Windows Vista Tips

Windows Vista Tips > Newsgroups > Windows Server > Active Directory > RPC is unavailable when try to transfer FSMO Roles

Reply
Thread Tools Display Modes

RPC is unavailable when try to transfer FSMO Roles

 
 
Jose Luis
Guest
Posts: n/a

 
      06-17-2006
Hi all,

We are getting a error message when we try to tranfer FSMO to another
Domain Controller - "DsBindW error 0x6ba (The RPC server is unavailable)". I
t occur using graphics interface or using ntdsutil command.

The fmso┤s owner is a DC using W2k and the new DC that will assume the roles
is W2k3.

Also the event viewer show this warnning:
Source: NTDS KCC

The attempt to establish a replication link with parameters

Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
Source DSA DN: CN=NTDS
Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites, CN=Configuration,DC=mmmweb,DC=com,DC=mx
Source DSA Address:
49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
Inter-site Transport (if any):

failed with the following status:

The RPC server is unavailable.

The record data is the status code. This operation will be retried.

Any idea abut this error..? Please let me know any hints.

Regards,

JosÚ Luis


 
Reply With Quote
 
 
 
 
Jorge de Almeida Pinto [MVP]
Guest
Posts: n/a

 
      06-17-2006
are both DCs up and running, available and reachable?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jose Luis" <> wrote in message
news:...
> Hi all,
>
> We are getting a error message when we try to tranfer FSMO to another
> Domain Controller - "DsBindW error 0x6ba (The RPC server is unavailable)".
> I t occur using graphics interface or using ntdsutil command.
>
> The fmso┤s owner is a DC using W2k and the new DC that will assume the
> roles is W2k3.
>
> Also the event viewer show this warnning:
> Source: NTDS KCC
>
> The attempt to establish a replication link with parameters
>
> Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
> Source DSA DN: CN=NTDS
> Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites, CN=Configuration,DC=mmmweb,DC=com,DC=mx
> Source DSA Address:
> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
> Inter-site Transport (if any):
>
> failed with the following status:
>
> The RPC server is unavailable.
>
> The record data is the status code. This operation will be retried.
>
> Any idea abut this error..? Please let me know any hints.
>
> Regards,
>
> JosÚ Luis
>



 
Reply With Quote
 
 
 
 
Jose Luis
Guest
Posts: n/a

 
      06-17-2006
Yes, both of them are up, running and available. I believe the problem is my
DC(1) with w2k (it own fsmo and GC). I want to tranfer the roles in another
DC with w2k3 in order to replace the hardware for DC(1) but when I try to do
this I got the RPC error.

Any idea ..?

Thanks


"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@gmail .com> escribiˇ en el
mensaje news:...
> are both DCs up and running, available and reachable?
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> ------------------------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no
> rights!
> * Always test before implementing!
> ------------------------------------------------------------------------------------------
> #################################################
> #################################################
> ------------------------------------------------------------------------------------------
> "Jose Luis" <> wrote in message
> news:...
>> Hi all,
>>
>> We are getting a error message when we try to tranfer FSMO to another
>> Domain Controller - "DsBindW error 0x6ba (The RPC server is
>> unavailable)". I t occur using graphics interface or using ntdsutil
>> command.
>>
>> The fmso┤s owner is a DC using W2k and the new DC that will assume the
>> roles is W2k3.
>>
>> Also the event viewer show this warnning:
>> Source: NTDS KCC
>>
>> The attempt to establish a replication link with parameters
>>
>> Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
>> Source DSA DN: CN=NTDS
>> Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites, CN=Configuration,DC=mmmweb,DC=com,DC=mx
>> Source DSA Address:
>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
>> Inter-site Transport (if any):
>>
>> failed with the following status:
>>
>> The RPC server is unavailable.
>>
>> The record data is the status code. This operation will be retried.
>>
>> Any idea abut this error..? Please let me know any hints.
>>
>> Regards,
>>
>> JosÚ Luis
>>

>
>



 
Reply With Quote
 
Jorge de Almeida Pinto [MVP]
Guest
Posts: n/a

 
      06-17-2006
any event ID errors/warnings?

run:
DCDIAG /D /C /V on both

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jose Luis" <> wrote in message
news:...
> Yes, both of them are up, running and available. I believe the problem is
> my DC(1) with w2k (it own fsmo and GC). I want to tranfer the roles in
> another DC with w2k3 in order to replace the hardware for DC(1) but when I
> try to do this I got the RPC error.
>
> Any idea ..?
>
> Thanks
>
>
> "Jorge de Almeida Pinto [MVP]"
> <SubstituteThisWithMyFullNameSeparatedByDots@gmail .com> escribiˇ en el
> mensaje news:...
>> are both DCs up and running, available and reachable?
>>
>> --
>>
>> Cheers,
>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>
>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>>
>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>> ------------------------------------------------------------------------------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test before implementing!
>> ------------------------------------------------------------------------------------------
>> #################################################
>> #################################################
>> ------------------------------------------------------------------------------------------
>> "Jose Luis" <> wrote in message
>> news:...
>>> Hi all,
>>>
>>> We are getting a error message when we try to tranfer FSMO to another
>>> Domain Controller - "DsBindW error 0x6ba (The RPC server is
>>> unavailable)". I t occur using graphics interface or using ntdsutil
>>> command.
>>>
>>> The fmso┤s owner is a DC using W2k and the new DC that will assume the
>>> roles is W2k3.
>>>
>>> Also the event viewer show this warnning:
>>> Source: NTDS KCC
>>>
>>> The attempt to establish a replication link with parameters
>>>
>>> Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
>>> Source DSA DN: CN=NTDS
>>> Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites, CN=Configuration,DC=mmmweb,DC=com,DC=mx
>>> Source DSA Address:
>>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
>>> Inter-site Transport (if any):
>>>
>>> failed with the following status:
>>>
>>> The RPC server is unavailable.
>>>
>>> The record data is the status code. This operation will be retried.
>>>
>>> Any idea abut this error..? Please let me know any hints.
>>>
>>> Regards,
>>>
>>> JosÚ Luis
>>>

>>
>>

>
>



 
Reply With Quote
 
Jose Luis
Guest
Posts: n/a

 
      06-17-2006
I found some test failed and y copied them here (just error message). What
am i doing wrong ?

In W2k server = cmemast001 (192.168.1.250, 192.168.1.240)
--------------------------------
Doing primary tests

Testing server: MMM\CMEMAST001
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
These servers can't get changes from home server CMEMAST001:
MMM/CMEMAST004
* Analyzing the connection topology for
CN=Configuration,DC=mmmweb,DC=com,DC=mx.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for
CN=Configuration,DC=mmmweb,DC=com,DC=mx.
These servers can't get changes from home server CMEMAST001:
MMM/CMEMAST004
* Analyzing the connection topology for DC=mmmweb,DC=com,DC=mx.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
Downstream topology is disconnected for DC=mmmweb,DC=com,DC=mx.
These servers can't get changes from home server CMEMAST001:
MMM/CMEMAST004
......................... CMEMAST001 failed test Topology

Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/16/2006 20:13:35
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/16/2006 20:13:58
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/16/2006 20:14:21
(Event String could not be retrieved)
......................... CMEMAST001 failed test kccevent



In W2k3 server = cmemast004 (192.168.1.230) (only error messages)
--------------------------------
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\CMEMAST004\netlogon)
[CMEMAST004] An net use or LsaPolicy operation failed with error
1203, Win32 Error 1203.
......................... CMEMAST004 failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for
\\cmemast001.mmmweb.com.mx, when we were trying to reach CMEMAST004.
Server is not responding or is not considered suitable.
The DC CMEMAST004 is advertising itself as a DC and having a DS.
The DC CMEMAST004 is advertising as an LDAP server
The DC CMEMAST004 is advertising as having a writeable directory
The DC CMEMAST004 is advertising as a Key Distribution Center
The DC CMEMAST004 is advertising as a time server
......................... CMEMAST004 failed test Advertising

Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after
the SYSVOL has been shared. Failing SYSVOL replication problems may
cause Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 06/15/2006 20:52:59
(Event String could not be retrieved)
......................... CMEMAST004 failed test frsevent

Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC00010E1
Time Generated: 06/16/2006 19:20:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00010E1
Time Generated: 06/16/2006 19:21:24
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 06/16/2006 20:15:03
(Event String could not be retrieved)
......................... CMEMAST004 failed test systemlog

DNS Tests are running and not hung. Please wait a few minutes...

Starting test: DNS
Test results for domain controllers:

DC: cmemast004.mmmweb.com.mx
Domain: mmmweb.com.mx


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 1.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] HP NC7781 Gigabit Server Adapter:
MAC address is 00:11:85:E7:BF:68
IP address is static
IP address: 192.168.1.230
DNS servers:
192.168.1.230 (<name unavailable>) [Valid]
Warning: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
[Invalid (unreachable)]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found
(secondary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
Name: b.root-servers.net. IP: 192.228.79.201 [Invalid]
Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
Name: e.root-servers.net. IP: 192.203.230.10 [Invalid]
Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
Name: l.root-servers.net. IP: 198.32.64.12 [Invalid]
Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]

TEST: Delegations (Del)
Delegation information for the zone: mmmweb.com.mx.
Delegated domain name: nueva.mmmweb.com.mx.
Error: DNS server: cmemast001.mmmweb.com.mx.
IP:192.168.1.240 [Broken delegation]
Error: DNS server: cmemast001.mmmweb.com.mx.
IP:192.168.1.250 [Broken delegation]

TEST: Dynamic update (Dyn)
Dynamic Update tests are skipped since mmmweb.com.mx
is a secondary zone. DNS Record updates can't happen on
the secondary zones

TEST: Records registration (RReg)
Network Adapter [00000001] HP NC7781 Gigabit Server
Adapter:
Matching A record found at DNS server 192.168.1.230:
cmemast004.mmmweb.com.mx

Matching CNAME record found at DNS server
192.168.1.230:
49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx

Matching DC SRV record found at DNS server
192.168.1.230:
_ldap._tcp.dc._msdcs.mmmweb.com.mx


DNS server: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.250
[Error details: 1460 (Type: Win32 - Description: Esta
operación ha regresado debido a que el tiempo de espera ha caducado.)]
Name resolution is not functional. _ldap._tcp.mmmweb.com.mx.
failed on the DNS server 192.168.1.250
[Error details: 1460 (Type: Win32 - Description: Esta
operación ha regresado debido a que el tiempo de espera ha caducado.)]
Delegation is broken for the domain nueva.mmmweb.com.mx. on
the DNS server 192.168.1.250
[Error details: 1460 (Type: Win32 - Description: Esta
operación ha regresado debido a que el tiempo de espera ha caducado.) -
Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS server
192.168.1.250]

