RPC is unavailable when try to transfer FSMO Roles

Discussion in 'Active Directory' started by Jose Luis, Jun 17, 2006.

  1. Jose Luis

    Jose Luis Guest

    Hi all,

    We are getting a error message when we try to tranfer FSMO to another
    Domain Controller - "DsBindW error 0x6ba (The RPC server is unavailable)". I
    t occur using graphics interface or using ntdsutil command.

    The fmso´s owner is a DC using W2k and the new DC that will assume the roles
    is W2k3.

    Also the event viewer show this warnning:
    Source: NTDS KCC

    The attempt to establish a replication link with parameters

    Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    Source DSA DN: CN=NTDS
    Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    Source DSA Address:
    49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
    Inter-site Transport (if any):

    failed with the following status:

    The RPC server is unavailable.

    The record data is the status code. This operation will be retried.

    Any idea abut this error..? Please let me know any hints.

    Regards,

    José Luis
    Jose Luis, Jun 17, 2006
    #1
    1. Advertising

  2. are both DCs up and running, available and reachable?

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Windows Server - Directory Services

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test before implementing!
    ------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------
    "Jose Luis" <> wrote in message
    news:...
    > Hi all,
    >
    > We are getting a error message when we try to tranfer FSMO to another
    > Domain Controller - "DsBindW error 0x6ba (The RPC server is unavailable)".
    > I t occur using graphics interface or using ntdsutil command.
    >
    > The fmso´s owner is a DC using W2k and the new DC that will assume the
    > roles is W2k3.
    >
    > Also the event viewer show this warnning:
    > Source: NTDS KCC
    >
    > The attempt to establish a replication link with parameters
    >
    > Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    > Source DSA DN: CN=NTDS
    > Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    > Source DSA Address:
    > 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
    > Inter-site Transport (if any):
    >
    > failed with the following status:
    >
    > The RPC server is unavailable.
    >
    > The record data is the status code. This operation will be retried.
    >
    > Any idea abut this error..? Please let me know any hints.
    >
    > Regards,
    >
    > José Luis
    >
    Jorge de Almeida Pinto [MVP], Jun 17, 2006
    #2
    1. Advertising

  3. Jose Luis

    Jose Luis Guest

    Yes, both of them are up, running and available. I believe the problem is my
    DC(1) with w2k (it own fsmo and GC). I want to tranfer the roles in another
    DC with w2k3 in order to replace the hardware for DC(1) but when I try to do
    this I got the RPC error.

    Any idea ..?

    Thanks


    "Jorge de Almeida Pinto [MVP]"
    <> escribió en el
    mensaje news:...
    > are both DCs up and running, available and reachable?
    >
    > --
    >
    > Cheers,
    > (HOPEFULLY THIS INFORMATION HELPS YOU!)
    >
    > # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
    >
    > BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    > BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    > ------------------------------------------------------------------------------------------
    > * This posting is provided "AS IS" with no warranties and confers no
    > rights!
    > * Always test before implementing!
    > ------------------------------------------------------------------------------------------
    > #################################################
    > #################################################
    > ------------------------------------------------------------------------------------------
    > "Jose Luis" <> wrote in message
    > news:...
    >> Hi all,
    >>
    >> We are getting a error message when we try to tranfer FSMO to another
    >> Domain Controller - "DsBindW error 0x6ba (The RPC server is
    >> unavailable)". I t occur using graphics interface or using ntdsutil
    >> command.
    >>
    >> The fmso´s owner is a DC using W2k and the new DC that will assume the
    >> roles is W2k3.
    >>
    >> Also the event viewer show this warnning:
    >> Source: NTDS KCC
    >>
    >> The attempt to establish a replication link with parameters
    >>
    >> Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    >> Source DSA DN: CN=NTDS
    >> Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    >> Source DSA Address:
    >> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
    >> Inter-site Transport (if any):
    >>
    >> failed with the following status:
    >>
    >> The RPC server is unavailable.
    >>
    >> The record data is the status code. This operation will be retried.
    >>
    >> Any idea abut this error..? Please let me know any hints.
    >>
    >> Regards,
    >>
    >> José Luis
    >>

    >
    >
    Jose Luis, Jun 17, 2006
    #3
  4. any event ID errors/warnings?

    run:
    DCDIAG /D /C /V on both

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Windows Server - Directory Services

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test before implementing!
    ------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------
    "Jose Luis" <> wrote in message
    news:...
    > Yes, both of them are up, running and available. I believe the problem is
    > my DC(1) with w2k (it own fsmo and GC). I want to tranfer the roles in
    > another DC with w2k3 in order to replace the hardware for DC(1) but when I
    > try to do this I got the RPC error.
    >
    > Any idea ..?
    >
    > Thanks
    >
    >
    > "Jorge de Almeida Pinto [MVP]"
    > <> escribió en el
    > mensaje news:...
    >> are both DCs up and running, available and reachable?
    >>
    >> --
    >>
    >> Cheers,
    >> (HOPEFULLY THIS INFORMATION HELPS YOU!)
    >>
    >> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
    >>
    >> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    >> ------------------------------------------------------------------------------------------
    >> * This posting is provided "AS IS" with no warranties and confers no
    >> rights!
    >> * Always test before implementing!
    >> ------------------------------------------------------------------------------------------
    >> #################################################
    >> #################################################
    >> ------------------------------------------------------------------------------------------
    >> "Jose Luis" <> wrote in message
    >> news:...
    >>> Hi all,
    >>>
    >>> We are getting a error message when we try to tranfer FSMO to another
    >>> Domain Controller - "DsBindW error 0x6ba (The RPC server is
    >>> unavailable)". I t occur using graphics interface or using ntdsutil
    >>> command.
    >>>
    >>> The fmso´s owner is a DC using W2k and the new DC that will assume the
    >>> roles is W2k3.
    >>>
    >>> Also the event viewer show this warnning:
    >>> Source: NTDS KCC
    >>>
    >>> The attempt to establish a replication link with parameters
    >>>
    >>> Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    >>> Source DSA DN: CN=NTDS
    >>> Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    >>> Source DSA Address:
    >>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
    >>> Inter-site Transport (if any):
    >>>
    >>> failed with the following status:
    >>>
    >>> The RPC server is unavailable.
    >>>
    >>> The record data is the status code. This operation will be retried.
    >>>
    >>> Any idea abut this error..? Please let me know any hints.
    >>>
    >>> Regards,
    >>>
    >>> José Luis
    >>>

    >>
    >>

    >
    >
    Jorge de Almeida Pinto [MVP], Jun 17, 2006
    #4
  5. Jose Luis

    Jose Luis Guest

    I found some test failed and y copied them here (just error message). What
    am i doing wrong ?

    In W2k server = cmemast001 (192.168.1.250, 192.168.1.240)
    --------------------------------
    Doing primary tests

    Testing server: MMM\CMEMAST001
    Starting test: Topology
    * Configuration Topology Integrity Check
    * Analyzing the connection topology for
    CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    Downstream topology is disconnected for
    CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    These servers can't get changes from home server CMEMAST001:
    MMM/CMEMAST004
    * Analyzing the connection topology for
    CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    Downstream topology is disconnected for
    CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    These servers can't get changes from home server CMEMAST001:
    MMM/CMEMAST004
    * Analyzing the connection topology for DC=mmmweb,DC=com,DC=mx.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    Downstream topology is disconnected for DC=mmmweb,DC=com,DC=mx.
    These servers can't get changes from home server CMEMAST001:
    MMM/CMEMAST004
    ......................... CMEMAST001 failed test Topology

    Starting test: kccevent
    * The KCC Event log test
    An Warning Event occured. EventID: 0x800004F1
    Time Generated: 06/16/2006 20:13:35
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x800004F1
    Time Generated: 06/16/2006 20:13:58
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x800004F1
    Time Generated: 06/16/2006 20:14:21
    (Event String could not be retrieved)
    ......................... CMEMAST001 failed test kccevent



    In W2k3 server = cmemast004 (192.168.1.230) (only error messages)
    --------------------------------
    Starting test: NetLogons
    * Network Logons Privileges Check
    Unable to connect to the NETLOGON share! (\\CMEMAST004\netlogon)
    [CMEMAST004] An net use or LsaPolicy operation failed with error
    1203, Win32 Error 1203.
    ......................... CMEMAST004 failed test NetLogons
    Starting test: Advertising
    Warning: DsGetDcName returned information for
    \\cmemast001.mmmweb.com.mx, when we were trying to reach CMEMAST004.
    Server is not responding or is not considered suitable.
    The DC CMEMAST004 is advertising itself as a DC and having a DS.
    The DC CMEMAST004 is advertising as an LDAP server
    The DC CMEMAST004 is advertising as having a writeable directory
    The DC CMEMAST004 is advertising as a Key Distribution Center
    The DC CMEMAST004 is advertising as a time server
    ......................... CMEMAST004 failed test Advertising

    Starting test: frsevent
    * The File Replication Service Event log test
    There are warning or error events within the last 24 hours after
    the SYSVOL has been shared. Failing SYSVOL replication problems may
    cause Group Policy problems.
    An Warning Event occured. EventID: 0x800034C4
    Time Generated: 06/15/2006 20:52:59
    (Event String could not be retrieved)
    ......................... CMEMAST004 failed test frsevent

    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0xC00010E1
    Time Generated: 06/16/2006 19:20:26
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00010E1
    Time Generated: 06/16/2006 19:21:24
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0002719
    Time Generated: 06/16/2006 20:15:03
    (Event String could not be retrieved)
    ......................... CMEMAST004 failed test systemlog

    DNS Tests are running and not hung. Please wait a few minutes...

    Starting test: DNS
    Test results for domain controllers:

    DC: cmemast004.mmmweb.com.mx
    Domain: mmmweb.com.mx


    TEST: Authentication (Auth)
    Authentication test: Successfully completed

    TEST: Basic (Basc)
    Microsoft(R) Windows(R) Server 2003, Standard Edition
    (Service Pack level: 1.0) is supported
    NETLOGON service is running
    kdc service is running
    DNSCACHE service is running
    DNS service is running
    DC is a DNS server
    Network adapters information:
    Adapter [00000001] HP NC7781 Gigabit Server Adapter:
    MAC address is 00:11:85:E7:BF:68
    IP address is static
    IP address: 192.168.1.230
    DNS servers:
    192.168.1.230 (<name unavailable>) [Valid]
    Warning: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
    [Invalid (unreachable)]
    The A record for this DC was found
    The SOA record for the Active Directory zone was found
    The Active Directory zone on this DC/DNS server was found
    (secondary)
    Root zone on this DC/DNS server was not found

    TEST: Forwarders/Root hints (Forw)
    Recursion is enabled
    Forwarders are not configured on this DNS server
    Root hint Information:
    Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
    Name: b.root-servers.net. IP: 192.228.79.201 [Invalid]
    Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
    Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
    Name: e.root-servers.net. IP: 192.203.230.10 [Invalid]
    Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
    Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
    Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
    Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
    Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
    Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
    Name: l.root-servers.net. IP: 198.32.64.12 [Invalid]
    Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]

    TEST: Delegations (Del)
    Delegation information for the zone: mmmweb.com.mx.
    Delegated domain name: nueva.mmmweb.com.mx.
    Error: DNS server: cmemast001.mmmweb.com.mx.
    IP:192.168.1.240 [Broken delegation]
    Error: DNS server: cmemast001.mmmweb.com.mx.
    IP:192.168.1.250 [Broken delegation]

