none
error 0x0000232B RCODE_NAME_ERROR When trying to promote a new 08 R2 server to an existing 2003 domain

    Question

  • Using DCPromo I wanted to promote a new 2008 R2 server as a DC to an existing 2003 domain, but getting the The error was: "DNS name does not exist." (error code 0x0000232B RCODE_NAME_ERROR)

     

    The new server is a member of the domain, it has only the old server IP in the DNS (all IPs are static) and can view the old server on the network. I would like to promote the new server as the DC and soon remove the old server.

     

    The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "SOS.Seniors.com":

     

    The query was for the SRV record for _ldap._tcp.dc._msdcs.SOS.Seniors.com

     

    Common causes of this error include the following:

     

    - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:10.105.155.2 (which is the old server).

     

    What should I be adding to the DNS for this to work?

    Saturday, November 05, 2011 8:08 PM

All replies

  •  

    1.try to reregister dns for yorr new server(ipconfig /flushdns    then ipconfig /registerdns)

    2.
    1. Restart the Netlogon service on domain controller.
    2. Run DcDiag /fix
    3. Run NetDiag /ifx
    4. Re-register from Netlogon.dns file in \Windows or Winnt\System32\Config directory.

    3.to install windows 2008 r2 domain controller in windows 2003 domain pls refer the below link

    http://technet.microsoft.com/en-us/library/cc733027(WS.10).aspx


    Darshana Jayathilake
    Sunday, November 06, 2011 12:57 AM
  • Darshana thanks for the reply

    I tried your ideas, Did number 1 ok;

    then #2, 1 one and two

    But when I tried to run NetDiag /Fix received error, and I could not find Netlogon.dns in the system32\config directory

    here is the errors:

            Starting test: CrossRefValidation
             ......................... SOS passed test CrossRefValidation

       Running enterprise tests on : SOS.ServingOurSeniors.com
          Starting test: LocatorCheck
             ......................... SOS.ServingOurSeniors.com passed test
             LocatorCheck
          Starting test: Intersite
             ......................... SOS.Seniors.com passed test
             Intersite

    C:\Users\Administrator.SOS>DcDiag /fix /s:server

    Directory Server Diagnosis

    Performing initial setup:
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\SERVER
          Starting test: Connectivity
             The host
             65d7eb41-2178-4802-a8bc-253a578040bb._msdcs.SOS.Seniors.com
             could not be resolved to an IP address. Check the DNS server, DHCP,
             server name, etc.
             Got error while checking LDAP and RPC connectivity. Please check your
             firewall settings.
             ......................... SERVER failed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\SERVER
          Skipping all tests, because server SERVER is not responding to directory
          service requests.


       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidatio

       Running partition tests on : SOS
          Starting test: CheckSDRefDom
             ......................... SOS passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... SOS passed test CrossRefValidation

       Running enterprise tests on : SOS.Seniors.com
          Starting test: LocatorCheck
             ......................... SOS.Seniors.com passed test
             LocatorCheck
          Starting test: Intersite
             ......................... SOS.Seniors.com passed test
             Intersite

    C:\Users\Administrator.SOS>

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\Administrator.SOS>netdiag/fix
    'netdiag' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Users\Administrator.SOS>

    Sunday, November 06, 2011 6:58 PM
  • its sees to dns problem in your enviorement.ps use below link's steps and post the result

    http://support.microsoft.com/kb/556002


    Darshana Jayathilake
    Sunday, November 06, 2011 11:35 PM
  • Results Netlogon.dns from the 2003 Server (currently the DC) Below.  I could not find DcDiag and NetDiag on either server. Can I download it somewhere?

