I have upgraded our NT4 network to Windows 2003. Before I did that, I had a
Windows 2003 member server acting as the new Primary DNS server for our
network. After I upgraded our PDC to Windows 2003 Active Directory, I
installed DNS on the DC as a Secondary. I later turned it into the primary
server and the member server running DNS was changed to the secondary. I
later made DNS on the DC Active Directory Integrated and it seemed to work
great. Well, today, I ran DCPromo on the 2003 member server and added it to
our existing domain. I then tied to make DNS on that server Active
Directory Integrated. When I do that, I get the following error message:

The replication scope could not be set. For more information, see "DNS Zone
replication in Active Directory" in Help and Support. The error was: There
was a server failure.

Microsoft's knowledge base says to add the Administrators group to the
Manage Auditing and Security Log permission, but that account group is
already there. I even added the Administrator account as extra measure, but
I get the same error. Any ideas?

Thanks,
Sylvan Jonas

I think there is an error in your reasoning about how to make the new Domain
Controllers AD integrated. If you have DC A and DC B both running DNS, both
holding copies of the AD Integrated DNS zone, and you promote in DC C that
has DNS installed on it, AD will automatically copy the AD Integrated Zone to
that newly promoted DC, you dont have to do anything. Does that make sense
to you?

Tony Eversole

"Jonas, Sylvan R." wrote:

> I have upgraded our NT4 network to Windows 2003. Before I did that, I had a
> Windows 2003 member server acting as the new Primary DNS server for our
> network. After I upgraded our PDC to Windows 2003 Active Directory, I
> installed DNS on the DC as a Secondary. I later turned it into the primary
> server and the member server running DNS was changed to the secondary. I
> later made DNS on the DC Active Directory Integrated and it seemed to work
> great. Well, today, I ran DCPromo on the 2003 member server and added it to
> our existing domain. I then tied to make DNS on that server Active
> Directory Integrated. When I do that, I get the following error message:
>
> The replication scope could not be set. For more information, see "DNS Zone
> replication in Active Directory" in Help and Support. The error was: There
> was a server failure.
>
> Microsoft's knowledge base says to add the Administrators group to the
> Manage Auditing and Security Log permission, but that account group is
> already there. I even added the Administrator account as extra measure, but
> I get the same error. Any ideas?
>
> Thanks,
> Sylvan Jonas
>
>
>

It does, but it didn't happen that way. I thought it would have too. I
think my error may have been in my sequence of events. Here's how I did it
and let me know if my sequence was wrong.

1. Installed DC B as member server in NT
2. Installed DNS on DC B and manually entered DNS records
3. (Weeks later) Upgraded PDC to Windows 2003 (DC A)
4. Installed DNS on DC A as secondary to DC B
5. Switched DC A to be Primary DNS and DC B to be Secondary DNS
6. Changed DC A DNS to be Active Directory Integrated (kept DC B as
Secondary DNS)
7. Ran DCPromo on DC B
8. Tried to make DNS on DC B Active Directory Integrated and that's when I
got the error message.

Hope that makes sense.

Thanks,
Sylvan


"Tony Eversole" <(E-Mail Removed)> wrote in message
news:E4C9299A-C9B5-40D4-B813-(E-Mail Removed)...
>I think there is an error in your reasoning about how to make the new
>Domain
> Controllers AD integrated. If you have DC A and DC B both running DNS,
> both
> holding copies of the AD Integrated DNS zone, and you promote in DC C
> that
> has DNS installed on it, AD will automatically copy the AD Integrated Zone
> to
> that newly promoted DC, you dont have to do anything. Does that make
> sense
> to you?
>
> Tony Eversole
>
> "Jonas, Sylvan R." wrote:
>
>> I have upgraded our NT4 network to Windows 2003. Before I did that, I
>> had a
>> Windows 2003 member server acting as the new Primary DNS server for our
>> network. After I upgraded our PDC to Windows 2003 Active Directory, I
>> installed DNS on the DC as a Secondary. I later turned it into the
>> primary
>> server and the member server running DNS was changed to the secondary. I
>> later made DNS on the DC Active Directory Integrated and it seemed to
>> work
>> great. Well, today, I ran DCPromo on the 2003 member server and added it
>> to
>> our existing domain. I then tied to make DNS on that server Active
>> Directory Integrated. When I do that, I get the following error message:
>>
>> The replication scope could not be set. For more information, see "DNS
>> Zone
>> replication in Active Directory" in Help and Support. The error was:
>> There
>> was a server failure.
>>
>> Microsoft's knowledge base says to add the Administrators group to the
>> Manage Auditing and Security Log permission, but that account group is
>> already there. I even added the Administrator account as extra measure,
>> but
>> I get the same error. Any ideas?
>>
>> Thanks,
>> Sylvan Jonas
>>
>>
>>

Sylvan,

When you make one DC in the domain AD integrated, if DNS is installed (and
not configured with any zones) AD will automatically replicated the AD
integrated zones to all the DCs in the domain. You dont create AD zones on
each DC, thats what makes them AD Integrated, they are automatically copied
to all the DCs.