    TEST: Dynamic update (Dyn)
    Dynamic Update tests are skipped since mmmweb.com.mx
    is a secondary zone. DNS Record updates can't happen on
    the secondary zones

    TEST: Records registration (RReg)
    Network Adapter [00000001] HP NC7781 Gigabit Server
    Adapter:
    Matching A record found at DNS server 192.168.1.230:
    cmemast004.mmmweb.com.mx

    Matching CNAME record found at DNS server
    192.168.1.230:
    49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx

    Matching DC SRV record found at DNS server
    192.168.1.230:
    _ldap._tcp.dc._msdcs.mmmweb.com.mx


    DNS server: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
    2 test failures on this DNS server
    This is not a valid DNS server. PTR record query for the
    1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.250
    [Error details: 1460 (Type: Win32 - Description: Esta
    operaci¢n ha regresado debido a que el tiempo de espera ha caducado.)]
    Name resolution is not functional. _ldap._tcp.mmmweb.com.mx.
    failed on the DNS server 192.168.1.250
    [Error details: 1460 (Type: Win32 - Description: Esta
    operaci¢n ha regresado debido a que el tiempo de espera ha caducado.)]
    Delegation is broken for the domain nueva.mmmweb.com.mx. on
    the DNS server 192.168.1.250
    [Error details: 1460 (Type: Win32 - Description: Esta
    operaci¢n ha regresado debido a que el tiempo de espera ha caducado.) -
    Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS server
    192.168.1.250]

    DNS server: 192.168.1.240 (cmemast001.mmmweb.com.mx.)
    1 test failure on this DNS server
    This is a valid DNS server.
    Delegation is broken for the domain nueva.mmmweb.com.mx. on
    the DNS server 192.168.1.240
    [Error details: 1460 (Type: Win32 - Description: Esta
    operaci¢n ha regresado debido a que el tiempo de espera ha caducado.) -
    Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS server
    192.168.1.240]

    DNS server: 192.168.1.230 (<name unavailable>)
    All tests passed on this DNS server
    This is a valid DNS server.
    Name resolution is funtional. _ldap._tcp SRV record for the
    forest root domain is registered

    Summary of DNS test results:

    Auth Basc Forw Del Dyn RReg
    Ext
    ________________________________________________________________
    Domain: mmmweb.com.mx
    cmemast004 PASS WARN PASS FAIL n/a PASS
    n/a

    ......................... mmmweb.com.mx failed test DNS


    "Jorge de Almeida Pinto [MVP]"
    <> escribió en el
    mensaje news:...
    > any event ID errors/warnings?
    >
    > run:
    > DCDIAG /D /C /V on both
    >
    > --
    >
    > Cheers,
    > (HOPEFULLY THIS INFORMATION HELPS YOU!)
    >
    > # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
    >
    > BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    > BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    > ------------------------------------------------------------------------------------------
    > * This posting is provided "AS IS" with no warranties and confers no
    > rights!
    > * Always test before implementing!
    > ------------------------------------------------------------------------------------------
    > #################################################
    > #################################################
    > ------------------------------------------------------------------------------------------
    > "Jose Luis" <> wrote in message
    > news:...
    >> Yes, both of them are up, running and available. I believe the problem is
    >> my DC(1) with w2k (it own fsmo and GC). I want to tranfer the roles in
    >> another DC with w2k3 in order to replace the hardware for DC(1) but when
    >> I try to do this I got the RPC error.
    >>
    >> Any idea ..?
    >>
    >> Thanks
    >>
    >>
    >> "Jorge de Almeida Pinto [MVP]"
    >> <> escribió en el
    >> mensaje news:...
    >>> are both DCs up and running, available and reachable?
    >>>
    >>> --
    >>>
    >>> Cheers,
    >>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
    >>>
    >>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
    >>>
    >>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    >>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    >>> ------------------------------------------------------------------------------------------
    >>> * This posting is provided "AS IS" with no warranties and confers no
    >>> rights!
    >>> * Always test before implementing!
    >>> ------------------------------------------------------------------------------------------
    >>> #################################################
    >>> #################################################
    >>> ------------------------------------------------------------------------------------------
    >>> "Jose Luis" <> wrote in message
    >>> news:...
    >>>> Hi all,
    >>>>
    >>>> We are getting a error message when we try to tranfer FSMO to another
    >>>> Domain Controller - "DsBindW error 0x6ba (The RPC server is
    >>>> unavailable)". I t occur using graphics interface or using ntdsutil
    >>>> command.
    >>>>
    >>>> The fmso´s owner is a DC using W2k and the new DC that will assume the
    >>>> roles is W2k3.
    >>>>
    >>>> Also the event viewer show this warnning:
    >>>> Source: NTDS KCC
    >>>>
    >>>> The attempt to establish a replication link with parameters
    >>>>
    >>>> Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    >>>> Source DSA DN: CN=NTDS
    >>>> Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    >>>> Source DSA Address:
    >>>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
    >>>> Inter-site Transport (if any):
    >>>>
    >>>> failed with the following status:
    >>>>
    >>>> The RPC server is unavailable.
    >>>>
    >>>> The record data is the status code. This operation will be retried.
    >>>>
    >>>> Any idea abut this error..? Please let me know any hints.
    >>>>
    >>>> Regards,
    >>>>
    >>>> José Luis
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
    Jose Luis, Jun 17, 2006
    #5
  6. if I'm not mistaken the SYSVOL of the w2k3 DC is empty...right? (reason I
    say this is that the netlogon test failed)

    you are also having replication issues between the 2 DCs.

    most probably this is due to DNS configuration and that the w2k is
    multihomed (which is not recommended as it requires additional
    configuration)

    A while ago I found a post written by Ace Fekay and some other people about
    multi-homed DCs.

    ############################################
    BY: Ace Fekay
    Here you go...but first my views on multi-homed DCs... (ouch!)
    ==================================
    Multi-homed DCs, What a Mess... It cuts into your drinking time...


    Honestly, multi-homed DCs are not recommended because of the associated
    issues that can occur, as you've encountered. We usually recommend
    purchasing an inexpensive Linksys, DLink, etc, Cable/DSL router to perform
    NAT for you, take out the extra NIC off the DC, but still let the DC handle
    DHCP (and not the router).

    Since this DC is multi-homed, it requires additional configuration to
    prevent the public interface addresses from being registered in DNS. This
    creates a problem for internal clients locating AD to authenticate and find
    other services and resources such as the Global Catalog, file sharing and
    the SYSVOL DFS share and can cause GPO errors with Userenv 1000 events to be
    logged, authenticating to shares and printers, logging on takes forever,
    among numerous other issues.

    But if you like, there are some registry changes to eliminate the
    registration of the external NIC. Here's the whole list of manual steps to
    follow (this inculdes some of the stuff I already gave you):

    But believe me, it's much easier to just get a separate NAT device or
    multihome a non-DC then having to alter the DC. - Good luck!

    ===================================
    1. In the DNS management console, in the properties of the DNS server,
    Interfaces tab, set DNS to only listen on the private IP you want in DNS for
    the server. This is for your private network that your clients use.


    2. Add this registry entry with regedt32 to stop the (same as parent folder)
    records and the GC record, also called the LdapIpAddress and GcIpAddress.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    On the Edit menu, point to New, and then click REG_MULTI_SZ as the data
    type:

    Registry value: DnsAvoidRegisterRecords
    Data type: REG_MULTI_SZ

    (and in the box, you would type in the following to stop their
    registration):

    LdapIpAddress
    GcIpAddress


    3. Then you will need to manually create the LdapIpAddress and GcIpAddress
    records in DNS.
    The LdapIpAddress resolves to the domain controllers in the domain. The
    GcIpAddress resolves
    to the Global Catalogs in the forest as gc._msdcs.forestroot.com.

    To manually create the LdapIpAddress, create a new host but leave the name
    field blank,
    give it the IP of the internal interface. Windows 2k barks at you saying
    (same as parent folder) is not a valid host name,click OK to create the
    record anyway.
    Windows 2003 won't bark. It's house-broken out of the box.

    To manually create the GcIpAddress, navigate to the _msdcs folder, under it
    click the gc
    folder, then rt-click, create new host, leave the name field blank, give it
    the IP of the
    internal interface. Windows 2k barks at you saying (same as parent folder)
    is not a valid
    host name,click OK to create the record anyway. Windows 2003 won't bark.


    4. To stop registration of both NICs, add (if it exists) or alter this reg
    entry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

    On the Edit menu, point to New, and then click DWORD Value to add the
    following registry value:
    Value name: RegisterDnsARecords
    Data type: REG_DWORD
    Value data: 0

    Then manually create a new host record for the server name in DNS and give
    it the IP of the internal interface


    5. Right click on Network places, choose properties, in the Advanced menu
    item
    select Advanced settings. Make sure the internal interface is at the top of
    the connections pane and File sharing is enabled on the internal interface.


    6. On the outer NIC, disable File and Print Services, Microsoft Client
    Service,
    then go into IP properties, click on Advanced, choose the WINS tab and
    disable NetBIOS.


    7. On the outer NIC, only put in the internal IP address of the DNS server
    (this machine).


    8. If you haven't done so, configure a forwarder. You can use 4.2.2.2 if not
    sure which
    DNS to forward to until you've got the DNS address of your ISP. How to set a
    forwarder?
    Depending on your operating system,choose one of the following articles:

    300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
    http://support.microsoft.com/?id=300202&FR=1

    323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
    (How to configure a forwarder):
    http://support.microsoft.com/d/id?=323380



    *** Some additional reading:

    246804 - How to enable or disable DNS updates in Windows 2000 and in Windows
    Server 2003
    http://support.microsoft.com/?id=246804

    295328 - Private Network Interfaces on a Domain Controller Are Registered in
    DNS
    [also shows DnsAvoidRegisterRecords LdapIpAddress to avoid reg sameasparent
    private IP]:
    http://support.microsoft.com/?id=295328

    306602 - How to Optimize the Location of a DC or GC That Resides Outside of
    a Client's
    Site [Includes info LdapIpAddress and GcIpAddress information and the SRV
    mnemonic values]:
    http://support.microsoft.com/?id=306602

    825036 - Best practices for DNS client settings in Windows 2000 Server and
    in Windows Server 2003 (including how-to configure a forwarder):
    http://support.microsoft.com/default.aspx?scid=kb;en-us;825036

    291382 - Frequently asked questions about Windows 2000 DNS and Windows
    Server 2003 DNS
    http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

    296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
    [Registry Entry]:
    http://support.microsoft.com/?id=296379

    292822 - Name Resolution and Connectivity Issues on Windows 2000 Domain
    Controller with Routing and Remote Access and DNS Insta {DNS and RRAS and
    unwanted IPs registering]:
    http://support.microsoft.com/?id=292822
    ##############################################
    IN addition to Mark's suggestions (good link he provided!), if you want to
    keep the extra NIC turned on (for wahtever reason, but I really suggest to
    disable it), here are some extra steps to follow:

    1. Insure that all the NICS only point to your internal DNS server(s) only
    and none others, such as your ISP's DNS servers' IP addresses.

    2. In Network & Dialup properties, Advanced Menu item, Advanced Settings,
    move the internal NIC (the network that AD is on) to the top of the binding
    order (top of the list).