DNS server: 192.168.1.240 (cmemast001.mmmweb.com.mx.)
1 test failure on this DNS server
This is a valid DNS server.
Delegation is broken for the domain nueva.mmmweb.com.mx. on
the DNS server 192.168.1.240
[Error details: 1460 (Type: Win32 - Description: Esta
operación ha regresado debido a que el tiempo de espera ha caducado.) -
Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS server
192.168.1.240]

DNS server: 192.168.1.230 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the
forest root domain is registered

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg
Ext
__________________________________________________ ______________
Domain: mmmweb.com.mx
cmemast004 PASS WARN PASS FAIL n/a PASS
n/a

......................... mmmweb.com.mx failed test DNS


"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@gmail .com> escribiˇ en el
mensaje news:...
> any event ID errors/warnings?
>
> run:
> DCDIAG /D /C /V on both
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> ------------------------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no
> rights!
> * Always test before implementing!
> ------------------------------------------------------------------------------------------
> #################################################
> #################################################
> ------------------------------------------------------------------------------------------
> "Jose Luis" <> wrote in message
> news:...
>> Yes, both of them are up, running and available. I believe the problem is
>> my DC(1) with w2k (it own fsmo and GC). I want to tranfer the roles in
>> another DC with w2k3 in order to replace the hardware for DC(1) but when
>> I try to do this I got the RPC error.
>>
>> Any idea ..?
>>
>> Thanks
>>
>>
>> "Jorge de Almeida Pinto [MVP]"
>> <SubstituteThisWithMyFullNameSeparatedByDots@gmail .com> escribiˇ en el
>> mensaje news:...
>>> are both DCs up and running, available and reachable?
>>>
>>> --
>>>
>>> Cheers,
>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>
>>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>>>
>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>> ------------------------------------------------------------------------------------------
>>> * This posting is provided "AS IS" with no warranties and confers no
>>> rights!
>>> * Always test before implementing!
>>> ------------------------------------------------------------------------------------------
>>> #################################################
>>> #################################################
>>> ------------------------------------------------------------------------------------------
>>> "Jose Luis" <> wrote in message
>>> news:...
>>>> Hi all,
>>>>
>>>> We are getting a error message when we try to tranfer FSMO to another
>>>> Domain Controller - "DsBindW error 0x6ba (The RPC server is
>>>> unavailable)". I t occur using graphics interface or using ntdsutil
>>>> command.
>>>>
>>>> The fmso┤s owner is a DC using W2k and the new DC that will assume the
>>>> roles is W2k3.
>>>>
>>>> Also the event viewer show this warnning:
>>>> Source: NTDS KCC
>>>>
>>>> The attempt to establish a replication link with parameters
>>>>
>>>> Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
>>>> Source DSA DN: CN=NTDS
>>>> Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites, CN=Configuration,DC=mmmweb,DC=com,DC=mx
>>>> Source DSA Address:
>>>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
>>>> Inter-site Transport (if any):
>>>>
>>>> failed with the following status:
>>>>
>>>> The RPC server is unavailable.
>>>>
>>>> The record data is the status code. This operation will be retried.
>>>>
>>>> Any idea abut this error..? Please let me know any hints.
>>>>
>>>> Regards,
>>>>
>>>> JosÚ Luis
>>>>
>>>
>>>

>>
>>

>
>



 
Reply With Quote
 
Jorge de Almeida Pinto [MVP]
Guest
Posts: n/a

 
      06-17-2006
if I'm not mistaken the SYSVOL of the w2k3 DC is empty...right? (reason I
say this is that the netlogon test failed)

you are also having replication issues between the 2 DCs.

most probably this is due to DNS configuration and that the w2k is
multihomed (which is not recommended as it requires additional
configuration)

A while ago I found a post written by Ace Fekay and some other people about
multi-homed DCs.

############################################
BY: Ace Fekay
Here you go...but first my views on multi-homed DCs... (ouch!)
==================================
Multi-homed DCs, What a Mess... It cuts into your drinking time...


Honestly, multi-homed DCs are not recommended because of the associated
issues that can occur, as you've encountered. We usually recommend
purchasing an inexpensive Linksys, DLink, etc, Cable/DSL router to perform
NAT for you, take out the extra NIC off the DC, but still let the DC handle
DHCP (and not the router).

Since this DC is multi-homed, it requires additional configuration to
prevent the public interface addresses from being registered in DNS. This
creates a problem for internal clients locating AD to authenticate and find
other services and resources such as the Global Catalog, file sharing and
the SYSVOL DFS share and can cause GPO errors with Userenv 1000 events to be
logged, authenticating to shares and printers, logging on takes forever,
among numerous other issues.

But if you like, there are some registry changes to eliminate the
registration of the external NIC. Here's the whole list of manual steps to
follow (this inculdes some of the stuff I already gave you):

But believe me, it's much easier to just get a separate NAT device or
multihome a non-DC then having to alter the DC. - Good luck!

===================================
1. In the DNS management console, in the properties of the DNS server,
Interfaces tab, set DNS to only listen on the private IP you want in DNS for
the server. This is for your private network that your clients use.


2. Add this registry entry with regedt32 to stop the (same as parent folder)
records and the GC record, also called the LdapIpAddress and GcIpAddress.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netlogon\Parameters
On the Edit menu, point to New, and then click REG_MULTI_SZ as the data
type:

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

(and in the box, you would type in the following to stop their
registration):

LdapIpAddress
GcIpAddress


3. Then you will need to manually create the LdapIpAddress and GcIpAddress
records in DNS.
The LdapIpAddress resolves to the domain controllers in the domain. The
GcIpAddress resolves
to the Global Catalogs in the forest as gc._msdcs.forestroot.com.

To manually create the LdapIpAddress, create a new host but leave the name
field blank,
give it the IP of the internal interface. Windows 2k barks at you saying
(same as parent folder) is not a valid host name,click OK to create the
record anyway.
Windows 2003 won't bark. It's house-broken out of the box.

To manually create the GcIpAddress, navigate to the _msdcs folder, under it
click the gc
folder, then rt-click, create new host, leave the name field blank, give it
the IP of the
internal interface. Windows 2k barks at you saying (same as parent folder)
is not a valid
host name,click OK to create the record anyway. Windows 2003 won't bark.


4. To stop registration of both NICs, add (if it exists) or alter this reg
entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netlogon\Parameters

On the Edit menu, point to New, and then click DWORD Value to add the
following registry value:
Value name: RegisterDnsARecords
Data type: REG_DWORD
Value data: 0

Then manually create a new host record for the server name in DNS and give
it the IP of the internal interface


5. Right click on Network places, choose properties, in the Advanced menu
item
select Advanced settings. Make sure the internal interface is at the top of
the connections pane and File sharing is enabled on the internal interface.


6. On the outer NIC, disable File and Print Services, Microsoft Client
Service,
then go into IP properties, click on Advanced, choose the WINS tab and
disable NetBIOS.


7. On the outer NIC, only put in the internal IP address of the DNS server
(this machine).


8. If you haven't done so, configure a forwarder. You can use 4.2.2.2 if not
sure which
DNS to forward to until you've got the DNS address of your ISP. How to set a
forwarder?
Depending on your operating system,choose one of the following articles:

300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202&FR=1

323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
(How to configure a forwarder):
http://support.microsoft.com/d/id?=323380



*** Some additional reading:

246804 - How to enable or disable DNS updates in Windows 2000 and in Windows
Server 2003
http://support.microsoft.com/?id=246804

295328 - Private Network Interfaces on a Domain Controller Are Registered in
DNS
[also shows DnsAvoidRegisterRecords LdapIpAddress to avoid reg sameasparent
private IP]:
http://support.microsoft.com/?id=295328

306602 - How to Optimize the Location of a DC or GC That Resides Outside of
a Client's
Site [Includes info LdapIpAddress and GcIpAddress information and the SRV
mnemonic values]:
http://support.microsoft.com/?id=306602

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003 (including how-to configure a forwarder):
http://support.microsoft.com/default...b;en-us;825036

291382 - Frequently asked questions about Windows 2000 DNS and Windows
Server 2003 DNS
http://support.microsoft.com/default...b;en-us;291382

296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
[Registry Entry]:
http://support.microsoft.com/?id=296379

292822 - Name Resolution and Connectivity Issues on Windows 2000 Domain
Controller with Routing and Remote Access and DNS Insta {DNS and RRAS and
unwanted IPs registering]:
http://support.microsoft.com/?id=292822
##############################################
IN addition to Mark's suggestions (good link he provided!), if you want to
keep the extra NIC turned on (for wahtever reason, but I really suggest to
disable it), here are some extra steps to follow:

1. Insure that all the NICS only point to your internal DNS server(s) only
and none others, such as your ISP's DNS servers' IP addresses.

2. In Network & Dialup properties, Advanced Menu item, Advanced Settings,
move the internal NIC (the network that AD is on) to the top of the binding
order (top of the list).

3. Disable the ability for the outer NIC to register. The procedure, as
mentioned, involves identifying the outer NIC's GUID number. This link will
show you how:
246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations (per
NIC too):
http://support.microsoft.com/?id=246804

4. Disable NetBIOS on the outside NIC. That is performed by choosing to
disable NetBIOS in IP Properties, Advanced, and you will find that under the
"WINS" tab. You may want to look at step #3 in the article to show you how
to disable NetBIOS on the RRAS interfaces if this is a RRAS server.
296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
[Registry Entry]:
http://support.microsoft.com/?id=296379

Note: A standard Windows service, called the "Browser service", provides the
list of machines, workgroup and domain names that you see in "My Network
Places" (or the legacy term "Network Neighborhood"). The Browser service
relies on the NetBIOS service. One major requirement of NetBIOS service is a
machine can only have one name to one IP address. It's sort of a
fingerprint. You can't have two brothers named Darrell. A multihomed machine
will cause duplicate name errors on itself because Windows sees itself with
the same name in the Browse List (My Network Places), but with different
IPs. You can only have one, hence the error generated.

5. Disable the "File and Print Service" and disable the "MS Client Service"
on the outer NIC. That is done in NIC properties by unchecking the
respective service under the general properties page. If you need these
services on the outside NIC (which is unlikely), which allow other machines
to connect to your machine for accessing resource on your machine (shared
folders, printers, etc.), then you will probably need to keep them enabled.