    SOS.Seniors.com. 600 IN A 10.105.155.2
    _ldap._tcp.SOS.Seniors.com. 600 IN SRV 0 100 389 server.SOS.Seniors.com.
    _ldap._tcp.Default-First-Site-Name._sites.SOS..com. 600 IN SRV 0 100 389 server.SOS.Seniors.com.
    _ldap._tcp.pdc._msdcs.SOS.Seniors.com. 600 IN SRV 0 100 389 server.SOS.Seniors.com.
    _ldap._tcp.gc._msdcs.SOS.Seniors.com. 600 IN SRV 0 100 3268 server.SOS.Seniors.com.
    _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.SOS.Seniors.com. 600 IN SRV 0 100 3268 server.SOS.Seniors.com.
    _ldap._tcp.a1be662b-1b7c-4e69-bac1-b40d32b1f10d.domains._msdcs.SOS.Seniors.com. 600 IN SRV 0 100 389 server.SOS.Seniors.com.
    gc._msdcs.SOS.SSeniors.com. 600 IN A 10.105.155.2
    65d7eb41-2178-4802-a8bc-253a578040bb._msdcs.SOS.Seniors.com. 600 IN CNAME server.SOS.Seniors.com.
    _kerberos._tcp.dc._msdcs.SOS.Seniors.com. 600 IN SRV 0 100 88 server.SOS.Seniors.com.
    _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.SOS.Seniors.com. 600 IN SRV 0 100 88 server.SOS.Seniors.com.
    _ldap._tcp.dc._msdcs.SOS.Seniors.com. 600 IN SRV 0 100 389 server.SOS.Seniors.com.
    _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.SOS.Seniors.com. 600 IN SRV 0 100 389 server.SOS.Seniors.com.
    _kerberos._tcp.SOS.Seniors.com. 600 IN SRV 0 100 88 server.SOS.Seniors.com.
    _kerberos._tcp.Default-First-Site-Name._sites.SOS.Seniors.com. 600 IN SRV 0 100 88 server.SOS.Seniors.com.
    _gc._tcp.SOS.Seniors.com. 600 IN SRV 0 100 3268 server.SOS.Seniors.com.
    _gc._tcp.Default-First-Site-Name._sites.SOS.Seniors.com. 600 IN SRV 0 100 3268 server.SOS.Seniors.com.
    _kerberos._udp.SOS.Seniors.com. 600 IN SRV 0 100 88 server.SOS.Seniors.com.
    _kpasswd._tcp.SOS.Seniors.com. 600 IN SRV 0 100 464 server.SOS.Seniors.com.
    _kpasswd._udp.SOS.Seniors.com. 600 IN SRV 0 100 464 server.SOS.Seniors.com.
    DomainDnsZones.SOS.Seniors.com. 600 IN A 10.105.155.2
    _ldap._tcp.DomainDnsZones.SOS.Seniors.com. 600 IN SRV 0 100 389 server.SOS.Seniors.com.
    _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.SOS.Seniors.com. 600 IN SRV 0 100 389 server.SOS.Seniors.com.
    ForestDnsZones.SOS.Seniors.com. 600 IN A 10.105.155.2
    _ldap._tcp.ForestDnsZones.SOS.Seniors.com. 600 IN SRV 0 100 389 server.SOS.Seniors.com.
    _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.SOS.Seniors.com. 600 IN SRV 0 100 389 server.SOS.Seniors.com.

    Monday, November 07, 2011 2:23 AM
  • Hi,

     

    I’d like to confirm adprep had been run already. For details:

     

    - On the old server open DNS management console and check that you are running Active directory integrated zone (easier for replication, if you have more than one DNS server)

     

    - run dcdiag /v and netdiag /v from the command prompt on the old machine to check for errors, if you have some post the complete output from the command here or solve them first.

    For this tools you have to install the support\tools\suptools.msi from the 2003 installation disk. If more than one DC exists run also replmon from the run line or repadmin /showrepl

     

    - run adprep /forestprep and adprep /domainprep and adprep /rodcprep from the 2008 R2 installation disk against the 2003 schema master, with an account that is member of the Schema admins, to upgrade the schema to the new version (47), you can check the version with "schupgr" in a command prompt.

     

    I’d like to confirm the firewall not block the DNS queries. This issue should be caused by DNS.

     

    Please try to run ipconfig /flushdns and restart Netlogon Service.

     

    There are some related articles for your reference:

     

    Troubleshooting Active Directory—Related DNS Problems

    Troubleshooting DNS servers: Domain Name System(DNS)

     

    Hope this helps!

     

    Best Regards

    Elytis Cheng

     

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, November 07, 2011 7:33 AM
    Moderator
  • Seems that your not  able to RESOLVE the SRV records from your new server. The most probable reason would be the firewall or the Antivirus on the Domain controller which is stopping it to get resolve. To check if its blocked please try to resolve the SRV records and see if they get resolved

    http://support.microsoft.com/kb/816587


    http://technet.microsoft.com/en-us/library/cc706993%28WS.10%29.aspx
    http://www.virmansec.com/blogs/skhairuddin
    Monday, November 07, 2011 7:48 AM
  • I finely found the CD with support tools with NetDiag, ADprep. When I ran the same got these errors. The firewall is off as is the anti-virus the new 08 server still cannot be promoted.