    3. Disable the ability for the outer NIC to register. The procedure, as
    mentioned, involves identifying the outer NIC's GUID number. This link will
    show you how:
    246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations (per
    NIC too):
    http://support.microsoft.com/?id=246804

    4. Disable NetBIOS on the outside NIC. That is performed by choosing to
    disable NetBIOS in IP Properties, Advanced, and you will find that under the
    "WINS" tab. You may want to look at step #3 in the article to show you how
    to disable NetBIOS on the RRAS interfaces if this is a RRAS server.
    296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
    [Registry Entry]:
    http://support.microsoft.com/?id=296379

    Note: A standard Windows service, called the "Browser service", provides the
    list of machines, workgroup and domain names that you see in "My Network
    Places" (or the legacy term "Network Neighborhood"). The Browser service
    relies on the NetBIOS service. One major requirement of NetBIOS service is a
    machine can only have one name to one IP address. It's sort of a
    fingerprint. You can't have two brothers named Darrell. A multihomed machine
    will cause duplicate name errors on itself because Windows sees itself with
    the same name in the Browse List (My Network Places), but with different
    IPs. You can only have one, hence the error generated.

    5. Disable the "File and Print Service" and disable the "MS Client Service"
    on the outer NIC. That is done in NIC properties by unchecking the
    respective service under the general properties page. If you need these
    services on the outside NIC (which is unlikely), which allow other machines
    to connect to your machine for accessing resource on your machine (shared
    folders, printers, etc.), then you will probably need to keep them enabled.

    6. Uncheck "Register this connection" under IP properties, Advanced
    settings, "DNS" tab.

    7. Delete the outer NIC IP address, disable Netlogon registration, and
    manually create the required records

    a. In DNS under the zone name, (your DNS domain name), delete the outer
    NIC's
    IP references for the "LdapIpAddress". If this is a GC, you will need to
    delete the GC IP record as well (the "GcIpAddress"). To do that, in the DNS
    console, under the zone name, you will see the _msdcs folder. Under that,
    you will see the _gc folder. To the right, you will see the IP address
    referencing the GC address. That is called the GcIpAddress. Delete the IP
    addresses referencing the outer NIC.

    i. To stop these two records from registering that information, use the
    steps provided in the links below:
    Private Network Interfaces on a Domain Controller Are Registered in
    DNShttp://support.microsoft.com/?id=295328

    ii. The one section of the article that disables these records is done with
    this registry entry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    (Create this Multi-String Value under it):
    Registry value: DnsAvoidRegisterRecords
    Data type: REG_MULTI_SZ
    Values: LdapIpAddress
    GcIpAddress

    iii. Here is more information on these and other Netlogon Service records:
    Restrict the DNS SRV resource records updated by the Netlogon service
    [including GC]:
    http://www.microsoft.com/technet/tr...proddocs/standard/sag_dns_pro_no_rr_in_ad.asp

    b. Then you will need to manually create these two records in DNS with the
    IP addresses that you need for the DC. To create the LdapIpAddress, create a
    new host under the domain, but leave the "hostname" field blank, and provide
    the internal IP of the DC, which results in a record that looks like:
    (same as parent) A 192.168.5.200 (192.168.5.200 is used for illustrative
    purposes)

    i. You need to also manually create the GcIpAddress as well, if this is a
    GC. That would be under the gc._msdcs. SRV record under the zone. It is
    created in the same fashion as the LdapIpAddress mentioned above.

    8. In the DNS console, right click the server name, choose properties, then
    under the "Interfaces" tab, force it only to listen to the internal NIC's IP
    address, and not the IP address of the outer NIC.

    9. Since this is also a DNS server, the IPs from all NICs will register,
    even if you tell it not to in the NIC properties. See this to show you how
    to stop that behavior (this procedure is for Windows 2000, but will also
    work for Windows 2003):
    275554 - The Host's A Record Is Registered in DNS After You Choose Not to
    Register the Connection's Address:
    http://support.microsoft.com/?id=275554
    ############################
    Check out this link. If you set this up right it will prevent the
    2nd NIC from registering.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;289735

    The only catch here is you must manually create the GC record and Same
    as Parent A record for the host. Chances are they are already there
    though!
    ############################################

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Windows Server - Directory Services

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test before implementing!
    ------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------
    "Jose Luis" <> wrote in message
    news:u$...
    >I found some test failed and y copied them here (just error message). What
    >am i doing wrong ?
    >
    > In W2k server = cmemast001 (192.168.1.250, 192.168.1.240)
    > --------------------------------
    > Doing primary tests
    >
    > Testing server: MMM\CMEMAST001
    > Starting test: Topology
    > * Configuration Topology Integrity Check
    > * Analyzing the connection topology for
    > CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    > * Performing upstream (of target) analysis.
    > * Performing downstream (of target) analysis.
    > Downstream topology is disconnected for
    > CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    > These servers can't get changes from home server CMEMAST001:
    > MMM/CMEMAST004
    > * Analyzing the connection topology for
    > CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    > * Performing upstream (of target) analysis.
    > * Performing downstream (of target) analysis.
    > Downstream topology is disconnected for
    > CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    > These servers can't get changes from home server CMEMAST001:
    > MMM/CMEMAST004
    > * Analyzing the connection topology for DC=mmmweb,DC=com,DC=mx.
    > * Performing upstream (of target) analysis.
    > * Performing downstream (of target) analysis.
    > Downstream topology is disconnected for DC=mmmweb,DC=com,DC=mx.
    > These servers can't get changes from home server CMEMAST001:
    > MMM/CMEMAST004
    > ......................... CMEMAST001 failed test Topology
    >
    > Starting test: kccevent
    > * The KCC Event log test
    > An Warning Event occured. EventID: 0x800004F1
    > Time Generated: 06/16/2006 20:13:35
    > (Event String could not be retrieved)
    > An Warning Event occured. EventID: 0x800004F1
    > Time Generated: 06/16/2006 20:13:58
    > (Event String could not be retrieved)
    > An Warning Event occured. EventID: 0x800004F1
    > Time Generated: 06/16/2006 20:14:21
    > (Event String could not be retrieved)
    > ......................... CMEMAST001 failed test kccevent
    >
    >
    >
    > In W2k3 server = cmemast004 (192.168.1.230) (only error messages)
    > --------------------------------
    > Starting test: NetLogons
    > * Network Logons Privileges Check
    > Unable to connect to the NETLOGON share! (\\CMEMAST004\netlogon)
    > [CMEMAST004] An net use or LsaPolicy operation failed with error
    > 1203, Win32 Error 1203.
    > ......................... CMEMAST004 failed test NetLogons
    > Starting test: Advertising
    > Warning: DsGetDcName returned information for
    > \\cmemast001.mmmweb.com.mx, when we were trying to reach CMEMAST004.
    > Server is not responding or is not considered suitable.
    > The DC CMEMAST004 is advertising itself as a DC and having a DS.
    > The DC CMEMAST004 is advertising as an LDAP server
    > The DC CMEMAST004 is advertising as having a writeable directory
    > The DC CMEMAST004 is advertising as a Key Distribution Center
    > The DC CMEMAST004 is advertising as a time server
    > ......................... CMEMAST004 failed test Advertising
    >
    > Starting test: frsevent
    > * The File Replication Service Event log test
    > There are warning or error events within the last 24 hours after
    > the SYSVOL has been shared. Failing SYSVOL replication problems
    > may cause Group Policy problems.
    > An Warning Event occured. EventID: 0x800034C4
    > Time Generated: 06/15/2006 20:52:59
    > (Event String could not be retrieved)
    > ......................... CMEMAST004 failed test frsevent
    >
    > Starting test: systemlog
    > * The System Event log test
    > An Error Event occured. EventID: 0xC00010E1
    > Time Generated: 06/16/2006 19:20:26
    > (Event String could not be retrieved)
    > An Error Event occured. EventID: 0xC00010E1
    > Time Generated: 06/16/2006 19:21:24
    > (Event String could not be retrieved)
    > An Error Event occured. EventID: 0xC0002719
    > Time Generated: 06/16/2006 20:15:03
    > (Event String could not be retrieved)
    > ......................... CMEMAST004 failed test systemlog
    >
    > DNS Tests are running and not hung. Please wait a few minutes...
    >
    > Starting test: DNS
    > Test results for domain controllers:
    >
    > DC: cmemast004.mmmweb.com.mx
    > Domain: mmmweb.com.mx
    >
    >
    > TEST: Authentication (Auth)
    > Authentication test: Successfully completed
    >
    > TEST: Basic (Basc)
    > Microsoft(R) Windows(R) Server 2003, Standard Edition
    > (Service Pack level: 1.0) is supported
    > NETLOGON service is running
    > kdc service is running
    > DNSCACHE service is running
    > DNS service is running
    > DC is a DNS server
    > Network adapters information:
    > Adapter [00000001] HP NC7781 Gigabit Server Adapter:
    > MAC address is 00:11:85:E7:BF:68
    > IP address is static
    > IP address: 192.168.1.230
    > DNS servers:
    > 192.168.1.230 (<name unavailable>) [Valid]
    > Warning: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
    > [Invalid (unreachable)]
    > The A record for this DC was found
    > The SOA record for the Active Directory zone was found
    > The Active Directory zone on this DC/DNS server was found
    > (secondary)
    > Root zone on this DC/DNS server was not found
    >
    > TEST: Forwarders/Root hints (Forw)
    > Recursion is enabled
    > Forwarders are not configured on this DNS server
    > Root hint Information:
    > Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
    > Name: b.root-servers.net. IP: 192.228.79.201 [Invalid]
    > Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
    > Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
    > Name: e.root-servers.net. IP: 192.203.230.10 [Invalid]
    > Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
    > Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
    > Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
    > Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
    > Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
    > Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
    > Name: l.root-servers.net. IP: 198.32.64.12 [Invalid]
    > Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
    >
    > TEST: Delegations (Del)
    > Delegation information for the zone: mmmweb.com.mx.
    > Delegated domain name: nueva.mmmweb.com.mx.
    > Error: DNS server: cmemast001.mmmweb.com.mx.
    > IP:192.168.1.240 [Broken delegation]
    > Error: DNS server: cmemast001.mmmweb.com.mx.
    > IP:192.168.1.250 [Broken delegation]
    >
    > TEST: Dynamic update (Dyn)
    > Dynamic Update tests are skipped since mmmweb.com.mx
    > is a secondary zone. DNS Record updates can't happen on
    > the secondary zones
    >
    > TEST: Records registration (RReg)
    > Network Adapter [00000001] HP NC7781 Gigabit Server
    > Adapter:
    > Matching A record found at DNS server 192.168.1.230:
    > cmemast004.mmmweb.com.mx
    >
    > Matching CNAME record found at DNS server
    > 192.168.1.230:
    >
    > 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
    >
    > Matching DC SRV record found at DNS server
    > 192.168.1.230:
    > _ldap._tcp.dc._msdcs.mmmweb.com.mx
    >
    >
    > DNS server: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
    > 2 test failures on this DNS server
    > This is not a valid DNS server. PTR record query for the
    > 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.250
    > [Error details: 1460 (Type: Win32 - Description: Esta
    > operaci¢n ha regresado debido a que el tiempo de espera ha caducado.)]
    > Name resolution is not functional. _ldap._tcp.mmmweb.com.mx.
    > failed on the DNS server 192.168.1.250
    > [Error details: 1460 (Type: Win32 - Description: Esta
    > operaci¢n ha regresado debido a que el tiempo de espera ha caducado.)]
    > Delegation is broken for the domain nueva.mmmweb.com.mx. on
    > the DNS server 192.168.1.250
    > [Error details: 1460 (Type: Win32 - Description: Esta
    > operaci¢n ha regresado debido a que el tiempo de espera ha caducado.) -
    > Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS server
    > 192.168.1.250]
    >
    > DNS server: 192.168.1.240 (cmemast001.mmmweb.com.mx.)
    > 1 test failure on this DNS server
    > This is a valid DNS server.
    > Delegation is broken for the domain nueva.mmmweb.com.mx. on
    > the DNS server 192.168.1.240
    > [Error details: 1460 (Type: Win32 - Description: Esta
    > operaci¢n ha regresado debido a que el tiempo de espera ha caducado.) -
    > Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS server
    > 192.168.1.240]
    >
    > DNS server: 192.168.1.230 (<name unavailable>)
    > All tests passed on this DNS server
    > This is a valid DNS server.
    > Name resolution is funtional. _ldap._tcp SRV record for the
    > forest root domain is registered
    >
    > Summary of DNS test results:
    >
    > Auth Basc Forw Del Dyn RReg
    > Ext
    >
    > ________________________________________________________________
    > Domain: mmmweb.com.mx
    > cmemast004 PASS WARN PASS FAIL n/a PASS
    > n/a
    >
    > ......................... mmmweb.com.mx failed test DNS
    >
    >
    > "Jorge de Almeida Pinto [MVP]"
    > <> escribió en el
    > mensaje news:...
    >> any event ID errors/warnings?
    >>
    >> run:
    >> DCDIAG /D /C /V on both
    >>
    >> --
    >>
    >> Cheers,
    >> (HOPEFULLY THIS INFORMATION HELPS YOU!)
    >>
    >> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
    >>
    >> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    >> ------------------------------------------------------------------------------------------
    >> * This posting is provided "AS IS" with no warranties and confers no
    >> rights!
    >> * Always test before implementing!
    >> ------------------------------------------------------------------------------------------
    >> #################################################
    >> #################################################
    >> ------------------------------------------------------------------------------------------
    >> "Jose Luis" <> wrote in message
    >> news:...
    >>> Yes, both of them are up, running and available. I believe the problem
    >>> is my DC(1) with w2k (it own fsmo and GC). I want to tranfer the roles
    >>> in another DC with w2k3 in order to replace the hardware for DC(1) but
    >>> when I try to do this I got the RPC error.
    >>>
    >>> Any idea ..?
    >>>
    >>> Thanks
    >>>
    >>>
    >>> "Jorge de Almeida Pinto [MVP]"
    >>> <> escribió en el
    >>> mensaje news:...
    >>>> are both DCs up and running, available and reachable?
    >>>>
    >>>> --
    >>>>
    >>>> Cheers,
    >>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
    >>>>
    >>>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
    >>>>
    >>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    >>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    >>>> ------------------------------------------------------------------------------------------
    >>>> * This posting is provided "AS IS" with no warranties and confers no
    >>>> rights!
    >>>> * Always test before implementing!
    >>>> ------------------------------------------------------------------------------------------
    >>>> #################################################
    >>>> #################################################
    >>>> ------------------------------------------------------------------------------------------
    >>>> "Jose Luis" <> wrote in message
    >>>> news:...
    >>>>> Hi all,
    >>>>>
    >>>>> We are getting a error message when we try to tranfer FSMO to
    >>>>> another Domain Controller - "DsBindW error 0x6ba (The RPC server is
    >>>>> unavailable)". I t occur using graphics interface or using ntdsutil
    >>>>> command.
    >>>>>
    >>>>> The fmso´s owner is a DC using W2k and the new DC that will assume the
    >>>>> roles is W2k3.
    >>>>>
    >>>>> Also the event viewer show this warnning:
    >>>>> Source: NTDS KCC
    >>>>>
    >>>>> The attempt to establish a replication link with parameters
    >>>>>
    >>>>> Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    >>>>> Source DSA DN: CN=NTDS
    >>>>> Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    >>>>> Source DSA Address:
    >>>>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
    >>>>> Inter-site Transport (if any):
    >>>>>
    >>>>> failed with the following status:
    >>>>>
    >>>>> The RPC server is unavailable.
    >>>>>
    >>>>> The record data is the status code. This operation will be retried.
    >>>>>
    >>>>> Any idea abut this error..? Please let me know any hints.
    >>>>>
    >>>>> Regards,
    >>>>>
    >>>>> José Luis
    >>>>>
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
    Jorge de Almeida Pinto [MVP], Jun 17, 2006
    #6
  7. Jose Luis

