In
myrt webb said:
I want to establish a child domain of my present domain.
When I run dcpromo on the child domain DC to establish the
child domain everything starts fine but stops and I get an
error- "Binding to server server01.rwd.com using the
supplied credentials failed."
I am using the administrator account for the credentials
and it is a member of the enterprise admins, domain admin
etc groups.
What is the problem?
As waht was pointed out in your post in the DNS newsgroups, this is a DNS
related issue. HOSTS files will NOT work with SRV records, which is what
DCPROMO is looking for. Rules are pretty simple...Use only your DNS. Do not
use your ISP's. Set updates to at least YES. Primary DNS Suffix is the same
name as the AD DNS domain name and the zone name in DNS. If trying to add
another DC or a child domain, use the same DNS server (in your IP
properties) that the other DC is using or from the parent domain. Make sure
your domain name is not a single label name. HOSTS files will NOT work with
AD service and resource locations.
In conjunction to the help and the links that was provided to you by Kevin
Goodknecht, MVP, and Deji, in the DNS group about how to setup and delegate
a child domain, here are some guidelines for AD and DNS (reposted from a
previous post from many months ago). This was compiled in conjunction
between myself and Tim Hines, MVP.....
===========================================
Steps for fixing the problem when DCPROMO does not find the domain, can't
join machines, GPOs don't work, Replication fails, etc.
Things to look for when you have problems registering:
=================================
Steps for fixing the problem when DCPROMO does not find the domain, can't
join machines, GPOs don't work, Replication fails, DNS registration is not
registering, etc.
- Compiled by Tim Hines, MCSE [MVP] with additions by Ace Fekay [MVP]
=================================
1. Verify that the existing domain controller is pointing to a Windows 2000
DNS server. Do not point it to any external ISP DNS servers. You can use
forwardwers for external resolution see this for complete steps on how to:
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q300202
If the Forward option is grayed out, delete the Root zone. Looks like a
period.
The above link shows you how to do this too.
2. Open the DNS MMC, double click forwarders so that you can see the zone
for your domain. If the zone is missing, see this on how to create the FLZ
(Forward Lookup Zone) and a Reverse Zone too, if you want one (good for
Nslookup, etc):
http://support.microsoft.com/default.aspx?scid=kb;en-us;308201
3. Right click on this zone and select properties. Verify that your zone is
set to allow dynamic updates, if not change it so that it does. Set it to
YES.
4. Double click your zone to expand it. You should have 4 subfolders
(_MSDCS, _SITES, _TCP, _UDP) and a few records.
5. If the zones do not exist you should open a command prompt.
6. Type IPconfig /registerdns and enter
7. Type net stop netlogon
8. Type in a cmd prompt:
net start netlogon
(Restarting netlogon wil force the service to
register its SRV records with the DNS zone thus creating the missing
subfolders. The records that will be registered
are in winnt\system32\config\netlogon.dns).
9. After restarting netlogon go back into your DNS zone and verify that you
have the subfolders that I mentioned before.
10. If the folders are not there you may want to try running:
netdiag.exe /fix
from the support tools. Or try restarting netlogon again.
11. If these SRV folders still do not register, check to make sure that File
and Printer Sharing is Enabled on the Interface that is connected to the AD
network:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;254680
12. If these SRV folders still do not register, check the Primary DNS Suffix
to make sure that it exists and is the same exact name as your domain name
should be. That can be checked by typing in a cmd prompt:
ipconfig /all.
Look for the "Primary DNS Suffix entry. It should look like this:
Host Name . . . . . . . . . . . . : computername
Primary DNS Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
If the Primary DNS Name name is missing or not the same, this is a condition
called "disjointed namespace". Netlogon uses this name to find the zone name
in DNS to register into, as long as updates are enabled and it's spelled
correctly. There is a script that can correct this, depending on the
conditions.
If it's incorrect, check the bottom of this article:
Troubleshooting Common Active Directory Setup Issues in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;260371
and post back your findings for other possible fixes.
If the Primary DNS Suffix is correct, continue...
13. On the DC that you are trying to promote verify that it is pointing ONLY
to
the Windows 2000 DNS server that we have been working on for DNS.
14. Go to a command prompt and type nslookup 1stdcname.domainname.com to
verify that you can get a reply.
15. type nslookup and hit enter
16. type set type=srv and enter
17. type _ldap._tcp.domainname.com and hit enter
18. you should see something like this if it works.
_ldap._tcp.domain.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = computername.domainname.com
computername.domainname.com internet address = 192.168.0.1
computername.domainname.com internet address = 25.65.3.81
19. Try running dcpromo, it should work.
For more info about the domain controller location process see
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q247811
=================================
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
