Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problems adding 2003 DC to 2000 Domain

Status
Not open for further replies.
Feb 14, 2003
12
Hi,

I've got a 2000 Native Domain with one DC (zion.network.23). I've recently tried adding a 2003 DC (deepthought.network.23) and I'm getting lots of problems with DNS, FRS and Sysvol.

Adprep /forestprep and /domainprep ran fine on the 2000DC and DCPromo on 2003 ran fine until the end where it said there was a minor replication error which would be fixed upon reboot.

Now, this is where it gets interesting :)

When rebooted I get errors in the Application , FRS and Directory services logs of the 2003 DC. The logs on the original 2000DC are clear.

Application - userenv 1030 (Windows cannot query for the list of Group Policy objects) and usernv 1053 (The RPC server is unavailable). I've had these errors before on XP and 2003 machines and fixed it by altering the default GPO to disable cached credentials - I also set it on the Default DC policy.

FRS - NTFRS 13565 - Initialisng Sysvol, cannot become a DC until completed.

Directory Services - NTDS KCC 1308 (failure to replicate) and NTDS Replication 1557 (no synchronisation of directory partition)

So basically there is no replication of sysvol occurring so the 2003 machine hasn't become a DC.

I've had a look on the various newsgroups and boards and everyone says its a DNS issue. I've checked the SRV records for both servers and they are all being created OK. I've tried deleting the zone, recreating it and getting both servers to re-register and it still seems OK. On both DC's I can ping their FQDN's OK. When I ran dcdiag from the 2003 DC (deepthought) I got the following error:-

Testing server: Default-First-Site-Name\DEEPTHOUGHT
Starting test: Connectivity
The host 1b8ac0e5-8943-4e4f-b9ab-0dc44225ef39._msdcs.network.23 could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name

(1b8ac0e5-8943-4e4f-b9ab-0dc44225ef39._msdcs.network.23) couldn't be

resolved, the server name (deepthought.network.23) resolved to the IP

address (192.168.0.2) and was pingable. Check that the IP address is

registered correctly with the DNS server.
......................... DEEPTHOUGHT failed test Connectivity

I've checked the GUID_.msdcs.network.23 SRV records and both are in place and correct. As mentioned earlier I have deleted all the SRV records, re-registered them and still get the same errors.

Running DCDIAG on the 2003 DC shows failures in Kerberos and Domain Membership tests.

NETDIAG and DCDIAG on the existing 2K DC both pass ok.

All help or (reasonable) suggestions appreciated!

Scott
 
Scott,

I would check the DNS server for the entry of 1b8ac0e5-8943-4e4f-b9ab-0dc44225ef39._msdcs.network.23

By any chance that your DEEPTHOUGHT W2K3 machine is in a different AD / site than your zion machine's and no trust has been establish between them? It looks like DEEPTHOUGHT is in a W2K3 default site Default-First-Site-Name.

Could it be in AD 2003 Native, not 2003/2000 functional level?

Also, is the new machine has the same GMT time (time zone, daylight saving time) as the zion machine?

Good luck.
 
Imaia,

Thanks for the reply.

There are dns entries for 1b8ac0e5-8943-4e4f-b9ab-0dc44225ef39._msdcs.network.23 and for the other DC's GUID.

Both DC's are in Default-First-Site-Name and the domain is 2K native mode.

Both DC's are in the same time zone.

Cheers,

Scott
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top