2008 R2 DC DNS Server Starts then Stops After Reboot

I have just promotoed two new 2008 R2 domain controllers into an existing
2003 forest. DCPromo process went fine, but after the first reboot the DNS
server started and then stopped on both servers.
The DNS service starts but then I see the following errors in the DNS log:

Event 407
The DNS server could not bind a User Datagram Protocol (UDP) socket to
10.1.0.31. The event data is the error code. Restart the DNS server or reboot
your computer.

followed by

Event 408
The DNS server could not open socket for address 10.1.0.31.
Verify that this is a valid IP address for the server computer. If it is
NOT valid use the Interfaces dialog under Server Properties in the DNS
Manager to remove it from the list of IP interfaces. Then stop and restart
the DNS server. (If this was the only IP interface on this machine and the
DNS server may not have started as a result of this error. In that case
remove the DNS\Parameters\ ListenAddress value in the services section of the
registry and restart.)

If this is a valid IP address for this machine, make sure that no other
application (e.g. another DNS server) is running that would attempt to use
the DNS port.

For more information, see "DNS server log reference" in the online Help.

followed by

Event 404
The DNS server could not bind a Transmission Control Protocol (TCP) socket
to address 10.1.0.31. The event data is the error code. An IP address of
0.0.0.0 can indicate a valid "any address" configuration in which all
configured IP addresses on the computer are available for use.
Restart the DNS server or reboot the computer.

And then event 408 again, after which the DNS service shuts down. I can then
manually start the DNS service and it stays up and is functional. In addition
to this the Intersite Messaging service is not starting, not sure if its
related at all.

Thanks,
Jeff Bailey

Hello JBailey,

Let's start with an unedited ipconfig /all from the new and old DCs, so we
can check the DNS configuration. Any firewall running between the DCs?

Also see:
http://technet.microsoft.com/en-us/l...62(WS.10).aspx

There can be problems with an earlier patch where uninstalling this can help:
http://support.microsoft.com/kb/951746

After that check with this one:
http://support.microsoft.com/kb/953230

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I have just promotoed two new 2008 R2 domain controllers into an
> existing 2003 forest. DCPromo process went fine, but after the first
> reboot the DNS server started and then stopped on both servers. The
> DNS service starts but then I see the following errors in the DNS log:
>
> Event 407
> The DNS server could not bind a User Datagram Protocol (UDP) socket to
> 10.1.0.31. The event data is the error code. Restart the DNS server or
> reboot
> your computer.
> followed by
>
> Event 408
> The DNS server could not open socket for address 10.1.0.31.
> Verify that this is a valid IP address for the server computer. If it
> is
> NOT valid use the Interfaces dialog under Server Properties in the DNS
> Manager to remove it from the list of IP interfaces. Then stop and
> restart
> the DNS server. (If this was the only IP interface on this machine and
> the
> DNS server may not have started as a result of this error. In that
> case
> remove the DNS\Parameters\ ListenAddress value in the services section
> of the
> registry and restart.)
> If this is a valid IP address for this machine, make sure that no
> other application (e.g. another DNS server) is running that would
> attempt to use the DNS port.
>
> For more information, see "DNS server log reference" in the online
> Help.
>
> followed by
>
> Event 404
> The DNS server could not bind a Transmission Control Protocol (TCP)
> socket
> to address 10.1.0.31. The event data is the error code. An IP
> address of
> 0.0.0.0 can indicate a valid "any address" configuration in which all
> configured IP addresses on the computer are available for use.
> Restart the DNS server or reboot the computer.
> And then event 408 again, after which the DNS service shuts down. I
> can then manually start the DNS service and it stays up and is
> functional. In addition to this the Intersite Messaging service is not
> starting, not sure if its related at all.
>
> Thanks,
> Jeff Baile

Old DC 1

C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : mhdc
Primary Dns Suffix . . . . . . . : corp.xxxx.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : corp.xxxx.com
xxxx.com

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Team 1
Physical Address. . . . . . . . . : 00-15-60-0B-1E-84
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.0.98
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.1.2.254
DNS Servers . . . . . . . . . . . : 127.0.0.1
10.1.0.31

OLD DC 2

C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : mhbc
Primary Dns Suffix . . . . . . . : corp.xxxx.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : corp.xxxx.com
xxxx.com

Ethernet adapter Team1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Team 1
Physical Address. . . . . . . . . : 00-1C-C4-C1-E9-A4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.0.97
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.1.2.254
DNS Servers . . . . . . . . . . . : 127.0.0.1
10.1.0.1


