DCPROMO Fails (Server 2008 R2 joining 2003 Domain)

Hey Pros,

I really need your expert help.. I'm migrating 2003 DC to 2008 R2. Please see the attach error message, its very common error message but I'm struggling with it for past 2 weeks.
I know nothing wrong with my DHCP or DNS server because its working fine for all other PCs/laptops etc. I tried to remove few PC from the domain and re add them to domain to testing purpose and it work fine. Lastly couple days ago I thought to join my new server to join it to domain before I run dcpromo and it join to the farm no problem and still getting the same error message no matter what I do.

Please comment and advise help...
Sam CookAsked:
Who is Participating?
 
ITguy565Commented:
Run the process in my last post. If that doesn't correct the issue then you are probably going to need to rebuild the MSDCS DNS zone.

http://www.dell.com/support/article/us/en/04/sln155826/how-to-delete-and-recreate-the-_msdcs-dns-zone-on-a-windows-dns-server?lang=en

I suspect that someone tried to do that in the past on this box.
1
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Where is the attached error message?  (you didn't attach!)
0
 
Joseph HornseyPresident and JanitorCommented:
Please attach your error.  Also, be prepared to attach cleaned outputs from dcdiag and netdiag.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
Sam CookAuthor Commented:
Error message...
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Post your DNS settings on the DC(s) and the system you're trying to connect.    It appears it can't find the domain which is a DNS issue.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
It appears it can't find the domain which is a DNS issue.

DNS issue, yes
can't find the domain would be a different error message (non-existent domain if i remember right)
i would guess the SRV record points to a domain controller that no longer exists
can you make sure there are no artifacts of a decommissioned domain controller?
check all DNS records and make sure there are only records for server that are still really there
0
 
Sam CookAuthor Commented:
Server 2008 R2 Nic
0
 
Joseph HornseyPresident and JanitorCommented:
You've configured WINS on the client side.  Are you running WINS on your servers?
0
 
Sam CookAuthor Commented:
Server 2003 one nic only
0
 
Sam CookAuthor Commented:
@ joseph.

No, I'm not. Actually I tried disabling it as well in the scope option but it didn't help at all.
 
On server 2008, I also tried disabling the second nic and kept only 1 nic with static IP and it didn't help either.

All DNS query from the 2008 server are reporting fine.
0
 
Joseph HornseyPresident and JanitorCommented:
I'm not sure WINS is the issue, but it is name resolution and if it's not configured it could be causing problems.

If you deleted it from the scope, it's still on the client side.  You probably need to wait for the TTLs to expire on the leases.

Make sure WINS is deleted from the scope options (and check your server options while you're at it) and then run the following command at an elevated command prompt:

ipconfig /release && ipconfig /renew

Another question, though....

Why don't you have a static IP on that server?
0
 
Sam CookAuthor Commented:
I just tried again diabled the WINS server and well as disabling the second nic ( Onw with DHCP) and still the same error message.

@SETH

How can I find out if the srv record is pointing to another domain controller. There might be a DC prior to server 2003 and might the domain name was same and GUID could be the issue.

Is there is any way to check it. I tested all the FSMO role are running on server 2003 for sure.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
you have to dig down through the domain in dns
expand the domain name and you will see sites, tcp, udp, DomainDNSZones and ForestDNSZones
expand and dig down in there to see the kerberos, srv, ldap, gc (and more) records
you should only see records pointing to your active servers
i'm guessing there are records in there for an old server
if you find one for an old server, right click it and delete
0
 
Sam CookAuthor Commented:
I check every record in DNS already... every single record point to my current server.

Anything else you wants me to check /try ?
0
 
Seth SimmonsSr. Systems AdministratorCommented:
can you ping all of your domain controllers from that box?
0
 
Sam CookAuthor Commented:
I have only 1 DC and ping, nslookup working fine
0
 
Seth SimmonsSr. Systems AdministratorCommented:
going back to basics, did you run adprep (or adprep32) on the 2003 server?

