Solved

DNS Servers and Acttive Directory not communicating properly

Posted on 2016-10-06
7
53 Views
Last Modified: 2016-10-07
I recently retired my old Primary Domain Controller which was also the DNS server that was created when I installed the AD Role.  Now I am getting errors and warning about them not communicating properly.  On the secondary DC, DNS server (It is NOT a DHCP Server) I get the following warning:
Number 4013:


I get the Error Number 408


If I do the nltest /dclist:domain.local I get a list of the 2 server and the correct one is the primary domain controller.

At the same time my internet has become sluggish and I get al ot of the following error:

This site can’t be reached

XXXXXXXXXX server DNS address could not be found.
Try:
Checking the proxy, firewall, and DNS configuration
Running Windows Network Diagnostics

I have both DNS Server listed in the DHCP server scope options.
When I run the command setspn -l hostname my domain name is listed a bunch of times and seems to be correct.
I tried the command repadmin /showrepl but it says that repadmin is not a recognized command.

Thanks for your help!  Assume I know very little when you respond.
0
Comment
Question by:lcfrederickson
  • 3
  • 3
7 Comments
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Before deco, was DNS options on the DHCP change to push the new DNS server/s any static ip servers had to be updated to now point to the new DNS server.
Ipconfig /all

Dies the renaming DC configured as a global catalog?
The DNS on the remaining DC, foes it reflect the AD zone?

You have to make sure there are no references to the old DNS if it is no longer on the network.
Prior to the retirement, we're all the roles transferred from the old to the new/remaining?
0
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
So how many servers do you have in your domain now...1 or 2?
How did you retire the old one?
Did you run DCPROMO on it to remove it as a Domain Controller
Does one of your servers hold all the FSMO roles?
Is one of your servers a Global Catalog Server?
What's providing DHCP?
0
 

Author Comment

by:lcfrederickson
Comment Utility
I ran the netdom netdom query fsmo command and is shows the right server as holding the fsmo role.  It doesn't show the other one.

I was under the impression that DCPROMO doesn't work with 2012 R2.

I just found out that I have 2 server in the Active Directory Sites and Services that no longer exist and are listed as GC.  Both of the servers that are active are also GC.

When I try to delete the old PDC it tells me that it contains other objects and that if I use the Delete Subtree Server control all delete protected objects will be deleted and the deletion cann't be cancelled

How do I demote a server that no longer exists?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 76

Expert Comment

by:arnold
Comment Utility
you would need to use the ntdsutils to seize the roles that you are missing schema, etc. on the new DC. only then you will be able to use to metadata cleanup to remove the remnants of the old systems.

ntdsutil can be queried for the data to reflect which system is reflected master for each service....
0
 

Author Comment

by:lcfrederickson
Comment Utility
I did the ntdsutils and the server I want has seized the role.  The metadata cleanup did NOT work.  I did find a page that showed how to go into the DNS server and delete all the servers that I didn't want anymore and I have done that.  I guess I'll see on monday if it is still giving the same errors and warnings.
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
Comment Utility
Within DNS you can delete the record.
There are five roles which include schema master, one other one. About Which role did you get a message when attempting to delete an old server ?

See if the following helps clear up https://technet.microsoft.com/en-us/library/cc771844(v=ws.10).aspx
0
 

Author Closing Comment

by:lcfrederickson
Comment Utility
I think I got it with the last suggestions.  Thanks!!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now