dcpromo failed

[Guest]

Trying to remove an old W2k DC from doamin. Ran depromo and get "The DSA
operation is unable to proceed because of a DNS lookup failure". Looked at
KB 263624. DC can ping Wins and DNS servers just fine. Pointing to correct
DNS. DNS is AD integrated. Believe problem to be with how this server was
named. It is servername.anotherName while the reset of the DC in doamin are
servername.dcname The server in question runs fine in the DC, it's just too
slow to continue being a DC. Since I can't change name of DC server is there
any other way short of rebuilding the server to correct this? Thanks

 

[Ryan Hanisco]

Brian,

You mention that the DNS is working correctly and that it is pointed in the
right place.

1. Make sure that you can ping the domain by both its NetBIOS name as well
as its FQDN -- not just that you are able to ping the DNS server itself.
This should resolve to the PDCe role-holder in both cases.

2. If you are running AD-Integrated DNS, remember that your DCs running DNS
should be pointing only to themselves as the DNS source. This means that
if you are running AD-Integrated DNS on the server that you want to demote,
it should only be pointing at itself for DNS resolution.

3. If you have resolved these and are still having problems, you will want
to install the support tools and run both dcdiag /v and netdiag /v against
the 2000 server. This will identify any Replication, FSMO, and DNS problems
that you are having. Take another look at your Event Logs to make sure that
there isn't something there that you are overlooking. It is easy to do,
especially if you don't have large buffers in the logs.

Take your time on this and work through it. Try not to get impatient and
just kill the server planning to seize roles and do a metadata cleanup
later. Working through this will make your AD healthier as well as keep you
out of trouble.

The frustration you will go through resolving something like this is much
less than the potential frustration you might have if your whole
organization grinds to a halt through messed up DNS/ FSMO replication.

 

[Guest]

Thanks, the server in question is not a DNS server itself, so that's not the
issue. What am I supposed to be looking for in terms of events log errors or
what? Would they be on the DNS server or on the serber in question. I am
taking my time with this since this is the into the 2nd month on this looking
for a fix. If I can't demote it then I will let it run till it dies and then
have to do metadata cleanup. I will try #1 and #3 to see what happens.

 

[Guest]

Ok I ran DCdiag. The server GUID DNS name could not be resolved. The
servername.2ndname is the issue. Since I cannot rename the server and I
cannot add a name with a dot in it to DNS server how can this be corrected?

 

[ptwilliams]

If the name is correctly registered in DNS then the clients that wish to
contact this machine need to use multiple DNS suffixes.

If this is has a different DNS suffix to that of the AD domain name, this is
known as having a disjoint namespace -which won't work by default:
-- http://www.msresource.net/content/view/40/46/


Once the disjoint side of things is fixed, you need to restart netlogon to
register the SRV records in DNS.

Note. If this has been happening for over two monhs (60 days) then this
machine is dead --it just doesn't know it yet.