Re: DNS Issues Preventing ADPREP /Forestprep From Working

From: Douglas H. Quebbeman (DougQ_at_IgLou.com)
Date: 09/15/04 

Date: Wed, 15 Sep 2004 10:50:46 -0700

Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> wrote in article
<#hbFZI0mEHA.2500@TK2MSFTNGP09.phx.gbl>...
> In news:01c49b2f$110428f0$e401a8c0@cicc-06,
> Douglas H. Quebbeman <DougQ@IgLou.com> wrote their comments
> Then Kevin replied below:
> > ==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS
> > ============
> >
> > So I have a schema mismatch...
> >
> > When I runt he AD replication Monitor, and add jeffserver to the
> > monitored servers list, it shows lines for knowing about only two
> > of my three domain controllers, Jeff's TEGJEFF.COM and the Shreveport
> > server's TEGSHV.COM.
>
> I am assuming we are dealing one forest with three domains?

Yes; when I originally set up the WAN, we hosted the links over V.90
dialup connections to the Internet. In those days, I ran Exchange 5.5
on each server using IMC as the site connector. I had asked management
for 12 weeks upon delivery of the first Windows 2000 Server for this
office so that I could learn about Active Directory and all the other
changes Win2k brought.... four weeks in I was told I had two weeks left
so Knowledge and Mastery were going to have to wait...

> If you look through your dcdiag you'll see you had replication failures for
> almost a year. I think this is due to the multiple subnets and incorrect DNS
> configuration on this DC, which I assume is the schema master.

The jeffserver is meant to be the schema master, yes. I was aware that
DNS wasn't quite right, but generally, users weren't noticing any effects,
and my other hobbies^H^H^H^H^H^H^Hduties kept me too busy to fix it.

> also, Since each DC only has a zone for its own domain they cannot resolve
> the other DCs in their DNS. Hence, why you need a secondary zone for the
> Forest root on all DCs.

I've done that now, as well as finally getting around to creating reverse-
lookup zones.

> Also in your ipconfig take a look at this:

> PPP adapter {C12801D2-A677-4C9A-AC21-A2EF8637C5F4}:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> Physical Address. . . . . . . . . : 00-53-45-00-00-00
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.3.250
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.168.3.100<--Change to 192.168.1.100
  ^^^ ^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Fixed... done!
 
> PPP adapter {A3E407C2-A1F4-456C-ABA1-7CF1413D1E84}:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> Physical Address. . . . . . . . . : 00-53-45-00-00-00
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.2.250
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.168.2.100<--change to 192.168.1.100
  ^^^ ^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Fixed... done!

Ok, this has helped greatly, the netdiag output looks even cleaner,
especially the DNS test:

DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.100'.
    PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1'.

Dang! That localhost ref is for the dial-in adapter... I saw a reference to
this in a posting where you were helping someone else, Kevin... I looked
around for the proper way to change the properties for the dial-in interface,
I would think it would be somewhere in the RRAS MMC plug-in, but I could not
find it. I used REGEDIT to change it to 192.168.1.100, and that fixed it, until
I restarted RRAS (to put in effect the other DNS change you pointed out above).

Anyone know how to change the properties of the simple dial-in RAS adapter?

Also, I'm curious... the WAN is up, but netdiag says

WAN configuration test . . . . . . : Skipped
    No active remote access connections.

Not sure this is related to my problem or not. Oh, I have WINS issues too...

Let's see how the dcdiag output looks. Ok, pretty clean too, except for
this problem with replication to Evansville:

         An Warning Event occured. EventID: 0x800034FA
            Time Generated: 09/15/2004 11:56:36
            Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
jeffserver.tegjeff.com for FRS replica set
configuration information.
 

The nTDSConnection object
   cn=jeffserver,cn=ntds settings,
    cn=evvserver,cn=servers,cn=evansville,
     cn=sites,cn=configuration,dc=tegjeff,dc=com
is conflicting with
   cn=jeffserver\cnf:15254a3a-7b76-4326-b01d-601bd26489e5,
     cn=ntds settings,cn=evvserver,cn=servers,cn=evansville,
       cn=sites,cn=configuration,dc=tegjeff,dc=com.
Using cn=jeffserver,cn=ntds settings,
        cn=evvserver,cn=servers,cn=evansville,
          cn=sites,cn=configuration,dc=tegjeff,dc=com

I went into AD Sites & Services, and found two connection objects...

Not sure which was right... the ones linking Jeffserver & Shreveserver
have names that are GUIDs, but one of the Evansville connection objects
was one I manually created this morning and was named jeffserver, while
the other one was named jeffserver followed by a control character or a
character value > 128, then CNF:15254a3a-7b76-4326-b01d-601bd26489e5.

I've deleted them both...

What is the proper way for me to create the connection object
that links jeffersonville and evansville? I don't recall creating
the ones that link jeffersonville and shreveport, might the system
have created them automagically?

BTW Kevin, both you and Ace have been very helpful... I have the
resource kit, but w/r/t this problem, I could not find an edge to
grab hold of, everything I'd read just led me in circles... so thanks
for help rendered so far & anticipated too!

Regards,
-doug q

Relevant Pages

  • Re: SBS 2003 and Replication Errors with Remote DC
    ... alpha server as soon as you can to get things going. ... A simple DNS replication test is to create a host record in the SBS server ... Domain Controller Diagnosis ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 and Replication Errors with Remote DC
    ... I did make the changes that you suggested on the DNS of my alpha server and rebooted. ... I did run the simple DNS test that you suggested by adding a host record to my SBS server. ... A simple DNS replication test is to create a host record in the SBS server and wait till it shows up in the remote server. ...
    (microsoft.public.windows.server.sbs)
  • RE: DNS/AD/RPC issues (x posted to .dns)
    ... You are right that an error like this is usually caused by a DNS problem. ... subnet - although replication is not functioning. ... (The DNS server could not bind a Transmission Control ... From DC3SRVR to DC1SRVR ...
    (microsoft.public.windows.server.active_directory)
  • Re: Problems with AD & DNS
    ... the IP and dns details on the server are correct. ... This article contains details on how to troubleshoot AD replication issues: ... EventID: 0xC0250827 ... (Event String could not be retrieved) ...
    (microsoft.public.windows.server.active_directory)
  • Re: 5 test failures on my other DC when running DCdiag
    ... I would start to check if the DNS configuration is OK in AD ... The replication generated an error: ... Cornerstone is not registered on one or more DNS servers. ... (Event String could not be retrieved) ...
    (microsoft.public.windows.server.active_directory)