Re: Rename 2K3 Domain - DNS Issues
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Sat, 7 Jun 2008 15:53:49 -0500
"Lincoln King-Cliby" <LincolnKingCliby@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:C3E5F6F1-A332-4A50-8347-A2FD7AC90581@xxxxxxxxxxxxxxxx
Hi Herb,
Thanks for the reply; comments in-line:
"Herb Martin" wrote:
<snip>
But you should be running a complete DCDiag /c on each and every DC<snip>
sending the ouput to a text file (e.g, >dc1.txt) and searching those
files
for
FAIL or WARN messages.
Fix those FAIL or WARN problems, or post them with the other symptoms
here.
I fixed two items that this brought to my attention (a DC that was
less-than-gracefully demoted still had a stray FRS record in the AD and
the
root hint for l.root-servers.net hadn't been updated)
It's WARNING about non-secure dynamic update being enabled; I can change
this to secure only if I have to, but I'm concerned about that breaking
updates for certain non-PC network devices.
Right -- that's the form of a Suggestion Warning.
This is NOT part of your problem but a suggestion for security.
non-PCs (anything that isn't a domain/forest member even if it is a PC)
cannot register for THEMSELVES if you change that -- if they are
DHCP clients the DHCP server can do the registration though.
Most of the time, the (few) static IP non-Domain members cannot
register themselves ANYWAY or you just choose to manually add
the addresses (because they are static) or let DHCP do it because
it can and they don't even have this capability (usually.)
Also, sometimes after you fix DNS/DC problems you have to either
reboot or to avoid that run "DCDiag /fix" (Or NetDiag /Fix) to update
those DNS records.
Done.
You might want to check:
your DCs site membership in AD Sites and Services.
DC #2 is assigned to site #2, DC #1 is assigned to Site #1, and there is
an
inter-site transport for the two sites.
Sounds right.
your #2 DC has it's PRIMARY DOMAIN NAME set in the System
Control Panel (don't know if this would cause the problem for a
DC
but it should be done anyway)
I'm not sure I understand where I should look for this; on the "Computer
Name" tab, the domain name is listed, and it is the "DNS Suffix for this
connection" in the TCP/IP properties -- is there somewhere else that this
gets set?
Yes. In the former, Computer Name tab, there is a place where the
Primary Domain Suffix is set -- this is the OFFICIAL name of the
server: It's basic name (like NetBIOS) plus the Primary Domain suffix.
Those domain suffixs on the NICs are more "cosmetic" and are
completely unnecessary for a SINGLE NIC machine in 99.999% of
cases.
review that checklist for renaming the Domain, especially as it
applies
to each DC and specifically to #2 (and then re-run that DCDiag
/fix
if you correct anything.)
I don't see a checklist per se, in the domain rename procedure, so I may
be
looking in the wrong place, but I have read and reread the sections
"Domain
Rename Requirements" and "Preliminary Steps to Prepare for Domain
Rename".
I wrote that casually -- the steps, instructions, checklist, whatever.
If you didn't follow some set of instructions you can Google for one with
something like this:
[ domain rename 2003 site:microsoft.com ]
I haven't made any changes to trusts because as I understand it since I'm
starting with one domain and ending with one domain there's no trust issue
to
worry about,
Correct. All the trusts are automatic Domain trusts in a single forest
but with one domain there is NOTHING to Trust.
nor have I done any of the DFS-related steps since we aren't
using DFS.
DFS is not an issue. FRS Service is important because it is used
by both DFS and the SysVol replication for a DC but this doesn't
sound like any of your problem.
You still have a missing DNS registration -- actually you probably
don't if DCDiag is clean of FAIL and (other) WARN messages.
I have read and verified the information regardng preparing DNS zones
check that the problem DC has ONLY the INTERNAL DNS Servers
listed in its NIC->IP Properties->DNS Server. It must be able to
find the DYNAMIC zone that corresponds to the domain
Each DC is pointing at the other DC as the primary DNS and itself as
secondary; I tried various permutations of both pointing at #1 or #2 as
primary with no change.
You choice is fine. Are they AD Integrated? (This also is not your
problem but at least in the long run they both should be probably.)
BTW: Make both of them GCs -- all DCs in a single domain forest
domain should be GCs and this creates no problems.
This also is not your problem unless they were telling you about a
'missing' GC record.
The DNS zone is likely dynamic since you have one of them registering
but check that setting anyway since you just recreated the zones.
The new zone is set up to allow secure dynamic updates only; I had
previously tried allowing secure and unsecure dynamic updates, again with
no
change
That's the generally "best" choice as long as you can get all the machines
you need to register (we discussed above.)
And I'll admit this now... Network Admin is only about 10% of my
overall
job
responsibilities, so this is venturing into fresh teritory for me.
Don't worry about that -- we'll help if you just ask and try to
be specific in both your requests AND in following instructions
and posting the results of doing that.
Thanks! I appreciate the help. Let me know if I need to be more specific
I would like to know if you have CLEAN complete DCDiag /c other
than that Secure only update warning (which you seem to have changed
anyway.) No FAIL, no (other) WARN.
If so, I would say you are fine.
Get in the habit of running the complete DCDiag every week -- regularly
anyway. (A lot of people set a scheduled task and mail it to themselves.)
.
- References:
- Re: Rename 2K3 Domain - DNS Issues
- From: Herb Martin
- Re: Rename 2K3 Domain - DNS Issues
- From: Lincoln King-Cliby
- Re: Rename 2K3 Domain - DNS Issues
- Prev by Date: Re: Error-DCPromo a 2003 r2 svr into a SBS 2003 evn
- Next by Date: Re: Replication Default Time
- Previous by thread: Re: Rename 2K3 Domain - DNS Issues
- Next by thread: Re: Rename 2K3 Domain - DNS Issues
- Index(es):
Relevant Pages
|
Loading
