DNS HELP! Please!

[Stannerack]

I am trying to set up an Active Directory network. I am having trouble getting a second domain controller on to the domain.

When I run DCDIAG.EXE on the current AD server which is also running DNS, I get:

*******************************************************
Testing server: Default-First-Site-Name\SERVER1
Starting test: Connectivity
SERVER1's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(e3dcc328-713d-4729-86ed-6e9dd8bc9c08._msdcs.royalrussell.local)
couldn't be resolved, the server name (server1.royalrussell.local)
resolved to the IP address (192.168.0.2) and was pingable. Check that
the IP address is registered correctly with the DNS server.
......................... SERVER1 failed test Connectivity

**********************************************************

Could anybody help me with this problem soon?

Thank you

 

[brontosaurus]

Run a NETDIAG /FIX and see if that helps.
If not, do you see that GUID entry in DNS? It should be a CNAME to your DC...

 

[Stannerack]

The netdiag /fix did not work. It came up with a load of FATAL errors.

Where do I look in DNS to see the GUID? Forward zones, reverse lookup?

If it isn't there, how do i add it, or can't I?

Many thanks

 

[brontosaurus]

A LOAD of FATAL errors??
OK, I won't open up that pandora's box...so anyway....
That GUID entry should be in the forward lookup zone for your domain, under the _msdcs sub-folder.

 

[Stannerack]

I have no sub-folders in the forward lookup zone.

It only list 4 entries:

(same as parent foler) Start of Authority [4] server1.domain.local
(same as parent folder) Name Server server1.domain.local
server1 host 192.168.0.2
prepserv1 host 192.168.0.7

 

[brontosaurus]

Well, that would explain the fatal errors...
Do you have your domain listed as a folder under Forward Lookup Zones, or just the entries you described above?
When you first installed DNS, did you let DCPROMO do it, or did you set up DNS first?

 

[Stannerack]

hehehe

I think you've hit the nail on the head.

The domain is listed under forward lookup zones with the entries in the domain folder.

I setup DNS manually on the machine as an Active Directory Integrated DNS server. The server was initially an NT server. I did a clean install on it and tried to get it to become a DC on our existing Active Directory running on another server.

I wanted to get all of the master roles transferred from the old server to the new one. This wouldn't work though. So I set up DNS on the machine, seized the roles and shut down the old AD server. Now it won't work at all.

Does this shed any light on the problem?

 

[brontosaurus]

OK, so let me make sure I understand...you had an existing 2K domain controller that had AD integrated DNS that was working properly...? Do you still have that DC? How did you manage to seize the roles from that server if you couldn't join the domain? NTDSUTIL?
You've got to get that old DC online, get it working properly, and get this new server to join up. Thats the first step. Then let synchronization happen, transfer all your roles (not seize them) and whatever else you want. THEN you can shut down the old DC by demoting it FIRST, then removing it from the domain.

 

[Stannerack]

mmmm

The old DC has been blown away. No chance of a revival.

I think I will have to rebuild the whole domain from scratch. At least that way I know that it is clean and working.

I'm sure there is some residual from the old DC kicking about on the AD somewhere causing probs.

Many thanks anyway!