NEW DC 1

C:\Windows\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : MSN-INF-DC01
Primary Dns Suffix . . . . . . . : corp.xxxx.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : corp.xxxx.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC326i PCIe Dual Port Gigabit
Server A
dapter #2
Physical Address. . . . . . . . . : 00-25-B3-EA-65-41
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.0.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.1.2.254
DNS Servers . . . . . . . . . . . : 10.1.0.1
10.1.0.31
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{77191B73-F426-4829-8335-A5B5A07C1396}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


NEW DC 2

C:\Windows\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : MSN-INF-DC02
Primary Dns Suffix . . . . . . . : corp.xxxx.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : corp.xxxx.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC326i PCIe Dual Port Gigabit
Server A
dapter #2
Physical Address. . . . . . . . . : 00-26-55-AD-6C-69
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.0.31(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.1.2.254
DNS Servers . . . . . . . . . . . : 10.1.0.31
10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{138372F7-A2AD-467C-9C38-BAFD5C9F1249}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Firewalls running on two new 2008 r2 domain controllers - not on old domain
controllers.

Thanks

"Meinolf Weber [MVP-DS]" wrote:

> Hello JBailey,
>
> Let's start with an unedited ipconfig /all from the new and old DCs, so we
> can check the DNS configuration. Any firewall running between the DCs?
>
> Also see:
> http://technet.microsoft.com/en-us/l...62(WS.10).aspx
>
> There can be problems with an earlier patch where uninstalling this can help:
> http://support.microsoft.com/kb/951746
>
> After that check with this one:
> http://support.microsoft.com/kb/953230
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > I have just promotoed two new 2008 R2 domain controllers into an
> > existing 2003 forest. DCPromo process went fine, but after the first
> > reboot the DNS server started and then stopped on both servers. The
> > DNS service starts but then I see the following errors in the DNS log:
> >
> > Event 407
> > The DNS server could not bind a User Datagram Protocol (UDP) socket to
> > 10.1.0.31. The event data is the error code. Restart the DNS server or
> > reboot
> > your computer.
> > followed by
> >
> > Event 408
> > The DNS server could not open socket for address 10.1.0.31.
> > Verify that this is a valid IP address for the server computer. If it
> > is
> > NOT valid use the Interfaces dialog under Server Properties in the DNS
> > Manager to remove it from the list of IP interfaces. Then stop and
> > restart
> > the DNS server. (If this was the only IP interface on this machine and
> > the
> > DNS server may not have started as a result of this error. In that
> > case
> > remove the DNS\Parameters\ ListenAddress value in the services section
> > of the
> > registry and restart.)
> > If this is a valid IP address for this machine, make sure that no
> > other application (e.g. another DNS server) is running that would
> > attempt to use the DNS port.
> >
> > For more information, see "DNS server log reference" in the online
> > Help.
> >
> > followed by
> >
> > Event 404
> > The DNS server could not bind a Transmission Control Protocol (TCP)
> > socket
> > to address 10.1.0.31. The event data is the error code. An IP
> > address of
> > 0.0.0.0 can indicate a valid "any address" configuration in which all
> > configured IP addresses on the computer are available for use.
> > Restart the DNS server or reboot the computer.
> > And then event 408 again, after which the DNS service shuts down. I
> > can then manually start the DNS service and it stays up and is
> > functional. In addition to this the Intersite Messaging service is not
> > starting, not sure if its related at all.
> >
> > Thanks,
> > Jeff Bailey
>
>
> .
>

Hello JBailey,

The ipconfig output more or less looks ok, you should use always the real
ip address on the DCs NIC, instead of the loopback ip address 127.0.0.1,
but this isn't the solution for the problem. Also limiting the subnet mask
to /24 (255.255.255.0), 254 possible clients in the subnet, should be a better
option to make your broadcast domain smaller. With the current one /16 (255.255.0.0)
you are able to work with 65534 clients, maybe a bit too much?

