Danbman
asked on
DNS seems incorrect after promoting 2008 R2 Server and demoted 2003 server as domain controllers
After transferring the FSMO roles to our 2008 R2 server and making it the new PDC. I was unable to get the 2003 server to graciously demote as DC, I then used the dcpromo /forceremoval, since then we are unable to reconnect the 2003 server to the domain, All the workstations can no longer connect to Exchange (also hosted on the PDC at this point), when running a nltest /dclist:domain command the domain cannot be found. I have attached a copy of the dcdiag, any help would be appreciated.
dcdiag.txt
nltest.txt
dcdiag.txt
nltest.txt
ASKER
DNS role is installed on DC, Best practices analyzer comes back with no errors or warnings.
Check firewall rules, open DNS console and check you see your dns zones. dcdiag doesn't found any DNS servers.
ASKER
Not sure if this will help, but here is the BPA log for AD DS
DirectoryServices-EngineReport1.txt
DirectoryServices-EngineReport1.txt
The BPS logs are in xml format, is difficult to red but some messages can be extracted.
"<Message>Could not find a forest identified by: 'crossroads.local'.</Messa
this points to a DNS issue also.
"<Message>Could not find a forest identified by: 'crossroads.local'.</Messa
this points to a DNS issue also.
ASKER
Disabled local firewall as well as created a rule in external firewall to allow all internal traffic (just in case). Opened DNS console and am able to see the forest for the domain just fine. When trying to connect the 2003 server to the domain it states
DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain crossroads.local:
The query was for the SRV record for _ldap._tcp.dc._msdcs.cross
The following domain controllers were identified by the query:
crm-dc.crossroads.local
hp-crmdc.crossroads.local
Common causes of this error include:
- Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or are not running.
For information about correcting this problem, click Help.
DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain crossroads.local:
The query was for the SRV record for _ldap._tcp.dc._msdcs.cross
The following domain controllers were identified by the query:
crm-dc.crossroads.local
hp-crmdc.crossroads.local
Common causes of this error include:
- Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or are not running.
For information about correcting this problem, click Help.
How many domain controllers do you have now?
You must check the DNS zone _msdcs.yourdomain.com for staled or wrong records pointing to non-existing DCs, do the same in your domainname.com zone for NS records.
You must check the DNS zone _msdcs.yourdomain.com for staled or wrong records pointing to non-existing DCs, do the same in your domainname.com zone for NS records.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Working
"Name resolution for the name isatap timed out after none of the configured DNS servers responded."