Windows Server TechCenter >
Windows Server Forums
>
Directory Services
>
Having minor Issues setting up New Domain/AD
Having minor Issues setting up New Domain/AD
- working with an existing standalone server (workgroup mode). windows 2003 server standard r2 sp2, all security and critical updates as of Nov. 1st.
went to manage roles and added Active directory. DNS was already installed, but i allowed the AD install wizard re-configure it properly. after a reboot, and a login, everything seemed operational.
I went to one of the un-used workstations, attempt to add to the domain using computer name tab in windows xp. selected domain instead of workgroup, typed in apex.local and hit ok. after a short delay here is what i got:
*****
A domain controller for the domain apex.local could not be contacted.
Details>>
DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain apex.local:
the query for the SRV record for _ldap._tcp.dc._msdcs.apex.local
the following domain controllers were identified by the query:
stargate2.apex.local
common caused of the error include:
-Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.
-Domain controllers registered in DNS are not connected to the network or are not running.
*****
so i checked the basics, ip info & DNS. ping the server, everything is ok on the client end, and even tested a few other desktops as well.
I also checked all the info in the DNS management, all the A records look good. all the SRV records look good as well.
however, (and here is where i think i need the most help with) i checked the event logs and 2 errors are logged when the DNS service starts:
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4007
Date: 11/1/2009
Time: 8:11:40 PM
User: N/A
Computer: STARGATE2
Description:
The DNS server was unable to open zone APEXCustomStairs.local in the Active Directory from the application directory partition DomainDnsZones.APEXCustomStairs.local. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0d 00 00 00 ....
as you can see from the log, the domain listed is very different from the domain i put in when i ran the AD install.
so this is where i left off. right now, i am setting up a spare server in an isolated environment to run some tests before i go any further with the real setup.
I am thinking that someone before me, set up a domain APEXCustomStairs.local, and then uninstalled/rolled back the AD setup. so right now, i am wondering if i should do the same thing, and re set up AD with that old domain. what do you think?
like i said, I'm setting up a test server and am going to try to imitate this same situation as well as see how bad it is to un-do AD installs.
i believe that I've provided as much info as i can for now. I'll post my progress with the isolated test server.
All Replies
- Hi,
When you add the workstation to your domain, instead of putting the FQDN of the domain, just use the NetBIOS name (Apex I guess the wizard put in for you when you promoted the server to a DC.)
As for the question about DNS, seeing as the server was already a DNS server, I am guessing that this zone was already there, and was AD integrated. Make sure you have a zone already created with the correct apex.local name, create a reverse look-up zone for your DC. Also make sure the DC has itself first in the TCP/IP config so it can register it's records with itself.
Run dcdiag and netdiag from the Support Tools when you are done, just to make sure everything is working nicely. If the other DCS zone keeps producing errors, and you don't use it, just delete it, making sure you have the correct zone for your domain working correctly.
Hope it works out!!! - johny,
when adding clients, i did try both the FQDN and just the NetBIOS name. same result with both,
I have created a reverse look-up zone and the server pointer is listed.
the server's ip is static 192.168.0.4/24 with its DNS server set to 127.0.0.1
I have the support tools installed and will run dcdiag and netdiag again this evening after the office closes. if anything significant shows up, i'll be sure to post it.
thanks and have a good day. - dcdiag passed all tests, but netdiag returned an error: DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the name
'STARGATE2.APEX.'. [ERROR_TIMEOUT]
The name 'STARGATE2.APEX.' may not be registered in DNS.
I'm currently researching that.
also, net logon is producing numerous events:
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: 11/2/2009
Time: 5:36:28 PM
User: N/A
Computer: STARGATE2
Description:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'TAPI3Directory.APEXCustomStairs.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
also, in my test environment, when i made the server a DC and revoked that role, then made it a DC again with a different domain name, i got similar event id 4007 like in my first post. but i was able to join a client to the test domain. so my issue of 1) joining pc to the domain in the live environment, and 2) the errors i am getting on the server, don't seem to be directly related. - I have found out that:
when AD is removed from the server, it removes the DNS zones.