Did you open the firewall ports on the new DCs to allow all AD needed services?
See the following articles about using firewalls on DCs:
http://technet.microsoft.com/en-us/l...23(WS.10).aspx

http://support.microsoft.com/kb/179442/

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Old DC 1
>
> C:\WINDOWS\system32>ipconfig /all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : mhdc
> Primary Dns Suffix . . . . . . . : corp.xxxx.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : corp.xxxx.com
> xxxx.com
> Ethernet adapter Local Area Connection 3:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Team 1
> Physical Address. . . . . . . . . : 00-15-60-0B-1E-84
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.1.0.98
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> Default Gateway . . . . . . . . . : 10.1.2.254
> DNS Servers . . . . . . . . . . . : 127.0.0.1
> 10.1.0.31
> OLD DC 2
>
> C:\WINDOWS\system32>ipconfig /all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : mhbc
> Primary Dns Suffix . . . . . . . : corp.xxxx.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : corp.xxxx.com
> xxxx.com
> Ethernet adapter Team1:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Team 1
> Physical Address. . . . . . . . . : 00-1C-C4-C1-E9-A4
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.1.0.97
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> Default Gateway . . . . . . . . . : 10.1.2.254
> DNS Servers . . . . . . . . . . . : 127.0.0.1
> 10.1.0.1
> NEW DC 1
>
> C:\Windows\system32>ipconfig /all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : MSN-INF-DC01
> Primary Dns Suffix . . . . . . . : corp.xxxx.com
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : corp.xxxx.com
> Ethernet adapter Local Area Connection 2:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : HP NC326i PCIe Dual Port
> Gigabit
> Server A
> dapter #2
> Physical Address. . . . . . . . . : 00-25-B3-EA-65-41
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> IPv4 Address. . . . . . . . . . . : 10.1.0.1(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> Default Gateway . . . . . . . . . : 10.1.2.254
> DNS Servers . . . . . . . . . . . : 10.1.0.1
> 10.1.0.31
> NetBIOS over Tcpip. . . . . . . . : Enabled
> Tunnel adapter isatap.{77191B73-F426-4829-8335-A5B5A07C1396}:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Microsoft ISATAP Adapter
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Tunnel adapter Teredo Tunneling Pseudo-Interface:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Teredo Tunneling
> Pseudo-Interface
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> NEW DC 2
>
> C:\Windows\system32>ipconfig /all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : MSN-INF-DC02
> Primary Dns Suffix . . . . . . . : corp.xxxx.com
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : corp.xxxx.com
> Ethernet adapter Local Area Connection 2:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : HP NC326i PCIe Dual Port
> Gigabit
> Server A
> dapter #2
> Physical Address. . . . . . . . . : 00-26-55-AD-6C-69
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> IPv4 Address. . . . . . . . . . . : 10.1.0.31(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> Default Gateway . . . . . . . . . : 10.1.2.254
> DNS Servers . . . . . . . . . . . : 10.1.0.31
> 10.0.0.1
> NetBIOS over Tcpip. . . . . . . . : Enabled
> Tunnel adapter isatap.{138372F7-A2AD-467C-9C38-BAFD5C9F1249}:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Microsoft ISATAP Adapter
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Tunnel adapter Teredo Tunneling Pseudo-Interface:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Teredo Tunneling
> Pseudo-Interface
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Firewalls running on two new 2008 r2 domain controllers - not on old
> domain controllers.
>
> Thanks
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello JBailey,
>>
>> Let's start with an unedited ipconfig /all from the new and old DCs,
>> so we can check the DNS configuration. Any firewall running between
>> the DCs?
>>
>> Also see:
>> http://technet.microsoft.com/en-us/l...62(WS.10).aspx
>> There can be problems with an earlier patch where uninstalling this
>> can help: http://support.microsoft.com/kb/951746
>>
>> After that check with this one:
>> http://support.microsoft.com/kb/953230
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I have just promotoed two new 2008 R2 domain controllers into an
>>> existing 2003 forest. DCPromo process went fine, but after the first
>>> reboot the DNS server started and then stopped on both servers. The
>>> DNS service starts but then I see the following errors in the DNS
>>> log:
>>>
>>> Event 407
>>> The DNS server could not bind a User Datagram Protocol (UDP) socket
>>> to
>>> 10.1.0.31. The event data is the error code. Restart the DNS server
>>> or
>>> reboot
>>> your computer.
>>> followed by
>>> Event 408
>>> The DNS server could not open socket for address 10.1.0.31.
>>> Verify that this is a valid IP address for the server computer. If
>>> it
>>> is
>>> NOT valid use the Interfaces dialog under Server Properties in the
>>> DNS
>>> Manager to remove it from the list of IP interfaces. Then stop and
>>> restart
>>> the DNS server. (If this was the only IP interface on this machine
>>> and
>>> the
>>> DNS server may not have started as a result of this error. In that
>>> case
>>> remove the DNS\Parameters\ ListenAddress value in the services
>>> section
>>> of the
>>> registry and restart.)
>>> If this is a valid IP address for this machine, make sure that no
>>> other application (e.g. another DNS server) is running that would
>>> attempt to use the DNS port.
>>> For more information, see "DNS server log reference" in the online
>>> Help.
>>>
>>> followed by
>>>
>>> Event 404
>>> The DNS server could not bind a Transmission Control Protocol (TCP)
>>> socket
>>> to address 10.1.0.31. The event data is the error code. An IP
>>> address of
>>> 0.0.0.0 can indicate a valid "any address" configuration in which
>>> all
>>> configured IP addresses on the computer are available for use.
>>> Restart the DNS server or reboot the computer.
>>> And then event 408 again, after which the DNS service shuts down. I
>>> can then manually start the DNS service and it stays up and is
>>> functional. In addition to this the Intersite Messaging service is
>>> not
>>> starting, not sure if its related at all.
>>> Thanks,
>>> Jeff Bailey
>> .
>>