Installing an Additional Domain Controller
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc733027(v=ws.10)
0
 
Sam CookAuthor Commented:
I done this already and you only can run it once....

adprep.PNG
0
 
ITguy565Commented:
Going back to even more of the basics.. can you please run DCDIAG on your domain controller  and use the verbose switch and post to this forum the results. This should give you a good idea of sources of a lot of issues and possible rule out the DC as the issue.
0
 
Sam CookAuthor Commented:
Here is my DCDIAG output.......




Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\MYSERVER
      Starting test: Connectivity
         The host 30f03efb-6a60-4ae9-8fd6-edb4247733b5._msdcs.server.local could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name

         (30f03efb-6a60-4ae9-8fd6-edb4247733b5._msdcs.server.local) couldn't

         be resolved, the server name (myserver.server.local) resolved to the

         IP address (192.168.0.5) and was pingable.  Check that the IP address

         is registered correctly with the DNS server.
         ......................... MYSERVER failed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\MYSERVER
      Skipping all tests, because server MYSERVER is
      not responding to directory service requests
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : server
      Starting test: CrossRefValidation
         ......................... thinnox passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... thinnox passed test CheckSDRefDom
   
   Running enterprise tests on : server.local
      Starting test: Intersite
         ......................... server.local passed test Intersite
      Starting test: FsmoCheck
         ......................... server.local passed test FsmoCheck
0
 
ITguy565Commented:
What does the FSMO check come back with?
0
 
ITguy565Commented:
Starting test: Connectivity
         The host 30f03efb-6a60-4ae9-8fd6-edb4247733b5._msdcs.server.local could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name

         (30f03efb-6a60-4ae9-8fd6-edb4247733b5._msdcs.server.local) couldn't

         be resolved, the server name (myserver.server.local) resolved to the

         IP address (192.168.0.5) and was pingable.  Check that the IP address

         is registered correctly with the DNS server.
         ......................... MYSERVER failed test Connectivity

This is definitely a problem with DNS.

What is this server : 30f03efb-6a60-4ae9-8fd6-edb4247733b5._msdcs.server.local ?

If you can provide the FSMO information that I requested earlier I might be able to assist. If this is a single DC environment, please make sure that all the roles are available on the DC in question. If this is a multi DC environment, Please make sure that all the Domain Controllers are reachable and repeat the DCDIAG on all DC's that hold Roles and post the results.

Once that has been completed We will be able to assist further with tracking down the cause of this issue. Right now, I believe that your domain is broadcasting using 30f03efb-6a60-4ae9-8fd6-edb4247733b5._msdcs.server.local and since this server can not be contacted or DNS is not properly resolving it that is where your problem lies.
0
 
ITguy565Commented:
If the server "30f03efb-6a60-4ae9-8fd6-edb4247733b5._msdcs.server.local" doesn't exist in your environment any more, you may need to use NTDSUTIL to remove residual traces of that box. This may include transferring if possible or seizing any roles that server may hold.  Remember though, if you seize the roles of that server, you can never reintroduce that server back into the environment without a clean install.
0
 
ITguy565Commented:
Sam do you have an update on this?
0
 
Sam CookAuthor Commented:
Sorry I don't Still struggling with same error message.


fsmo.PNG
0
 
Sam CookAuthor Commented:
There is and was only one domain controller and all the roles are running on the same server.
0
 
ITguy565Commented:
Sam,

Role holders that you show there.. Are they the same server or are they different?
0
 
ITguy565Commented:
ok, so next item of business. Determine what server matches the following ID

"30f03efb-6a60-4ae9-8fd6-edb4247733b5._msdcs.server.local"
0
 
ITguy565Commented:
Sam,

Please run netdiag /fix on that box

let me know what the results or errors are.
0
 
ITguy565Commented:
This should repair the DNS issue that you are having.
0
 
Sam CookAuthor Commented:
sid.PNG
is this what it need be matched to ?
0
 
ITguy565Commented:
what were the results of the netdiag /fix
0
 
Sam CookAuthor Commented:
NETDIAG...



