damejen
asked on
Enlist RODC 2012 R2
Hi experts,
Need a bit of help with Enlisting a RODC on a 2012 R2 server.
Here's the details.
Created two RODC's and trying to enlist them in DNS
From a writable DC:
I run from elevated cmd:
DnsCmd RODCServername /EnlistDirectoryPartition ForestDNSZones.domainname.
I get the following:
Enlist directory partition failed: forestdnszones.nice.com
status = 8367 (0x000020AF)
Command failed: ERROR_DS_COULDNT_CONTACT_F
I then try to use NTDSUTIL
C:\Windows\system32>ntdsut
ntdsutil: partition management
partition management: connections
server connections: connect to server Servername
Binding to Servername ...
Connected to Servername using credentials of locally logged on user.
server connections: quit
partition management: add NC Replica DC=DomainDNSZones,DC=child
Error parsing Input - Invalid Syntax.
Not sure where I'm going wrong.
Need a bit of help with Enlisting a RODC on a 2012 R2 server.
Here's the details.
Created two RODC's and trying to enlist them in DNS
From a writable DC:
I run from elevated cmd:
DnsCmd RODCServername /EnlistDirectoryPartition ForestDNSZones.domainname.
I get the following:
Enlist directory partition failed: forestdnszones.nice.com
status = 8367 (0x000020AF)
Command failed: ERROR_DS_COULDNT_CONTACT_F
I then try to use NTDSUTIL
C:\Windows\system32>ntdsut
ntdsutil: partition management
partition management: connections
server connections: connect to server Servername
Binding to Servername ...
Connected to Servername using credentials of locally logged on user.
server connections: quit
partition management: add NC Replica DC=DomainDNSZones,DC=child
Error parsing Input - Invalid Syntax.
Not sure where I'm going wrong.
Miguel Angel Perez Muñoz
Ensure your Active directory DNS zones are configured as Active directory integrated and replicate all domain controllers on domain. Then, wait until replication ends.
ASKER
All AD DNS Zones are AD integrated.
Could you try remove space between DC=Child, and DC=Contoso
ASKER
I've done that, no spaces. I've also removed the Replica in the string as a link I found said this command was buggy
DNS RODC Enlist
I've tried it add NC DC=DomainDNSZones,DC=child
though I still get :
Error parsing Input - Invalid Syntax
DNS RODC Enlist
I've tried it add NC DC=DomainDNSZones,DC=child
though I still get :
Error parsing Input - Invalid Syntax
Are there any errors in the Directory Service event log on the RODC? I'm asking mainly because of this:
Command failed: ERROR_DS_COULDNT_CONTACT_FAlso, I've just promoted a 2012 R2 RODC in my test environment. I specified that it should be a DNS server during the promotion, and as soon as it rebooted, it was already enlisted in the DomainDnsZones and ForestDnsZones directory partitions with no extra effort needed on my part.SMO 8367 0x20AF
ASKER
I can see one repeating error and one repeating warning in the Directory Service log.
Error:
Active Directory Domain Services was unable to establish a connection with the Global Catalog.
Additional Data
Error value:
8430 The directory service encountered an internal failure
Internal ID:
3200db0
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.
Active Directory Domain Services attempted to communicate with the following global catalog and the attempts were unsuccessful.
\\Servername.domain.com
The operation in progress might be unable to continue. Active Directory Domain Services will use the domain controller locator to try to find an available global catalog server.
Additional Data
Error value:
1722 The RPC server is unavailable.
It repeats the two above error and warnings, though in the warning trying to communicate with the global catalog its trying every GC in the Forest.
Error:
Active Directory Domain Services was unable to establish a connection with the Global Catalog.
Additional Data
Error value:
8430 The directory service encountered an internal failure
Internal ID:
3200db0
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.
Active Directory Domain Services attempted to communicate with the following global catalog and the attempts were unsuccessful.
\\Servername.domain.com
The operation in progress might be unable to continue. Active Directory Domain Services will use the domain controller locator to try to find an available global catalog server.
Additional Data
Error value:
1722 The RPC server is unavailable.
It repeats the two above error and warnings, though in the warning trying to communicate with the global catalog its trying every GC in the Forest.
Since this is an RODC, I'm assuming it's at a remote site. Is there anything interfering with connectivity between that site and others? Could there be a firewall whose rules are too restrictive? (Firewalls are a common cause of "RPC server unavailable" errors, though certainly not the only cause.)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Attempted the suggested fixes, though after further troubleshooting/analysis noticed the syntax was incomplete.