Theres conflicting guidance on how to configure client dns settings on a dc
on technet, team blogs and even within server manager. Some posts say to use
loopback, some say to use the real address, some say to use local ip as
primary, server manager advises to set ip as secondary dns. Also, I realize
the subnet is way to large, and am currently working on breaking it down into
more manageable networks - but like you said, none of the above pertains to
the issue at hand.

I'll look at the firewall config doc and see what I can do.

"Meinolf Weber [MVP-DS]" wrote:

> Hello JBailey,
>
> The ipconfig output more or less looks ok, you should use always the real
> ip address on the DCs NIC, instead of the loopback ip address 127.0.0.1,
> but this isn't the solution for the problem. Also limiting the subnet mask
> to /24 (255.255.255.0), 254 possible clients in the subnet, should be a better
> option to make your broadcast domain smaller. With the current one /16 (255.255.0.0)
> you are able to work with 65534 clients, maybe a bit too much?
>
> Did you open the firewall ports on the new DCs to allow all AD needed services?
> See the following articles about using firewalls on DCs:
> http://technet.microsoft.com/en-us/l...23(WS.10).aspx
>
> http://support.microsoft.com/kb/179442/
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Old DC 1
> >
> > C:\WINDOWS\system32>ipconfig /all
> >
> > Windows IP Configuration
> >
> > Host Name . . . . . . . . . . . . : mhdc
> > Primary Dns Suffix . . . . . . . : corp.xxxx.com
> > Node Type . . . . . . . . . . . . : Unknown
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : corp.xxxx.com
> > xxxx.com
> > Ethernet adapter Local Area Connection 3:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Team 1
> > Physical Address. . . . . . . . . : 00-15-60-0B-1E-84
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 10.1.0.98
> > Subnet Mask . . . . . . . . . . . : 255.255.0.0
> > Default Gateway . . . . . . . . . : 10.1.2.254
> > DNS Servers . . . . . . . . . . . : 127.0.0.1
> > 10.1.0.31
> > OLD DC 2
> >
> > C:\WINDOWS\system32>ipconfig /all
> >
> > Windows IP Configuration
> >
> > Host Name . . . . . . . . . . . . : mhbc
> > Primary Dns Suffix . . . . . . . : corp.xxxx.com
> > Node Type . . . . . . . . . . . . : Unknown
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : corp.xxxx.com
> > xxxx.com
> > Ethernet adapter Team1:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Team 1
> > Physical Address. . . . . . . . . : 00-1C-C4-C1-E9-A4
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 10.1.0.97
> > Subnet Mask . . . . . . . . . . . : 255.255.0.0
> > Default Gateway . . . . . . . . . : 10.1.2.254
> > DNS Servers . . . . . . . . . . . : 127.0.0.1
> > 10.1.0.1
> > NEW DC 1
> >
> > C:\Windows\system32>ipconfig /all
> >
> > Windows IP Configuration
> >
> > Host Name . . . . . . . . . . . . : MSN-INF-DC01
> > Primary Dns Suffix . . . . . . . : corp.xxxx.com
> > Node Type . . . . . . . . . . . . : Hybrid
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : corp.xxxx.com
> > Ethernet adapter Local Area Connection 2:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : HP NC326i PCIe Dual Port
> > Gigabit
> > Server A
> > dapter #2
> > Physical Address. . . . . . . . . : 00-25-B3-EA-65-41
> > DHCP Enabled. . . . . . . . . . . : No
> > Autoconfiguration Enabled . . . . : Yes
> > IPv4 Address. . . . . . . . . . . : 10.1.0.1(Preferred)
> > Subnet Mask . . . . . . . . . . . : 255.255.0.0
> > Default Gateway . . . . . . . . . : 10.1.2.254
> > DNS Servers . . . . . . . . . . . : 10.1.0.1
> > 10.1.0.31
> > NetBIOS over Tcpip. . . . . . . . : Enabled
> > Tunnel adapter isatap.{77191B73-F426-4829-8335-A5B5A07C1396}:
> >
> > Media State . . . . . . . . . . . : Media disconnected
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Microsoft ISATAP Adapter
> > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> > DHCP Enabled. . . . . . . . . . . : No
> > Autoconfiguration Enabled . . . . : Yes
> > Tunnel adapter Teredo Tunneling Pseudo-Interface:
> >
> > Media State . . . . . . . . . . . : Media disconnected
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Teredo Tunneling
> > Pseudo-Interface
> > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> > DHCP Enabled. . . . . . . . . . . : No
> > Autoconfiguration Enabled . . . . : Yes
> > NEW DC 2
> >
> > C:\Windows\system32>ipconfig /all
> >
