Re: Active Direcroty Integration in DNS - Looses Forward Zone :-0

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Several things here. When you demoted your first DC (there are no PDCs and
BDCs anymore), did you transfer the 5 Flexible Single Master Operations
(FSMO) roles the the second DC? Only AD Integrated DNS zones can accept
dynamic updates. Don't confuse dynamic updates with incremental zone
transfers. Dynamic updates are just hosts registering themselves in DNS so
you don't have to add the records manually. Since you now only have one DC,
you won't have any AD replication, and therefore no incremental zone
updates. I'm not sure why you can't create a DNS zone for your domain name,
but if you haven't transferred the FSMO roles, do that first and try again.
You'll actually have to seize the roles rather than transfer since you
already demoted your first DC (which likely held all 5 roles).

....kurt


"Marvin Miller" <sales@xxxxxxxx> wrote in message
news:O%23L2adNYGHA.3448@xxxxxxxxxxxxxxxxxxxxxxx
Hi Folks;

I have a problem with DNS that's stemming from Active Directory
integration
(as near as I can tell).
First, I know next to nothing about AD - I'm still coming from the realm
of
NT 3.5/4.0 and PDC's and BDC's. My network is small so AD is just
something
I need installed and working. Here's what's happened.....

All machines are Windows 2000 and I had an AD PDC that worked just fine.
There was also an AD BDC machine. Network changes caused me to need to
remove AD from the PDC and promote the BDC to a PDC and run with one PDC.

To that end I ran DCPROMO on the machine that I no longer wanted to be and
AD server. I made sure beforehand that the BDC was also a catalog server.
Everything went well, the BDC became a PDC and authentications worked etc.

I then changed the new PDC so that it would not be compatable with
pre-Windows 2000 domains. This is not necessary for me so I thought that
was
a good thing to do.

The new PDC is also the primary DNS server set to allow dynamic updates.
When the changeover ocurred everything was fine. When I later re-booted
the
new PDC I found that the DNS had lost the forward zone for my domain! Also
an event viewer entry was logged;

Event ID 5773;

The DNS Server for this DC does not support dynamic DNS. Add the DNS
records
from the file '%SystemRoot%\System32\Config\netlogon.dns' to the DNS
server
servicing the domain referenced in that file.

I found the file but have no idea as to how to get it 'into' the DNS
server.
I tried copying the file the DNS server directotry and re-starting the
service but that didn't work. I then tried un-installing DNS,
re-installing
it and making a new Active Directory Integrated forward zone. That will
work - but only if I choose a zone name that is different then the
previous
existing one. If I try to choose the existing zone name I get an error
message stating;

The Zone cannot be created.
The Zone type is invalid.

It's as if the registry contains information on that zone and won't allow
me
to create it. I then thought to myself, "Do I have to have an AD
integrated
DNS?" - remember, I know little about this. So I then made a new standard
zone and it worked fine. The problem is that I get entries in the event
viewer saying to the effect that Active Directory is trying to do dynamic
updates to the DNS but it's not working - with multiple Stop Signs each
time
AD tries to add an entry :-0

As a workaround, I made my Primary DNS server a secondary, made my
secondary
a primary and then did a zone transfer from it! (because the secondary DNS
server still had the AD integrated information for the forward zone). This
worked and I then promoted the AD DNS back to primary and demoted the
other
DNS server back to a secondary. I ensured that the AD integrated Primary
DNS
server was set to allow dynamic updates and all is perfect. Until I
re-boot
the machine.

Once I reboot the AD machine it drops the entire forward zone and then
logs
the same error;

Event ID 5773;

The DNS Server for this DC does not support dynamic DNS. Add the DNS
records
from the file '%SystemRoot%\System32\Config\netlogon.dns' to the DNS
server
servicing the domain referenced in that file

The forward lookup zone on the AD DNS server is set to allow Dynamic
Updates. It's also set to load Zone Date on Startup from Active Directory
and Registry.

I'm pretty sure I'm missing something simple here and that it's caused by
my
lack of basic AD understanding. Can anyone tell me what needs to be done
to
fix this issue?

Thanks VERY much !
Marvin Miller






.

Relevant Pages

  • Re: Replication issues
    ... I wanted to say Zone Transfers not Zone Forwarding. ... AD-Integrated DNS does not do zone transfers between the ... your DNS server will bypass ...
    (microsoft.public.windows.server.active_directory)
  • Re: DNS Redesign Issue
    ... This is because tbe TLD DNS server is the only ... set the new child domain DNS server as primary for the domain controllers? ... -Using DNS console you can right-click the zone and export to a File, ...
    (microsoft.public.windows.server.dns)
  • Re: Windows 2003 DNS Setup for Sub-Domain off of Root
    ... > dns in any other zone than the one that is assigned to them. ... > delegating each sub-domains zone from the root domain. ... they are not needed on the root domain DNS servers as the actual ... > the root zone from the sub-domains dns server. ...
    (microsoft.public.windows.server.dns)
  • Re: DNS Redesign Issue
    ... set the new child domain DNS server as primary for the domain controllers? ... -If you are going to create a new AD Integrated Zone in each child domain, ...
    (microsoft.public.windows.server.dns)
  • Re: DHCP Clients getting DNS lookup failures
    ... It sounds to me like you had a DNS issue but you fixed it, ... The DNS server has encountered a critical error from the Active ... Check that the Active Directory is functioning properly. ... Active Directory for this zone and is unable to load the zone without ...
    (microsoft.public.windows.server.sbs)