6. Uncheck "Register this connection" under IP properties, Advanced
settings, "DNS" tab.

7. Delete the outer NIC IP address, disable Netlogon registration, and
manually create the required records

a. In DNS under the zone name, (your DNS domain name), delete the outer
NIC's
IP references for the "LdapIpAddress". If this is a GC, you will need to
delete the GC IP record as well (the "GcIpAddress"). To do that, in the DNS
console, under the zone name, you will see the _msdcs folder. Under that,
you will see the _gc folder. To the right, you will see the IP address
referencing the GC address. That is called the GcIpAddress. Delete the IP
addresses referencing the outer NIC.

i. To stop these two records from registering that information, use the
steps provided in the links below:
Private Network Interfaces on a Domain Controller Are Registered in
DNShttp://support.microsoft.com/?id=295328

ii. The one section of the article that disables these records is done with
this registry entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netlogon\Parameters
(Create this Multi-String Value under it):
Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ
Values: LdapIpAddress
GcIpAddress

iii. Here is more information on these and other Netlogon Service records:
Restrict the DNS SRV resource records updated by the Netlogon service
[including GC]:
http://www.microsoft.com/technet/tre...o_rr_in_ad.asp

b. Then you will need to manually create these two records in DNS with the
IP addresses that you need for the DC. To create the LdapIpAddress, create a
new host under the domain, but leave the "hostname" field blank, and provide
the internal IP of the DC, which results in a record that looks like:
(same as parent) A 192.168.5.200 (192.168.5.200 is used for illustrative
purposes)

i. You need to also manually create the GcIpAddress as well, if this is a
GC. That would be under the gc._msdcs. SRV record under the zone. It is
created in the same fashion as the LdapIpAddress mentioned above.

8. In the DNS console, right click the server name, choose properties, then
under the "Interfaces" tab, force it only to listen to the internal NIC's IP
address, and not the IP address of the outer NIC.

9. Since this is also a DNS server, the IPs from all NICs will register,
even if you tell it not to in the NIC properties. See this to show you how
to stop that behavior (this procedure is for Windows 2000, but will also
work for Windows 2003):
275554 - The Host's A Record Is Registered in DNS After You Choose Not to
Register the Connection's Address:
http://support.microsoft.com/?id=275554
############################
Check out this link. If you set this up right it will prevent the
2nd NIC from registering.

http://support.microsoft.com/default...b;en-us;289735

The only catch here is you must manually create the GC record and Same
as Parent A record for the host. Chances are they are already there
though!
############################################

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jose Luis" <> wrote in message
news:u$...
>I found some test failed and y copied them here (just error message). What
>am i doing wrong ?
>
> In W2k server = cmemast001 (192.168.1.250, 192.168.1.240)
> --------------------------------
> Doing primary tests
>
> Testing server: MMM\CMEMAST001
> Starting test: Topology
> * Configuration Topology Integrity Check
> * Analyzing the connection topology for
> CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
> * Performing upstream (of target) analysis.
> * Performing downstream (of target) analysis.
> Downstream topology is disconnected for
> CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
> These servers can't get changes from home server CMEMAST001:
> MMM/CMEMAST004
> * Analyzing the connection topology for
> CN=Configuration,DC=mmmweb,DC=com,DC=mx.
> * Performing upstream (of target) analysis.
> * Performing downstream (of target) analysis.
> Downstream topology is disconnected for
> CN=Configuration,DC=mmmweb,DC=com,DC=mx.
> These servers can't get changes from home server CMEMAST001:
> MMM/CMEMAST004
> * Analyzing the connection topology for DC=mmmweb,DC=com,DC=mx.
> * Performing upstream (of target) analysis.
> * Performing downstream (of target) analysis.
> Downstream topology is disconnected for DC=mmmweb,DC=com,DC=mx.
> These servers can't get changes from home server CMEMAST001:
> MMM/CMEMAST004
> ......................... CMEMAST001 failed test Topology
>
> Starting test: kccevent
> * The KCC Event log test
> An Warning Event occured. EventID: 0x800004F1
> Time Generated: 06/16/2006 20:13:35
> (Event String could not be retrieved)
> An Warning Event occured. EventID: 0x800004F1
> Time Generated: 06/16/2006 20:13:58
> (Event String could not be retrieved)
> An Warning Event occured. EventID: 0x800004F1
> Time Generated: 06/16/2006 20:14:21
> (Event String could not be retrieved)
> ......................... CMEMAST001 failed test kccevent
>
>
>
> In W2k3 server = cmemast004 (192.168.1.230) (only error messages)
> --------------------------------
> Starting test: NetLogons
> * Network Logons Privileges Check
> Unable to connect to the NETLOGON share! (\\CMEMAST004\netlogon)
> [CMEMAST004] An net use or LsaPolicy operation failed with error
> 1203, Win32 Error 1203.
> ......................... CMEMAST004 failed test NetLogons
> Starting test: Advertising
> Warning: DsGetDcName returned information for
> \\cmemast001.mmmweb.com.mx, when we were trying to reach CMEMAST004.
> Server is not responding or is not considered suitable.
> The DC CMEMAST004 is advertising itself as a DC and having a DS.
> The DC CMEMAST004 is advertising as an LDAP server
> The DC CMEMAST004 is advertising as having a writeable directory
> The DC CMEMAST004 is advertising as a Key Distribution Center
> The DC CMEMAST004 is advertising as a time server
> ......................... CMEMAST004 failed test Advertising
>
> Starting test: frsevent
> * The File Replication Service Event log test
> There are warning or error events within the last 24 hours after
> the SYSVOL has been shared. Failing SYSVOL replication problems
> may cause Group Policy problems.
> An Warning Event occured. EventID: 0x800034C4
> Time Generated: 06/15/2006 20:52:59
> (Event String could not be retrieved)
> ......................... CMEMAST004 failed test frsevent
>
> Starting test: systemlog
> * The System Event log test
> An Error Event occured. EventID: 0xC00010E1
> Time Generated: 06/16/2006 19:20:26
> (Event String could not be retrieved)
> An Error Event occured. EventID: 0xC00010E1
> Time Generated: 06/16/2006 19:21:24
> (Event String could not be retrieved)
> An Error Event occured. EventID: 0xC0002719
> Time Generated: 06/16/2006 20:15:03
> (Event String could not be retrieved)
> ......................... CMEMAST004 failed test systemlog
>
> DNS Tests are running and not hung. Please wait a few minutes...
>
> Starting test: DNS
> Test results for domain controllers:
>
> DC: cmemast004.mmmweb.com.mx
> Domain: mmmweb.com.mx
>
>
> TEST: Authentication (Auth)
> Authentication test: Successfully completed
>
> TEST: Basic (Basc)
> Microsoft(R) Windows(R) Server 2003, Standard Edition
> (Service Pack level: 1.0) is supported
> NETLOGON service is running
> kdc service is running
> DNSCACHE service is running
> DNS service is running
> DC is a DNS server
> Network adapters information:
> Adapter [00000001] HP NC7781 Gigabit Server Adapter:
> MAC address is 00:11:85:E7:BF:68
> IP address is static
> IP address: 192.168.1.230
> DNS servers:
> 192.168.1.230 (<name unavailable>) [Valid]
> Warning: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
> [Invalid (unreachable)]
> The A record for this DC was found
> The SOA record for the Active Directory zone was found
> The Active Directory zone on this DC/DNS server was found
> (secondary)
> Root zone on this DC/DNS server was not found
>
> TEST: Forwarders/Root hints (Forw)
> Recursion is enabled
> Forwarders are not configured on this DNS server
> Root hint Information:
> Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
> Name: b.root-servers.net. IP: 192.228.79.201 [Invalid]
> Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
> Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
> Name: e.root-servers.net. IP: 192.203.230.10 [Invalid]
> Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
> Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
> Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
> Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
> Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
> Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
> Name: l.root-servers.net. IP: 198.32.64.12 [Invalid]
> Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
>
> TEST: Delegations (Del)
> Delegation information for the zone: mmmweb.com.mx.
> Delegated domain name: nueva.mmmweb.com.mx.
> Error: DNS server: cmemast001.mmmweb.com.mx.
> IP:192.168.1.240 [Broken delegation]
> Error: DNS server: cmemast001.mmmweb.com.mx.
> IP:192.168.1.250 [Broken delegation]
>
> TEST: Dynamic update (Dyn)
> Dynamic Update tests are skipped since mmmweb.com.mx
> is a secondary zone. DNS Record updates can't happen on
> the secondary zones
>
> TEST: Records registration (RReg)
> Network Adapter [00000001] HP NC7781 Gigabit Server
> Adapter:
> Matching A record found at DNS server 192.168.1.230:
> cmemast004.mmmweb.com.mx
>
> Matching CNAME record found at DNS server
> 192.168.1.230:
>
> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
>
> Matching DC SRV record found at DNS server
> 192.168.1.230:
> _ldap._tcp.dc._msdcs.mmmweb.com.mx
>
>
> DNS server: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
> 2 test failures on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.250
> [Error details: 1460 (Type: Win32 - Description: Esta
> operación ha regresado debido a que el tiempo de espera ha caducado.)]
> Name resolution is not functional. _ldap._tcp.mmmweb.com.mx.
> failed on the DNS server 192.168.1.250
> [Error details: 1460 (Type: Win32 - Description: Esta
> operación ha regresado debido a que el tiempo de espera ha caducado.)]
> Delegation is broken for the domain nueva.mmmweb.com.mx. on
> the DNS server 192.168.1.250
> [Error details: 1460 (Type: Win32 - Description: Esta
> operación ha regresado debido a que el tiempo de espera ha caducado.) -
> Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS server
> 192.168.1.250]
>
> DNS server: 192.168.1.240 (cmemast001.mmmweb.com.mx.)
> 1 test failure on this DNS server
> This is a valid DNS server.
> Delegation is broken for the domain nueva.mmmweb.com.mx. on
> the DNS server 192.168.1.240
> [Error details: 1460 (Type: Win32 - Description: Esta
> operación ha regresado debido a que el tiempo de espera ha caducado.) -
> Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS server
> 192.168.1.240]
>
> DNS server: 192.168.1.230 (<name unavailable>)
> All tests passed on this DNS server
> This is a valid DNS server.
> Name resolution is funtional. _ldap._tcp SRV record for the
> forest root domain is registered
>
> Summary of DNS test results:
>
> Auth Basc Forw Del Dyn RReg
> Ext
>
> __________________________________________________ ______________
> Domain: mmmweb.com.mx
> cmemast004 PASS WARN PASS FAIL n/a PASS
> n/a
>
> ......................... mmmweb.com.mx failed test DNS
>
>
> "Jorge de Almeida Pinto [MVP]"
> <SubstituteThisWithMyFullNameSeparatedByDots@gmail .com> escribiˇ en el
> mensaje news:...
>> any event ID errors/warnings?
>>
>> run:
>> DCDIAG /D /C /V on both
>>
>> --
>>
>> Cheers,
>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>
>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>>
>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>> ------------------------------------------------------------------------------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test before implementing!
>> ------------------------------------------------------------------------------------------
>> #################################################
>> #################################################
>> ------------------------------------------------------------------------------------------
>> "Jose Luis" <> wrote in message
>> news:...
>>> Yes, both of them are up, running and available. I believe the problem
>>> is my DC(1) with w2k (it own fsmo and GC). I want to tranfer the roles
>>> in another DC with w2k3 in order to replace the hardware for DC(1) but
>>> when I try to do this I got the RPC error.
>>>
>>> Any idea ..?
>>>
>>> Thanks
>>>
>>>
>>> "Jorge de Almeida Pinto [MVP]"
>>> <SubstituteThisWithMyFullNameSeparatedByDots@gmail .com> escribiˇ en el
>>> mensaje news:...
>>>> are both DCs up and running, available and reachable?
>>>>
>>>> --
>>>>
>>>> Cheers,
>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>>
>>>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>>>>
>>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>>> ------------------------------------------------------------------------------------------
>>>> * This posting is provided "AS IS" with no warranties and confers no
>>>> rights!
>>>> * Always test before implementing!
>>>> ------------------------------------------------------------------------------------------
>>>> #################################################
>>>> #################################################
>>>> ------------------------------------------------------------------------------------------
>>>> "Jose Luis" <> wrote in message
>>>> news:...
>>>>> Hi all,
>>>>>
>>>>> We are getting a error message when we try to tranfer FSMO to
>>>>> another Domain Controller - "DsBindW error 0x6ba (The RPC server is
>>>>> unavailable)". I t occur using graphics interface or using ntdsutil
>>>>> command.
>>>>>
>>>>> The fmso┤s owner is a DC using W2k and the new DC that will assume the
>>>>> roles is W2k3.
>>>>>
>>>>> Also the event viewer show this warnning:
>>>>> Source: NTDS KCC
>>>>>
>>>>> The attempt to establish a replication link with parameters
>>>>>
>>>>> Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
>>>>> Source DSA DN: CN=NTDS
>>>>> Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites, CN=Configuration,DC=mmmweb,DC=com,DC=mx
>>>>> Source DSA Address:
>>>>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
>>>>> Inter-site Transport (if any):
>>>>>
>>>>> failed with the following status:
>>>>>
>>>>> The RPC server is unavailable.
>>>>>
>>>>> The record data is the status code. This operation will be retried.
>>>>>
>>>>> Any idea abut this error..? Please let me know any hints.
>>>>>
>>>>> Regards,
>>>>>
>>>>> JosÚ Luis
>>>>>
>>>>
>>>>
>>>
>>>

