I migrated SBS 2011 to Windows 2012 R2 and all seemed to go well. Removed Exchange and SharePoint from SBS, transferred all the roles to W2012, same with DHCP, etc. Replication between the two was working fine. I then went to dcpromo out the SBS server but it said it could not contact the domain. I went ahead and forced the removal knowing I had backups (both are VMs and had their virtual files backed up on the host).
Right after the migration, I added several clients to the domain, no problem, so domain access was not a problem. But now I have an orphaned server, 2012. Much to my horror, I was unable to restore the .vhd file for SBS. I;s there for over two weeks but none will restore,
So I tried restoring the 2012 file and could do that, but rebooting with the older disk gives me the exact same error.
I figured this was a DNS issue, and sure enough, msdcs.<domain> was not zone. When I created it, it got populated exactly as I think it should. I compared it to DNS in another domain I have access to, and it is complete.
When I first tried NSLOOKUP, I got no results and it apparantly seemed to use IPV6 address of ::1. I unchecked that protocol on the network adapter (it was that way on my reference server), but still got no server found. After adding the msdcs zone, NSLOOKUP seems to work:
Default Server: hd-dc.<domain>.com
> set type=all
_ldap._tcp.dc._msdcs<domain>.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = hd-dc.<domain>.com
hd-dc<domain>.com internet address = 192.168.10.15
However, when I run dcdiag I get this at the end
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
I then ran ntdsutil to check on roles. I could not connect to the domain but could connect to the server. When I tried to seize a role, I got an error but it listed all five roles as belonging to that server. Assume the error was because it already held the role.
I then tried to do a metadata cleanup but it won't run because it can't connect to the domain. So I ran ADI Edit and while I couldn't connect to the domain I connected to the server. I found two instances where the old server was referenced and deleted them.
Finally I removed several roles from the server that weren't really deployed yet. Lots of restarts of NETLOGON, Active Directory Services and reboots on the server.
Now when I run nslookup, it reolves properly BUT I get the following message:
DN request timed out
*** Request to hd-dc.<domain<,com timed-out
Completely stumped on where to go from here. I am focused on DNS, is that correct? If so, what else can I do? If not, where else to look?