Solved

DNS Servers and Acttive Directory not communicating properly

Posted on 2016-10-06
7
85 Views
Last Modified: 2016-10-07
I recently retired my old Primary Domain Controller which was also the DNS server that was created when I installed the AD Role.  Now I am getting errors and warning about them not communicating properly.  On the secondary DC, DNS server (It is NOT a DHCP Server) I get the following warning:
Number 4013:


I get the Error Number 408


If I do the nltest /dclist:domain.local I get a list of the 2 server and the correct one is the primary domain controller.

At the same time my internet has become sluggish and I get al ot of the following error:

This site can’t be reached

XXXXXXXXXX server DNS address could not be found.
Try:
Checking the proxy, firewall, and DNS configuration
Running Windows Network Diagnostics

I have both DNS Server listed in the DHCP server scope options.
When I run the command setspn -l hostname my domain name is listed a bunch of times and seems to be correct.
I tried the command repadmin /showrepl but it says that repadmin is not a recognized command.

Thanks for your help!  Assume I know very little when you respond.
0
Comment
Question by:lcfrederickson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 41832949
Before deco, was DNS options on the DHCP change to push the new DNS server/s any static ip servers had to be updated to now point to the new DNS server.
Ipconfig /all

Dies the renaming DC configured as a global catalog?
The DNS on the remaining DC, foes it reflect the AD zone?

You have to make sure there are no references to the old DNS if it is no longer on the network.
Prior to the retirement, we're all the roles transferred from the old to the new/remaining?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 41833027
So how many servers do you have in your domain now...1 or 2?
How did you retire the old one?
Did you run DCPROMO on it to remove it as a Domain Controller
Does one of your servers hold all the FSMO roles?
Is one of your servers a Global Catalog Server?
What's providing DHCP?
0
 

Author Comment

by:lcfrederickson
ID: 41833667
I ran the netdom netdom query fsmo command and is shows the right server as holding the fsmo role.  It doesn't show the other one.

I was under the impression that DCPROMO doesn't work with 2012 R2.

I just found out that I have 2 server in the Active Directory Sites and Services that no longer exist and are listed as GC.  Both of the servers that are active are also GC.

When I try to delete the old PDC it tells me that it contains other objects and that if I use the Delete Subtree Server control all delete protected objects will be deleted and the deletion cann't be cancelled

How do I demote a server that no longer exists?
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 79

Expert Comment

by:arnold
ID: 41834322
you would need to use the ntdsutils to seize the roles that you are missing schema, etc. on the new DC. only then you will be able to use to metadata cleanup to remove the remnants of the old systems.

ntdsutil can be queried for the data to reflect which system is reflected master for each service....
0
 

Author Comment

by:lcfrederickson
ID: 41834455
I did the ntdsutils and the server I want has seized the role.  The metadata cleanup did NOT work.  I did find a page that showed how to go into the DNS server and delete all the servers that I didn't want anymore and I have done that.  I guess I'll see on monday if it is still giving the same errors and warnings.
0
 
LVL 79

Accepted Solution

by:
arnold earned 500 total points
ID: 41834483
Within DNS you can delete the record.
There are five roles which include schema master, one other one. About Which role did you get a message when attempting to delete an old server ?

See if the following helps clear up https://technet.microsoft.com/en-us/library/cc771844(v=ws.10).aspx
0
 

Author Closing Comment

by:lcfrederickson
ID: 41834522
I think I got it with the last suggestions.  Thanks!!
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question