    Jose Luis Guest

    Why do you say that W2k is multihomed ? I don´t get that part.

    "Jorge de Almeida Pinto [MVP]"
    <> escribió en el
    mensaje news:%...
    > if I'm not mistaken the SYSVOL of the w2k3 DC is empty...right? (reason I
    > say this is that the netlogon test failed)
    >
    > you are also having replication issues between the 2 DCs.
    >
    > most probably this is due to DNS configuration and that the w2k is
    > multihomed (which is not recommended as it requires additional
    > configuration)
    >
    > A while ago I found a post written by Ace Fekay and some other people
    > about multi-homed DCs.
    >
    > ############################################
    > BY: Ace Fekay
    > Here you go...but first my views on multi-homed DCs... (ouch!)
    > ==================================
    > Multi-homed DCs, What a Mess... It cuts into your drinking time...
    >
    >
    > Honestly, multi-homed DCs are not recommended because of the associated
    > issues that can occur, as you've encountered. We usually recommend
    > purchasing an inexpensive Linksys, DLink, etc, Cable/DSL router to perform
    > NAT for you, take out the extra NIC off the DC, but still let the DC
    > handle
    > DHCP (and not the router).
    >
    > Since this DC is multi-homed, it requires additional configuration to
    > prevent the public interface addresses from being registered in DNS. This
    > creates a problem for internal clients locating AD to authenticate and
    > find
    > other services and resources such as the Global Catalog, file sharing and
    > the SYSVOL DFS share and can cause GPO errors with Userenv 1000 events to
    > be
    > logged, authenticating to shares and printers, logging on takes forever,
    > among numerous other issues.
    >
    > But if you like, there are some registry changes to eliminate the
    > registration of the external NIC. Here's the whole list of manual steps to
    > follow (this inculdes some of the stuff I already gave you):
    >
    > But believe me, it's much easier to just get a separate NAT device or
    > multihome a non-DC then having to alter the DC. - Good luck!
    >
    > ===================================
    > 1. In the DNS management console, in the properties of the DNS server,
    > Interfaces tab, set DNS to only listen on the private IP you want in DNS
    > for
    > the server. This is for your private network that your clients use.
    >
    >
    > 2. Add this registry entry with regedt32 to stop the (same as parent
    > folder)
    > records and the GC record, also called the LdapIpAddress and GcIpAddress.
    >
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    > On the Edit menu, point to New, and then click REG_MULTI_SZ as the data
    > type:
    >
    > Registry value: DnsAvoidRegisterRecords
    > Data type: REG_MULTI_SZ
    >
    > (and in the box, you would type in the following to stop their
    > registration):
    >
    > LdapIpAddress
    > GcIpAddress
    >
    >
    > 3. Then you will need to manually create the LdapIpAddress and GcIpAddress
    > records in DNS.
    > The LdapIpAddress resolves to the domain controllers in the domain. The
    > GcIpAddress resolves
    > to the Global Catalogs in the forest as gc._msdcs.forestroot.com.
    >
    > To manually create the LdapIpAddress, create a new host but leave the name
    > field blank,
    > give it the IP of the internal interface. Windows 2k barks at you saying
    > (same as parent folder) is not a valid host name,click OK to create the
    > record anyway.
    > Windows 2003 won't bark. It's house-broken out of the box.
    >
    > To manually create the GcIpAddress, navigate to the _msdcs folder, under
    > it
    > click the gc
    > folder, then rt-click, create new host, leave the name field blank, give
    > it
    > the IP of the
    > internal interface. Windows 2k barks at you saying (same as parent folder)
    > is not a valid
    > host name,click OK to create the record anyway. Windows 2003 won't bark.
    >
    >
    > 4. To stop registration of both NICs, add (if it exists) or alter this reg
    > entry:
    >
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    >
    > On the Edit menu, point to New, and then click DWORD Value to add the
    > following registry value:
    > Value name: RegisterDnsARecords
    > Data type: REG_DWORD
    > Value data: 0
    >
    > Then manually create a new host record for the server name in DNS and give
    > it the IP of the internal interface
    >
    >
    > 5. Right click on Network places, choose properties, in the Advanced menu
    > item
    > select Advanced settings. Make sure the internal interface is at the top
    > of
    > the connections pane and File sharing is enabled on the internal
    > interface.
    >
    >
    > 6. On the outer NIC, disable File and Print Services, Microsoft Client
    > Service,
    > then go into IP properties, click on Advanced, choose the WINS tab and
    > disable NetBIOS.
    >
    >
    > 7. On the outer NIC, only put in the internal IP address of the DNS server
    > (this machine).
    >
    >
    > 8. If you haven't done so, configure a forwarder. You can use 4.2.2.2 if
    > not
    > sure which
    > DNS to forward to until you've got the DNS address of your ISP. How to set
    > a
    > forwarder?
    > Depending on your operating system,choose one of the following articles:
    >
    > 300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
    > http://support.microsoft.com/?id=300202&FR=1
    >
    > 323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
    > (How to configure a forwarder):
    > http://support.microsoft.com/d/id?=323380
    >
    >
    >
    > *** Some additional reading:
    >
    > 246804 - How to enable or disable DNS updates in Windows 2000 and in
    > Windows
    > Server 2003
    > http://support.microsoft.com/?id=246804
    >
    > 295328 - Private Network Interfaces on a Domain Controller Are Registered
    > in
    > DNS
    > [also shows DnsAvoidRegisterRecords LdapIpAddress to avoid reg
    > sameasparent
    > private IP]:
    > http://support.microsoft.com/?id=295328
    >
    > 306602 - How to Optimize the Location of a DC or GC That Resides Outside
    > of
    > a Client's
    > Site [Includes info LdapIpAddress and GcIpAddress information and the SRV
    > mnemonic values]:
    > http://support.microsoft.com/?id=306602
    >
    > 825036 - Best practices for DNS client settings in Windows 2000 Server and
    > in Windows Server 2003 (including how-to configure a forwarder):
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;825036
    >
    > 291382 - Frequently asked questions about Windows 2000 DNS and Windows
    > Server 2003 DNS
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;291382
    >
    > 296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
    > [Registry Entry]:
    > http://support.microsoft.com/?id=296379
    >
    > 292822 - Name Resolution and Connectivity Issues on Windows 2000 Domain
    > Controller with Routing and Remote Access and DNS Insta {DNS and RRAS and
    > unwanted IPs registering]:
    > http://support.microsoft.com/?id=292822
    > ##############################################
    > IN addition to Mark's suggestions (good link he provided!), if you want to
    > keep the extra NIC turned on (for wahtever reason, but I really suggest to
    > disable it), here are some extra steps to follow:
    >
    > 1. Insure that all the NICS only point to your internal DNS server(s) only
    > and none others, such as your ISP's DNS servers' IP addresses.
    >
    > 2. In Network & Dialup properties, Advanced Menu item, Advanced Settings,
    > move the internal NIC (the network that AD is on) to the top of the
    > binding
    > order (top of the list).
    >
    > 3. Disable the ability for the outer NIC to register. The procedure, as
    > mentioned, involves identifying the outer NIC's GUID number. This link
    > will
    > show you how:
    > 246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations (per
    > NIC too):
    > http://support.microsoft.com/?id=246804
    >
    > 4. Disable NetBIOS on the outside NIC. That is performed by choosing to
    > disable NetBIOS in IP Properties, Advanced, and you will find that under
    > the
    > "WINS" tab. You may want to look at step #3 in the article to show you how
    > to disable NetBIOS on the RRAS interfaces if this is a RRAS server.
    > 296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
    > [Registry Entry]:
    > http://support.microsoft.com/?id=296379
    >
    > Note: A standard Windows service, called the "Browser service", provides
    > the
    > list of machines, workgroup and domain names that you see in "My Network
    > Places" (or the legacy term "Network Neighborhood"). The Browser service
    > relies on the NetBIOS service. One major requirement of NetBIOS service is
    > a
    > machine can only have one name to one IP address. It's sort of a
    > fingerprint. You can't have two brothers named Darrell. A multihomed
    > machine
    > will cause duplicate name errors on itself because Windows sees itself
    > with
    > the same name in the Browse List (My Network Places), but with different
    > IPs. You can only have one, hence the error generated.
    >
    > 5. Disable the "File and Print Service" and disable the "MS Client
    > Service"
    > on the outer NIC. That is done in NIC properties by unchecking the
    > respective service under the general properties page. If you need these
    > services on the outside NIC (which is unlikely), which allow other
    > machines
    > to connect to your machine for accessing resource on your machine (shared
    > folders, printers, etc.), then you will probably need to keep them
    > enabled.
    >
    > 6. Uncheck "Register this connection" under IP properties, Advanced
    > settings, "DNS" tab.
    >
    > 7. Delete the outer NIC IP address, disable Netlogon registration, and
    > manually create the required records
    >
    > a. In DNS under the zone name, (your DNS domain name), delete the outer
    > NIC's
    > IP references for the "LdapIpAddress". If this is a GC, you will need to
    > delete the GC IP record as well (the "GcIpAddress"). To do that, in the
    > DNS
    > console, under the zone name, you will see the _msdcs folder. Under that,
    > you will see the _gc folder. To the right, you will see the IP address
    > referencing the GC address. That is called the GcIpAddress. Delete the IP
    > addresses referencing the outer NIC.
    >
    > i. To stop these two records from registering that information, use the
    > steps provided in the links below:
    > Private Network Interfaces on a Domain Controller Are Registered in
    > DNShttp://support.microsoft.com/?id=295328
    >
    > ii. The one section of the article that disables these records is done
    > with
    > this registry entry:
    >
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    > (Create this Multi-String Value under it):
    > Registry value: DnsAvoidRegisterRecords
    > Data type: REG_MULTI_SZ
    > Values: LdapIpAddress
    > GcIpAddress
    >
    > iii. Here is more information on these and other Netlogon Service records:
    > Restrict the DNS SRV resource records updated by the Netlogon service
    > [including GC]:
    > http://www.microsoft.com/technet/tr...proddocs/standard/sag_dns_pro_no_rr_in_ad.asp
    >
    > b. Then you will need to manually create these two records in DNS with the
    > IP addresses that you need for the DC. To create the LdapIpAddress, create
    > a
    > new host under the domain, but leave the "hostname" field blank, and
    > provide
    > the internal IP of the DC, which results in a record that looks like:
    > (same as parent) A 192.168.5.200 (192.168.5.200 is used for illustrative
    > purposes)
    >
    > i. You need to also manually create the GcIpAddress as well, if this is a
    > GC. That would be under the gc._msdcs. SRV record under the zone. It is
    > created in the same fashion as the LdapIpAddress mentioned above.
    >
    > 8. In the DNS console, right click the server name, choose properties,
    > then
    > under the "Interfaces" tab, force it only to listen to the internal NIC's
    > IP
    > address, and not the IP address of the outer NIC.
    >
    > 9. Since this is also a DNS server, the IPs from all NICs will register,
    > even if you tell it not to in the NIC properties. See this to show you how
    > to stop that behavior (this procedure is for Windows 2000, but will also
    > work for Windows 2003):
    > 275554 - The Host's A Record Is Registered in DNS After You Choose Not to
    > Register the Connection's Address:
    > http://support.microsoft.com/?id=275554
    > ############################
    > Check out this link. If you set this up right it will prevent the
    > 2nd NIC from registering.
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;289735
    >
    > The only catch here is you must manually create the GC record and Same
    > as Parent A record for the host. Chances are they are already there
    > though!
    > ############################################
    >
    > --
    >
    > Cheers,
    > (HOPEFULLY THIS INFORMATION HELPS YOU!)
    >
    > # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
    >
    > BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    > BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    > ------------------------------------------------------------------------------------------
    > * This posting is provided "AS IS" with no warranties and confers no
    > rights!
    > * Always test before implementing!
