asked on DNS Forwarding and Delegation Test failed on newly configured 2012 R2 domain controllers ?
Hi All,
I've just promoted 2x new Win2012 R2 AD DC with integrated DNS server to replace the existing Physical server 2008 R2 domain controller.
However, when I issue the test dcdiag/test:DNS in both of my new 2012 R2 domain controller, it returns failed:
The error is in Delegation and the Forwarding.
While the existing old server all successfully PASSED, I can also ping to one of my forwarders that is 8.8.8.8.
The new servers cannot even ping 8.8.8.8
Any help would be greatly appreciated.
Thanks,
I've just promoted 2x new Win2012 R2 AD DC with integrated DNS server to replace the existing Physical server 2008 R2 domain controller.
However, when I issue the test dcdiag/test:DNS in both of my new 2012 R2 domain controller, it returns failed:
Auth Basc Forw Del Dyn RReg Ext
_________________________________
PASS PASS FAIL FAIL PASS PASS n/a
The error is in Delegation and the Forwarding.
While the existing old server all successfully PASSED, I can also ping to one of my forwarders that is 8.8.8.8.
The new servers cannot even ping 8.8.8.8
Any help would be greatly appreciated.
Thanks,
DNSActive DirectoryWindows NetworkingMicrosoft Server OSWindows Server 2012
Last Comment
Albert Widjaja
SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
Mahesh,
Yes, I have listed and entered 8.8.8.8 as one of the forwarders. It works on the old server, while on the new servers it doesn't work.
From the new server when Telnet to 8.8.8.8 53 - in Putty, I selected Telnet and then Port# 53:
While on the old server, I can keep the Putty window open when Telnet to 8.8.8.8 on Port 53 using Putty.
Yes, I have listed and entered 8.8.8.8 as one of the forwarders. It works on the old server, while on the new servers it doesn't work.
From the new server when Telnet to 8.8.8.8 53 - in Putty, I selected Telnet and then Port# 53:
---------------------------
PuTTY Fatal Error
---------------------------
Network error: Connection refused
---------------------------
OK
---------------------------
While on the old server, I can keep the Putty window open when Telnet to 8.8.8.8 on Port 53 using Putty.
SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
Mahesh,
I'm just adding 2x new DC in the same AD site (single AD domain).
The static IP address on the new server that doesn't work:
PRODDC11-VM
DNS1: 10.0.0.11 (itself)
DNS2: 10.0.0.12 (another new DC on the same AD subnet)
PRODDC12-VM
DNS1: 10.0.0.12 (itself)
DNS2: 10.0.0.11 (another new DC on the same AD subnet)
The static IP address on the old server that works:
PRODDC01-VM
DNS1: 10.1.1.26 (another DNS server in the different AD site/Data Center)
DNS2: 127.0.0.1 (local loopback)
PRODDC02-VM
DNS1: 10.1.1.26 (another DNS server in the different AD site/Data Center)
DNS2: 10.1.1.25 (another DNS server in the different AD site/Data Center)
No I cannot perform connection using Putty from the new server to 8.8.8.8 port 53. But from the old server it is possible using Putty. Does this means the DNS TCP/53 is blocked by the hardware firewall ?
I'm just adding 2x new DC in the same AD site (single AD domain).
The static IP address on the new server that doesn't work:
PRODDC11-VM
DNS1: 10.0.0.11 (itself)
DNS2: 10.0.0.12 (another new DC on the same AD subnet)
PRODDC12-VM
DNS1: 10.0.0.12 (itself)
DNS2: 10.0.0.11 (another new DC on the same AD subnet)
The static IP address on the old server that works:
PRODDC01-VM
DNS1: 10.1.1.26 (another DNS server in the different AD site/Data Center)
DNS2: 127.0.0.1 (local loopback)
PRODDC02-VM
DNS1: 10.1.1.26 (another DNS server in the different AD site/Data Center)
DNS2: 10.1.1.25 (another DNS server in the different AD site/Data Center)
No I cannot perform connection using Putty from the new server to 8.8.8.8 port 53. But from the old server it is possible using Putty. Does this means the DNS TCP/53 is blocked by the hardware firewall ?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
SOLUTION
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Mahesh,
So in this case, i will ask the network team to open the TCP/53 for this new DomainController servers.
So in this case, i will ask the network team to open the TCP/53 for this new DomainController servers.
SOLUTION
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Also what about _msdcs delegated folder under domain.com zone on new DCs?
Mahesh, I can see the new servers is already have it's own NS record in there.
yes, there are some missing or decommissioned server with the NS records still there.
ASKER CERTIFIED SOLUTION
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Mahesh,
I've created another thread here: https://www.experts-exchange.com/questions/29012705/DNS-server-TEST-Delegations-Del-FAILED-IP-Unavailable-Missing-glue-A-record.html
I can see there is PRODDC26-VM.MyDomain.com (NS) record entry under the MyDomain.com (greyed out folder). Not sure what this is for, but the server PRODDC26-VM.MyDomain.com still exist and running as Domain Controller in the other AD site.
Shall I delete it ?
I've created another thread here: https://www.experts-exchange.com/questions/29012705/DNS-server-TEST-Delegations-Del-FAILED-IP-Unavailable-Missing-glue-A-record.html
I can see there is PRODDC26-VM.MyDomain.com (NS) record entry under the MyDomain.com (greyed out folder). Not sure what this is for, but the server PRODDC26-VM.MyDomain.com still exist and running as Domain Controller in the other AD site.
Shall I delete it ?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
for new DCs, Just point NS record in _msdcs folder to PDC master of your domain
I have explained in detailed what else can be done in another thread you posted
I have explained in detailed what else can be done in another thread you posted
ASKER
Thank you man !
That was the error when I setup the server as DNS server this morning.