A
Amanda
I am trying to implement a Windows Server 2003 Domain Controller into my
existing network with the PDC being a Windows 2000 server.
My first issue was installing Active Directory stopped at a certain point
telling me I did not a sufficient security to install the Windows Server
2003 into Active Directory. I solved that problem.. It being an issue of not
having permission to allow delegation. Once I gave Administrators that right
Active Directory installed fine.
Now my issue is with the two domain controllers. My Windows 2000 DC cannot
access my Windows 2003 DC at all. All my other member servers can. Just not
my Windows 2000 Domain Controller. I am getting the following errors in the
Windows 2000 Event Log only. Not the Windows 2003 Server Event Log.
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
Date: 10/30/2003
Time: 9:14:43 AM
User: N/A
Computer: THOMAS
Description:
The attempt to establish a replication link with parameters
Partition: CN=Schema,CN=Configuration,DC=NE
Source DSA DN: CN=NTDS
Settings,CN=CGY1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura
tion,DC=NE
Source DSA Address: b31821d8-594c-40e4-ab43-e78a5364f038._msdcs.NE
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code. This operation will be retried.
There are no SRV record in DNS for the new Windows 2003 Domain Controller.
There is an (A) host record and my PDC can ping my BDC, there is just no
access. I can't even connect to a share; it pops up an "Enter Network
Password" Dialogue box and when I try to access DNS for example from my PDC
I get "Access Denied" errors. I have rebooted both servers, restarted the
NETLOGON service on the BDC and the DNS server service on the PDC... I have
tested DNS Registration for my PDC and it is failing but every reason they
have for this occurence in QFA's is not applicable to my situation.
Still nothing. I am getting the following Event ID's on my BDC (Windows 2003
Server)
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: 10/30/2003
Time: 8:41:34 AM
User: N/A
Computer: CGY1
Description:
Dynamic registration or deletion of one or more DNS records associated with
DNS domain 'NE.' failed. These records are used by other computers to
locate this server as a domain controller (if the specified domain is an
Active Directory domain) or as an LDAP server (if the specified domain is an
application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain
wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone
authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration
or deletion of the DNS records by running 'nltest.exe /dsregdns' from the
command prompt or by restarting Net Logon service. Nltest.exe is available
in the Microsoft Windows Server Resource Kit CD.
existing network with the PDC being a Windows 2000 server.
My first issue was installing Active Directory stopped at a certain point
telling me I did not a sufficient security to install the Windows Server
2003 into Active Directory. I solved that problem.. It being an issue of not
having permission to allow delegation. Once I gave Administrators that right
Active Directory installed fine.
Now my issue is with the two domain controllers. My Windows 2000 DC cannot
access my Windows 2003 DC at all. All my other member servers can. Just not
my Windows 2000 Domain Controller. I am getting the following errors in the
Windows 2000 Event Log only. Not the Windows 2003 Server Event Log.
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
Date: 10/30/2003
Time: 9:14:43 AM
User: N/A
Computer: THOMAS
Description:
The attempt to establish a replication link with parameters
Partition: CN=Schema,CN=Configuration,DC=NE
Source DSA DN: CN=NTDS
Settings,CN=CGY1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura
tion,DC=NE
Source DSA Address: b31821d8-594c-40e4-ab43-e78a5364f038._msdcs.NE
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code. This operation will be retried.
There are no SRV record in DNS for the new Windows 2003 Domain Controller.
There is an (A) host record and my PDC can ping my BDC, there is just no
access. I can't even connect to a share; it pops up an "Enter Network
Password" Dialogue box and when I try to access DNS for example from my PDC
I get "Access Denied" errors. I have rebooted both servers, restarted the
NETLOGON service on the BDC and the DNS server service on the PDC... I have
tested DNS Registration for my PDC and it is failing but every reason they
have for this occurence in QFA's is not applicable to my situation.
Still nothing. I am getting the following Event ID's on my BDC (Windows 2003
Server)
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: 10/30/2003
Time: 8:41:34 AM
User: N/A
Computer: CGY1
Description:
Dynamic registration or deletion of one or more DNS records associated with
DNS domain 'NE.' failed. These records are used by other computers to
locate this server as a domain controller (if the specified domain is an
Active Directory domain) or as an LDAP server (if the specified domain is an
application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain
wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone
authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration
or deletion of the DNS records by running 'nltest.exe /dsregdns' from the
command prompt or by restarting Net Logon service. Nltest.exe is available
in the Microsoft Windows Server Resource Kit CD.