    > ------------------------------------------------------------------------------------------
    > #################################################
    > #################################################
    > ------------------------------------------------------------------------------------------
    > "Jose Luis" <> wrote in message
    > news:u$...
    >>I found some test failed and y copied them here (just error message).
    >>What am i doing wrong ?
    >>
    >> In W2k server = cmemast001 (192.168.1.250, 192.168.1.240)
    >> --------------------------------
    >> Doing primary tests
    >>
    >> Testing server: MMM\CMEMAST001
    >> Starting test: Topology
    >> * Configuration Topology Integrity Check
    >> * Analyzing the connection topology for
    >> CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    >> * Performing upstream (of target) analysis.
    >> * Performing downstream (of target) analysis.
    >> Downstream topology is disconnected for
    >> CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    >> These servers can't get changes from home server CMEMAST001:
    >> MMM/CMEMAST004
    >> * Analyzing the connection topology for
    >> CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    >> * Performing upstream (of target) analysis.
    >> * Performing downstream (of target) analysis.
    >> Downstream topology is disconnected for
    >> CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    >> These servers can't get changes from home server CMEMAST001:
    >> MMM/CMEMAST004
    >> * Analyzing the connection topology for DC=mmmweb,DC=com,DC=mx.
    >> * Performing upstream (of target) analysis.
    >> * Performing downstream (of target) analysis.
    >> Downstream topology is disconnected for DC=mmmweb,DC=com,DC=mx.
    >> These servers can't get changes from home server CMEMAST001:
    >> MMM/CMEMAST004
    >> ......................... CMEMAST001 failed test Topology
    >>
    >> Starting test: kccevent
    >> * The KCC Event log test
    >> An Warning Event occured. EventID: 0x800004F1
    >> Time Generated: 06/16/2006 20:13:35
    >> (Event String could not be retrieved)
    >> An Warning Event occured. EventID: 0x800004F1
    >> Time Generated: 06/16/2006 20:13:58
    >> (Event String could not be retrieved)
    >> An Warning Event occured. EventID: 0x800004F1
    >> Time Generated: 06/16/2006 20:14:21
    >> (Event String could not be retrieved)
    >> ......................... CMEMAST001 failed test kccevent
    >>
    >>
    >>
    >> In W2k3 server = cmemast004 (192.168.1.230) (only error messages)
    >> --------------------------------
    >> Starting test: NetLogons
    >> * Network Logons Privileges Check
    >> Unable to connect to the NETLOGON share! (\\CMEMAST004\netlogon)
    >> [CMEMAST004] An net use or LsaPolicy operation failed with error
    >> 1203, Win32 Error 1203.
    >> ......................... CMEMAST004 failed test NetLogons
    >> Starting test: Advertising
    >> Warning: DsGetDcName returned information for
    >> \\cmemast001.mmmweb.com.mx, when we were trying to reach CMEMAST004.
    >> Server is not responding or is not considered suitable.
    >> The DC CMEMAST004 is advertising itself as a DC and having a DS.
    >> The DC CMEMAST004 is advertising as an LDAP server
    >> The DC CMEMAST004 is advertising as having a writeable directory
    >> The DC CMEMAST004 is advertising as a Key Distribution Center
    >> The DC CMEMAST004 is advertising as a time server
    >> ......................... CMEMAST004 failed test Advertising
    >>
    >> Starting test: frsevent
    >> * The File Replication Service Event log test
    >> There are warning or error events within the last 24 hours after
    >> the SYSVOL has been shared. Failing SYSVOL replication problems
    >> may cause Group Policy problems.
    >> An Warning Event occured. EventID: 0x800034C4
    >> Time Generated: 06/15/2006 20:52:59
    >> (Event String could not be retrieved)
    >> ......................... CMEMAST004 failed test frsevent
    >>
    >> Starting test: systemlog
    >> * The System Event log test
    >> An Error Event occured. EventID: 0xC00010E1
    >> Time Generated: 06/16/2006 19:20:26
    >> (Event String could not be retrieved)
    >> An Error Event occured. EventID: 0xC00010E1
    >> Time Generated: 06/16/2006 19:21:24
    >> (Event String could not be retrieved)
    >> An Error Event occured. EventID: 0xC0002719
    >> Time Generated: 06/16/2006 20:15:03
    >> (Event String could not be retrieved)
    >> ......................... CMEMAST004 failed test systemlog
    >>
    >> DNS Tests are running and not hung. Please wait a few minutes...
    >>
    >> Starting test: DNS
    >> Test results for domain controllers:
    >>
    >> DC: cmemast004.mmmweb.com.mx
    >> Domain: mmmweb.com.mx
    >>
    >>
    >> TEST: Authentication (Auth)
    >> Authentication test: Successfully completed
    >>
    >> TEST: Basic (Basc)
    >> Microsoft(R) Windows(R) Server 2003, Standard Edition
    >> (Service Pack level: 1.0) is supported
    >> NETLOGON service is running
    >> kdc service is running
    >> DNSCACHE service is running
    >> DNS service is running
    >> DC is a DNS server
    >> Network adapters information:
    >> Adapter [00000001] HP NC7781 Gigabit Server Adapter:
    >> MAC address is 00:11:85:E7:BF:68
    >> IP address is static
    >> IP address: 192.168.1.230
    >> DNS servers:
    >> 192.168.1.230 (<name unavailable>) [Valid]
    >> Warning: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
    >> [Invalid (unreachable)]
    >> The A record for this DC was found
    >> The SOA record for the Active Directory zone was found
    >> The Active Directory zone on this DC/DNS server was
    >> found (secondary)
    >> Root zone on this DC/DNS server was not found
    >>
    >> TEST: Forwarders/Root hints (Forw)
    >> Recursion is enabled
    >> Forwarders are not configured on this DNS server
    >> Root hint Information:
    >> Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
    >> Name: b.root-servers.net. IP: 192.228.79.201
    >> [Invalid]
    >> Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
    >> Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
    >> Name: e.root-servers.net. IP: 192.203.230.10
    >> [Invalid]
    >> Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
    >> Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
    >> Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
    >> Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
    >> Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
    >> Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
    >> Name: l.root-servers.net. IP: 198.32.64.12 [Invalid]
    >> Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
    >>
    >> TEST: Delegations (Del)
    >> Delegation information for the zone: mmmweb.com.mx.
    >> Delegated domain name: nueva.mmmweb.com.mx.
    >> Error: DNS server: cmemast001.mmmweb.com.mx.
    >> IP:192.168.1.240 [Broken delegation]
    >> Error: DNS server: cmemast001.mmmweb.com.mx.
    >> IP:192.168.1.250 [Broken delegation]
    >>
    >> TEST: Dynamic update (Dyn)
    >> Dynamic Update tests are skipped since mmmweb.com.mx
    >> is a secondary zone. DNS Record updates can't happen on
    >> the secondary zones
    >>
    >> TEST: Records registration (RReg)
    >> Network Adapter [00000001] HP NC7781 Gigabit Server
    >> Adapter:
    >> Matching A record found at DNS server 192.168.1.230:
    >> cmemast004.mmmweb.com.mx
    >>
    >> Matching CNAME record found at DNS server
    >> 192.168.1.230:
    >>
    >> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
    >>
    >> Matching DC SRV record found at DNS server
    >> 192.168.1.230:
    >> _ldap._tcp.dc._msdcs.mmmweb.com.mx
    >>
    >>
    >> DNS server: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
    >> 2 test failures on this DNS server
    >> This is not a valid DNS server. PTR record query for the
    >> 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.250
    >> [Error details: 1460 (Type: Win32 - Description: Esta
    >> operaci¢n ha regresado debido a que el tiempo de espera ha caducado.)]
    >> Name resolution is not functional.
    >> _ldap._tcp.mmmweb.com.mx. failed on the DNS server 192.168.1.250
    >> [Error details: 1460 (Type: Win32 - Description: Esta
    >> operaci¢n ha regresado debido a que el tiempo de espera ha caducado.)]
    >> Delegation is broken for the domain nueva.mmmweb.com.mx. on
    >> the DNS server 192.168.1.250
    >> [Error details: 1460 (Type: Win32 - Description: Esta
    >> operaci¢n ha regresado debido a que el tiempo de espera ha caducado.) -
    >> Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS
    >> server 192.168.1.250]
    >>
    >> DNS server: 192.168.1.240 (cmemast001.mmmweb.com.mx.)
    >> 1 test failure on this DNS server
    >> This is a valid DNS server.
    >> Delegation is broken for the domain nueva.mmmweb.com.mx. on
    >> the DNS server 192.168.1.240
    >> [Error details: 1460 (Type: Win32 - Description: Esta
    >> operaci¢n ha regresado debido a que el tiempo de espera ha caducado.) -
    >> Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS
    >> server 192.168.1.240]
    >>
    >> DNS server: 192.168.1.230 (<name unavailable>)
    >> All tests passed on this DNS server
    >> This is a valid DNS server.
    >> Name resolution is funtional. _ldap._tcp SRV record for the
    >> forest root domain is registered
    >>
    >> Summary of DNS test results:
    >>
    >> Auth Basc Forw Del Dyn RReg
    >> Ext
    >>
    >> ________________________________________________________________
    >> Domain: mmmweb.com.mx
    >> cmemast004 PASS WARN PASS FAIL n/a PASS
    >> n/a
    >>
    >> ......................... mmmweb.com.mx failed test DNS
    >>
    >>
    >> "Jorge de Almeida Pinto [MVP]"
    >> <> escribió en el
    >> mensaje news:...
    >>> any event ID errors/warnings?
    >>>
    >>> run:
    >>> DCDIAG /D /C /V on both
    >>>
    >>> --
    >>>
    >>> Cheers,
    >>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
    >>>
    >>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
    >>>
    >>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    >>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    >>> ------------------------------------------------------------------------------------------
    >>> * This posting is provided "AS IS" with no warranties and confers no
    >>> rights!
    >>> * Always test before implementing!
    >>> ------------------------------------------------------------------------------------------
    >>> #################################################
    >>> #################################################
    >>> ------------------------------------------------------------------------------------------
    >>> "Jose Luis" <> wrote in message
    >>> news:...
    >>>> Yes, both of them are up, running and available. I believe the problem
    >>>> is my DC(1) with w2k (it own fsmo and GC). I want to tranfer the roles
    >>>> in another DC with w2k3 in order to replace the hardware for DC(1) but
    >>>> when I try to do this I got the RPC error.
    >>>>
    >>>> Any idea ..?
    >>>>
    >>>> Thanks
    >>>>
    >>>>
    >>>> "Jorge de Almeida Pinto [MVP]"
    >>>> <> escribió en el
    >>>> mensaje news:...
    >>>>> are both DCs up and running, available and reachable?
    >>>>>
    >>>>> --
    >>>>>
    >>>>> Cheers,
    >>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
    >>>>>
    >>>>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
    >>>>>
    >>>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    >>>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    >>>>> ------------------------------------------------------------------------------------------
    >>>>> * This posting is provided "AS IS" with no warranties and confers no
    >>>>> rights!
    >>>>> * Always test before implementing!
    >>>>> ------------------------------------------------------------------------------------------
    >>>>> #################################################
    >>>>> #################################################
    >>>>> ------------------------------------------------------------------------------------------
    >>>>> "Jose Luis" <> wrote in message
    >>>>> news:...
    >>>>>> Hi all,
    >>>>>>
    >>>>>> We are getting a error message when we try to tranfer FSMO to
    >>>>>> another Domain Controller - "DsBindW error 0x6ba (The RPC server is
    >>>>>> unavailable)". I t occur using graphics interface or using ntdsutil
    >>>>>> command.
    >>>>>>
    >>>>>> The fmso´s owner is a DC using W2k and the new DC that will assume
    >>>>>> the roles is W2k3.
    >>>>>>
    >>>>>> Also the event viewer show this warnning:
    >>>>>> Source: NTDS KCC
    >>>>>>
    >>>>>> The attempt to establish a replication link with parameters
    >>>>>>
    >>>>>> Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    >>>>>> Source DSA DN: CN=NTDS
    >>>>>> Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    >>>>>> Source DSA Address:
    >>>>>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
    >>>>>> Inter-site Transport (if any):
    >>>>>>
    >>>>>> failed with the following status:
    >>>>>>
    >>>>>> The RPC server is unavailable.
    >>>>>>
    >>>>>> The record data is the status code. This operation will be retried.
    >>>>>>
    >>>>>> Any idea abut this error..? Please let me know any hints.
    >>>>>>
    >>>>>> Regards,
    >>>>>>
    >>>>>> José Luis
    >>>>>>
    >>>>>
    >>>>>
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
    Jose Luis, Jun 17, 2006
    #7
  8. In W2k server = cmemast001 (192.168.1.250, 192.168.1.240)
    In W2k3 server = cmemast004 (192.168.1.230)