> > Windows IP Configuration
> >
> > Host Name . . . . . . . . . . . . : MSN-INF-DC02
> > Primary Dns Suffix . . . . . . . : corp.xxxx.com
> > Node Type . . . . . . . . . . . . : Hybrid
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : corp.xxxx.com
> > Ethernet adapter Local Area Connection 2:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : HP NC326i PCIe Dual Port
> > Gigabit
> > Server A
> > dapter #2
> > Physical Address. . . . . . . . . : 00-26-55-AD-6C-69
> > DHCP Enabled. . . . . . . . . . . : No
> > Autoconfiguration Enabled . . . . : Yes
> > IPv4 Address. . . . . . . . . . . : 10.1.0.31(Preferred)
> > Subnet Mask . . . . . . . . . . . : 255.255.0.0
> > Default Gateway . . . . . . . . . : 10.1.2.254
> > DNS Servers . . . . . . . . . . . : 10.1.0.31
> > 10.0.0.1
> > NetBIOS over Tcpip. . . . . . . . : Enabled
> > Tunnel adapter isatap.{138372F7-A2AD-467C-9C38-BAFD5C9F1249}:
> >
> > Media State . . . . . . . . . . . : Media disconnected
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Microsoft ISATAP Adapter
> > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> > DHCP Enabled. . . . . . . . . . . : No
> > Autoconfiguration Enabled . . . . : Yes
> > Tunnel adapter Teredo Tunneling Pseudo-Interface:
> >
> > Media State . . . . . . . . . . . : Media disconnected
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Teredo Tunneling
> > Pseudo-Interface
> > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> > DHCP Enabled. . . . . . . . . . . : No
> > Autoconfiguration Enabled . . . . : Yes
> > Firewalls running on two new 2008 r2 domain controllers - not on old
> > domain controllers.
> >
> > Thanks
> >
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello JBailey,
> >>
> >> Let's start with an unedited ipconfig /all from the new and old DCs,
> >> so we can check the DNS configuration. Any firewall running between
> >> the DCs?
> >>
> >> Also see:
> >> http://technet.microsoft.com/en-us/l...62(WS.10).aspx
> >> There can be problems with an earlier patch where uninstalling this
> >> can help: http://support.microsoft.com/kb/951746
> >>
> >> After that check with this one:
> >> http://support.microsoft.com/kb/953230
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> I have just promotoed two new 2008 R2 domain controllers into an
> >>> existing 2003 forest. DCPromo process went fine, but after the first
> >>> reboot the DNS server started and then stopped on both servers. The
> >>> DNS service starts but then I see the following errors in the DNS
> >>> log:
> >>>
> >>> Event 407
> >>> The DNS server could not bind a User Datagram Protocol (UDP) socket
> >>> to
> >>> 10.1.0.31. The event data is the error code. Restart the DNS server
> >>> or
> >>> reboot
> >>> your computer.
> >>> followed by
> >>> Event 408
> >>> The DNS server could not open socket for address 10.1.0.31.
> >>> Verify that this is a valid IP address for the server computer. If
> >>> it
> >>> is
> >>> NOT valid use the Interfaces dialog under Server Properties in the
> >>> DNS
> >>> Manager to remove it from the list of IP interfaces. Then stop and
> >>> restart
> >>> the DNS server. (If this was the only IP interface on this machine
> >>> and
> >>> the
> >>> DNS server may not have started as a result of this error. In that
> >>> case
> >>> remove the DNS\Parameters\ ListenAddress value in the services
> >>> section
> >>> of the
> >>> registry and restart.)
> >>> If this is a valid IP address for this machine, make sure that no
> >>> other application (e.g. another DNS server) is running that would
> >>> attempt to use the DNS port.
> >>> For more information, see "DNS server log reference" in the online
> >>> Help.
> >>>
> >>> followed by
> >>>
> >>> Event 404
> >>> The DNS server could not bind a Transmission Control Protocol (TCP)
> >>> socket
> >>> to address 10.1.0.31. The event data is the error code. An IP
> >>> address of
> >>> 0.0.0.0 can indicate a valid "any address" configuration in which
> >>> all
> >>> configured IP addresses on the computer are available for use.
> >>> Restart the DNS server or reboot the computer.
> >>> And then event 408 again, after which the DNS service shuts down. I
> >>> can then manually start the DNS service and it stays up and is
> >>> functional. In addition to this the Intersite Messaging service is
> >>> not
> >>> starting, not sure if its related at all.
> >>> Thanks,
> >>> Jeff Bailey
> >> .
> >>
>
>
> .
>

