Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
SCW kills DNS delegation for child domain during DCPromo

Answered SCW kills DNS delegation for child domain during DCPromo

  • Tuesday, January 15, 2013 9:09 PM
     
     
    Sign In to Vote
    0

    Hello again!

    I've taken it upon myself to build a development domain (a.k.a child domain) using Win2k8R2. Here's a rundown of the current parent domain:

    Both DC's have AD, DNS, static IP's, etc...

    I have ran the Security Configuration Wizard on both servers, then ran a dcdiag script to ensure there were no issues afterwards. *There are no known issues between the two DC's in the parent domain*

    When I run DCPromo on the new server (Test) to create the child domain, I set all the configuration settings without an issue, but then at the end I will receive a message that the RPC Server is unavailable, the server will reboot and the child domain will be created.  Unfortunately, DNS delegation on the parent domain will not be created automatically (due to the RPC error). I can manually set the delegation on the parent domain, but only by IP not FQDN (this worries me)

    When I attempt to ping Test from the parent domain, it is unable to find the host. If I ping either of the domain controllers in the parent domain, I can resolve without issue. Hopefully this is a start. I don't know how else to explain it.

    Chris Roberts IT Professional CompTIA A+, MCTS: Windows 7, Configuration

     

All Replies

  • Thursday, January 17, 2013 2:05 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    Thanks for posting in Microsoft TechNet forums.

    This might be helpful during the troubleshooting:

    Troubleshooting Problems after Applying SCW Policies

    http://download.microsoft.com/download/f/7/1/f71adf6e-dbab-48a2-9a29-9e481110fd55/SCWTroubleshooting.doc

    Regards

    Kevin

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

     
  • Thursday, January 17, 2013 2:02 PM
     
     Answered
    Sign In to Vote
    0

    Kevin,

    Thanks for the document. I'll have to take a look at it sometime. Late yesterday, I was able to fix the issue by opening RPC Ports 49152-65535 on the Windows Firewall (after it has been locked down by SCW) on each DC. It's kinda strange that although a DNS server configuration is picked up by the SCW, it still filters out all of those outbound ports, thus causing problems when attempting to create a child domain in Windows Server 2008 R2.

    I found a nice troubleshooting TechNet article while trying to figure out what was happening:

    http://technet.microsoft.com/en-us/library/replication-error-1722-the-rpc-server-is-unavailable%28v=ws.10%29.aspx

    Chris Roberts IT Professional CompTIA A+, MCTS: Windows 7, Configuration

    • Marked As Answer by IT_Guy_12 Thursday, January 17, 2013 8:12 PM
    •