    Delegation is broken for the domain nueva.mmmweb.com.mx. on
    the DNS server 192.168.1.240

    Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS server
    192.168.1.250


    looking at it again, it might not be multihomed, but it has two IPs

    but instead of guessing and asking... which one is it?

    there IS something wrong with your DNS environment. Check that! (also check
    if TCP/IP settings of DCs are OK!)
    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Windows Server - Directory Services

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test before implementing!
    ------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------
    "Jose Luis" <> wrote in message
    news:...
    > Why do you say that W2k is multihomed ? I don´t get that part.
    >
    > "Jorge de Almeida Pinto [MVP]"
    > <> escribió en el
    > mensaje news:%...
    >> if I'm not mistaken the SYSVOL of the w2k3 DC is empty...right? (reason I
    >> say this is that the netlogon test failed)
    >>
    >> you are also having replication issues between the 2 DCs.
    >>
    >> most probably this is due to DNS configuration and that the w2k is
    >> multihomed (which is not recommended as it requires additional
    >> configuration)
    >>
    >> A while ago I found a post written by Ace Fekay and some other people
    >> about multi-homed DCs.
    >>
    >> ############################################
    >> BY: Ace Fekay
    >> Here you go...but first my views on multi-homed DCs... (ouch!)
    >> ==================================
    >> Multi-homed DCs, What a Mess... It cuts into your drinking time...
    >>
    >>
    >> Honestly, multi-homed DCs are not recommended because of the associated
    >> issues that can occur, as you've encountered. We usually recommend
    >> purchasing an inexpensive Linksys, DLink, etc, Cable/DSL router to
    >> perform
    >> NAT for you, take out the extra NIC off the DC, but still let the DC
    >> handle
    >> DHCP (and not the router).
    >>
    >> Since this DC is multi-homed, it requires additional configuration to
    >> prevent the public interface addresses from being registered in DNS. This
    >> creates a problem for internal clients locating AD to authenticate and
    >> find
    >> other services and resources such as the Global Catalog, file sharing and
    >> the SYSVOL DFS share and can cause GPO errors with Userenv 1000 events to
    >> be
    >> logged, authenticating to shares and printers, logging on takes forever,
    >> among numerous other issues.
    >>
    >> But if you like, there are some registry changes to eliminate the
    >> registration of the external NIC. Here's the whole list of manual steps
    >> to
    >> follow (this inculdes some of the stuff I already gave you):
    >>
    >> But believe me, it's much easier to just get a separate NAT device or
    >> multihome a non-DC then having to alter the DC. - Good luck!
    >>
    >> ===================================
    >> 1. In the DNS management console, in the properties of the DNS server,
    >> Interfaces tab, set DNS to only listen on the private IP you want in DNS
    >> for
    >> the server. This is for your private network that your clients use.
    >>
    >>
    >> 2. Add this registry entry with regedt32 to stop the (same as parent
    >> folder)
    >> records and the GC record, also called the LdapIpAddress and GcIpAddress.
    >>
    >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    >> On the Edit menu, point to New, and then click REG_MULTI_SZ as the data
    >> type:
    >>
    >> Registry value: DnsAvoidRegisterRecords
    >> Data type: REG_MULTI_SZ
    >>
    >> (and in the box, you would type in the following to stop their
    >> registration):
    >>
    >> LdapIpAddress
    >> GcIpAddress
    >>
    >>
    >> 3. Then you will need to manually create the LdapIpAddress and
    >> GcIpAddress
    >> records in DNS.
    >> The LdapIpAddress resolves to the domain controllers in the domain. The
    >> GcIpAddress resolves
    >> to the Global Catalogs in the forest as gc._msdcs.forestroot.com.
    >>
    >> To manually create the LdapIpAddress, create a new host but leave the
    >> name
    >> field blank,
    >> give it the IP of the internal interface. Windows 2k barks at you saying
    >> (same as parent folder) is not a valid host name,click OK to create the
    >> record anyway.
    >> Windows 2003 won't bark. It's house-broken out of the box.
    >>
    >> To manually create the GcIpAddress, navigate to the _msdcs folder, under
    >> it
    >> click the gc
    >> folder, then rt-click, create new host, leave the name field blank, give
    >> it
    >> the IP of the
    >> internal interface. Windows 2k barks at you saying (same as parent
    >> folder)
    >> is not a valid
    >> host name,click OK to create the record anyway. Windows 2003 won't bark.
    >>
    >>
    >> 4. To stop registration of both NICs, add (if it exists) or alter this
    >> reg
    >> entry:
    >>
    >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    >>
    >> On the Edit menu, point to New, and then click DWORD Value to add the
    >> following registry value:
    >> Value name: RegisterDnsARecords
    >> Data type: REG_DWORD
    >> Value data: 0
    >>
    >> Then manually create a new host record for the server name in DNS and
    >> give
    >> it the IP of the internal interface
    >>
    >>
    >> 5. Right click on Network places, choose properties, in the Advanced menu
    >> item
    >> select Advanced settings. Make sure the internal interface is at the top
    >> of
    >> the connections pane and File sharing is enabled on the internal
    >> interface.
    >>
    >>
    >> 6. On the outer NIC, disable File and Print Services, Microsoft Client
    >> Service,
    >> then go into IP properties, click on Advanced, choose the WINS tab and
    >> disable NetBIOS.
    >>
    >>
    >> 7. On the outer NIC, only put in the internal IP address of the DNS
    >> server
    >> (this machine).
    >>
    >>
    >> 8. If you haven't done so, configure a forwarder. You can use 4.2.2.2 if
    >> not
    >> sure which
    >> DNS to forward to until you've got the DNS address of your ISP. How to
    >> set a
    >> forwarder?
    >> Depending on your operating system,choose one of the following articles:
    >>
    >> 300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
    >> http://support.microsoft.com/?id=300202&FR=1
    >>
    >> 323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
    >> (How to configure a forwarder):
    >> http://support.microsoft.com/d/id?=323380
    >>
    >>
    >>
    >> *** Some additional reading:
    >>
    >> 246804 - How to enable or disable DNS updates in Windows 2000 and in
    >> Windows
    >> Server 2003
    >> http://support.microsoft.com/?id=246804
    >>
    >> 295328 - Private Network Interfaces on a Domain Controller Are Registered
    >> in
    >> DNS
    >> [also shows DnsAvoidRegisterRecords LdapIpAddress to avoid reg
    >> sameasparent
    >> private IP]:
    >> http://support.microsoft.com/?id=295328
    >>
    >> 306602 - How to Optimize the Location of a DC or GC That Resides Outside
    >> of
    >> a Client's
    >> Site [Includes info LdapIpAddress and GcIpAddress information and the SRV
    >> mnemonic values]:
    >> http://support.microsoft.com/?id=306602
    >>
    >> 825036 - Best practices for DNS client settings in Windows 2000 Server
    >> and
    >> in Windows Server 2003 (including how-to configure a forwarder):
    >> http://support.microsoft.com/default.aspx?scid=kb;en-us;825036
    >>
    >> 291382 - Frequently asked questions about Windows 2000 DNS and Windows
    >> Server 2003 DNS
    >> http://support.microsoft.com/default.aspx?scid=kb;en-us;291382
    >>
    >> 296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
    >> [Registry Entry]:
    >> http://support.microsoft.com/?id=296379
    >>
    >> 292822 - Name Resolution and Connectivity Issues on Windows 2000 Domain
    >> Controller with Routing and Remote Access and DNS Insta {DNS and RRAS and
    >> unwanted IPs registering]:
    >> http://support.microsoft.com/?id=292822
    >> ##############################################
    >> IN addition to Mark's suggestions (good link he provided!), if you want
    >> to
    >> keep the extra NIC turned on (for wahtever reason, but I really suggest
    >> to
    >> disable it), here are some extra steps to follow:
    >>
    >> 1. Insure that all the NICS only point to your internal DNS server(s)
    >> only
    >> and none others, such as your ISP's DNS servers' IP addresses.
    >>
    >> 2. In Network & Dialup properties, Advanced Menu item, Advanced Settings,
    >> move the internal NIC (the network that AD is on) to the top of the
    >> binding
    >> order (top of the list).
    >>
    >> 3. Disable the ability for the outer NIC to register. The procedure, as
    >> mentioned, involves identifying the outer NIC's GUID number. This link
    >> will
    >> show you how:
    >> 246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations
    >> (per
    >> NIC too):
    >> http://support.microsoft.com/?id=246804
    >>
    >> 4. Disable NetBIOS on the outside NIC. That is performed by choosing to
    >> disable NetBIOS in IP Properties, Advanced, and you will find that under
    >> the
    >> "WINS" tab. You may want to look at step #3 in the article to show you
    >> how
    >> to disable NetBIOS on the RRAS interfaces if this is a RRAS server.
    >> 296379 - How to Disable NetBIOS on an Incoming Remote Access Interface
    >> [Registry Entry]:
    >> http://support.microsoft.com/?id=296379
    >>
    >> Note: A standard Windows service, called the "Browser service", provides
    >> the
    >> list of machines, workgroup and domain names that you see in "My Network
    >> Places" (or the legacy term "Network Neighborhood"). The Browser service