>>
>>

>
>



 
Reply With Quote
 
Jose Luis
Guest
Posts: n/a

 
      06-17-2006
Why do you say that W2k is multihomed ? I don┤t get that part.

"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@gmail .com> escribiˇ en el
mensaje news:%...
> if I'm not mistaken the SYSVOL of the w2k3 DC is empty...right? (reason I
> say this is that the netlogon test failed)
>
> you are also having replication issues between the 2 DCs.
>
> most probably this is due to DNS configuration and that the w2k is
> multihomed (which is not recommended as it requires additional
> configuration)
>
> A while ago I found a post written by Ace Fekay and some other people
> about multi-homed DCs.
>
> ############################################
> BY: Ace Fekay
> Here you go...but first my views on multi-homed DCs... (ouch!)
> ==================================
> Multi-homed DCs, What a Mess... It cuts into your drinking time...
>
>
> Honestly, multi-homed DCs are not recommended because of the associated
> issues that can occur, as you've encountered. We usually recommend
> purchasing an inexpensive Linksys, DLink, etc, Cable/DSL router to perform
> NAT for you, take out the extra NIC off the DC, but still let the DC
> handle
> DHCP (and not the router).
>
> Since this DC is multi-homed, it requires additional configuration to
> prevent the public interface addresses from being registered in DNS. This
> creates a problem for internal clients locating AD to authenticate and
> find
> other services and resources such as the Global Catalog, file sharing and
> the SYSVOL DFS share and can cause GPO errors with Userenv 1000 events to
> be
> logged, authenticating to shares and printers, logging on takes forever,
> among numerous other issues.
>
> But if you like, there are some registry changes to eliminate the
> registration of the external NIC. Here's the whole list of manual steps to
> follow (this inculdes some of the stuff I already gave you):
>
> But believe me, it's much easier to just get a separate NAT device or
> multihome a non-DC then having to alter the DC. - Good luck!
>
> ===================================
> 1. In the DNS management console, in the properties of the DNS server,
> Interfaces tab, set DNS to only listen on the private IP you want in DNS
> for
> the server. This is for your private network that your clients use.
>
>
> 2. Add this registry entry with regedt32 to stop the (same as parent
> folder)
> records and the GC record, also called the LdapIpAddress and GcIpAddress.
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netlogon\Parameters
> On the Edit menu, point to New, and then click REG_MULTI_SZ as the data
> type:
>
> Registry value: DnsAvoidRegisterRecords
> Data type: REG_MULTI_SZ
>
> (and in the box, you would type in the following to stop their
> registration):
>
> LdapIpAddress
> GcIpAddress
>
>
> 3. Then you will need to manually create the LdapIpAddress and GcIpAddress
> records in DNS.
> The LdapIpAddress resolves to the domain controllers in the domain. The
> GcIpAddress resolves
> to the Global Catalogs in the forest as gc._msdcs.forestroot.com.
>
> To manually create the LdapIpAddress, create a new host but leave the name
> field blank,
> give it the IP of the internal interface. Windows 2k barks at you saying
> (same as parent folder) is not a valid host name,click OK to create the
> record anyway.
> Windows 2003 won't bark. It's house-broken out of the box.
>
> To manually create the GcIpAddress, navigate to the _msdcs folder, under
> it
> click the gc
> folder, then rt-click, create new host, leave the name field blank, give
> it
> the IP of the
> internal interface. Windows 2k barks at you saying (same as parent folder)
> is not a valid
> host name,click OK to create the record anyway. Windows 2003 won't bark.
>
>
> 4. To stop registration of both NICs, add (if it exists) or alter this reg
> entry:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netlogon\Parameters
>
> On the Edit menu, point to New, and then click DWORD Value to add the
> following registry value:
> Value name: RegisterDnsARecords
> Data type: REG_DWORD
> Value data: 0
>
> Then manually create a new host record for the server name in DNS and give
> it the IP of the internal interface
>
>
> 5. Right click on Network places, choose properties, in the Advanced menu
> item
> select Advanced settings. Make sure the internal interface is at the top
> of
> the connections pane and File sharing is enabled on the internal
> interface.
>
>
> 6. On the outer NIC, disable File and Print Services, Microsoft Client
> Service,
> then go into IP properties, click on Advanced, choose the WINS tab and
> disable NetBIOS.
>
>
> 7. On the outer NIC, only put in the internal IP address of the DNS server
> (this machine).
>
>
> 8. If you haven't done so, configure a forwarder. You can use 4.2.2.2 if
> not
> sure which
> DNS to forward to until you've got the DNS address of your ISP. How to set
> a
> forwarder?
> Depending on your operating system,choose one of the following articles:
>
> 300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
> http://support.microsoft.com/?id=300202&FR=1
>
> 323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
> (How to configure a forwarder):
> http://support.microsoft.com/d/id?=323380
>
>
>
> *** Some additional reading:
>
> 246804 - How to enable or disable DNS updates in Windows 2000 and in
> Windows
> Server 2003
> http://support.microsoft.com/?id=246804
>
> 295328 - Private Network Interfaces on a Domain Controller Are Registered
> in
> DNS
> [also shows DnsAvoidRegisterRecords LdapIpAddress to avoid reg
> sameasparent
> private IP]:
> http://support.microsoft.com/?id=295328
>
> 306602 - How to Optimize the Location of a DC or GC That Resides Outside
> of
> a Client's
> Site [Includes info LdapIpAddress and GcIpAddress information and the SRV
> mnemonic values]:
> http://support.microsoft.com/?id=306602
>
> 825036 - Best practices for DNS client settings in Windows 2000 Server and
> in Windows Server 2003 (including how-to configure a forwarder):
> http://support.microsoft.com/default...b;en-us;825036
>
> 291382 - Frequently asked questions about Windows 2000 DNS and Windows
> Server 2003 DNS
> http://support.microsoft.com/default...b;en-us;291382
>
> 296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
> [Registry Entry]:
> http://support.microsoft.com/?id=296379
>
> 292822 - Name Resolution and Connectivity Issues on Windows 2000 Domain
> Controller with Routing and Remote Access and DNS Insta {DNS and RRAS and
> unwanted IPs registering]:
> http://support.microsoft.com/?id=292822
> ##############################################
> IN addition to Mark's suggestions (good link he provided!), if you want to
> keep the extra NIC turned on (for wahtever reason, but I really suggest to
> disable it), here are some extra steps to follow:
>
> 1. Insure that all the NICS only point to your internal DNS server(s) only
> and none others, such as your ISP's DNS servers' IP addresses.
>
> 2. In Network & Dialup properties, Advanced Menu item, Advanced Settings,
> move the internal NIC (the network that AD is on) to the top of the
> binding
> order (top of the list).
>
> 3. Disable the ability for the outer NIC to register. The procedure, as
> mentioned, involves identifying the outer NIC's GUID number. This link
> will
> show you how:
> 246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations (per
> NIC too):
> http://support.microsoft.com/?id=246804
>
> 4. Disable NetBIOS on the outside NIC. That is performed by choosing to
> disable NetBIOS in IP Properties, Advanced, and you will find that under
> the
> "WINS" tab. You may want to look at step #3 in the article to show you how
> to disable NetBIOS on the RRAS interfaces if this is a RRAS server.
> 296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
> [Registry Entry]:
> http://support.microsoft.com/?id=296379
>
> Note: A standard Windows service, called the "Browser service", provides
> the
> list of machines, workgroup and domain names that you see in "My Network
> Places" (or the legacy term "Network Neighborhood"). The Browser service
> relies on the NetBIOS service. One major requirement of NetBIOS service is
> a
> machine can only have one name to one IP address. It's sort of a
> fingerprint. You can't have two brothers named Darrell. A multihomed
> machine
> will cause duplicate name errors on itself because Windows sees itself
> with
> the same name in the Browse List (My Network Places), but with different
> IPs. You can only have one, hence the error generated.
>
> 5. Disable the "File and Print Service" and disable the "MS Client
> Service"
> on the outer NIC. That is done in NIC properties by unchecking the
> respective service under the general properties page. If you need these
> services on the outside NIC (which is unlikely), which allow other
> machines
> to connect to your machine for accessing resource on your machine (shared
> folders, printers, etc.), then you will probably need to keep them
> enabled.
>
> 6. Uncheck "Register this connection" under IP properties, Advanced
> settings, "DNS" tab.
>
> 7. Delete the outer NIC IP address, disable Netlogon registration, and
> manually create the required records
>
> a. In DNS under the zone name, (your DNS domain name), delete the outer
> NIC's
> IP references for the "LdapIpAddress". If this is a GC, you will need to
> delete the GC IP record as well (the "GcIpAddress"). To do that, in the
> DNS
> console, under the zone name, you will see the _msdcs folder. Under that,
> you will see the _gc folder. To the right, you will see the IP address
> referencing the GC address. That is called the GcIpAddress. Delete the IP
> addresses referencing the outer NIC.
>
> i. To stop these two records from registering that information, use the
> steps provided in the links below:
> Private Network Interfaces on a Domain Controller Are Registered in
> DNShttp://support.microsoft.com/?id=295328
>
> ii. The one section of the article that disables these records is done
> with
> this registry entry:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netlogon\Parameters
> (Create this Multi-String Value under it):
> Registry value: DnsAvoidRegisterRecords
> Data type: REG_MULTI_SZ
> Values: LdapIpAddress
> GcIpAddress
>
> iii. Here is more information on these and other Netlogon Service records:
> Restrict the DNS SRV resource records updated by the Netlogon service
> [including GC]:
> http://www.microsoft.com/technet/tre...o_rr_in_ad.asp
>
> b. Then you will need to manually create these two records in DNS with the
> IP addresses that you need for the DC. To create the LdapIpAddress, create
> a
> new host under the domain, but leave the "hostname" field blank, and
> provide
> the internal IP of the DC, which results in a record that looks like:
> (same as parent) A 192.168.5.200 (192.168.5.200 is used for illustrative
> purposes)
>
> i. You need to also manually create the GcIpAddress as well, if this is a
> GC. That would be under the gc._msdcs. SRV record under the zone. It is
> created in the same fashion as the LdapIpAddress mentioned above.
>
> 8. In the DNS console, right click the server name, choose properties,
> then
> under the "Interfaces" tab, force it only to listen to the internal NIC's
> IP
> address, and not the IP address of the outer NIC.
>
> 9. Since this is also a DNS server, the IPs from all NICs will register,
> even if you tell it not to in the NIC properties. See this to show you how
> to stop that behavior (this procedure is for Windows 2000, but will also
> work for Windows 2003):
> 275554 - The Host's A Record Is Registered in DNS After You Choose Not to
> Register the Connection's Address:
> http://support.microsoft.com/?id=275554
> ############################
> Check out this link. If you set this up right it will prevent the
> 2nd NIC from registering.
>
> http://support.microsoft.com/default...b;en-us;289735
>
> The only catch here is you must manually create the GC record and Same
> as Parent A record for the host. Chances are they are already there
> though!
> ############################################
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> ------------------------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no
> rights!
> * Always test before implementing!