Cheked firewalls on both 2008 R2 DCs and all required ports are open -
configured correctly during role additions.

Any other ideas?

"JBailey" wrote:

> Theres conflicting guidance on how to configure client dns settings on a dc
> on technet, team blogs and even within server manager. Some posts say to use
> loopback, some say to use the real address, some say to use local ip as
> primary, server manager advises to set ip as secondary dns. Also, I realize
> the subnet is way to large, and am currently working on breaking it down into
> more manageable networks - but like you said, none of the above pertains to
> the issue at hand.
>
> I'll look at the firewall config doc and see what I can do.
>
> "Meinolf Weber [MVP-DS]" wrote:
>
> > Hello JBailey,
> >
> > The ipconfig output more or less looks ok, you should use always the real
> > ip address on the DCs NIC, instead of the loopback ip address 127.0.0.1,
> > but this isn't the solution for the problem. Also limiting the subnet mask
> > to /24 (255.255.255.0), 254 possible clients in the subnet, should be a better
> > option to make your broadcast domain smaller. With the current one /16 (255.255.0.0)
> > you are able to work with 65534 clients, maybe a bit too much?
> >
> > Did you open the firewall ports on the new DCs to allow all AD needed services?
> > See the following articles about using firewalls on DCs:
> > http://technet.microsoft.com/en-us/l...23(WS.10).aspx
> >
> > http://support.microsoft.com/kb/179442/
> >
> > Best regards
> >
> > Meinolf Weber
> > Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> > no rights.
> > ** Please do NOT email, only reply to Newsgroups
> > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >
> >
> > > Old DC 1
> > >
> > > C:\WINDOWS\system32>ipconfig /all
> > >
> > > Windows IP Configuration
> > >
> > > Host Name . . . . . . . . . . . . : mhdc
> > > Primary Dns Suffix . . . . . . . : corp.xxxx.com
> > > Node Type . . . . . . . . . . . . : Unknown
> > > IP Routing Enabled. . . . . . . . : No
> > > WINS Proxy Enabled. . . . . . . . : No
> > > DNS Suffix Search List. . . . . . : corp.xxxx.com
> > > xxxx.com
> > > Ethernet adapter Local Area Connection 3:
> > >
> > > Connection-specific DNS Suffix . :
> > > Description . . . . . . . . . . . : Team 1
> > > Physical Address. . . . . . . . . : 00-15-60-0B-1E-84
> > > DHCP Enabled. . . . . . . . . . . : No
> > > IP Address. . . . . . . . . . . . : 10.1.0.98
> > > Subnet Mask . . . . . . . . . . . : 255.255.0.0
> > > Default Gateway . . . . . . . . . : 10.1.2.254
> > > DNS Servers . . . . . . . . . . . : 127.0.0.1
> > > 10.1.0.31
> > > OLD DC 2
> > >
> > > C:\WINDOWS\system32>ipconfig /all
> > >
> > > Windows IP Configuration
> > >
> > > Host Name . . . . . . . . . . . . : mhbc
> > > Primary Dns Suffix . . . . . . . : corp.xxxx.com
> > > Node Type . . . . . . . . . . . . : Unknown
> > > IP Routing Enabled. . . . . . . . : No
> > > WINS Proxy Enabled. . . . . . . . : No
> > > DNS Suffix Search List. . . . . . : corp.xxxx.com
> > > xxxx.com
> > > Ethernet adapter Team1:
> > >
> > > Connection-specific DNS Suffix . :
> > > Description . . . . . . . . . . . : Team 1
> > > Physical Address. . . . . . . . . : 00-1C-C4-C1-E9-A4
> > > DHCP Enabled. . . . . . . . . . . : No
> > > IP Address. . . . . . . . . . . . : 10.1.0.97
> > > Subnet Mask . . . . . . . . . . . : 255.255.0.0
> > > Default Gateway . . . . . . . . . : 10.1.2.254
> > > DNS Servers . . . . . . . . . . . : 127.0.0.1
