Re: netdiag /fix DNS_ERROR_RCODE_NOT_IMPLEMENTED error
- From: JoeM <JoeM@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 24 Aug 2006 14:25:59 -0700
Well, I don't want to go through the whole procedure of attempting to rename
my domain again; it's now named what I want: xxx.net. For the most part,
it's been functioning just fine. In any case, at this point I've already
done the rename and I'm trying to avoid re-creating the domain from scratch
on a new machine. I just want to fix what's broken, if possible. The best I
could do at this point is retrace my steps in that document. And it did
yield one result: I was able to fix "related problem #2" by running gpfixup.
Can't remember if I did it before but if I did, I must have done it wrong.
But I still have duplicate junk in my C:\WINDOWS\system32\config\netlogon.dns
and I still get the same error when running netdiag /fix.
Here are all the steps I retraced today:
p. 7
Raise Forest Functional Level to Windows Server 2003 - did that first thing
way back when
Creating Necessary Shortcut Trust Relationships - no trust relationships to
begin with; only one domain, one forest
p. 8
Pre-Creating Parent-Child Trust Relationships for a Restructured Forest -
not necessary; only one domain, one forest
p. 15
Use the DNS MMC snap-in to create the required DNS zones compiled - done
Configure DNS zones according to "Add a forward lookup zone" in Windows
Server 2003 Server Help and Support Center - done, using the Windows Interface
Configure dynamic DNS update according to "Allow dynamic updates" in Windows
Server 2003 Server Help and Support Center. - according to help, "How client
and server computers update their DNS names
By default, computers that are statically configured for TCP/IP attempt to
dynamically register host (A) and pointer (PTR) resource records (RRs) for IP
addresses configured and used by their installed network connections. By
default, all computers register records based on their fully qualified domain
name (FQDN)." I check and the full computer name of the primary domain
controller is poweredge.xxx.net
Preparing Folder Redirection to Domain-Based DFS - don't care about this
Preparing Roaming User Profiles on Domain-Based DFS - don't use roaming
profiles
p. 16
Configuring Member Computers for Host Name Changes By default, the Primary
DNS Suffix of a member computer of an Active Directory domain is configured
to change automatically when domain membership of the computer changes - all
this worked just fine; all member computers automatically renamed to the
xxx.net. In any case, when I run ADSIEDIT.msc (p. 22), everything in there
looks fine: only xxx.net; no xxx.com. msDS AllowedDNSSuffixes are net; com
p. 25, step 4
With the Group Policy object selected, click Edit - this currently fails for
both the "Default Domain Controllers Policy" and "Default Domain Policy". So
I can't continue with steps 5-9 on this page
Preparing Certification Authorities - at this point I don't care much about
Certificate Authorities. My old domain wasn't configured with certificate
authorities. At some point soon I'll need them. But this was never a part
of the migration.
pp. 28 - 30
Set Up the Control Station - I did set up a separate Windows Server machine
to act as the Control Station. But that's since been converted to something
else a few months ago.
p. 31
rendom /list - I did this
p. 33
edit the domainlist.xml file - I did this
pp. 35-36
Renaming Application Directory Partitions - I did this
p. 37
review the new forest description in domainlist.xml - did this
p. 38
Generate Domain Rename Instructions - rendom /upload - did this
pp. 39-42
Push Domain Rename Instructions to All DCs and Verify DNS Readiness
Not sure it makes sense to run this on the domain server at this late date,
but executing (on page 41):
Dsquery server –hasfsmo name
now returns:
dsquery failed:`name' is an unknown parameter.
type dsquery /? for help.
p. 42
I think I ran:
repadmin /syncall /d /e /P /q poweredge
It's been a long time now so I can't remember for sure.
It asks to check for presence of required DNS resource records. I use the
DNS MMC snap-in to check for the presence of the records listed in Table 1.