.....................................

    Computer Name: MYSERVER
    DNS Host Name: myserver.server.local
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
    List of installed hotfixes :
        KB2079403
        KB2115168
        KB2229593
        KB2296011
        KB2345886
        KB2347290
        KB2360937
        KB2378111
        KB2387149
        KB2393802
        KB2419635
        KB2423089
        KB2440591
        KB2443105
        KB2467659
        KB2476490
        KB2478953
        KB2478960
        KB2478971
        KB2483185
        KB2485663
        KB2506212
        KB2507618
        KB2507938
        KB2508429
        KB2509553
        KB2510581
        KB2510587
        KB2535512
        KB2536276-v2
        KB2544521
        KB2544893-v2
        KB2564958
        KB2566454
        KB2570947
        KB2571621
        KB2584146
        KB2585542
        KB2598479
        KB2603381
        KB2604078
        KB2618444-IE7
        KB2618451
        KB2620712
        KB2621146
        KB2624667
        KB2631813
        KB2633952-v2
        KB2638806
        KB2644615
        KB2646524
        KB2647170
        KB2653956
        KB2655992
        KB2656358
        KB2656376-v2
        KB2659262
        KB2661254
        KB2676562
        KB2685939
        KB2686509
        KB2691442
        KB2695962
        KB2698365
        KB2699988
        KB2705219-v2
        KB2707511
        KB2709162
        KB2712808
        KB2718523
        KB2718704
        KB2719985
        KB2727528
        KB2736233
        KB2742604
        KB2744842-IE7
        KB2748349
        KB2749655
        KB2753842-v2
        KB2758857
        KB2770660
        KB2772930
        KB2778344
        KB2779562
        KB2780091
        KB2792100
        KB2797052
        KB2799494
        KB2803821-v2
        KB2807986
        KB2808735
        KB2809289
        KB2813170
        KB2817183
        KB2820197
        KB2820917
        KB2829361
        KB2829530
        KB2833949
        KB2834886
        KB2845187
        KB2847311
        KB2849470
        KB2850869
        KB2859537
        KB2862152
        KB2862330
        KB2862335
        KB2862772-IE7
        KB2863058
        KB2864058
        KB2864063
        KB2868626
        KB2876217
        KB2876331
        KB2879017
        KB2879017-IE7
        KB2883150
        KB2888505-IE7
        KB2892076
        KB2893294
        KB2893984
        KB2894845
        KB2898715
        KB2898785-IE7
        KB2898860
        KB2900986
        KB2901115
        KB2904266
        KB2909212
        KB2909921-IE7
        KB2914368
        KB2916036
        KB2922229
        KB2923392
        KB2926765
        KB2929961
        KB2930275
        KB2931352
        KB2939576
        KB2957503
        KB2957509
        KB2957689-IE7
        KB2961072
        KB2972207
        KB2978114
        KB2981580
        KB2989935
        KB2993254
        KB2993651
        KB2998579
        KB3004361
        KB3006226
        KB3011780
        KB3013126
        KB3014029
        KB3019215
        KB3020393
        KB3021674
        KB3023211
        KB3023562
        KB3029944
        KB3033889
        KB3033890
        KB3035132
        KB3037572
        KB3039066
        KB3045171
        KB3045999
        KB3046482
        KB3050945
        KB3061518
        KB3065822-IE7
        KB3065979
        KB3067505
        KB3067903
        KB3068368
        KB3068457
        KB3069392
        KB3070102
        KB3072630
        KB3072633
        KB3074886-IE7
        KB3077657
        KB923561
        KB925398_WMP64
        KB925902-v2
        KB927891
        KB929123
        KB932168
        KB933854
        KB936357
        KB941569
        KB942288-v4
        KB944653
        KB946026
        KB948496
        KB950762
        KB950974
        KB952004
        KB952069
        KB952954
        KB954155
        KB954550-v5
        KB955759
        KB956572
        KB956802
        KB956844
        KB958469
        KB958644
        KB959426
        KB960803
        KB960859
        KB961118
        KB961501
        KB968389
        KB969059
        KB970430
        KB971029
        KB971032
        KB971657
        KB972270
        KB973507
        KB973540
        KB973815
        KB973825
        KB973869
        KB973904
        KB974112
        KB974318
        KB974392
        KB974571
        KB975025
        KB975467
        KB975558_WM8
        KB975560
        KB975713
        KB977816
        KB977914
        KB978338
        KB978542
        KB978695
        KB978706
        KB979309
        KB979482
        KB979687
        KB979907
        KB980232
        KB981322
        KB982132
        KB982381-IE7
        Q147222