    >> relies on the NetBIOS service. One major requirement of NetBIOS service
    >> is a
    >> machine can only have one name to one IP address. It's sort of a
    >> fingerprint. You can't have two brothers named Darrell. A multihomed
    >> machine
    >> will cause duplicate name errors on itself because Windows sees itself
    >> with
    >> the same name in the Browse List (My Network Places), but with different
    >> IPs. You can only have one, hence the error generated.
    >>
    >> 5. Disable the "File and Print Service" and disable the "MS Client
    >> Service"
    >> on the outer NIC. That is done in NIC properties by unchecking the
    >> respective service under the general properties page. If you need these
    >> services on the outside NIC (which is unlikely), which allow other
    >> machines
    >> to connect to your machine for accessing resource on your machine (shared
    >> folders, printers, etc.), then you will probably need to keep them
    >> enabled.
    >>
    >> 6. Uncheck "Register this connection" under IP properties, Advanced
    >> settings, "DNS" tab.
    >>
    >> 7. Delete the outer NIC IP address, disable Netlogon registration, and
    >> manually create the required records
    >>
    >> a. In DNS under the zone name, (your DNS domain name), delete the outer
    >> NIC's
    >> IP references for the "LdapIpAddress". If this is a GC, you will need to
    >> delete the GC IP record as well (the "GcIpAddress"). To do that, in the
    >> DNS
    >> console, under the zone name, you will see the _msdcs folder. Under that,
    >> you will see the _gc folder. To the right, you will see the IP address
    >> referencing the GC address. That is called the GcIpAddress. Delete the IP
    >> addresses referencing the outer NIC.
    >>
    >> i. To stop these two records from registering that information, use the
    >> steps provided in the links below:
    >> Private Network Interfaces on a Domain Controller Are Registered in
    >> DNShttp://support.microsoft.com/?id=295328
    >>
    >> ii. The one section of the article that disables these records is done
    >> with
    >> this registry entry:
    >>
    >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    >> (Create this Multi-String Value under it):
    >> Registry value: DnsAvoidRegisterRecords
    >> Data type: REG_MULTI_SZ
    >> Values: LdapIpAddress
    >> GcIpAddress
    >>
    >> iii. Here is more information on these and other Netlogon Service
    >> records:
    >> Restrict the DNS SRV resource records updated by the Netlogon service
    >> [including GC]:
    >> http://www.microsoft.com/technet/tr...proddocs/standard/sag_dns_pro_no_rr_in_ad.asp
    >>
    >> b. Then you will need to manually create these two records in DNS with
    >> the
    >> IP addresses that you need for the DC. To create the LdapIpAddress,
    >> create a
    >> new host under the domain, but leave the "hostname" field blank, and
    >> provide
    >> the internal IP of the DC, which results in a record that looks like:
    >> (same as parent) A 192.168.5.200 (192.168.5.200 is used for
    >> illustrative
    >> purposes)
    >>
    >> i. You need to also manually create the GcIpAddress as well, if this is a
    >> GC. That would be under the gc._msdcs. SRV record under the zone. It is
    >> created in the same fashion as the LdapIpAddress mentioned above.
    >>
    >> 8. In the DNS console, right click the server name, choose properties,
    >> then
    >> under the "Interfaces" tab, force it only to listen to the internal NIC's
    >> IP
    >> address, and not the IP address of the outer NIC.
    >>
    >> 9. Since this is also a DNS server, the IPs from all NICs will register,
    >> even if you tell it not to in the NIC properties. See this to show you
    >> how
    >> to stop that behavior (this procedure is for Windows 2000, but will also
    >> work for Windows 2003):
    >> 275554 - The Host's A Record Is Registered in DNS After You Choose Not to
    >> Register the Connection's Address:
    >> http://support.microsoft.com/?id=275554
    >> ############################
    >> Check out this link. If you set this up right it will prevent the
    >> 2nd NIC from registering.
    >>
    >> http://support.microsoft.com/default.aspx?scid=kb;en-us;289735
    >>
    >> The only catch here is you must manually create the GC record and Same
    >> as Parent A record for the host. Chances are they are already there
    >> though!
    >> ############################################
    >>
    >> --
    >>
    >> Cheers,
    >> (HOPEFULLY THIS INFORMATION HELPS YOU!)
    >>
    >> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
    >>
    >> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    >> ------------------------------------------------------------------------------------------
    >> * This posting is provided "AS IS" with no warranties and confers no
    >> rights!
    >> * Always test before implementing!
    >> ------------------------------------------------------------------------------------------
    >> #################################################
    >> #################################################
    >> ------------------------------------------------------------------------------------------
    >> "Jose Luis" <> wrote in message
    >> news:u$...
    >>>I found some test failed and y copied them here (just error message).
    >>>What am i doing wrong ?
    >>>
    >>> In W2k server = cmemast001 (192.168.1.250, 192.168.1.240)
    >>> --------------------------------
    >>> Doing primary tests
    >>>
    >>> Testing server: MMM\CMEMAST001
    >>> Starting test: Topology
    >>> * Configuration Topology Integrity Check
    >>> * Analyzing the connection topology for
    >>> CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    >>> * Performing upstream (of target) analysis.
    >>> * Performing downstream (of target) analysis.
    >>> Downstream topology is disconnected for
    >>> CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    >>> These servers can't get changes from home server CMEMAST001:
    >>> MMM/CMEMAST004
    >>> * Analyzing the connection topology for
    >>> CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    >>> * Performing upstream (of target) analysis.
    >>> * Performing downstream (of target) analysis.
    >>> Downstream topology is disconnected for
    >>> CN=Configuration,DC=mmmweb,DC=com,DC=mx.
    >>> These servers can't get changes from home server CMEMAST001:
    >>> MMM/CMEMAST004
    >>> * Analyzing the connection topology for DC=mmmweb,DC=com,DC=mx.
    >>> * Performing upstream (of target) analysis.
    >>> * Performing downstream (of target) analysis.
    >>> Downstream topology is disconnected for DC=mmmweb,DC=com,DC=mx.
    >>> These servers can't get changes from home server CMEMAST001:
    >>> MMM/CMEMAST004
    >>> ......................... CMEMAST001 failed test Topology
    >>>
    >>> Starting test: kccevent
    >>> * The KCC Event log test
    >>> An Warning Event occured. EventID: 0x800004F1
    >>> Time Generated: 06/16/2006 20:13:35
    >>> (Event String could not be retrieved)
    >>> An Warning Event occured. EventID: 0x800004F1
    >>> Time Generated: 06/16/2006 20:13:58
    >>> (Event String could not be retrieved)
    >>> An Warning Event occured. EventID: 0x800004F1
    >>> Time Generated: 06/16/2006 20:14:21
    >>> (Event String could not be retrieved)
    >>> ......................... CMEMAST001 failed test kccevent
    >>>
    >>>
    >>>
    >>> In W2k3 server = cmemast004 (192.168.1.230) (only error messages)
    >>> --------------------------------
    >>> Starting test: NetLogons
    >>> * Network Logons Privileges Check
    >>> Unable to connect to the NETLOGON share! (\\CMEMAST004\netlogon)
    >>> [CMEMAST004] An net use or LsaPolicy operation failed with error
    >>> 1203, Win32 Error 1203.
    >>> ......................... CMEMAST004 failed test NetLogons
    >>> Starting test: Advertising
    >>> Warning: DsGetDcName returned information for
    >>> \\cmemast001.mmmweb.com.mx, when we were trying to reach CMEMAST004.
    >>> Server is not responding or is not considered suitable.
    >>> The DC CMEMAST004 is advertising itself as a DC and having a DS.
    >>> The DC CMEMAST004 is advertising as an LDAP server
    >>> The DC CMEMAST004 is advertising as having a writeable directory
    >>> The DC CMEMAST004 is advertising as a Key Distribution Center
    >>> The DC CMEMAST004 is advertising as a time server
    >>> ......................... CMEMAST004 failed test Advertising
    >>>
    >>> Starting test: frsevent
    >>> * The File Replication Service Event log test
    >>> There are warning or error events within the last 24 hours after
    >>> the SYSVOL has been shared. Failing SYSVOL replication problems
    >>> may cause Group Policy problems.
    >>> An Warning Event occured. EventID: 0x800034C4
    >>> Time Generated: 06/15/2006 20:52:59
    >>> (Event String could not be retrieved)
    >>> ......................... CMEMAST004 failed test frsevent
    >>>
    >>> Starting test: systemlog
    >>> * The System Event log test
    >>> An Error Event occured. EventID: 0xC00010E1
    >>> Time Generated: 06/16/2006 19:20:26
    >>> (Event String could not be retrieved)
    >>> An Error Event occured. EventID: 0xC00010E1
    >>> Time Generated: 06/16/2006 19:21:24
    >>> (Event String could not be retrieved)
    >>> An Error Event occured. EventID: 0xC0002719
    >>> Time Generated: 06/16/2006 20:15:03
    >>> (Event String could not be retrieved)
    >>> ......................... CMEMAST004 failed test systemlog
    >>>
    >>> DNS Tests are running and not hung. Please wait a few minutes...
    >>>
    >>> Starting test: DNS
    >>> Test results for domain controllers:
    >>>
    >>> DC: cmemast004.mmmweb.com.mx
    >>> Domain: mmmweb.com.mx
    >>>
    >>>
    >>> TEST: Authentication (Auth)
