A real tough one with DCPromo

Discussion in 'Active Directory' started by Jamie, Jun 20, 2006.

  1. Jamie

    Jamie Guest

    Here is my situation. I have 1 server that runs my AD. It is fully
    functional exept there is no icons or startbar. It still performs everything
    I need it to I just can't make any changes. I am trying to do a DCPROMO on
    another server so it can take over the AD and exchange while I reload the
    iconless server. I am trying to add the Domain and it is giving me a DNS
    error. I can't look at the server to see what the DNS is set to. I joined
    the Domain just to see if it was available and that worked. But the DCPROMO
    is not. Please help.
     
    Jamie, Jun 20, 2006
    #1
    1. Advertisements

  2. Jamie

    Jorge Silva Guest

    Hi

    Go to %SystemRoot%\system32\
    and look for dnsmgmt.msc

    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Jun 20, 2006
    #2
    1. Advertisements

  3. Jamie

    Jamie Guest

    Well I pulled up the tool and can see the lookup zones. Not really sure what
    I can do from here. I recreated the two zones under the "new" server to
    match the ones on the "old" server and still getting the same error. Here is
    how far I get.

    1. check the additional domain controller for an existing domain
    2. enter username and password
    3. I attempt "mydomain.com" and it fails but if I put "mydomain" it lets me
    to the next screen
    4. Next screen I can browse and see "mydomain.com" and select it but when I
    click next I get the error.

    Active directory Installation Wizard

    The domain "mydomain.com" cannot be contacted. Ensure that the DNS domain
    name is type correctly. This condition may be caused by a DNS lookup
    problem. If this domain was recently created, its name may not yet be
    registered with the Domain Naming Service.

    Please help.
     
    Jamie, Jun 20, 2006
    #3
  4. Jamie

    Jorge Silva Guest

    On the secondary server place the primary dns server pointing to the
    existent DC, Install the DNS on the additional DC, replicate DNS, then after
    the DNS zone has been replicated point the additional DC NIC primary DNS
    pointing to itself again.

    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Jun 20, 2006
    #4
  5. Jamie

    Jamie Guest

    the old server has an IP of x.x.0.2 and the server has a DNS of x.x.0.2

    I have recreated the DNS on the new server but am not sure what you mean by
    replicate. I have created new zones on each and tried with no luck, then I
    changed the NS and the SOA to point to the old server and tried with the same
    results. Could you be more specific. I have promoted a few servers before
    but that is the extent of my knowledge. Thanks in advance.

    Jamie
     
    Jamie, Jun 20, 2006
    #5
  6. Jamie

    Jorge Silva Guest

    It seems that I'm out the base here, please clarify me
    Old server? - The old server is online right? and it's functioning well
    right? and it has that IPAddress x.x.0.2
    You don't need to create any zone on the new server. You only need to
    install DNS service on the new server.
    Ok lets go.

    Lets assume the "old" server as DC1 with IP = 10.0.0.2

    The server that you want to add as DC2 with IP = 10.0.0.3



    - Make sure that DC1 has DNS forward lookup zone Active Directory
    integrated.

    - Make sure that you have DC1 NIC DNS properties primary server = 10.0.0.2

    - Install DNS service on DC2, MAKE the DC2 NIC DNS properties primary server
    = 10.0.0.2

    - Run Dcpromo on DC2, choose the option additional Dc on the existent
    domain....

    - After Dcpromo wizard reboot DC2.

    - After the reboot of DC2 wait for replication or use Active directory Sites
    and services to force replication between the 2 DCs.

    - On DC2 go to DNS server console and check if the DNS zone has already been
    replicated, if yes, then go to DC2 NIC properties and make DNS primary =
    10.0.0.3, and if you want you can also set secondary DNS = 10.0.0.2
    (generally this can speed up in the boot process and avoid some startup
    errors when AD starts before DNS).

    -If needed you can make DC2 a GC (This is especially true if you have
    Exchange Server or any other App that needs to contact the GC, or if you
    have a DFL later than Windows 2000 Mixed, or more than one Domain)

    - Don't forget to configure Sites and services, and related subnets.



    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Jun 21, 2006
    #6
  7. Jamie

    Jamie Guest

    OK so

    dc1 = x.x.0.2
    dc2 = x.x.0.3

    I am in the process but wanted to clarify as I am rebooting. You want me to
    set the Primarty DNS of dc1 to itself? x.x.0.2? Should I put a secondary DNS
    of the router or anything?

