain, and a zone for _msdcs.yourdomain.com. The _msdcs zone should have a replication scope of "all DNS servers in the forest". Inside the zone yourdomain.com will be the delegation for _msdcs. In the properties of that delegation just update it to include all your DNS servers.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To understand Delegation: lets say you have ABC.com Domain and as a child domain you have 123.ABC.com
Basically, on the ABC.com DCs, in the DNS console, you will have a zone called 123.ABC.com and under the properties of that you will add the IPs of the DNS servers ( of 123.ABC.com) as Name Servers (under the name servers tab).
So by pointing computers and servers that are in 123.abc.com to a DNS server in ABC.COM ... when theres a DNS query , it will go to ABC.COM DNS servers (instead of just asking its own DNS servers in its own domain) and these will use the name servers configured for 123.ABC.com zone and "delegate" down to them . So you will eventually get to the DNS server in 123.ABC.com which is where the machines and server are in.
This is done to have a central point of redirection for DNS. It gets complicated to manage all the zones in a multi domain forest, not to mention having trusts with other forests that have multiple domains. The goal is for a computer to point to a DNS server that "knows it all" about every other domain.
So in this case.. its failing to update that delegation for you. If your DNS is not configured with a delegation model, then it will always give that error.