Re: Rename 2K3 Domain - DNS Issues
- From: Lincoln King-Cliby <LincolnKingCliby@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 7 Jun 2008 10:07:01 -0700
Hi Herb,
Thanks for the reply; comments in-line:
"Herb Martin" wrote:
<snip>
But you should be running a complete DCDiag /c on each and every DC<snip>
sending the ouput to a text file (e.g, >dc1.txt) and searching those files
for
FAIL or WARN messages.
Fix those FAIL or WARN problems, or post them with the other symptoms here.
I fixed two items that this brought to my attention (a DC that was
less-than-gracefully demoted still had a stray FRS record in the AD and the
root hint for l.root-servers.net hadn't been updated)
It's WARNING about non-secure dynamic update being enabled; I can change
this to secure only if I have to, but I'm concerned about that breaking
updates for certain non-PC network devices.
Also, sometimes after you fix DNS/DC problems you have to either
reboot or to avoid that run "DCDiag /fix" (Or NetDiag /Fix) to update
those DNS records.
Done.
You might want to check:
your DCs site membership in AD Sites and Services.
DC #2 is assigned to site #2, DC #1 is assigned to Site #1, and there is an
inter-site transport for the two sites.
your #2 DC has it's PRIMARY DOMAIN NAME set in the System
Control Panel (don't know if this would cause the problem for a DC
but it should be done anyway)
I'm not sure I understand where I should look for this; on the "Computer
Name" tab, the domain name is listed, and it is the "DNS Suffix for this
connection" in the TCP/IP properties -- is there somewhere else that this
gets set?
review that checklist for renaming the Domain, especially as it applies
to each DC and specifically to #2 (and then re-run that DCDiag /fix
if you correct anything.)
I don't see a checklist per se, in the domain rename procedure, so I may be
looking in the wrong place, but I have read and reread the sections "Domain
Rename Requirements" and "Preliminary Steps to Prepare for Domain Rename".
I haven't made any changes to trusts because as I understand it since I'm
starting with one domain and ending with one domain there's no trust issue to
worry about, nor have I done any of the DFS-related steps since we aren't
using DFS.
I have read and verified the information regardng preparing DNS zones
check that the problem DC has ONLY the INTERNAL DNS Servers
listed in its NIC->IP Properties->DNS Server. It must be able to
find the DYNAMIC zone that corresponds to the domain
Each DC is pointing at the other DC as the primary DNS and itself as
secondary; I tried various permutations of both pointing at #1 or #2 as
primary with no change.
The DNS zone is likely dynamic since you have one of them registering
but check that setting anyway since you just recreated the zones.
The new zone is set up to allow secure dynamic updates only; I had
previously tried allowing secure and unsecure dynamic updates, again with no
change
And I'll admit this now... Network Admin is only about 10% of my overall
job
responsibilities, so this is venturing into fresh teritory for me.
Don't worry about that -- we'll help if you just ask and try to
be specific in both your requests AND in following instructions
and posting the results of doing that.
Thanks! I appreciate the help. Let me know if I need to be more specific
.
- Follow-Ups:
- Re: Rename 2K3 Domain - DNS Issues
- From: Herb Martin
- Re: Rename 2K3 Domain - DNS Issues
- References:
- Re: Rename 2K3 Domain - DNS Issues
- From: Herb Martin
- Re: Rename 2K3 Domain - DNS Issues
- Prev by Date: Re: Rename 2K3 Domain - DNS Issues
- Next by Date: Re: Rename 2K3 Domain - DNS Issues
- Previous by thread: Re: Rename 2K3 Domain - DNS Issues
- Next by thread: Re: Rename 2K3 Domain - DNS Issues
- Index(es):
Relevant Pages
|
