DNS not updating after DC replacement "Tim Miller" <tmiller[ at ]deppmann.com> 11/19/2008 9:55:20 PM Windows 2003 SE I have a domain controller, not the master, that died hard (couldn't be demoted) and had to be rebuilt from scratch. I did a dcpromo and it did get a copy of AD, but I'm stuck with errors in DNS that I'm not understanding how to handle. Event 4510 and 4015. In everything I'm seeing, the consistent piece is that it can't connect to the FSMO. That's new to me, but what I do know is that the FSMO is online, and I can ping it (by IP). I see things about transferring the FSMO, but that doesn't seem right since I still want the main DC to be the master. When I try to create forward lookup zones manually, it says that the required application directory partition doesn not exist. I try to right click the DNS server and choose "Create Default Application Directory Partitions" and get the message that the FSMO holder could not be contacted. I don't understand what I'm missing and I feel like I'm going in circles with my web searching. Any direction would be greatly appreciated. Thanks Tim

Re: DNS not updating after DC replacement Meinolf Weber <meiweb(nospam)[ at ]gmx.de> 11/20/2008 12:08:40 AM Hello Tim, Did you cleanup AD from the old data of the crashed DC? http://support.microsoft.com/kb/555846/en-us For DNS use AD integrated zones on the running DC/DNS server. Use only domain internal DNS server ip addresses on all machines, no external ip addresses. Make sure you can ping between all machines with ip address, computername and FQDN. Please post an unedited ipconfig /all from the existing DC/DNS and the new one. On the exisiting DC's run diagnostic tools, dcdiag /v, netdiag /v and repadmin /showrepl to check for errors. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm [Quoted Text] > Windows 2003 SE > I have a domain controller, not the master, that died hard (couldn't > be > demoted) and had to be rebuilt from scratch. > I did a dcpromo and it did get a copy of AD, but I'm stuck with errors > in DNS that I'm not understanding how to handle. > > Event 4510 and 4015. > > In everything I'm seeing, the consistent piece is that it can't > connect to the FSMO. That's new to me, but what I do know is that the > FSMO is online, and I can ping it (by IP). I see things about > transferring the FSMO, but that doesn't seem right since I still want > the main DC to be the master. > > When I try to create forward lookup zones manually, it says that the > required application directory partition doesn not exist. I try to > right click the DNS server and choose "Create Default Application > Directory Partitions" and get the message that the FSMO holder could > not be contacted. > > I don't understand what I'm missing and I feel like I'm going in > circles with my web searching. > > Any direction would be greatly appreciated. > > Thanks > Tim

Re: DNS not updating after DC replacement Paul Bergson [MVP-DS] <pbbergs[ at ]nospam_msn.com> 11/20/2008 1:35:05 PM Hello Tim, You need to go back and cleanup the dc you lost. Even though it appears to be gone there is metadata sitting in AD that will haunt you until it is cleaned up. If the name isn't the same as the former the dns issue and the metadata issue may not be related. http://support.microsoft.com/?id=216498 Do the cleanup and if you are still having problems Could you post an ipconfig /all from both dc's? Think about changing the first two octets (Do a search and replace) and then posting the info. Also - Run diagnostics against your Active Directory domain. If you don't have the support tools installed, install them from your server install disk. d:\support\tools\setup.exe Run dcdiag, netdiag and repadmin in verbose mode. -> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log -> netdiag.exe /v > c:\netdiag.log (On each dc) -> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt -> dnslint /ad /s "ip address of your dc" **Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's in the forest. If you have significant numbers of DC's this test could generate significant detail and take a long time. You also want to take into account slow links to dc's will also add to the testing time. If you download a gui script I wrote it should be simple to set and run (DCDiag and NetDiag). It also has the option to run individual tests without having to learn all the switch options. The details will be output in notepad text files that pop up automagically. The script is located on my website at http://www.pbbergs.com/windows/downloads.htm Just select both dcdiag and netdiag make sure verbose is set. (Leave the default settings for dcdiag as set when selected) When complete search for fail, error and warning messages. Description and download for dnslint http://support.microsoft.com/kb/321045 -- Paul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. [Quoted Text] > Windows 2003 SE > I have a domain controller, not the master, that died hard (couldn't > be > demoted) and had to be rebuilt from scratch. > I did a dcpromo and it did get a copy of AD, but I'm stuck with errors > in DNS that I'm not understanding