> > > 10.1.0.1
> > > NEW DC 1
> > >
> > > C:\Windows\system32>ipconfig /all
> > >
> > > Windows IP Configuration
> > >
> > > Host Name . . . . . . . . . . . . : MSN-INF-DC01
> > > Primary Dns Suffix . . . . . . . : corp.xxxx.com
> > > Node Type . . . . . . . . . . . . : Hybrid
> > > IP Routing Enabled. . . . . . . . : No
> > > WINS Proxy Enabled. . . . . . . . : No
> > > DNS Suffix Search List. . . . . . : corp.xxxx.com
> > > Ethernet adapter Local Area Connection 2:
> > >
> > > Connection-specific DNS Suffix . :
> > > Description . . . . . . . . . . . : HP NC326i PCIe Dual Port
> > > Gigabit
> > > Server A
> > > dapter #2
> > > Physical Address. . . . . . . . . : 00-25-B3-EA-65-41
> > > DHCP Enabled. . . . . . . . . . . : No
> > > Autoconfiguration Enabled . . . . : Yes
> > > IPv4 Address. . . . . . . . . . . : 10.1.0.1(Preferred)
> > > Subnet Mask . . . . . . . . . . . : 255.255.0.0
> > > Default Gateway . . . . . . . . . : 10.1.2.254
> > > DNS Servers . . . . . . . . . . . : 10.1.0.1
> > > 10.1.0.31
> > > NetBIOS over Tcpip. . . . . . . . : Enabled
> > > Tunnel adapter isatap.{77191B73-F426-4829-8335-A5B5A07C1396}:
> > >
> > > Media State . . . . . . . . . . . : Media disconnected
> > > Connection-specific DNS Suffix . :
> > > Description . . . . . . . . . . . : Microsoft ISATAP Adapter
> > > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> > > DHCP Enabled. . . . . . . . . . . : No
> > > Autoconfiguration Enabled . . . . : Yes
> > > Tunnel adapter Teredo Tunneling Pseudo-Interface:
> > >
> > > Media State . . . . . . . . . . . : Media disconnected
> > > Connection-specific DNS Suffix . :
> > > Description . . . . . . . . . . . : Teredo Tunneling
> > > Pseudo-Interface
> > > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> > > DHCP Enabled. . . . . . . . . . . : No
> > > Autoconfiguration Enabled . . . . : Yes
> > > NEW DC 2
> > >
> > > C:\Windows\system32>ipconfig /all
> > >
> > > Windows IP Configuration
> > >
> > > Host Name . . . . . . . . . . . . : MSN-INF-DC02
> > > Primary Dns Suffix . . . . . . . : corp.xxxx.com
> > > Node Type . . . . . . . . . . . . : Hybrid
> > > IP Routing Enabled. . . . . . . . : No
> > > WINS Proxy Enabled. . . . . . . . : No
> > > DNS Suffix Search List. . . . . . : corp.xxxx.com
> > > Ethernet adapter Local Area Connection 2:
> > >
> > > Connection-specific DNS Suffix . :
> > > Description . . . . . . . . . . . : HP NC326i PCIe Dual Port
> > > Gigabit
> > > Server A
> > > dapter #2
> > > Physical Address. . . . . . . . . : 00-26-55-AD-6C-69
> > > DHCP Enabled. . . . . . . . . . . : No
> > > Autoconfiguration Enabled . . . . : Yes
> > > IPv4 Address. . . . . . . . . . . : 10.1.0.31(Preferred)
> > > Subnet Mask . . . . . . . . . . . : 255.255.0.0
> > > Default Gateway . . . . . . . . . : 10.1.2.254
> > > DNS Servers . . . . . . . . . . . : 10.1.0.31
> > > 10.0.0.1
> > > NetBIOS over Tcpip. . . . . . . . : Enabled
> > > Tunnel adapter isatap.{138372F7-A2AD-467C-9C38-BAFD5C9F1249}:
> > >
> > > Media State . . . . . . . . . . . : Media disconnected
> > > Connection-specific DNS Suffix . :
> > > Description . . . . . . . . . . . : Microsoft ISATAP Adapter
> > > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> > > DHCP Enabled. . . . . . . . . . . : No
> > > Autoconfiguration Enabled . . . . : Yes
> > > Tunnel adapter Teredo Tunneling Pseudo-Interface:
> > >
> > > Media State . . . . . . . . . . . : Media disconnected
> > > Connection-specific DNS Suffix . :