When DNS zones are removed, the corresponding registry entries are NOT removed.
therefore, i get 2 error 4007's in the DNS log when the service starts. one for _msdcs.APEXCustomStairs.local and the other for APEXCustomStairs.local
the simple solution is to delete the registry keys which are located: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones
However, this solution only resolves Event ID 4007's.
I still cannot join any clients to the domain.
My question is: if i remove the AD role from the server(again apparently), make sure DNS zones are gone, and then add the AD role again (in hopes of AD setup wizard properly setting up DNS), will DNS be set up properly and allow me to join clients to the domain? - Yes, I think I'd do that, delete AD and DNS completely and try again. Make sure that in the NIC you have, in the DNS tab, defined the DNS suffix as the domain name and also selected the two checkboxes at the side (to use the suffix to register the computer name in DNS and register the computer in DNS) and are pointing the server to itself in the DNS server IP address. Also try re-starting ;)
- -before seeing your recent post, i did delete AD and DNS completely, and setup AD again. DNS was configured, but later on i noticed something odd. (more on that in a sec)
-I was able to join a second server to the domain using just the domains netbios name(apex). however, i tend to have mixed results with it. i feel that it's due to the fact that it's server 2003 appliance edition. its a dell NAS. but i am a step forward in my dilemma. i will try an XP client soon and get back to you.
-after reading your post, i did add the suffix to the DNS tab and selected both of the options mentioned.
-In DNS management, i noticed that for my zones, there are not any sub-domain folders. on other DNS servers i see forlders for _sites, _tcp, _udp, domainDnsZones, and ForestDnsZones. and under _msdcs there is dc, domains, gc and pdc. my DNS does not have any of that. is this normal for this DNS server to be missing all this? should i manually try to add all of them?
-I also have 2 errors in the application event log for event 53258 from MSDTC, and 3 errors for 5781 from NetLogon in the System log.
-lastly, i have noticed that DHCP clients as well as the server are not registering with dns, even though i have checked those options for the DHCP server properties. i did authorize the DHCP server. - here are results of DCdiag and NetDiag
dcdiag /q
The host bf13f24e-be55-4303-a711-59c98c04a77a._msdcs.apex.local could n
ot be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(bf13f24e-be55-4303-a711-59c98c04a77a._msdcs.apex.local) couldn't be
resolved, the server name (STARGATE2.APEX) resolved to the IP address
(192.168.0.4) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... STARGATE2 failed test Connectivity
netdiag /test:dns
DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the name
'STARGATE2.APEX.'. [RCODE_SERVER_FAILURE]
The name 'STARGATE2.APEX.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name
'STARGATE2.apex.local.'. [RCODE_SERVER_FAILURE]
The name 'STARGATE2.apex.local.' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '127.0.0.1'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
I guess i am going to have to add an A record in DNS for the server, even though I'd like it to do it on its own so i know it's working properly. - pulled this from the bottom of: http://www.computerperformance.co.uk/w2k3/W2K3_AD_DNS.htm
"Experience tells me this either DCPROMO works and there is no problem or else it very stubborn. If still no sign of Active Directory records in DNS, I would run DCPROMO, demote and start again at the beginning. In the case of a test installation, I would change the Computer name and the domain suffix before trying again."
should i try to demote/remove AD again, this time renaming the server and using a new domain suffix? something tells me that it won't make a difference and i would prefere not to go through that again if i don't have to. - Hi there,
Sorry for not getting back to you sooner, I don´t check my alerts often enough. Any luck so far, or no change? - no change on the situation. i am not going to risk it anymore and don't feel like trying to change the server name. also i fear of what it might do to the accounting software if i proceed this way. basically, it looks as if this is a lost cause. i don't know what the previous guy did to this thing, but is must have been bad.
here is my new game plan: we have the old original server with a license for server 2000 (i don't care). it hasn't been on since may of 2008 but it does turn on and function. i am going to prep it and make it the DC and might leave it that way.
and i can then attempt to promote my problem server to BDC and then remove the server 2000 after replicating the data to that server.
but if that don't work, i'll have a simple server for the DC, our main for the accounting software, and company data, and our NAS for the on-site backups. that seems like a good idea to me.
also, what IS with the notifications? i have never gotten them and always checked this thread every other day or so till i put this project on hold. tonight i got my first ever notification for your reply.