> ------------------------------------------------------------------------------------------
> #################################################
> #################################################
> ------------------------------------------------------------------------------------------
> "Jose Luis" <> wrote in message
> news:u$...
>>I found some test failed and y copied them here (just error message).
>>What am i doing wrong ?
>>
>> In W2k server = cmemast001 (192.168.1.250, 192.168.1.240)
>> --------------------------------
>> Doing primary tests
>>
>> Testing server: MMM\CMEMAST001
>> Starting test: Topology
>> * Configuration Topology Integrity Check
>> * Analyzing the connection topology for
>> CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
>> * Performing upstream (of target) analysis.
>> * Performing downstream (of target) analysis.
>> Downstream topology is disconnected for
>> CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
>> These servers can't get changes from home server CMEMAST001:
>> MMM/CMEMAST004
>> * Analyzing the connection topology for
>> CN=Configuration,DC=mmmweb,DC=com,DC=mx.
>> * Performing upstream (of target) analysis.
>> * Performing downstream (of target) analysis.
>> Downstream topology is disconnected for
>> CN=Configuration,DC=mmmweb,DC=com,DC=mx.
>> These servers can't get changes from home server CMEMAST001:
>> MMM/CMEMAST004
>> * Analyzing the connection topology for DC=mmmweb,DC=com,DC=mx.
>> * Performing upstream (of target) analysis.
>> * Performing downstream (of target) analysis.
>> Downstream topology is disconnected for DC=mmmweb,DC=com,DC=mx.
>> These servers can't get changes from home server CMEMAST001:
>> MMM/CMEMAST004
>> ......................... CMEMAST001 failed test Topology
>>
>> Starting test: kccevent
>> * The KCC Event log test
>> An Warning Event occured. EventID: 0x800004F1
>> Time Generated: 06/16/2006 20:13:35
>> (Event String could not be retrieved)
>> An Warning Event occured. EventID: 0x800004F1
>> Time Generated: 06/16/2006 20:13:58
>> (Event String could not be retrieved)
>> An Warning Event occured. EventID: 0x800004F1
>> Time Generated: 06/16/2006 20:14:21
>> (Event String could not be retrieved)
>> ......................... CMEMAST001 failed test kccevent
>>
>>
>>
>> In W2k3 server = cmemast004 (192.168.1.230) (only error messages)
>> --------------------------------
>> Starting test: NetLogons
>> * Network Logons Privileges Check
>> Unable to connect to the NETLOGON share! (\\CMEMAST004\netlogon)
>> [CMEMAST004] An net use or LsaPolicy operation failed with error
>> 1203, Win32 Error 1203.
>> ......................... CMEMAST004 failed test NetLogons
>> Starting test: Advertising
>> Warning: DsGetDcName returned information for
>> \\cmemast001.mmmweb.com.mx, when we were trying to reach CMEMAST004.
>> Server is not responding or is not considered suitable.
>> The DC CMEMAST004 is advertising itself as a DC and having a DS.
>> The DC CMEMAST004 is advertising as an LDAP server
>> The DC CMEMAST004 is advertising as having a writeable directory
>> The DC CMEMAST004 is advertising as a Key Distribution Center
>> The DC CMEMAST004 is advertising as a time server
>> ......................... CMEMAST004 failed test Advertising
>>
>> Starting test: frsevent
>> * The File Replication Service Event log test
>> There are warning or error events within the last 24 hours after
>> the SYSVOL has been shared. Failing SYSVOL replication problems
>> may cause Group Policy problems.
>> An Warning Event occured. EventID: 0x800034C4
>> Time Generated: 06/15/2006 20:52:59
>> (Event String could not be retrieved)
>> ......................... CMEMAST004 failed test frsevent
>>
>> Starting test: systemlog
>> * The System Event log test
>> An Error Event occured. EventID: 0xC00010E1
>> Time Generated: 06/16/2006 19:20:26
>> (Event String could not be retrieved)
>> An Error Event occured. EventID: 0xC00010E1
>> Time Generated: 06/16/2006 19:21:24
>> (Event String could not be retrieved)
>> An Error Event occured. EventID: 0xC0002719
>> Time Generated: 06/16/2006 20:15:03
>> (Event String could not be retrieved)
>> ......................... CMEMAST004 failed test systemlog
>>
>> DNS Tests are running and not hung. Please wait a few minutes...
>>
>> Starting test: DNS
>> Test results for domain controllers:
>>
>> DC: cmemast004.mmmweb.com.mx
>> Domain: mmmweb.com.mx
>>
>>
>> TEST: Authentication (Auth)
>> Authentication test: Successfully completed
>>
>> TEST: Basic (Basc)
>> Microsoft(R) Windows(R) Server 2003, Standard Edition
>> (Service Pack level: 1.0) is supported
>> NETLOGON service is running
>> kdc service is running
>> DNSCACHE service is running
>> DNS service is running
>> DC is a DNS server
>> Network adapters information:
>> Adapter [00000001] HP NC7781 Gigabit Server Adapter:
>> MAC address is 00:11:85:E7:BF:68
>> IP address is static
>> IP address: 192.168.1.230
>> DNS servers:
>> 192.168.1.230 (<name unavailable>) [Valid]
>> Warning: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
>> [Invalid (unreachable)]
>> The A record for this DC was found
>> The SOA record for the Active Directory zone was found
>> The Active Directory zone on this DC/DNS server was
>> found (secondary)
>> Root zone on this DC/DNS server was not found
>>
>> TEST: Forwarders/Root hints (Forw)
>> Recursion is enabled
>> Forwarders are not configured on this DNS server
>> Root hint Information:
>> Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
>> Name: b.root-servers.net. IP: 192.228.79.201
>> [Invalid]
>> Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
>> Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
>> Name: e.root-servers.net. IP: 192.203.230.10
>> [Invalid]
>> Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
>> Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
>> Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
>> Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
>> Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
>> Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
>> Name: l.root-servers.net. IP: 198.32.64.12 [Invalid]
>> Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
>>
>> TEST: Delegations (Del)
>> Delegation information for the zone: mmmweb.com.mx.
>> Delegated domain name: nueva.mmmweb.com.mx.
>> Error: DNS server: cmemast001.mmmweb.com.mx.
>> IP:192.168.1.240 [Broken delegation]
>> Error: DNS server: cmemast001.mmmweb.com.mx.
>> IP:192.168.1.250 [Broken delegation]
>>
>> TEST: Dynamic update (Dyn)
>> Dynamic Update tests are skipped since mmmweb.com.mx
>> is a secondary zone. DNS Record updates can't happen on
>> the secondary zones
>>
>> TEST: Records registration (RReg)
>> Network Adapter [00000001] HP NC7781 Gigabit Server
>> Adapter:
>> Matching A record found at DNS server 192.168.1.230:
>> cmemast004.mmmweb.com.mx
>>
>> Matching CNAME record found at DNS server
>> 192.168.1.230:
>>
>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
>>
>> Matching DC SRV record found at DNS server
>> 192.168.1.230:
>> _ldap._tcp.dc._msdcs.mmmweb.com.mx
>>
>>
>> DNS server: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
>> 2 test failures on this DNS server
>> This is not a valid DNS server. PTR record query for the
>> 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.250
>> [Error details: 1460 (Type: Win32 - Description: Esta
>> operación ha regresado debido a que el tiempo de espera ha caducado.)]
>> Name resolution is not functional.
>> _ldap._tcp.mmmweb.com.mx. failed on the DNS server 192.168.1.250
>> [Error details: 1460 (Type: Win32 - Description: Esta
>> operación ha regresado debido a que el tiempo de espera ha caducado.)]
>> Delegation is broken for the domain nueva.mmmweb.com.mx. on
>> the DNS server 192.168.1.250
>> [Error details: 1460 (Type: Win32 - Description: Esta
>> operación ha regresado debido a que el tiempo de espera ha caducado.) -
>> Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS
>> server 192.168.1.250]
>>
>> DNS server: 192.168.1.240 (cmemast001.mmmweb.com.mx.)
>> 1 test failure on this DNS server
>> This is a valid DNS server.
>> Delegation is broken for the domain nueva.mmmweb.com.mx. on
>> the DNS server 192.168.1.240
>> [Error details: 1460 (Type: Win32 - Description: Esta
>> operación ha regresado debido a que el tiempo de espera ha caducado.) -
>> Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS
>> server 192.168.1.240]
>>
>> DNS server: 192.168.1.230 (<name unavailable>)
>> All tests passed on this DNS server
>> This is a valid DNS server.
>> Name resolution is funtional. _ldap._tcp SRV record for the
>> forest root domain is registered
>>
>> Summary of DNS test results:
>>
>> Auth Basc Forw Del Dyn RReg
>> Ext
>>
>> __________________________________________________ ______________
>> Domain: mmmweb.com.mx
>> cmemast004 PASS WARN PASS FAIL n/a PASS
>> n/a
>>
>> ......................... mmmweb.com.mx failed test DNS
>>
>>
>> "Jorge de Almeida Pinto [MVP]"
>> <SubstituteThisWithMyFullNameSeparatedByDots@gmail .com> escribiˇ en el
>> mensaje news:...
>>> any event ID errors/warnings?
>>>
>>> run:
>>> DCDIAG /D /C /V on both
>>>
>>> --
>>>
>>> Cheers,
>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>
>>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>>>
>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>> ------------------------------------------------------------------------------------------
>>> * This posting is provided "AS IS" with no warranties and confers no
>>> rights!
>>> * Always test before implementing!
>>> ------------------------------------------------------------------------------------------
>>> #################################################
>>> #################################################
>>> ------------------------------------------------------------------------------------------
>>> "Jose Luis" <> wrote in message
>>> news:...
>>>> Yes, both of them are up, running and available. I believe the problem
>>>> is my DC(1) with w2k (it own fsmo and GC). I want to tranfer the roles
>>>> in another DC with w2k3 in order to replace the hardware for DC(1) but
>>>> when I try to do this I got the RPC error.
>>>>
>>>> Any idea ..?
>>>>
>>>> Thanks
>>>>
>>>>
>>>> "Jorge de Almeida Pinto [MVP]"
>>>> <SubstituteThisWithMyFullNameSeparatedByDots@gmail .com> escribiˇ en el
>>>> mensaje news:...
>>>>> are both DCs up and running, available and reachable?
>>>>>
>>>>> --
>>>>>
>>>>> Cheers,
>>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>>>
>>>>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>>>>>
>>>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>>>> ------------------------------------------------------------------------------------------
>>>>> * This posting is provided "AS IS" with no warranties and confers no
>>>>> rights!
>>>>> * Always test before implementing!
>>>>> ------------------------------------------------------------------------------------------
>>>>> #################################################
>>>>> #################################################
>>>>> ------------------------------------------------------------------------------------------
>>>>> "Jose Luis" <> wrote in message
>>>>> news:...
>>>>>> Hi all,
>>>>>>
>>>>>> We are getting a error message when we try to tranfer FSMO to
>>>>>> another Domain Controller - "DsBindW error 0x6ba (The RPC server is
>>>>>> unavailable)". I t occur using graphics interface or using ntdsutil
>>>>>> command.
>>>>>>
>>>>>> The fmso┤s owner is a DC using W2k and the new DC that will assume
>>>>>> the roles is W2k3.
>>>>>>
>>>>>> Also the event viewer show this warnning:
>>>>>> Source: NTDS KCC
>>>>>>
>>>>>> The attempt to establish a replication link with parameters
>>>>>>
>>>>>> Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
>>>>>> Source DSA DN: CN=NTDS
>>>>>> Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites, CN=Configuration,DC=mmmweb,DC=com,DC=mx
>>>>>> Source DSA Address:
>>>>>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
>>>>>> Inter-site Transport (if any):
>>>>>>
>>>>>> failed with the following status:
>>>>>>
>>>>>> The RPC server is unavailable.
>>>>>>
>>>>>> The record data is the status code. This operation will be retried.
>>>>>>
>>>>>> Any idea abut this error..? Please let me know any hints.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> JosÚ Luis
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>