how to handle. > > Event 4510 and 4015. > > In everything I'm seeing, the consistent piece is that it can't > connect to the FSMO. That's new to me, but what I do know is that the > FSMO is online, and I can ping it (by IP). I see things about > transferring the FSMO, but that doesn't seem right since I still want > the main DC to be the master. > > When I try to create forward lookup zones manually, it says that the > required application directory partition doesn not exist. I try to > right click the DNS server and choose "Create Default Application > Directory Partitions" and get the message that the FSMO holder could > not be contacted. > > I don't understand what I'm missing and I feel like I'm going in > circles with my web searching. > > Any direction would be greatly appreciated. > > Thanks > Tim

Re: DNS not updating after DC replacement "Tim Miller" <tmiller[ at ]deppmann.com> 11/20/2008 6:49:35 PM Thanks very much for the post Paul. I was able to solve it an hour or so after my post by clearing out an item from DNS. After that everything started running correctly. Now I'm having a problem that I'm able to log on to the server locally (console or through RDC) and create / modify files, however not able to through network path (UNC). I get Access Denied errors as if I don't have proper permissions, but I definitely do. I have the same file / folder level NTFS permissions set, and shared configured, as I have on 3 other servers, but this one for some reason is having this problem. I'm sure it's going to be something small, but I'm really stumped on it. I really doubt it's an AD or DNS thing though, so I've posted it elsewhere. Though if you know right off what it is, I'd be glad to hear from you. I did run netdiag and dcdiag on this server and on another one with a very similar setup, and both look virtually identical... nothing different except the IP. "Paul Bergson [MVP-DS]" <pbbergs[ at ]nospam_msn.com> wrote in message news:6f5dc7bb83758cb18f9a4422abc[ at ]msnews.microsoft.com... [Quoted Text] > Hello Tim, > You need to go back and cleanup the dc you lost. Even though it appears > to be gone there is metadata sitting in AD that will haunt you until it is > cleaned up. If the name isn't the same as the former the dns issue and > the metadata issue may not be related. > > http://support.microsoft.com/?id=216498 > > Do the cleanup and if you are still having problems > > Could you post an ipconfig /all from both dc's? Think about changing the > first two octets (Do a search and replace) and then posting the info. > > Also - Run diagnostics against your Active Directory domain. > > If you don't have the support tools installed, install them from your > server install disk. > d:\support\tools\setup.exe > > Run dcdiag, netdiag and repadmin in verbose mode. > -> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log > -> netdiag.exe /v > c:\netdiag.log (On each dc) > -> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt > -> dnslint /ad /s "ip address of your dc" > > **Note: Using the /E switch in dcdiag will run diagnostics against ALL > dc's in the forest. If you have significant numbers of DC's this test > could generate significant detail and take a long time. You also want to > take into account slow links to dc's will also add to the testing time. > > If you download a gui script I wrote it should be simple to set and run > (DCDiag and NetDiag). It also has the option to run individual tests > without having to learn all the switch options. The details will be output > in notepad text files that pop up automagically. > > The script is located on my website at > http://www.pbbergs.com/windows/downloads.htm > > Just select both dcdiag and netdiag make sure verbose is set. (Leave the > default settings for dcdiag as set when selected) > > When complete search for fail, error and warning messages. > > Description and download for dnslint > http://support.microsoft.com/kb/321045 > > > > -- > Paul Bergson > MVP - Directory Services > MCTS, MCT, MCSE, MCSA, Security+, BS CSci > 2008, 2003, 2000 (Early Achiever), NT4 > > > http://www.pbbergs.com > > Please no e-mails, any questions should be posted in the NewsGroup This > posting is provided "AS IS" with no warranties, and confers no rights. > > > >> Windows 2003 SE >> I have a domain controller, not the master, that died hard (couldn't >> be >> demoted) and had to be rebuilt from scratch. >> I did a dcpromo and it did get a copy of AD, but I'm stuck with errors >> in DNS that I'm not understanding how to handle. >> >> Event 4510 and 4015. >> >> In everything I'm seeing, the consistent piece is that it can't >> connect to the FSMO. That's new to me, but what I do know is that the >> FSMO is online, and I can ping it (by IP). I see things about >> transferring the FSMO, but that doesn't seem right since I still want >> the main DC to be the master. >> >> When I try to create forward lookup zones manually, it says that the >> required application directory partition doesn not exist. I try to >> right click the DNS server and choose "Create Default Application >> Directory Partitions" and get the message that the FSMO holder could >> not be contacted. >> >> I don't understand what I'm missing and I feel like I'm going in >> circles with my web searching. >> >> Any direction would be greatly appreciated. >> >> Thanks >> Tim > >

