DCPromo and VPN fails
From: Hannes (Hannes_at_discussions.microsoft.com)
Date: 03/16/05
- Next message: Nuno Santos: "Re: AD replication issues"
- Previous message: Paul Bergson: "Re: Domain name and DNS"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 16 Mar 2005 06:19:04 -0800
Good day, if someone can please help.
I am trying to promote a 2003 server as a DC into a new child domain at a
branch office. We are connected over high latency a site to site VPN. I had
various errors and kept on changing DNS, doing portscans and reading
magnitudes of material.
I got up to a point now where I get the following warning in the promotion
process:
“The primary DNS server tested was: server.domain.net (x.x.x.x)
The zone was: domain.net
The test for dynamic DNS update support returned:
"A SRV record for DNS name _ldap._tcp.dc._msdcs.child.domain.net was found.
Delete this DNS name from the zone domain.net before continuing promotion of
this domain controller or ensure that the existing SRV record for the DNS
name _ldap._tcp.dc._msdcs.child.domain.net represents this domain controller."
And finally returns the error:
The operation failed because: Active Directory could not create the object
CN=GSTJHB,CN=Partitions,CN=Configuration,DC=domainm,DC=net. Check the event
log for possible system errors. "The FSMO role ownership could not be
verified because its directory partition has not replicated successfully with
atleast one replication partner."
If I check in the event log I see File Replication service has stopped.
At this moment I don’t have mush direct control over the domain or DC I want
join and have to send through instructions. I know the DNS setup must be
correct and at this stage the DNS server running in main site has Pri-Zone of
say - domain.net and we also have Pri-Zone of - child.domain.net. Can someone
give guidance of how the DNS relations must be set up, dynamic updates, SRV
records and Zones.
I have also attached a portquery for “Domains and Trusts’ to the main DC and
see a load of "FILTERED" results.
I have read so much info and am not winning, help will greatly be
appreciated, especialy with the exact DNS setup for main and child domains.
Thanks
Hannes
============================================
Starting portqry.exe -n x.x.x.x -e 135 -p TCP ...
Querying target system called:
x.x.x.x
Attempting to resolve IP address to a name...
IP address resolved to domain.net
querying...
TCP port 135 (epmap service): FILTERED
portqry.exe -n x.x.x.x -e 135 -p TCP exits with return code 0x00000002.
=============================================
Starting portqry.exe -n x.x.x.x -e 389 -p BOTH ...
Querying target system called:
x.x.x.x
Attempting to resolve IP address to a name...
IP address resolved to domain.net
querying...
TCP port 389 (ldap service): LISTENING
Using ephemeral source port
Sending LDAP query to TCP port 389...
LDAP query response:
currentdate: 03/16/2005 13:29:04 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=net
dsServiceName: CN=NTDS
Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=net
namingContexts: DC=domain,DC=net
defaultNamingContext: DC=domain,DC=net
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=net
configurationNamingContext: CN=Configuration,DC=domain,DC=net
rootDomainNamingContext: DC=domain,DC=net
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 530473
supportedSASLMechanisms: GSSAPI
dnsHostName: server.domain.net
ldapServiceName: domain.net:server$@DOMAIN.NET
serverName:
CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=net
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: FALSE
domainFunctionality: 2
forestFunctionality: 0
domainControllerFunctionality: 2
======== End of LDAP query response ========
UDP port 389 (unknown service): LISTENING or FILTERED
Using ephemeral source port
Sending LDAP query to UDP port 389...
LDAP query to port 389 failed
Server did not respond to LDAP query
portqry.exe -n x.x.x.x -e 389 -p BOTH exits with return code 0x00000001.
=============================================
Starting portqry.exe -n x.x.x.x -e 636 -p TCP ...
Querying target system called:
x.x.x.x
Attempting to resolve IP address to a name...
IP address resolved to domain.net
querying...
TCP port 636 (ldaps service): LISTENING
portqry.exe -n x.x.x.x -e 636 -p TCP exits with return code 0x00000000.
=============================================
Starting portqry.exe -n x.x.x.x -e 3268 -p TCP ...
Querying target system called:
x.x.x.x
Attempting to resolve IP address to a name...
IP address resolved to domain.net
querying...
TCP port 3268 (unknown service): FILTERED
portqry.exe -n x.x.x.x -e 3268 -p TCP exits with return code 0x00000002.
=============================================
Starting portqry.exe -n x.x.x.x -e 3269 -p TCP ...
Querying target system called:
x.x.x.x
Attempting to resolve IP address to a name...
IP address resolved to domain.net
querying...
TCP port 3269 (unknown service): FILTERED
portqry.exe -n x.x.x.x -e 3269 -p TCP exits with return code 0x00000002.
=============================================
Starting portqry.exe -n x.x.x.x -e 53 -p BOTH ...
Querying target system called:
x.x.x.x
Attempting to resolve IP address to a name...
IP address resolved to domain.net
querying...
TCP port 53 (domain service): LISTENING
UDP port 53 (domain service): LISTENING
portqry.exe -n x.x.x.x -e 53 -p BOTH exits with return code 0x00000000.
=============================================
Starting portqry.exe -n x.x.x.x -e 88 -p BOTH ...
Querying target system called:
x.x.x.x
Attempting to resolve IP address to a name...
IP address resolved to domain.net
querying...
TCP port 88 (kerberos service): LISTENING
UDP port 88 (kerberos service): LISTENING or FILTERED
portqry.exe -n x.x.x.x -e 88 -p BOTH exits with return code 0x00000002.
=============================================
Starting portqry.exe -n x.x.x.x -e 445 -p TCP ...
Querying target system called:
x.x.x.x
Attempting to resolve IP address to a name...
IP address resolved to domain.net
querying...
TCP port 445 (microsoft-ds service): FILTERED
portqry.exe -n x.x.x.x -e 445 -p TCP exits with return code 0x00000002.
=============================================
Starting portqry.exe -n x.x.x.x -e 137 -p UDP ...
Querying target system called:
x.x.x.x
Attempting to resolve IP address to a name...
IP address resolved to domain.net
querying...
UDP port 137 (netbios-ns service): LISTENING or FILTERED
Using ephemeral source port
Attempting NETBIOS adapter status query to UDP port 137...
NETBIOS name for x.x.x.x not found (timeout)
Adapter status query failed.
UDP port: FILTERED
portqry.exe -n x.x.x.x -e 137 -p UDP exits with return code 0x00000001.
=============================================
Starting portqry.exe -n x.x.x.x -e 138 -p UDP ...
Querying target system called:
x.x.x.x
Attempting to resolve IP address to a name...
IP address resolved to domain.net
querying...
UDP port 138 (netbios-dgm service): LISTENING or FILTERED
portqry.exe -n x.x.x.x -e 138 -p UDP exits with return code 0x00000002.
=============================================
Starting portqry.exe -n x.x.x.x -e 139 -p TCP ...
Querying target system called:
x.x.x.x
Attempting to resolve IP address to a name...
IP address resolved to domain.net
querying...
TCP port 139 (netbios-ssn service): FILTERED
portqry.exe -n x.x.x.x -e 139 -p TCP exits with return code 0x00000002.
=============================================
Starting portqry.exe -n x.x.x.x -e 42 -p TCP ...
Querying target system called:
x.x.x.x
Attempting to resolve IP address to a name...
IP address resolved to domain.net
querying...
TCP port 42 (nameserver service): FILTERED
portqry.exe -n x.x.x.x -e 42 -p TCP exits with return code 0x00000002.
- Next message: Nuno Santos: "Re: AD replication issues"
- Previous message: Paul Bergson: "Re: Domain name and DNS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
