?
Solved

DNS seems incorrect after promoting 2008 R2 Server and demoted 2003 server as domain controllers

Posted on 2014-12-10
9
Medium Priority
?
62 Views
Last Modified: 2015-02-07
After transferring the FSMO roles to our 2008 R2 server and making it the new PDC. I was unable to get the 2003 server to graciously demote as DC, I then used the dcpromo /forceremoval, since then we are unable to reconnect the 2003 server to the domain, All the workstations can no longer connect to Exchange (also hosted on the PDC at this point), when running a nltest /dclist:domain command the domain cannot be found.  I have attached a copy of the dcdiag, any help would be appreciated.
dcdiag.txt
nltest.txt
0
Comment
Question by:Danbman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 10

Expert Comment

by:Walter Padrón
ID: 40492527
You must setup the DNS role on your DC, seems is not working
"Name resolution for the name isatap timed out after none of the configured DNS servers responded."
0
 

Author Comment

by:Danbman
ID: 40492606
DNS role is installed on DC, Best practices analyzer comes back with no errors or warnings.
0
 
LVL 10

Expert Comment

by:Walter Padrón
ID: 40492618
Check firewall rules, open DNS console and check you see your dns zones. dcdiag doesn't found any DNS servers.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:Danbman
ID: 40492624
Not sure if this will help, but here is the BPA log for AD DS
DirectoryServices-EngineReport1.txt
0
 
LVL 10

Expert Comment

by:Walter Padrón
ID: 40492643
The BPS logs are in xml format, is difficult to red but some messages can be extracted.
"<Message>Could not find a forest identified by: 'crossroads.local'.</Message>"
this points to a DNS issue also.
0
 

Author Comment

by:Danbman
ID: 40492688
Disabled local firewall as well as created a rule in external firewall to allow all internal traffic (just in case). Opened DNS console and am able to see the forest for the domain just fine. When trying to connect the 2003 server to the domain it states

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain crossroads.local:

The query was for the SRV record for _ldap._tcp.dc._msdcs.crossroads.local

The following domain controllers were identified by the query:

crm-dc.crossroads.local
hp-crmdc.crossroads.local

Common causes of this error include:

- Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.

For information about correcting this problem, click Help.
0
 
LVL 10

Expert Comment

by:Walter Padrón
ID: 40493850
How many domain controllers do you have now?

You must check the DNS zone _msdcs.yourdomain.com for staled or wrong records pointing to non-existing DCs, do the same in your domainname.com zone for NS records.
0
 

Accepted Solution

by:
Danbman earned 0 total points
ID: 40494675
It looks like I have cleared the largest hurdle.  Turns out the issue had something to do with netlogon and sysvol shares not replicating correctly. I was able to rebuild them and now computers are able to join the networks again as well as exchange seems to be functioning again.  I would like to thank you for your help regardless Walter.
0
 

Author Closing Comment

by:Danbman
ID: 40595418
Working
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Here's a look at newsworthy articles and community happenings during the last month.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question