Re: DNS not updating after DC replacement "Tim Miller" <tmiller[ at ]deppmann.com> 11/20/2008 7:19:28 PM Oh, disregard... it was just the share permissions. I don't deal with this sort of stuff too often. Thanks again! "Tim Miller" <tmiller[ at ]deppmann.com> wrote in message news:emKc9C0SJHA.5244[ at ]TK2MSFTNGP04.phx.gbl... [Quoted Text] > Thanks very much for the post Paul. I was able to solve it an hour or so > after my post by clearing out an item from DNS. After that everything > started running correctly. > Now I'm having a problem that I'm able to log on to the server locally > (console or through RDC) and create / modify files, however not able to > through network path (UNC). I get Access Denied errors as if I don't have > proper permissions, but I definitely do. I have the same file / folder > level NTFS permissions set, and shared configured, as I have on 3 other > servers, but this one for some reason is having this problem. I'm sure > it's going to be something small, but I'm really stumped on it. I really > doubt it's an AD or DNS thing though, so I've posted it elsewhere. Though > if you know right off what it is, I'd be glad to hear from you. I did run > netdiag and dcdiag on this server and on another one with a very similar > setup, and both look virtually identical... nothing different except the > IP. > > > "Paul Bergson [MVP-DS]" <pbbergs[ at ]nospam_msn.com> wrote in message > news:6f5dc7bb83758cb18f9a4422abc[ at ]msnews.microsoft.com... >> Hello Tim, >> You need to go back and cleanup the dc you lost. Even though it appears >> to be gone there is metadata sitting in AD that will haunt you until it >> is cleaned up. If the name isn't the same as the former the dns issue >> and the metadata issue may not be related. >> >> http://support.microsoft.com/?id=216498 >> >> Do the cleanup and if you are still having problems >> >> Could you post an ipconfig /all from both dc's? Think about changing the >> first two octets (Do a search and replace) and then posting the info. >> >> Also - Run diagnostics against your Active Directory domain. >> >> If you don't have the support tools installed, install them from your >> server install disk. >> d:\support\tools\setup.exe >> >> Run dcdiag, netdiag and repadmin in verbose mode. >> -> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log >> -> netdiag.exe /v > c:\netdiag.log (On each dc) >> -> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt >> -> dnslint /ad /s "ip address of your dc" >> >> **Note: Using the /E switch in dcdiag will run diagnostics against ALL >> dc's in the forest. If you have significant numbers of DC's this test >> could generate significant detail and take a long time. You also want to >> take into account slow links to dc's will also add to the testing time. >> >> If you download a gui script I wrote it should be simple to set and run >> (DCDiag and NetDiag). It also has the option to run individual tests >> without having to learn all the switch options. The details will be >> output in notepad text files that pop up automagically. >> >> The script is located on my website at >> http://www.pbbergs.com/windows/downloads.htm >> >> Just select both dcdiag and netdiag make sure verbose is set. (Leave the >> default settings for dcdiag as set when selected) >> >> When complete search for fail, error and warning messages. >> >> Description and download for dnslint >> http://support.microsoft.com/kb/321045 >> >> >> >> -- >> Paul Bergson >> MVP - Directory Services >> MCTS, MCT, MCSE, MCSA, Security+, BS CSci >> 2008, 2003, 2000 (Early Achiever), NT4 >> >> >> http://www.pbbergs.com >> >> Please no e-mails, any questions should be posted in the NewsGroup This >> posting is provided "AS IS" with no warranties, and confers no rights. >> >> >> >>> Windows 2003 SE >>> I have a domain controller, not the master, that died hard (couldn't >>> be >>> demoted) and had to be rebuilt from scratch. >>> I did a dcpromo and it did get a copy of AD, but I'm stuck with errors >>> in DNS that I'm not understanding how to handle. >>> >>> Event 4510 and 4015. >>> >>> In everything I'm seeing, the consistent piece is that it can't >>> connect to the FSMO. That's new to me, but what I do know is that the >>> FSMO is online, and I can ping it (by IP). I see things about >>> transferring the FSMO, but that doesn't seem right since I still want >>> the main DC to be the master. >>> >>> When I try to create forward lookup zones manually, it says that the >>> required application directory partition doesn not exist. I try to >>> right click the DNS server and choose "Create Default Application >>> Directory Partitions" and get the message that the FSMO holder could >>> not be contacted. >>> >>> I don't understand what I'm missing and I feel like I'm going in >>> circles with my web searching. >>> >>> Any direction would be greatly appreciated. >>> >>> Thanks >>> Tim >> >> > >