    On the old server:

    Testing server: Default-First-Site-Name\SERVER

          Starting test: Connectivity

             The host 65d7eb41-2178-4802-a8bc-253a578040bb._msdcs.SOS.ServingOurSeni

    ors.com could not be resolved to an

             IP address.  Check the DNS server, DHCP, server name, etc

             Although the Guid DNS name

             (65d7eb41-2178-4802-a8bc-253a578040bb._msdcs.SOS.ServingOurSeniors.com)

     

              couldn't be resolved, the server name

             (server.SOS.ServingOurSeniors.com) resolved to the IP address

             (10.105.155.2) and was pingable.  Check that the IP address is

             registered correctly with the DNS server.

             ......................... SERVER failed test Connectivity

    From the old server:

    Microsoft Windows [Version 5.2.3790]

    (C) Copyright 1985-2003 Microsoft Corp.

     

    C:\Documents and Settings\Administrator>adprep

    The syntax of the command is:

     

    adprep <cmd> [option]

     

    Supported <cmd>:

    /forestPrep     Update forest-wide information

                    Must be run on the schema role master

     

    /domainPrep     Update domain-wide information

                    Must be run on the infrastructure role master

                    Must be run after /forestPrep is finished

     

    Supported [option]:

    /noFileCopy     adprep will not copy any file from source

                    to local machine

     

    /noSPWarning    adprep will suppress the Windows 2000 service

                    pack 2 requirement warning during /forestprep

     

     

     

     

     

    C:\Documents and Settings\Administrator>y

    'y' is not recognized as an internal or external command,

    operable program or batch file.

     

    C:\Documents and Settings\Administrator>adprep /forestprep

    Adprep was unable to copy file C:\WINDOWS\system32\dcpromo.cs_ from installation

     point to local machine under directory C:\WINDOWS\system32\debug\adprep\data.

    [User Action]

    Check the log file Adprep.log in the system root System32\Debug\Adprep\Logs dire

    ctory for more information.

     

    Adprep encountered a Win32 error.

    Error code: 0x2 Error message: The system cannot find the file specified..

     

     

     

    Adprep was unable to copy setup files from installation point to local machine.

    [Status/Consequence]

    Adprep has stopped without making changes.

    [User Action]

    Make sure you run adprep.exe under the directory that contains the following fil

    es: schema.ini, sch*.ldf, dcpromo.cs_ and 409.cs_. The recommended way is runnin

    g adprep.exe from installation media, such as CD-ROM or network share. Check the

     log file Adprep.log in the system root System32\Debug\Adprep\Logs directory for

     more information.

     

    Adprep encountered a Win32 error.

    Error code: 0x2 Error message: The system cannot find the file specified..

     

     

     

     

    C:\Documents and Settings\Administrator>ping 10.105.155.2

     

    Pinging 10.105.155.2 with 32 bytes of data:

     

    Reply from 10.105.155.2: bytes=32 time<1ms TTL=128

    Reply from 10.105.155.2: bytes=32 time<1ms TTL=128

    Reply from 10.105.155.2: bytes=32 time<1ms TTL=128

    Reply from 10.105.155.2: bytes=32 time<1ms TTL=128

     

    Ping statistics for 10.105.155.2:

        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

        Minimum = 0ms, Maximum = 0ms, Average = 0ms

    I tried to run dcpromo again from the new server still would work

    Tuesday, November 08, 2011 11:09 PM
  • Tuesday, November 08, 2011 11:37 PM
  • Tuesday, November 08, 2011 11:37 PM
  • On the old server 2003 (which is doing DNS) I checked to be sure there were forward lookup zones named after the active directory and ran Nerdiag/fix to be sure.

    On the new 2008 R2 Server I ran Adprep from the 08 R2 install DVD. Per the table in http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx

    Same results when running DCPromo on the 2008 R2 server (DNS name does not exist." (error code 0x0000232B RCODE_NAME_ERROR)

    Thursday, November 10, 2011 11:18 PM