Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DNS Servers and Acttive Directory not communicating properly

Posted on 2016-10-06
7
Medium Priority
?
89 Views
Last Modified: 2016-10-07
I recently retired my old Primary Domain Controller which was also the DNS server that was created when I installed the AD Role.  Now I am getting errors and warning about them not communicating properly.  On the secondary DC, DNS server (It is NOT a DHCP Server) I get the following warning:
Number 4013:


I get the Error Number 408


If I do the nltest /dclist:domain.local I get a list of the 2 server and the correct one is the primary domain controller.

At the same time my internet has become sluggish and I get al ot of the following error:

This site can’t be reached

XXXXXXXXXX server DNS address could not be found.
Try:
Checking the proxy, firewall, and DNS configuration
Running Windows Network Diagnostics

I have both DNS Server listed in the DHCP server scope options.
When I run the command setspn -l hostname my domain name is listed a bunch of times and seems to be correct.
I tried the command repadmin /showrepl but it says that repadmin is not a recognized command.

Thanks for your help!  Assume I know very little when you respond.
0
Comment
Question by:lcfrederickson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 41832949
Before deco, was DNS options on the DHCP change to push the new DNS server/s any static ip servers had to be updated to now point to the new DNS server.
Ipconfig /all

Dies the renaming DC configured as a global catalog?
The DNS on the remaining DC, foes it reflect the AD zone?

You have to make sure there are no references to the old DNS if it is no longer on the network.
Prior to the retirement, we're all the roles transferred from the old to the new/remaining?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 41833027
So how many servers do you have in your domain now...1 or 2?
How did you retire the old one?
Did you run DCPROMO on it to remove it as a Domain Controller
Does one of your servers hold all the FSMO roles?
Is one of your servers a Global Catalog Server?
What's providing DHCP?
0
 

Author Comment

by:lcfrederickson
ID: 41833667
I ran the netdom netdom query fsmo command and is shows the right server as holding the fsmo role.  It doesn't show the other one.

I was under the impression that DCPROMO doesn't work with 2012 R2.

I just found out that I have 2 server in the Active Directory Sites and Services that no longer exist and are listed as GC.  Both of the servers that are active are also GC.

When I try to delete the old PDC it tells me that it contains other objects and that if I use the Delete Subtree Server control all delete protected objects will be deleted and the deletion cann't be cancelled

How do I demote a server that no longer exists?
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 79

Expert Comment

by:arnold
ID: 41834322
you would need to use the ntdsutils to seize the roles that you are missing schema, etc. on the new DC. only then you will be able to use to metadata cleanup to remove the remnants of the old systems.

ntdsutil can be queried for the data to reflect which system is reflected master for each service....
0
 

Author Comment

by:lcfrederickson
ID: 41834455
I did the ntdsutils and the server I want has seized the role.  The metadata cleanup did NOT work.  I did find a page that showed how to go into the DNS server and delete all the servers that I didn't want anymore and I have done that.  I guess I'll see on monday if it is still giving the same errors and warnings.
0
 
LVL 79

Accepted Solution

by:
arnold earned 2000 total points
ID: 41834483
Within DNS you can delete the record.
There are five roles which include schema master, one other one. About Which role did you get a message when attempting to delete an old server ?

See if the following helps clear up https://technet.microsoft.com/en-us/library/cc771844(v=ws.10).aspx
0
 

Author Closing Comment

by:lcfrederickson
ID: 41834522
I think I got it with the last suggestions.  Thanks!!
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question