    Then you said " Make sure that DC1 has DNS forward lookup zone Active
    Directory integrated." I'm not really sure what this means? If it doesn't
    have one how do I create it?
     
    Jamie, Jun 21, 2006
    #7
  8. Jamie

    Jorge Silva Guest

    I am in the process but wanted to clarify as I am rebooting. You want me
    If you want that your DNS resolves internat names you should configure the
    router on the forwarders tab or the ISP DNS server.
    Right click on the your dns zone, choose properties, choose the option Type
    and hit the button change, then maket it AD integrated, on dynamic updates
    choose secure only (better for security).



    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Jun 21, 2006
    #8
  9. Jamie

    Jorge Silva Guest

    I am in the process but wanted to clarify as I am rebooting. You want me
    if you want to provide internet access you should use forward tab on DNS
    properties to configure your router ipaddress or your ISP DNS SERVER.
    Go to your zone properties and in the type ofzone hit the button change, and
    change it to ad integrated.

    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Jun 21, 2006
    #9
  10. Jamie

    Jamie Guest

    It worked. Thanks for all the help. I guess think it was the DC1 was not
    set to itself in DNS. Once that was changed it worked like a charm. Thanks
    for the patience.
     
    Jamie, Jun 21, 2006
    #10
  11. Jamie

    Jorge Silva Guest

    glad i could help.

    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Jun 21, 2006
    #11
  12. Jamie

    Jamie Guest

    Now that I have promoted a new server do I have to demote the old one? I
    don't have any screen to do anything so it might be a tough task to demote.
    What will happen if I just unplug it?
     
    Jamie, Jun 23, 2006
    #12
  13. Jamie

    Jorge Silva Guest

    - Transfer any fsmo roles olded by the servers to be removed
    How to view and transfer FSMO roles in Windows Server 2003
    http://support.microsoft.com/kb/324801/en-us

    -Make sure that you have at least one GC on your forest.
    - Transfer any other services that you might have on the old DC (like;
    DNS, DHCP, Wins, DFS, etc).
    - Take the old server offline; confirm that everything works with the old
    server offline.
    - If everything OK, use Dcpromo to remove the old DC from network, (Ps:
    don't
    forget to remove it manually from Active Directory Sites and Services)
    Check:
    Decommissioning a Domain Controller
    http://technet2.microsoft.com/Windo...bf98-4a80-8718-dd80dc1071fd1033.mspx?mfr=true



    Dont forget to export the *EFS* certificate. If one of these two dcs is
    the first dc that was installed in your domain then the EFS certificate
    resides locally on that dc. When you remove the dc before you export the
    efs certificate you will loose it. Without this certificate you are not
    able to recover efs encrypted files.

    http://support.microsoft.com/?scid=kb;en-us;241201&x=5&y=13


    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Jun 25, 2006
    #13
  14. Jamie

    Jamie Guest

    THe old server dc1 is erroring out under operations master. Says it can't be
    contacted. What are the steps if the computer was to just crash. I think
    that is my only option. Just remove the old server dc1 because I can't do
    any configurations on or to it.
     
    Jamie, Jun 26, 2006
    #14
  15. Jamie

    Jorge Silva Guest

    What already did you do untill now?

    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Jun 26, 2006
    #15
  16. Jamie

    Jamie Guest

    I finally got this it was a DNS issue again. Does anyone have any good sites
    about DNS?
     
    Jamie, Jun 27, 2006
    #16
  17. Jamie

    Jorge Silva Guest

    what DNS issue?

    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Jun 27, 2006
    #17
  18. Jamie

    Jamie Guest

    I had to set my DC2 back to the DNS of old DC1 before it would allow me to
    change the Operations Master to the new DC2. Is there a way I can check to
    see if this is complete? Again I can't disjoin from DC1 so my only option is
    to unplug it.
     
    Jamie, Jun 27, 2006
    #18
  19. Jamie

    Jorge Silva Guest

    I already answer that

    --
    I hope that the information above helps you

    Good Luck
    Jorge Silva
    MCSA
    Systems Administrator
     
    Jorge Silva, Jun 27, 2006
    #19
  20. Jamie

    Jamie Guest

    I can't run a dcpromo on the DC1 server because I have no access to anything,
    (blank blue background screen) I have done everything else but just wondered
    if there is a quick way to tell if this is complete. Can I just remove the
    DC1's power?
     
    Jamie, Jun 27, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.