Solved

DNS Servers and Acttive Directory not communicating properly

Posted on 2016-10-06
7
84 Views
Last Modified: 2016-10-07
I recently retired my old Primary Domain Controller which was also the DNS server that was created when I installed the AD Role.  Now I am getting errors and warning about them not communicating properly.  On the secondary DC, DNS server (It is NOT a DHCP Server) I get the following warning:
Number 4013:


I get the Error Number 408


If I do the nltest /dclist:domain.local I get a list of the 2 server and the correct one is the primary domain controller.

At the same time my internet has become sluggish and I get al ot of the following error:

This site can’t be reached

XXXXXXXXXX server DNS address could not be found.
Try:
Checking the proxy, firewall, and DNS configuration
Running Windows Network Diagnostics

I have both DNS Server listed in the DHCP server scope options.
When I run the command setspn -l hostname my domain name is listed a bunch of times and seems to be correct.
I tried the command repadmin /showrepl but it says that repadmin is not a recognized command.

Thanks for your help!  Assume I know very little when you respond.
0
Comment
Question by:lcfrederickson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 41832949
Before deco, was DNS options on the DHCP change to push the new DNS server/s any static ip servers had to be updated to now point to the new DNS server.
Ipconfig /all

Dies the renaming DC configured as a global catalog?
The DNS on the remaining DC, foes it reflect the AD zone?

You have to make sure there are no references to the old DNS if it is no longer on the network.
Prior to the retirement, we're all the roles transferred from the old to the new/remaining?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 41833027
So how many servers do you have in your domain now...1 or 2?
How did you retire the old one?
Did you run DCPROMO on it to remove it as a Domain Controller
Does one of your servers hold all the FSMO roles?
Is one of your servers a Global Catalog Server?
What's providing DHCP?
0
 

Author Comment

by:lcfrederickson
ID: 41833667
I ran the netdom netdom query fsmo command and is shows the right server as holding the fsmo role.  It doesn't show the other one.

I was under the impression that DCPROMO doesn't work with 2012 R2.

I just found out that I have 2 server in the Active Directory Sites and Services that no longer exist and are listed as GC.  Both of the servers that are active are also GC.

When I try to delete the old PDC it tells me that it contains other objects and that if I use the Delete Subtree Server control all delete protected objects will be deleted and the deletion cann't be cancelled

How do I demote a server that no longer exists?
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 78

Expert Comment

by:arnold
ID: 41834322
you would need to use the ntdsutils to seize the roles that you are missing schema, etc. on the new DC. only then you will be able to use to metadata cleanup to remove the remnants of the old systems.

ntdsutil can be queried for the data to reflect which system is reflected master for each service....
0
 

Author Comment

by:lcfrederickson
ID: 41834455
I did the ntdsutils and the server I want has seized the role.  The metadata cleanup did NOT work.  I did find a page that showed how to go into the DNS server and delete all the servers that I didn't want anymore and I have done that.  I guess I'll see on monday if it is still giving the same errors and warnings.
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 41834483
Within DNS you can delete the record.
There are five roles which include schema master, one other one. About Which role did you get a message when attempting to delete an old server ?

See if the following helps clear up https://technet.microsoft.com/en-us/library/cc771844(v=ws.10).aspx
0
 

Author Closing Comment

by:lcfrederickson
ID: 41834522
I think I got it with the last suggestions.  Thanks!!
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question