>>
>>

>
>



 
Reply With Quote
 
Jorge de Almeida Pinto [MVP]
Guest
Posts: n/a

 
      06-17-2006
In W2k server = cmemast001 (192.168.1.250, 192.168.1.240)
In W2k3 server = cmemast004 (192.168.1.230)

Delegation is broken for the domain nueva.mmmweb.com.mx. on
the DNS server 192.168.1.240

Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS server
192.168.1.250


looking at it again, it might not be multihomed, but it has two IPs

but instead of guessing and asking... which one is it?

there IS something wrong with your DNS environment. Check that! (also check
if TCP/IP settings of DCs are OK!)
--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jose Luis" <> wrote in message
news:...
> Why do you say that W2k is multihomed ? I don┤t get that part.
>
> "Jorge de Almeida Pinto [MVP]"
> <SubstituteThisWithMyFullNameSeparatedByDots@gmail .com> escribiˇ en el
> mensaje news:%...
>> if I'm not mistaken the SYSVOL of the w2k3 DC is empty...right? (reason I
>> say this is that the netlogon test failed)
>>
>> you are also having replication issues between the 2 DCs.
>>
>> most probably this is due to DNS configuration and that the w2k is
>> multihomed (which is not recommended as it requires additional
>> configuration)
>>
>> A while ago I found a post written by Ace Fekay and some other people
>> about multi-homed DCs.
>>
>> ############################################
>> BY: Ace Fekay
>> Here you go...but first my views on multi-homed DCs... (ouch!)
>> ==================================
>> Multi-homed DCs, What a Mess... It cuts into your drinking time...
>>
>>
>> Honestly, multi-homed DCs are not recommended because of the associated
>> issues that can occur, as you've encountered. We usually recommend
>> purchasing an inexpensive Linksys, DLink, etc, Cable/DSL router to
>> perform
>> NAT for you, take out the extra NIC off the DC, but still let the DC
>> handle
>> DHCP (and not the router).
>>
>> Since this DC is multi-homed, it requires additional configuration to
>> prevent the public interface addresses from being registered in DNS. This
>> creates a problem for internal clients locating AD to authenticate and
>> find
>> other services and resources such as the Global Catalog, file sharing and
>> the SYSVOL DFS share and can cause GPO errors with Userenv 1000 events to
>> be
>> logged, authenticating to shares and printers, logging on takes forever,
>> among numerous other issues.
>>
>> But if you like, there are some registry changes to eliminate the
>> registration of the external NIC. Here's the whole list of manual steps
>> to
>> follow (this inculdes some of the stuff I already gave you):
>>
>> But believe me, it's much easier to just get a separate NAT device or
>> multihome a non-DC then having to alter the DC. - Good luck!
>>
>> ===================================
>> 1. In the DNS management console, in the properties of the DNS server,
>> Interfaces tab, set DNS to only listen on the private IP you want in DNS
>> for
>> the server. This is for your private network that your clients use.
>>
>>
>> 2. Add this registry entry with regedt32 to stop the (same as parent
>> folder)
>> records and the GC record, also called the LdapIpAddress and GcIpAddress.
>>
>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netlogon\Parameters
>> On the Edit menu, point to New, and then click REG_MULTI_SZ as the data
>> type:
>>
>> Registry value: DnsAvoidRegisterRecords
>> Data type: REG_MULTI_SZ
>>
>> (and in the box, you would type in the following to stop their
>> registration):
>>
>> LdapIpAddress
>> GcIpAddress
>>
>>
>> 3. Then you will need to manually create the LdapIpAddress and
>> GcIpAddress
>> records in DNS.
>> The LdapIpAddress resolves to the domain controllers in the domain. The
>> GcIpAddress resolves
>> to the Global Catalogs in the forest as gc._msdcs.forestroot.com.
>>
>> To manually create the LdapIpAddress, create a new host but leave the
>> name
>> field blank,
>> give it the IP of the internal interface. Windows 2k barks at you saying
>> (same as parent folder) is not a valid host name,click OK to create the
>> record anyway.
>> Windows 2003 won't bark. It's house-broken out of the box.
>>
>> To manually create the GcIpAddress, navigate to the _msdcs folder, under
>> it
>> click the gc
>> folder, then rt-click, create new host, leave the name field blank, give
>> it
>> the IP of the
>> internal interface. Windows 2k barks at you saying (same as parent
>> folder)
>> is not a valid
>> host name,click OK to create the record anyway. Windows 2003 won't bark.
>>
>>
>> 4. To stop registration of both NICs, add (if it exists) or alter this
>> reg
>> entry:
>>
>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netlogon\Parameters
>>
>> On the Edit menu, point to New, and then click DWORD Value to add the
>> following registry value:
>> Value name: RegisterDnsARecords
>> Data type: REG_DWORD
>> Value data: 0
>>
>> Then manually create a new host record for the server name in DNS and
>> give
>> it the IP of the internal interface
>>
>>
>> 5. Right click on Network places, choose properties, in the Advanced menu
>> item
>> select Advanced settings. Make sure the internal interface is at the top
>> of
>> the connections pane and File sharing is enabled on the internal
>> interface.
>>
>>
>> 6. On the outer NIC, disable File and Print Services, Microsoft Client
>> Service,
>> then go into IP properties, click on Advanced, choose the WINS tab and
>> disable NetBIOS.
>>
>>
>> 7. On the outer NIC, only put in the internal IP address of the DNS
>> server
>> (this machine).
>>
>>
>> 8. If you haven't done so, configure a forwarder. You can use 4.2.2.2 if
>> not
>> sure which
>> DNS to forward to until you've got the DNS address of your ISP. How to
>> set a
>> forwarder?
>> Depending on your operating system,choose one of the following articles:
>>
>> 300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
>> http://support.microsoft.com/?id=300202&FR=1
>>
>> 323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
>> (How to configure a forwarder):
>> http://support.microsoft.com/d/id?=323380
>>
>>
>>
>> *** Some additional reading:
>>
>> 246804 - How to enable or disable DNS updates in Windows 2000 and in
>> Windows
>> Server 2003
>> http://support.microsoft.com/?id=246804
>>
>> 295328 - Private Network Interfaces on a Domain Controller Are Registered
>> in
>> DNS
>> [also shows DnsAvoidRegisterRecords LdapIpAddress to avoid reg
>> sameasparent
>> private IP]:
>> http://support.microsoft.com/?id=295328
>>
>> 306602 - How to Optimize the Location of a DC or GC That Resides Outside
>> of
>> a Client's
>> Site [Includes info LdapIpAddress and GcIpAddress information and the SRV
>> mnemonic values]:
>> http://support.microsoft.com/?id=306602
>>
>> 825036 - Best practices for DNS client settings in Windows 2000 Server
>> and
>> in Windows Server 2003 (including how-to configure a forwarder):
>> http://support.microsoft.com/default...b;en-us;825036
>>
>> 291382 - Frequently asked questions about Windows 2000 DNS and Windows
>> Server 2003 DNS
>> http://support.microsoft.com/default...b;en-us;291382
>>
>> 296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
>> [Registry Entry]:
>> http://support.microsoft.com/?id=296379
>>
>> 292822 - Name Resolution and Connectivity Issues on Windows 2000 Domain
>> Controller with Routing and Remote Access and DNS Insta {DNS and RRAS and
>> unwanted IPs registering]:
>> http://support.microsoft.com/?id=292822
>> ##############################################
>> IN addition to Mark's suggestions (good link he provided!), if you want
>> to
>> keep the extra NIC turned on (for wahtever reason, but I really suggest
>> to
>> disable it), here are some extra steps to follow:
>>
>> 1. Insure that all the NICS only point to your internal DNS server(s)
>> only
>> and none others, such as your ISP's DNS servers' IP addresses.
>>
>> 2. In Network & Dialup properties, Advanced Menu item, Advanced Settings,
>> move the internal NIC (the network that AD is on) to the top of the
>> binding
>> order (top of the list).
>>
>> 3. Disable the ability for the outer NIC to register. The procedure, as
>> mentioned, involves identifying the outer NIC's GUID number. This link
>> will
>> show you how:
>> 246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations
>> (per
>> NIC too):
>> http://support.microsoft.com/?id=246804
>>
>> 4. Disable NetBIOS on the outside NIC. That is performed by choosing to
>> disable NetBIOS in IP Properties, Advanced, and you will find that under
>> the
>> "WINS" tab. You may want to look at step #3 in the article to show you
>> how
>> to disable NetBIOS on the RRAS interfaces if this is a RRAS server.
>> 296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
>> [Registry Entry]:
>> http://support.microsoft.com/?id=296379
>>
>> Note: A standard Windows service, called the "Browser service", provides
>> the