> > > Description . . . . . . . . . . . : Teredo Tunneling
> > > Pseudo-Interface
> > > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> > > DHCP Enabled. . . . . . . . . . . : No
> > > Autoconfiguration Enabled . . . . : Yes
> > > Firewalls running on two new 2008 r2 domain controllers - not on old
> > > domain controllers.
> > >
> > > Thanks
> > >
> > > "Meinolf Weber [MVP-DS]" wrote:
> > >
> > >> Hello JBailey,
> > >>
> > >> Let's start with an unedited ipconfig /all from the new and old DCs,
> > >> so we can check the DNS configuration. Any firewall running between
> > >> the DCs?
> > >>
> > >> Also see:
> > >> http://technet.microsoft.com/en-us/l...62(WS.10).aspx
> > >> There can be problems with an earlier patch where uninstalling this
> > >> can help: http://support.microsoft.com/kb/951746
> > >>
> > >> After that check with this one:
> > >> http://support.microsoft.com/kb/953230
> > >> Best regards
> > >>
> > >> Meinolf Weber
> > >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> > >> confers
> > >> no rights.
> > >> ** Please do NOT email, only reply to Newsgroups
> > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> > >>> I have just promotoed two new 2008 R2 domain controllers into an
> > >>> existing 2003 forest. DCPromo process went fine, but after the first
> > >>> reboot the DNS server started and then stopped on both servers. The
> > >>> DNS service starts but then I see the following errors in the DNS
> > >>> log:
> > >>>
> > >>> Event 407
> > >>> The DNS server could not bind a User Datagram Protocol (UDP) socket
> > >>> to
> > >>> 10.1.0.31. The event data is the error code. Restart the DNS server
> > >>> or
> > >>> reboot
> > >>> your computer.
> > >>> followed by
> > >>> Event 408
> > >>> The DNS server could not open socket for address 10.1.0.31.
> > >>> Verify that this is a valid IP address for the server computer. If
> > >>> it
> > >>> is
> > >>> NOT valid use the Interfaces dialog under Server Properties in the
> > >>> DNS
> > >>> Manager to remove it from the list of IP interfaces. Then stop and
> > >>> restart
> > >>> the DNS server. (If this was the only IP interface on this machine
> > >>> and
> > >>> the
> > >>> DNS server may not have started as a result of this error. In that
> > >>> case
> > >>> remove the DNS\Parameters\ ListenAddress value in the services
> > >>> section
> > >>> of the
> > >>> registry and restart.)
> > >>> If this is a valid IP address for this machine, make sure that no
> > >>> other application (e.g. another DNS server) is running that would
> > >>> attempt to use the DNS port.
> > >>> For more information, see "DNS server log reference" in the online
> > >>> Help.
> > >>>
> > >>> followed by
> > >>>
> > >>> Event 404
> > >>> The DNS server could not bind a Transmission Control Protocol (TCP)
> > >>> socket
> > >>> to address 10.1.0.31. The event data is the error code. An IP
> > >>> address of
> > >>> 0.0.0.0 can indicate a valid "any address" configuration in which
> > >>> all
> > >>> configured IP addresses on the computer are available for use.
> > >>> Restart the DNS server or reboot the computer.
> > >>> And then event 408 again, after which the DNS service shuts down. I
> > >>> can then manually start the DNS service and it stays up and is
> > >>> functional. In addition to this the Intersite Messaging service is
> > >>> not
> > >>> starting, not sure if its related at all.
> > >>> Thanks,
> > >>> Jeff Bailey
> > >> .
> > >>
> >
> >
> > .
> >