It's hard to make sure the names are right 'cause I think the GUI splits out
the first part of the name as what looks like a path and the last part as
it's "domain"
There is a record of type CNAME named
1af4ff5b-6293-47c8-a5dd-8b37a74af4b7._msdcs.xxx.net
There is a SRV record pertaining to the PDC named
_ldap._tcp.pdc._msdcs.xxx.net
There is a SRV record pertaining to a global catalog (GC) server named
_ldap._tcp.gc._msdcs.xxx.net
There is a SRV record pertaining to a (DC) server named
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.xxx.net
p. 45
verify the readiness of domain controllers in the forest by running
rendom /prepare
I remember that working OK.
p. 47
execute the domain rename instructions on all domain controllers by running
rendom /execute
I remember that working OK as well.
p. 50
I don't run Exchange so I didn't do any Exchange-specific steps. I did
reboot the control station twice and run
rendom /end
p. 51
I never had external trusts so I didn't do anything regarding external trusts.
p. 52
I did not fix up Dfs topology. I don't think I need to do this. But maybe
I'm wrong.
p. 55
I ran gpfixup:
gpfixup /olddns:xxx.com /newdns:xxx.net /dc:poweredge.xxx.net
which fixed my problem editing "Default Domain Policy" and "Default Domain
Controllers Policy"
But when I ran
repadmin /syncall /d /e /P /q poweredge.xxxx.net xxx.net
I got
Syncing partition: xxx.net
SyncAll exited with fatal Win32 error: 8420 (0x20e4):
The naming context could not be found.
p. 56
After the Domain Rename Procedure
pp. 57-61
Verify Certificate Security After Domain Rename - since I haven't set up
certificate security, I don't have to do this yet. (my
C:\WINDOWS\system32\certsrv has no certdat.inc file, for instance)
p. 62
I used the Active Directory Domains and Trusts MMC snap In to look for any
traces of xxx.com - nothing
p. 67
I did Rename Domain Controllers as part of this original process
p. 68
Appendix begins
For reference, here's the complete contents of my
C:\WINDOWS\system32\config\netlogon.dns - after it was regenerated when
restarting the netlogon service:
xxx.net. 600 IN A 192.168.254.13
xxx.com. 600 IN A 192.168.254.13
xxx.net. 600 IN A 169.254.78.137
xxx.com. 600 IN A 169.254.78.137
_ldap._tcp.xxx.net. 600 IN SRV 0 100 389 poweredge.xxx.net.
_ldap._tcp.xxx.com. 600 IN SRV 0 100 389 poweredge.xxx.net.
_ldap._tcp.Default-First-Site-Name._sites.xxx.net. 600 IN SRV 0 100 389
poweredge.xxx.net.
_ldap._tcp.Default-First-Site-Name._sites.xxx.com. 600 IN SRV 0 100 389
poweredge.xxx.net.
_ldap._tcp.pdc._msdcs.xxx.net. 600 IN SRV 0 100 389 poweredge.xxx.net.
_ldap._tcp.pdc._msdcs.xxx.com. 600 IN SRV 0 100 389 poweredge.xxx.net.
_ldap._tcp.gc._msdcs.xxx.net. 600 IN SRV 0 100 3268 poweredge.xxx.net.
_ldap._tcp.gc._msdcs.xxx.com. 600 IN SRV 0 100 3268 poweredge.xxx.net.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.xxx.net. 600 IN SRV 0
100 3268 poweredge.xxx.net.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.xxx.com. 600 IN SRV 0
100 3268 poweredge.xxx.net.
_ldap._tcp.6fac954e-21ad-4404-bd04-91ee5f82f02a.domains._msdcs.xxx.net. 600
IN SRV 0 100 389 poweredge.xxx.net.
_ldap._tcp.6fac954e-21ad-4404-bd04-91ee5f82f02a.domains._msdcs.xxx.com. 600
IN SRV 0 100 389 poweredge.xxx.net.
gc._msdcs.xxx.net. 600 IN A 192.168.254.13
gc._msdcs.xxx.com. 600 IN A 192.168.254.13
gc._msdcs.xxx.net. 600 IN A 169.254.78.137
gc._msdcs.xxx.com. 600 IN A 169.254.78.137
1af4ff5b-6293-47c8-a5dd-8b37a74af4b7._msdcs.xxx.net. 600 IN CNAME
poweredge.xxx.net.
1af4ff5b-6293-47c8-a5dd-8b37a74af4b7._msdcs.xxx.com. 600 IN CNAME
poweredge.xxx.net.
