AD Upgrade DNS Problem tman <naves.tom[ at ]gmail.com> 6/6/2007 3:31:57 AM Here is what we did in a lab scenario to prepare for our AD upgrade from NT4. We configured a Windows 2003 server as a member of the NT4 domain. We configured the server as a DNS server for the domain. We then upgraded the PDC to Windows 2003 and pointed it to the DNS server for DNS. It completed the upgrade and registered all the AD zones in DNS except the ForestDnsZone and the DomainDnsZone. Next we configured the Domain Controller role on the DNS server. When we got that done, we configured all the zones to be AD integratated. As soon as we did this, the ForestDnsZone and the DomainDnsZone registered in DNS and life was good. When we did this to the production network, the ForesestDnsZone and the DomainDnsZone did not register. When I do an nslookup mydomain.com I only get the server we upgraded, update.mydomain.com. The second DC, dc01.mydomain.com does not get registered. I ran a dcdiag /v and I gtt the following result: Testing server: Default-First-Site-Name\DC01 Starting test: Connectivity * Active Directory LDAP Services Check The host 329cad44-b55a-47a1-a87d- b132b4e644a7._msdcs.mydomain.com coul ot be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (329cad44-b55a-47a1-a87d-b132b4e644a7._msdcs.orthodyne.com) couldn't be resolved, the server name (dc01.mydomain.com) resolved to the IP address (192.168.1.3) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... DC01 failed test Connectivity All the other test passed. Does anyone have any ideas on how to fix this? Thanks

Re: AD Upgrade DNS Problem "Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> 6/6/2007 12:08:25 PM Read inline please. In news:1181100717.370319.204290[ at ]i38g2000prf.googlegroups.com, tman <naves.tom[ at ]gmail.com> typed: [Quoted Text] > Here is what we did in a lab scenario to prepare for our AD upgrade > from NT4. > > We configured a Windows 2003 server as a member of the NT4 domain. We > configured the server as a DNS server for the domain. We then > upgraded the PDC to Windows 2003 and pointed it to the DNS server for > DNS. It completed the upgrade and registered all the AD zones in DNS > except the ForestDnsZone and the DomainDnsZone. Next we configured > the Domain Controller role on the DNS server. When we got that done, > we configured all the zones to be AD integratated. As soon as we did > this, the ForestDnsZone and the DomainDnsZone registered in DNS and > life was good. > > When we did this to the production network, the ForesestDnsZone and > the DomainDnsZone did not register. When I do an nslookup > mydomain.com I only get the server we upgraded, update.mydomain.com. > The second DC, dc01.mydomain.com does not get registered. > > I ran a dcdiag /v and I gtt the following result: > > Testing server: Default-First-Site-Name\DC01 > Starting test: Connectivity > * Active Directory LDAP Services Check > The host 329cad44-b55a-47a1-a87d- > b132b4e644a7._msdcs.mydomain.com coul > ot be resolved to an > IP address. Check the DNS server, DHCP, server name, etc > Although the Guid DNS name > (329cad44-b55a-47a1-a87d-b132b4e644a7._msdcs.orthodyne.com) > couldn't > be resolved, the server name (dc01.mydomain.com) resolved to the > IP > address (192.168.1.3) and was pingable. Check that the IP > address is > registered correctly with the DNS server. > ......................... DC01 failed test Connectivity > > All the other test passed. > > Does anyone have any ideas on how to fix this? Can you provide an unedited ipconfig /all for both DCs? -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx ===================================

Re: AD Upgrade DNS Problem tman <naves.tom[ at ]gmail.com> 6/7/2007 1:23:42 PM On Jun 6, 5:08 am, "Kevin D. Goodknecht Sr. [MVP]" <a...[ at ]nospam.WFTX.US> wrote: [Quoted Text] > Read inline please. > > Innews:1181100717.370319.204290[ at ]i38g2000prf.googlegroups.com, > tman <naves....[ at ]gmail.com> typed: > > > > > > > Here is what we did in a lab scenario to prepare for our AD upgrade > > from NT4. > > > We configured a Windows 2003 server as a member of the NT4 domain. We > > configured the server as a DNS server for the domain. We then > > upgraded the PDC to Windows 2003 and pointed it to the DNS server for > > DNS. It completed the upgrade and registered all the AD zones in DNS > > except the ForestDnsZone and the DomainDnsZone. Next we configured > > the Domain Controller role on the DNS server. When we got that done, > > we configured all the zones to be AD integratated. As soon as we did > > this, the ForestDnsZone and the DomainDnsZone registered in DNS and > > life was good. > > > When we did this to the production network, the ForesestDnsZone and > > the DomainDnsZone did not register. When I do an nslookup > > mydomain.com I only get the server we upgraded, update.mydomain.com. > > The second DC, dc01.mydomain.com does not get registered. > > > I ran a dcdiag /v and I gtt the following result: > > > Testing server: Default-First-Site-Name\DC01 > > Starting test: Connectivity > > * Active Directory LDAP Services Check > > The host 329cad44-b55a-47a1-a87d- > > b132b4e644a7._msdcs.mydomain.com coul > > ot be resolved to an > > IP address. Check the DNS server, DHCP, server name, etc > > Although the Guid DNS name > > (329cad44-b55a-47a1-a87d-b132b4e644a7._msdcs.orthodyne.com) > > couldn't > > be resolved, the server name (dc01.mydomain.com) resolved to the > > IP > > address (192.168.1.3) and was pingable. Check that the IP > > address is > > registered correctly with the DNS server. > > ......................... DC01 failed test Connectivity > > > All the other test passed. > > > Does anyone have any ideas on how to fix this? > > Can you provide an unedited ipconfig /all for both DCs? > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > ===================================http://www.lonestaramerica.com/http://support.wftx.us/http://message.wftx.us/ > =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and morehttp://home.in.tum.de/~jain/software/oe-quotefix/ > =================================== > Keep a back up of your OE settings and folders > with OEBackup:http://www.oehelp.com/OEBackup/Default.aspx > ===================================- Hide quoted text - > > - Show quoted text - I figured out the problem. We were still using a BIND DNS server as the secondary DNS server on hosts including the one that became the second DC. After taking that out things settled down. I guess they weren't kidding when they said AD is veryfussy about DNS. Thanks

Re: AD Upgrade DNS Problem "Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> 6/7/2007 6:10:32 PM Read inline please. In news:1181222622.898936.20690[ at ]n15g2000prd.googlegroups.com, tman <naves.tom[ at ]gmail.com> typed: [Quoted Text] > I figured out the problem. We were still using a BIND DNS server as > the secondary DNS server on hosts including the one that became the > second DC. After taking that out things settled down. I guess they > weren't kidding when they said AD is veryfussy about DNS. It is not the AD is fussy about DNS, it is that, any DNS server you use in TCP/IP properties, must have a zone for the AD domain, you can continue using BIND as an alternate DNS, if you will create a secondary zone from the AD Primary on the DC. As a Secondary zone it won't accept updates, but any updates sent to the BIND will be redirected by way of the SOA Primary record to the Primary zone on the DC. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx ===================================