>> list of machines, workgroup and domain names that you see in "My Network
>> Places" (or the legacy term "Network Neighborhood"). The Browser service
>> relies on the NetBIOS service. One major requirement of NetBIOS service
>> is a
>> machine can only have one name to one IP address. It's sort of a
>> fingerprint. You can't have two brothers named Darrell. A multihomed
>> machine
>> will cause duplicate name errors on itself because Windows sees itself
>> with
>> the same name in the Browse List (My Network Places), but with different
>> IPs. You can only have one, hence the error generated.
>>
>> 5. Disable the "File and Print Service" and disable the "MS Client
>> Service"
>> on the outer NIC. That is done in NIC properties by unchecking the
>> respective service under the general properties page. If you need these
>> services on the outside NIC (which is unlikely), which allow other
>> machines
>> to connect to your machine for accessing resource on your machine (shared
>> folders, printers, etc.), then you will probably need to keep them
>> enabled.
>>
>> 6. Uncheck "Register this connection" under IP properties, Advanced
>> settings, "DNS" tab.
>>
>> 7. Delete the outer NIC IP address, disable Netlogon registration, and
>> manually create the required records
>>
>> a. In DNS under the zone name, (your DNS domain name), delete the outer
>> NIC's
>> IP references for the "LdapIpAddress". If this is a GC, you will need to
>> delete the GC IP record as well (the "GcIpAddress"). To do that, in the
>> DNS
>> console, under the zone name, you will see the _msdcs folder. Under that,
>> you will see the _gc folder. To the right, you will see the IP address
>> referencing the GC address. That is called the GcIpAddress. Delete the IP
>> addresses referencing the outer NIC.
>>
>> i. To stop these two records from registering that information, use the
>> steps provided in the links below:
>> Private Network Interfaces on a Domain Controller Are Registered in
>> DNShttp://support.microsoft.com/?id=295328
>>
>> ii. The one section of the article that disables these records is done
>> with
>> this registry entry:
>>
>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Netlogon\Parameters
>> (Create this Multi-String Value under it):
>> Registry value: DnsAvoidRegisterRecords
>> Data type: REG_MULTI_SZ
>> Values: LdapIpAddress
>> GcIpAddress
>>
>> iii. Here is more information on these and other Netlogon Service
>> records:
>> Restrict the DNS SRV resource records updated by the Netlogon service
>> [including GC]:
>> http://www.microsoft.com/technet/tre...o_rr_in_ad.asp
>>
>> b. Then you will need to manually create these two records in DNS with
>> the
>> IP addresses that you need for the DC. To create the LdapIpAddress,
>> create a
>> new host under the domain, but leave the "hostname" field blank, and
>> provide
>> the internal IP of the DC, which results in a record that looks like:
>> (same as parent) A 192.168.5.200 (192.168.5.200 is used for
>> illustrative
>> purposes)
>>
>> i. You need to also manually create the GcIpAddress as well, if this is a
>> GC. That would be under the gc._msdcs. SRV record under the zone. It is
>> created in the same fashion as the LdapIpAddress mentioned above.
>>
>> 8. In the DNS console, right click the server name, choose properties,
>> then
>> under the "Interfaces" tab, force it only to listen to the internal NIC's
>> IP
>> address, and not the IP address of the outer NIC.
>>
>> 9. Since this is also a DNS server, the IPs from all NICs will register,
>> even if you tell it not to in the NIC properties. See this to show you
>> how
>> to stop that behavior (this procedure is for Windows 2000, but will also
>> work for Windows 2003):
>> 275554 - The Host's A Record Is Registered in DNS After You Choose Not to
>> Register the Connection's Address:
>> http://support.microsoft.com/?id=275554
>> ############################
>> Check out this link. If you set this up right it will prevent the
>> 2nd NIC from registering.
>>
>> http://support.microsoft.com/default...b;en-us;289735
>>
>> The only catch here is you must manually create the GC record and Same
>> as Parent A record for the host. Chances are they are already there
>> though!
>> ############################################
>>
>> --
>>
>> Cheers,
>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>
>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>>
>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>> ------------------------------------------------------------------------------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test before implementing!
>> ------------------------------------------------------------------------------------------
>> #################################################
>> #################################################
>> ------------------------------------------------------------------------------------------
>> "Jose Luis" <> wrote in message
>> news:u$...
>>>I found some test failed and y copied them here (just error message).
>>>What am i doing wrong ?
>>>
>>> In W2k server = cmemast001 (192.168.1.250, 192.168.1.240)
>>> --------------------------------
>>> Doing primary tests
>>>
>>> Testing server: MMM\CMEMAST001
>>> Starting test: Topology
>>> * Configuration Topology Integrity Check
>>> * Analyzing the connection topology for
>>> CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
>>> * Performing upstream (of target) analysis.
>>> * Performing downstream (of target) analysis.
>>> Downstream topology is disconnected for
>>> CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
>>> These servers can't get changes from home server CMEMAST001:
>>> MMM/CMEMAST004
>>> * Analyzing the connection topology for
>>> CN=Configuration,DC=mmmweb,DC=com,DC=mx.
>>> * Performing upstream (of target) analysis.
>>> * Performing downstream (of target) analysis.
>>> Downstream topology is disconnected for
>>> CN=Configuration,DC=mmmweb,DC=com,DC=mx.
>>> These servers can't get changes from home server CMEMAST001:
>>> MMM/CMEMAST004
>>> * Analyzing the connection topology for DC=mmmweb,DC=com,DC=mx.
>>> * Performing upstream (of target) analysis.
>>> * Performing downstream (of target) analysis.
>>> Downstream topology is disconnected for DC=mmmweb,DC=com,DC=mx.
>>> These servers can't get changes from home server CMEMAST001:
>>> MMM/CMEMAST004
>>> ......................... CMEMAST001 failed test Topology
>>>
>>> Starting test: kccevent
>>> * The KCC Event log test
>>> An Warning Event occured. EventID: 0x800004F1
>>> Time Generated: 06/16/2006 20:13:35
>>> (Event String could not be retrieved)
>>> An Warning Event occured. EventID: 0x800004F1
>>> Time Generated: 06/16/2006 20:13:58
>>> (Event String could not be retrieved)
>>> An Warning Event occured. EventID: 0x800004F1
>>> Time Generated: 06/16/2006 20:14:21
>>> (Event String could not be retrieved)
>>> ......................... CMEMAST001 failed test kccevent
>>>
>>>
>>>
>>> In W2k3 server = cmemast004 (192.168.1.230) (only error messages)
>>> --------------------------------
>>> Starting test: NetLogons
>>> * Network Logons Privileges Check
>>> Unable to connect to the NETLOGON share! (\\CMEMAST004\netlogon)
>>> [CMEMAST004] An net use or LsaPolicy operation failed with error
>>> 1203, Win32 Error 1203.
>>> ......................... CMEMAST004 failed test NetLogons
>>> Starting test: Advertising
>>> Warning: DsGetDcName returned information for
>>> \\cmemast001.mmmweb.com.mx, when we were trying to reach CMEMAST004.
>>> Server is not responding or is not considered suitable.
>>> The DC CMEMAST004 is advertising itself as a DC and having a DS.
>>> The DC CMEMAST004 is advertising as an LDAP server
>>> The DC CMEMAST004 is advertising as having a writeable directory
>>> The DC CMEMAST004 is advertising as a Key Distribution Center
>>> The DC CMEMAST004 is advertising as a time server
>>> ......................... CMEMAST004 failed test Advertising
>>>
>>> Starting test: frsevent
>>> * The File Replication Service Event log test
>>> There are warning or error events within the last 24 hours after
>>> the SYSVOL has been shared. Failing SYSVOL replication problems
>>> may cause Group Policy problems.
>>> An Warning Event occured. EventID: 0x800034C4
>>> Time Generated: 06/15/2006 20:52:59
>>> (Event String could not be retrieved)
>>> ......................... CMEMAST004 failed test frsevent
>>>
>>> Starting test: systemlog
>>> * The System Event log test
>>> An Error Event occured. EventID: 0xC00010E1
>>> Time Generated: 06/16/2006 19:20:26
>>> (Event String could not be retrieved)
>>> An Error Event occured. EventID: 0xC00010E1
>>> Time Generated: 06/16/2006 19:21:24
>>> (Event String could not be retrieved)
>>> An Error Event occured. EventID: 0xC0002719
>>> Time Generated: 06/16/2006 20:15:03
>>> (Event String could not be retrieved)
>>> ......................... CMEMAST004 failed test systemlog
>>>
>>> DNS Tests are running and not hung. Please wait a few minutes...