Tony Eversole

"Jonas, Sylvan R." wrote:

> It does, but it didn't happen that way. I thought it would have too. I
> think my error may have been in my sequence of events. Here's how I did it
> and let me know if my sequence was wrong.
>
> 1. Installed DC B as member server in NT
> 2. Installed DNS on DC B and manually entered DNS records
> 3. (Weeks later) Upgraded PDC to Windows 2003 (DC A)
> 4. Installed DNS on DC A as secondary to DC B
> 5. Switched DC A to be Primary DNS and DC B to be Secondary DNS
> 6. Changed DC A DNS to be Active Directory Integrated (kept DC B as
> Secondary DNS)
> 7. Ran DCPromo on DC B
> 8. Tried to make DNS on DC B Active Directory Integrated and that's when I
> got the error message.
>
> Hope that makes sense.
>
> Thanks,
> Sylvan
>
>
> "Tony Eversole" <(E-Mail Removed)> wrote in message
> news:E4C9299A-C9B5-40D4-B813-(E-Mail Removed)...
> >I think there is an error in your reasoning about how to make the new
> >Domain
> > Controllers AD integrated. If you have DC A and DC B both running DNS,
> > both
> > holding copies of the AD Integrated DNS zone, and you promote in DC C
> > that
> > has DNS installed on it, AD will automatically copy the AD Integrated Zone
> > to
> > that newly promoted DC, you dont have to do anything. Does that make
> > sense
> > to you?
> >
> > Tony Eversole
> >
> > "Jonas, Sylvan R." wrote:
> >
> >> I have upgraded our NT4 network to Windows 2003. Before I did that, I
> >> had a
> >> Windows 2003 member server acting as the new Primary DNS server for our
> >> network. After I upgraded our PDC to Windows 2003 Active Directory, I
> >> installed DNS on the DC as a Secondary. I later turned it into the
> >> primary
> >> server and the member server running DNS was changed to the secondary. I
> >> later made DNS on the DC Active Directory Integrated and it seemed to
> >> work
> >> great. Well, today, I ran DCPromo on the 2003 member server and added it
> >> to
> >> our existing domain. I then tied to make DNS on that server Active
> >> Directory Integrated. When I do that, I get the following error message:
> >>
> >> The replication scope could not be set. For more information, see "DNS
> >> Zone
> >> replication in Active Directory" in Help and Support. The error was:
> >> There
> >> was a server failure.
> >>
> >> Microsoft's knowledge base says to add the Administrators group to the
> >> Manage Auditing and Security Log permission, but that account group is
> >> already there. I even added the Administrator account as extra measure,
> >> but
> >> I get the same error. Any ideas?
> >>
> >> Thanks,
> >> Sylvan Jonas
> >>
> >>
> >>
>
>
>

Sounds like this DC is *not* configured to load zone data from the Active
Directory and Registry.

Load dnsmgmt.msc, right-click on your DNS server, choose properties and
advanced. In the "Load zone data on startup" drop-down list choose "Active
Directory and Registry". Choose OK.

Delete your secondary zone and restart "DNS Server" service.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"Jonas, Sylvan R." <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
It does, but it didn't happen that way. I thought it would have too. I
think my error may have been in my sequence of events. Here's how I did it
and let me know if my sequence was wrong.

1. Installed DC B as member server in NT
2. Installed DNS on DC B and manually entered DNS records
3. (Weeks later) Upgraded PDC to Windows 2003 (DC A)
4. Installed DNS on DC A as secondary to DC B
5. Switched DC A to be Primary DNS and DC B to be Secondary DNS
6. Changed DC A DNS to be Active Directory Integrated (kept DC B as
Secondary DNS)
7. Ran DCPromo on DC B
8. Tried to make DNS on DC B Active Directory Integrated and that's when I
got the error message.

Hope that makes sense.