_kerberos._tcp.dc._msdcs.xxx.net. 600 IN SRV 0 100 88 poweredge.xxx.net.
_kerberos._tcp.dc._msdcs.xxx.com. 600 IN SRV 0 100 88 poweredge.xxx.net.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.xxx.net. 600 IN SRV
0 100 88 poweredge.xxx.net.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.xxx.com. 600 IN SRV
0 100 88 poweredge.xxx.net.
_ldap._tcp.dc._msdcs.xxx.net. 600 IN SRV 0 100 389 poweredge.xxx.net.
_ldap._tcp.dc._msdcs.xxx.com. 600 IN SRV 0 100 389 poweredge.xxx.net.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.xxx.net. 600 IN SRV 0
100 389 poweredge.xxx.net.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.xxx.com. 600 IN SRV 0
100 389 poweredge.xxx.net.
_kerberos._tcp.xxx.net. 600 IN SRV 0 100 88 poweredge.xxx.net.
_kerberos._tcp.xxx.com. 600 IN SRV 0 100 88 poweredge.xxx.net.
_kerberos._tcp.Default-First-Site-Name._sites.xxx.net. 600 IN SRV 0 100 88
poweredge.xxx.net.
_kerberos._tcp.Default-First-Site-Name._sites.xxx.com. 600 IN SRV 0 100 88
poweredge.xxx.net.
_gc._tcp.xxx.net. 600 IN SRV 0 100 3268 poweredge.xxx.net.
_gc._tcp.xxx.com. 600 IN SRV 0 100 3268 poweredge.xxx.net.
_gc._tcp.Default-First-Site-Name._sites.xxx.net. 600 IN SRV 0 100 3268
poweredge.xxx.net.
_gc._tcp.Default-First-Site-Name._sites.xxx.com. 600 IN SRV 0 100 3268
poweredge.xxx.net.
_kerberos._udp.xxx.net. 600 IN SRV 0 100 88 poweredge.xxx.net.
_kerberos._udp.xxx.com. 600 IN SRV 0 100 88 poweredge.xxx.net.
_kpasswd._tcp.xxx.net. 600 IN SRV 0 100 464 poweredge.xxx.net.
_kpasswd._tcp.xxx.com. 600 IN SRV 0 100 464 poweredge.xxx.net.
_kpasswd._udp.xxx.net. 600 IN SRV 0 100 464 poweredge.xxx.net.
_kpasswd._udp.xxx.com. 600 IN SRV 0 100 464 poweredge.xxx.net.
ForestDnsZones.xxx.net. 600 IN A 192.168.254.13
ForestDnsZones.xxx.net. 600 IN A 169.254.78.137
_ldap._tcp.ForestDnsZones.xxx.net. 600 IN SRV 0 100 389 poweredge.xxx.net.
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.xxx.net. 600 IN SRV
0 100 389 poweredge.xxx.net.
DomainDnsZones.xxx.net. 600 IN A 192.168.254.13
DomainDnsZones.xxx.net. 600 IN A 169.254.78.137
_ldap._tcp.DomainDnsZones.xxx.net. 600 IN SRV 0 100 389 poweredge.xxx.net.
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.xxx.net. 600 IN SRV
0 100 389 poweredge.xxx.net.
As you can see, I still have a lot of "xxx.com" junk left over. Where is
this stuff coming from? How can I get rid of it?
"Jorge de Almeida Pinto [MVP - DS]" wrote:
see WHAT step you did not do from the domain rename procedure. make sure you do ALL the steps that apply and do not skip anything!
.
- References:
- netdiag /fix DNS_ERROR_RCODE_NOT_IMPLEMENTED error
- From: JoeM
- Re: netdiag /fix DNS_ERROR_RCODE_NOT_IMPLEMENTED error
- From: Jorge de Almeida Pinto [MVP - DS]
- netdiag /fix DNS_ERROR_RCODE_NOT_IMPLEMENTED error
- Prev by Date: Integration issues...
- Next by Date: Re: ADAM on Win XP Pro 2002 SP2 without AD
- Previous by thread: Re: netdiag /fix DNS_ERROR_RCODE_NOT_IMPLEMENTED error
- Next by thread: RE: Local group policies vs. domain group policies
- Index(es):
Relevant Pages
|