    >>> Authentication test: Successfully completed
    >>>
    >>> TEST: Basic (Basc)
    >>> Microsoft(R) Windows(R) Server 2003, Standard Edition
    >>> (Service Pack level: 1.0) is supported
    >>> NETLOGON service is running
    >>> kdc service is running
    >>> DNSCACHE service is running
    >>> DNS service is running
    >>> DC is a DNS server
    >>> Network adapters information:
    >>> Adapter [00000001] HP NC7781 Gigabit Server Adapter:
    >>> MAC address is 00:11:85:E7:BF:68
    >>> IP address is static
    >>> IP address: 192.168.1.230
    >>> DNS servers:
    >>> 192.168.1.230 (<name unavailable>) [Valid]
    >>> Warning: 192.168.1.250
    >>> (cmemast001.mmmweb.com.mx.) [Invalid (unreachable)]
    >>> The A record for this DC was found
    >>> The SOA record for the Active Directory zone was found
    >>> The Active Directory zone on this DC/DNS server was
    >>> found (secondary)
    >>> Root zone on this DC/DNS server was not found
    >>>
    >>> TEST: Forwarders/Root hints (Forw)
    >>> Recursion is enabled
    >>> Forwarders are not configured on this DNS server
    >>> Root hint Information:
    >>> Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
    >>> Name: b.root-servers.net. IP: 192.228.79.201
    >>> [Invalid]
    >>> Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
    >>> Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
    >>> Name: e.root-servers.net. IP: 192.203.230.10
    >>> [Invalid]
    >>> Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
    >>> Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
    >>> Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
    >>> Name: i.root-servers.net. IP: 192.36.148.17
    >>> [Invalid]
    >>> Name: j.root-servers.net. IP: 192.58.128.30
    >>> [Invalid]
    >>> Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
    >>> Name: l.root-servers.net. IP: 198.32.64.12 [Invalid]
    >>> Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
    >>>
    >>> TEST: Delegations (Del)
    >>> Delegation information for the zone: mmmweb.com.mx.
    >>> Delegated domain name: nueva.mmmweb.com.mx.
    >>> Error: DNS server: cmemast001.mmmweb.com.mx.
    >>> IP:192.168.1.240 [Broken delegation]
    >>> Error: DNS server: cmemast001.mmmweb.com.mx.
    >>> IP:192.168.1.250 [Broken delegation]
    >>>
    >>> TEST: Dynamic update (Dyn)
    >>> Dynamic Update tests are skipped since mmmweb.com.mx
    >>> is a secondary zone. DNS Record updates can't happen on
    >>> the secondary zones
    >>>
    >>> TEST: Records registration (RReg)
    >>> Network Adapter [00000001] HP NC7781 Gigabit Server
    >>> Adapter:
    >>> Matching A record found at DNS server 192.168.1.230:
    >>> cmemast004.mmmweb.com.mx
    >>>
    >>> Matching CNAME record found at DNS server
    >>> 192.168.1.230:
    >>>
    >>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
    >>>
    >>> Matching DC SRV record found at DNS server
    >>> 192.168.1.230:
    >>> _ldap._tcp.dc._msdcs.mmmweb.com.mx
    >>>
    >>>
    >>> DNS server: 192.168.1.250 (cmemast001.mmmweb.com.mx.)
    >>> 2 test failures on this DNS server
    >>> This is not a valid DNS server. PTR record query for the
    >>> 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.250
    >>> [Error details: 1460 (Type: Win32 - Description: Esta
    >>> operaci¢n ha regresado debido a que el tiempo de espera ha caducado.)]
    >>> Name resolution is not functional.
    >>> _ldap._tcp.mmmweb.com.mx. failed on the DNS server 192.168.1.250
    >>> [Error details: 1460 (Type: Win32 - Description: Esta
    >>> operaci¢n ha regresado debido a que el tiempo de espera ha caducado.)]
    >>> Delegation is broken for the domain nueva.mmmweb.com.mx.
    >>> on the DNS server 192.168.1.250
    >>> [Error details: 1460 (Type: Win32 - Description: Esta
    >>> operaci¢n ha regresado debido a que el tiempo de espera ha caducado.) -
    >>> Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS
    >>> server 192.168.1.250]
    >>>
    >>> DNS server: 192.168.1.240 (cmemast001.mmmweb.com.mx.)
    >>> 1 test failure on this DNS server
    >>> This is a valid DNS server.
    >>> Delegation is broken for the domain nueva.mmmweb.com.mx.
    >>> on the DNS server 192.168.1.240
    >>> [Error details: 1460 (Type: Win32 - Description: Esta
    >>> operaci¢n ha regresado debido a que el tiempo de espera ha caducado.) -
    >>> Delegation is broken for the domain nueva.mmmweb.com.mx. on the DNS
    >>> server 192.168.1.240]
    >>>
    >>> DNS server: 192.168.1.230 (<name unavailable>)
    >>> All tests passed on this DNS server
    >>> This is a valid DNS server.
    >>> Name resolution is funtional. _ldap._tcp SRV record for
    >>> the forest root domain is registered
    >>>
    >>> Summary of DNS test results:
    >>>
    >>> Auth Basc Forw Del Dyn RReg
    >>> Ext
    >>>
    >>> ________________________________________________________________
    >>> Domain: mmmweb.com.mx
    >>> cmemast004 PASS WARN PASS FAIL n/a PASS
    >>> n/a
    >>>
    >>> ......................... mmmweb.com.mx failed test DNS
    >>>
    >>>
    >>> "Jorge de Almeida Pinto [MVP]"
    >>> <> escribió en el
    >>> mensaje news:...
    >>>> any event ID errors/warnings?
    >>>>
    >>>> run:
    >>>> DCDIAG /D /C /V on both
    >>>>
    >>>> --
    >>>>
    >>>> Cheers,
    >>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
    >>>>
    >>>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
    >>>>
    >>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    >>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    >>>> ------------------------------------------------------------------------------------------
    >>>> * This posting is provided "AS IS" with no warranties and confers no
    >>>> rights!
    >>>> * Always test before implementing!
    >>>> ------------------------------------------------------------------------------------------
    >>>> #################################################
    >>>> #################################################
    >>>> ------------------------------------------------------------------------------------------
    >>>> "Jose Luis" <> wrote in message
    >>>> news:...
    >>>>> Yes, both of them are up, running and available. I believe the problem
    >>>>> is my DC(1) with w2k (it own fsmo and GC). I want to tranfer the roles
    >>>>> in another DC with w2k3 in order to replace the hardware for DC(1) but
    >>>>> when I try to do this I got the RPC error.
    >>>>>
    >>>>> Any idea ..?
    >>>>>
    >>>>> Thanks
    >>>>>
    >>>>>
    >>>>> "Jorge de Almeida Pinto [MVP]"
    >>>>> <> escribió en el
    >>>>> mensaje news:...
    >>>>>> are both DCs up and running, available and reachable?
    >>>>>>
    >>>>>> --
    >>>>>>
    >>>>>> Cheers,
    >>>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
    >>>>>>
    >>>>>> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
    >>>>>>
    >>>>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    >>>>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    >>>>>> ------------------------------------------------------------------------------------------
    >>>>>> * This posting is provided "AS IS" with no warranties and confers no
    >>>>>> rights!
    >>>>>> * Always test before implementing!
    >>>>>> ------------------------------------------------------------------------------------------
    >>>>>> #################################################
    >>>>>> #################################################
    >>>>>> ------------------------------------------------------------------------------------------
    >>>>>> "Jose Luis" <> wrote in message
    >>>>>> news:...
    >>>>>>> Hi all,
    >>>>>>>
    >>>>>>> We are getting a error message when we try to tranfer FSMO to
    >>>>>>> another Domain Controller - "DsBindW error 0x6ba (The RPC server is
    >>>>>>> unavailable)". I t occur using graphics interface or using ntdsutil
    >>>>>>> command.
    >>>>>>>
    >>>>>>> The fmso´s owner is a DC using W2k and the new DC that will assume
    >>>>>>> the roles is W2k3.
    >>>>>>>
    >>>>>>> Also the event viewer show this warnning:
    >>>>>>> Source: NTDS KCC
    >>>>>>>
    >>>>>>> The attempt to establish a replication link with parameters
    >>>>>>>
    >>>>>>> Partition: CN=Schema,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    >>>>>>> Source DSA DN: CN=NTDS
    >>>>>>> Settings,CN=CMEMAST004,CN=Servers,CN=MMM,CN=Sites,CN=Configuration,DC=mmmweb,DC=com,DC=mx
    >>>>>>> Source DSA Address:
    >>>>>>> 49d863c5-e6f0-435c-b6ca-023791cf09ba._msdcs.mmmweb.com.mx
    >>>>>>> Inter-site Transport (if any):
    >>>>>>>
    >>>>>>> failed with the following status:
    >>>>>>>
    >>>>>>> The RPC server is unavailable.
    >>>>>>>
    >>>>>>> The record data is the status code. This operation will be retried.
    >>>>>>>
    >>>>>>> Any idea abut this error..? Please let me know any hints.
    >>>>>>>
    >>>>>>> Regards,
    >>>>>>>
    >>>>>>> José Luis
    >>>>>>>
    >>>>>>
    >>>>>>
    >>>>>
    >>>>>
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
    Jorge de Almeida Pinto [MVP], Jun 17, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Guest

    Transfer FSMO Roles

    Guest, Feb 24, 2004, in forum: Active Directory
    Replies:
    1
    Views:
    184
    Chriss3
    Feb 24, 2004
  2. J

    when to transfer fsmo roles?

    J, Sep 13, 2005, in forum: Active Directory
    Replies:
    1
    Views:
    133
    Paul Williams [MVP]
    Sep 13, 2005
  3. sam-d.

    FSMO Roles transfer Question?

    sam-d., May 8, 2006, in forum: Active Directory
    Replies:
    2
    Views:
    165
    Paul Williams [MVP]
    May 8, 2006
  4. Greg
    Replies:
    7
    Views:
    310
  5. WendyE

    Transfer FSMO Roles to another DC

    WendyE, Jan 17, 2007, in forum: Active Directory
    Replies:
    7
    Views:
    209
    Jorge de Almeida Pinto [MVP - DS]
    Jan 17, 2007
Loading...

Share This Page