Thanks,
Sylvan


"Tony Eversole" <(E-Mail Removed)> wrote in message
news:E4C9299A-C9B5-40D4-B813-(E-Mail Removed)...
>I think there is an error in your reasoning about how to make the new
>Domain
> Controllers AD integrated. If you have DC A and DC B both running DNS,
> both
> holding copies of the AD Integrated DNS zone, and you promote in DC C
> that
> has DNS installed on it, AD will automatically copy the AD Integrated Zone
> to
> that newly promoted DC, you dont have to do anything. Does that make
> sense
> to you?
>
> Tony Eversole
>
> "Jonas, Sylvan R." wrote:
>
>> I have upgraded our NT4 network to Windows 2003. Before I did that, I
>> had a
>> Windows 2003 member server acting as the new Primary DNS server for our
>> network. After I upgraded our PDC to Windows 2003 Active Directory, I
>> installed DNS on the DC as a Secondary. I later turned it into the
>> primary
>> server and the member server running DNS was changed to the secondary. I
>> later made DNS on the DC Active Directory Integrated and it seemed to
>> work
>> great. Well, today, I ran DCPromo on the 2003 member server and added it
>> to
>> our existing domain. I then tied to make DNS on that server Active
>> Directory Integrated. When I do that, I get the following error message:
>>
>> The replication scope could not be set. For more information, see "DNS
>> Zone
>> replication in Active Directory" in Help and Support. The error was:
>> There
>> was a server failure.
>>
>> Microsoft's knowledge base says to add the Administrators group to the
>> Manage Auditing and Security Log permission, but that account group is
>> already there. I even added the Administrator account as extra measure,
>> but
>> I get the same error. Any ideas?
>>
>> Thanks,
>> Sylvan Jonas
>>
>>
>>

OK. Thanks. I seem to have gotten it to work (don't ask me how) but that
was before I read your responses. Thanks for your assistance.

Sylvan Jonas
"ptwilliams" <(E-Mail Removed)> wrote in message
news:uqOOvf%(E-Mail Removed)...
> Sounds like this DC is *not* configured to load zone data from the Active
> Directory and Registry.
>
> Load dnsmgmt.msc, right-click on your DNS server, choose properties and
> advanced. In the "Load zone data on startup" drop-down list choose
> "Active
> Directory and Registry". Choose OK.
>
> Delete your secondary zone and restart "DNS Server" service.
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Jonas, Sylvan R." <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> It does, but it didn't happen that way. I thought it would have too. I
> think my error may have been in my sequence of events. Here's how I did
> it
> and let me know if my sequence was wrong.
>
> 1. Installed DC B as member server in NT
> 2. Installed DNS on DC B and manually entered DNS records
> 3. (Weeks later) Upgraded PDC to Windows 2003 (DC A)
> 4. Installed DNS on DC A as secondary to DC B
> 5. Switched DC A to be Primary DNS and DC B to be Secondary DNS
> 6. Changed DC A DNS to be Active Directory Integrated (kept DC B as
> Secondary DNS)
> 7. Ran DCPromo on DC B
> 8. Tried to make DNS on DC B Active Directory Integrated and that's when I
> got the error message.
>
> Hope that makes sense.
>
> Thanks,
> Sylvan
>
>
> "Tony Eversole" <(E-Mail Removed)> wrote in message
> news:E4C9299A-C9B5-40D4-B813-(E-Mail Removed)...
>>I think there is an error in your reasoning about how to make the new
>>Domain
>> Controllers AD integrated. If you have DC A and DC B both running DNS,
>> both
>> holding copies of the AD Integrated DNS zone, and you promote in DC C
>> that
>> has DNS installed on it, AD will automatically copy the AD Integrated
>> Zone
>> to
>> that newly promoted DC, you dont have to do anything. Does that make
>> sense
>> to you?
>>
>> Tony Eversole
>>
>> "Jonas, Sylvan R." wrote:
>>
>>> I have upgraded our NT4 network to Windows 2003. Before I did that, I
>>> had a
>>> Windows 2003 member server acting as the new Primary DNS server for our
>>> network. After I upgraded our PDC to Windows 2003 Active Directory, I
>>> installed DNS on the DC as a Secondary. I later turned it into the
>>> primary
>>> server and the member server running DNS was changed to the secondary.
>>> I
>>> later made DNS on the DC Active Directory Integrated and it seemed to
>>> work
>>> great. Well, today, I ran DCPromo on the 2003 member server and added
>>> it
>>> to
>>> our existing domain. I then tied to make DNS on that server Active
>>> Directory Integrated. When I do that, I get the following error
>>> message:
>>>
>>> The replication scope could not be set. For more information, see "DNS
>>> Zone
>>> replication in Active Directory" in Help and Support. The error was:
>>> There
>>> was a server failure.
>>>
>>> Microsoft's knowledge base says to add the Administrators group to the
>>> Manage Auditing and Security Log permission, but that account group is
>>> already there. I even added the Administrator account as extra measure,
>>> but
>>> I get the same error. Any ideas?
>>>
>>> Thanks,
>>> Sylvan Jonas
>>>
>>>
>>>
>
>
>

Good for you!!!

Patience is a virtue...


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/