Netcard queries test . . . . . . . : Passed
    [WARNING] The net card 'Realtek PCIe GBE Family Controller' may not be working.



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : myserver.server.local
        IP Address . . . . . . . . : 192.168.0.5
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.2
        Dns Servers. . . . . . . . : 127.0.0.1
                                     192.168.0.5


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

    Adapter : Local Area Connection

        Netcard queries test . . . : Failed
        NetCard Status:          DISCONNECTED
            Some tests will be skipped on this interface.

        Host Name. . . . . . . . . : myserver
        IP Address . . . . . . . . : 0.0.0.0
        Subnet Mask. . . . . . . . : 0.0.0.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . :



Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{3D56E66F-EE59-4073-B63E-7F6F0EA6AB77}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
       [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 127.0.0.1, ERROR_TIMEOUT.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{3D56E66F-EE59-4073-B63E-7F6F0EA6AB77}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{3D56E66F-EE59-4073-B63E-7F6F0EA6AB77}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
0
 
ITguy565Commented:
if you open AD sites and services locate your DC and expand it, you will find NTDS settings.

Right click properties and copy its DNS alias.

then issue a NSlookup dnsalias do you have a reply ?
0
 
Sam CookAuthor Commented:
There you go....


nslook.PNG
0
 
ITguy565Commented:
Not what I was expecting :
 
C:\Documents and Settings\jim>nslookup
Default Server: server<domain>.local
Address:  *.*.*.*
 
> *._msdcs.<domain>.local


Aliases:  *._msdcs.<domain>.local
 
[/quote]
0
 
ITguy565Commented:
Under the black mark, is that a ._msdcs? address?
0
 
Sam CookAuthor Commented:
Yes it is...
0
 
Sam CookAuthor Commented:
check your PM.....
0
 
ITguy565Commented:
please open DNS and see if this record shows in your DNS console

30f03efb-6a60-4ae9-8fd6-edb4247733b5._msdcs.server.local
0
 
Sam CookAuthor Commented:
may I know what id is this one ?

And how can I find it in my DNS ?

Thanks
0
 
ITguy565Commented:
when you open your DNS MMC console you should see something like the following :

dnsMMC3.jpg
see the first item under Forward Lookup Zone.. That is your MSDCS
0
 
ITguy565Commented:
If I am not mistaken that item is corrupt or missing.
0
 
ITguy565Commented:
If we find that to be the case, you can follow this article and it should resolve your issues.

http://www.bhcblog.com/2009/04/23/fixing-active-directory-dns-_msdcs-_sites-_tcp-_udp/
1
 
Sam CookAuthor Commented:
Here is My DNS Screenshot but I don't see this weird number there...

dns.PNG
0
 
Sam CookAuthor Commented:
Thank You itguy565 !!!

You solution works perfectly. Thanks
0
 
ITguy565Commented:
Glad we got that worked out.! let me know if I can be of assistance!
0
 
ITguy565Commented:
@sam

When you get a moment, please close this question.
0
 
ITguy565Commented:
@Sam

When you get a moment, please close this question.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: ITguy565 (https:#a42499703)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.