>>>
>>> Starting test: DNS
>>> Test results for domain controllers:
>>>
>>> DC: cmemast004.mmmweb.com.mx
>>> Domain: mmmweb.com.mx
>>>
>>>
>>> TEST: Authentication (Auth)
>>> Authentication test: Successfully completed
>>>
>>> TEST: Basic (Basc)
>>> Microsoft(R) Windows(R) Server 2003, Standard Edition
>>> (Service Pack level: 1.0) is supported
>>> NETLOGON service is running
>>> kdc service is running
>>> DNSCACHE service is running
>>> DNS service is running
>>> DC is a DNS server
>>> Network adapters information:
>>> Adapter [00000001] HP NC7781 Gigabit Server Adapter:
>>> MAC address is 00:11:85:E7:BF:68
>>> IP address is static
>>> IP address: 192.168.1.230
>>> DNS servers:
>>> 192.168.1.230 (<name unavailable>) [Valid]
>>> Warning: 192.168.1.250
>>> (cmemast001.mmmweb.com.mx.) [Invalid (unreachable)]
>>> The A record for this DC was found
>>> The SOA record for the Active Directory zone was found
>>> The Active Directory zone on this DC/DNS server was
>>> found (secondary)
>>> Root zone on this DC/DNS server was not found
>>>
>>> TEST: Forwarders/Root hints (Forw)
>>> Recursion is enabled
>>> Forwarders are not configured on this DNS server
>>> Root hint Information:
>>> Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
>>> Name: b.root-servers.net. IP: 192.228.79.201
>>> [Invalid]
>>> Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
>>> Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
>>> Name: e.root-servers.net. IP: 192.203.230.10
>>> [Invalid]
>>> Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
>>> Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
>>> Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
>>> Name: i.root-servers.net. IP: 192.36.148.17
>>> [Invalid]
>>> Name: j.root-servers.net. IP: 192.58.128.30
>>> [Invalid]
>>> Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
>>> Name: l.root-servers.net. IP: 198.32.64.12 [Invalid]
>>> Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
>>>
>>> TEST: Delegations (Del)
>>> Delegation information for the zone: mmmweb.com.mx.
>>> Delegated domain name: nueva.mmmweb.com.mx.
>>> Error: DNS server: cmemast001.mmmweb.com.mx.
>>> IP:192.168.1.240 [Broken delegation]
>>> Error: DNS server: cmemast001.mmmweb.com.mx.
>>> IP:192.168.1.250 [Broken delegation]
>>>
>>> TEST: Dynamic update (Dyn)
>>> Dynamic Update tests are skipped since mmmweb.com.mx
>>> is a secondary zone. DNS Record updates can't happen on
>>> the secondary zones
>>>
>>> TEST: Records registration (RReg)
>>> Network Adapter [00000001] HP NC7781 Gigabit Server
>>> Adapter:
>>> Matching A record found at DNS server 192.168.1.230:
>>> cmemast004.mmmweb.com.mx
>>>
>>> Matching CNAME record found at DNS server
>>> 192.168.1.230:
>>>
>>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
>>>
>>> Matching DC SRV record found at DNS server
>>> 192.168.1.230:
>>> _ldap._tcp.dc._msdcs.mmmweb.com.mx
>>>
>>>
>>> DNS server: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
>>> 2 test failures on this DNS server
>>> This is not a valid DNS server. PTR record query for the
>>> 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.250
>>> [Error details: 1460 (Type: Win32 - Description: Esta
>>> operación ha regresado debido a que el tiempo de espera ha caducado.)]
>>> Name resolution is not functional.
>>> _ldap._tcp.mmmweb.com.mx. failed on the DNS server 192.168.1.250
>>> [Error details: 1460 (Type: Win32 - Description: Esta
>>> operación ha regresado debido a que el tiempo de espera ha caducado.)]
>>> Delegation is broken for the domain nueva.mmmweb.com.mx.
>>> on the DNS server 192.168.1.250
>>> [Error details: 1460 (Type: Win32 - Description: Esta
>>> operación ha regresado debido a que el tiempo de espera ha caducado.) -
>>> Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS
>>> server 192.168.1.250]
>>>
>>> DNS server: 192.168.1.240 (cmemast001.mmmweb.com.mx.)
>>> 1 test failure on this DNS server
>>> This is a valid DNS server.
>>> Delegation is broken for the domain nueva.mmmweb.com.mx.
>>> on the DNS server 192.168.1.240
>>> [Error details: 1460 (Type: Win32 - Description: Esta
>>> operación ha regresado debido a que el tiempo de espera ha caducado.) -
>>> Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS
>>> server 192.168.1.240]
>>>
>>> DNS server: 192.168.1.230 (<name unavailable>)
>>> All tests passed on this DNS server
>>> This is a valid DNS server.
>>> Name resolution is funtional. _ldap._tcp SRV record for
>>> the forest root domain is registered
>>>
>>> Summary of DNS test results:
>>>
>>> Auth Basc Forw Del Dyn RReg
>>> Ext
>>>
>>> __________________________________________________ ______________
>>> Domain: mmmweb.com.mx
>>> cmemast004 PASS WARN PASS FAIL n/a PASS
>>> n/a
>>>
>>> ......................... mmmweb.com.mx failed test DNS
>>>
>>>
>>> "Jorge de Almeida Pinto [MVP]"
>>> <SubstituteThisWithMyFullNameSeparatedByDots@gmail .com> escribiˇ en el
>>> mensaje news:...
>>>> any event ID errors/warnings?
>>>>
>>>> run:
>>>> DCDIAG /D /C /V on both
>>>>
>>>> --
>>>>
>>>> Cheers,
>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>>
>>>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>>>>
>>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>>> ------------------------------------------------------------------------------------------
>>>> * This posting is provided "AS IS" with no warranties and confers no
>>>> rights!
>>>> * Always test before implementing!
>>>> ------------------------------------------------------------------------------------------
>>>> #################################################
>>>> #################################################
>>>> ------------------------------------------------------------------------------------------
>>>> "Jose Luis" <> wrote in message
>>>> news:...
>>>>> Yes, both of them are up, running and available. I believe the problem
>>>>> is my DC(1) with w2k (it own fsmo and GC). I want to tranfer the roles
>>>>> in another DC with w2k3 in order to replace the hardware for DC(1) but
>>>>> when I try to do this I got the RPC error.
>>>>>
>>>>> Any idea ..?
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>> "Jorge de Almeida Pinto [MVP]"
>>>>> <SubstituteThisWithMyFullNameSeparatedByDots@gmail .com> escribiˇ en el
>>>>> mensaje news:...
>>>>>> are both DCs up and running, available and reachable?
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Cheers,
>>>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>>>>
>>>>>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>>>>>>
>>>>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>>>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>>>>> ------------------------------------------------------------------------------------------
>>>>>> * This posting is provided "AS IS" with no warranties and confers no
>>>>>> rights!
>>>>>> * Always test before implementing!
>>>>>> ------------------------------------------------------------------------------------------
>>>>>> #################################################
>>>>>> #################################################
>>>>>> ------------------------------------------------------------------------------------------
>>>>>> "Jose Luis" <> wrote in message
>>>>>> news:...
>>>>>>> Hi all,
>>>>>>>
>>>>>>> We are getting a error message when we try to tranfer FSMO to
>>>>>>> another Domain Controller - "DsBindW error 0x6ba (The RPC server is
>>>>>>> unavailable)". I t occur using graphics interface or using ntdsutil
>>>>>>> command.
>>>>>>>
>>>>>>> The fmso┤s owner is a DC using W2k and the new DC that will assume
>>>>>>> the roles is W2k3.
>>>>>>>
>>>>>>> Also the event viewer show this warnning:
>>>>>>> Source: NTDS KCC
>>>>>>>
>>>>>>> The attempt to establish a replication link with parameters
>>>>>>>
>>>>>>> Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
>>>>>>> Source DSA DN: CN=NTDS
>>>>>>> Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites, CN=Configuration,DC=mmmweb,DC=com,DC=mx
>>>>>>> Source DSA Address:
>>>>>>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
>>>>>>> Inter-site Transport (if any):
>>>>>>>
>>>>>>> failed with the following status:
>>>>>>>
>>>>>>> The RPC server is unavailable.
>>>>>>>
>>>>>>> The record data is the status code. This operation will be retried.
>>>>>>>
>>>>>>> Any idea abut this error..? Please let me know any hints.
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> JosÚ Luis
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>

>>
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Transfer FSMO Roles to another DC WendyE Active Directory 7 01-17-2007 07:01 PM
FSMO Roles Where should the master roles be "In House" or at "DR" Greg Active Directory 7 06-15-2006 01:33 AM
FSMO Roles transfer Question? sam-d. Active Directory 2 05-08-2006 07:40 PM
when to transfer fsmo roles? J Active Directory 1 09-13-2005 10:20 PM
Transfer FSMO Roles Active Directory 1 02-24-2004 06:26 PM