dcpromo still not fixing netlogon errors

[Guest]

I have (3) win2000 dc's. One (the first -d4200) has no problems during
dcdiag. The other 2 both give me these same result in dcdiag.

Starting test: Advertising
Warning: DsGetDcName returned information for \\d4200.domain, when
we were trying to reach D6400.
Server is not responding or is not considered suitable.

Starting test: frssysvol
Error: No record of File Replication System, SYSVOL started.
The Active Directory may be prevented from starting.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... D6400 passed test frssysvol

Starting test: kccevent
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/14/2007 17:40:15
(Event String could not be retrieved)
......................... D6400 failed test kccevent

I tried to dcpromo one down to a wrkgrp server and then back to a DC but
still the same problem. I want to upgrade my servers to 2003 but i am
afraid these errors will keep from that. (the working server has major issues
preventing it from being upgraded so i want to upgrade one of the 2 other
more reliable servers.)

Any ideas?

thanks

 

[Meinolf Weber (Myweb)]

Hello Steve,

So just for understanding the first dc is upgraded to 2003? You have run
the adprep /forestprep adprep /domainprep against your schema master without
any error?

Best regards

Meinolf Weber (Myweb)
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

 

[Guest]

All 3 are win2000. MY fear is moving all the roles to a stable server,
upgrading to 2003 and then nothing talking to my other 2 win2000 servers. As
of the moment i believe only the troublesome server is taking dns requests.
The other 2 are not b/c of these netlogon erros.

 

[Meinolf Weber (Myweb)]

Hello Steve,

Please give some more details about the config. Please post an ipconfig /all
from all 3 servers. If all 3 are configured proper theire shouldn't be any
error during dcdiag or netdiag.

Best regards

Meinolf Weber (Myweb)
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

 

[Ace Fekay [MVP]]

In

I have (3) win2000 dc's. One (the first -d4200) has no problems
during dcdiag. The other 2 both give me these same result in dcdiag.

Starting test: Advertising
Warning: DsGetDcName returned information for \\d4200.domain,

<snipped>

Is your domain a single lable name, such as "domain" and not in the format
of "domain.com"? I noticed the above states \\d4200.domain and from your
post, you stated the computer name is d4200, therefore I'm assuming "domain"
is your domain name and it's a single label name.

If so, this can be the cause of the whole issue. Awaiting an (hopefully
unedited) ipconfig /all as Myweb requested. That will shed light on this.




--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Try using Outlook Express or any other newsreader, configure a news
account, and point it to news.microsoft.com. Anonymous access. It's
easy and it's free:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Life isn't like a box of chocolates or a bowl of cherries or
peaches... Life is more like a jar of jalapenos. What you do today
may burn your butt tomorrow." - Garfield

 

[Guest]

Yep it is just a single name domain. Does this need to be changed? ( i know
there is a domain name change tool..)

IPconfi from d4200 + d1400 + d6400>>>>
C:\WINNT\Profiles\administrator.UCT4>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : d4200
Primary DNS Suffix . . . . . . . : tct4
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : tct4

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com 3C996B Gigabit Server NIC
Physical Address. . . . . . . . . : 00-04-**-**-**-**
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.250
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.241
DNS Servers . . . . . . . . . . . : 192.168.0.250
192.168.0.249

---------------------------------------------------------------------

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : d1400
Primary DNS Suffix . . . . . . . : UCT4
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : UCT4

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink Server 10/100 PCI
NI
(3C980C-TXM)
Physical Address. . . . . . . . . : 00-01-02-**-**-**
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.249
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.241
DNS Servers . . . . . . . . . . . : 192.168.0.249
192.168.0.250
--------------------------------------------------------------------------

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : d6400
Primary DNS Suffix . . . . . . . : UCT4
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : UCT4

Ethernet adapter Local Area Connection 5:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server
Adapter
Physical Address. . . . . . . . . : 00-04-23-**-**-*8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.94
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.241
DNS Servers . . . . . . . . . . . : 192.168.0.250
192.168.0.249

 

[Meinolf Weber (Myweb)]

Hello Steve,

If i see the d4200 the primary domain suffix is tct4, the other two uct4?

Best regards

Meinolf Weber (Myweb)
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

 

[Guest]

sorry i was trying to edit them. They are all the same

 

[Meinolf Weber]

Hello Steve,

Check out this articles about single domain name:
http://support.microsoft.com/kb/300684

And also if you have this errors:
http://support.microsoft.com/kb/914050

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

 

[Ace Fekay [MVP]]

In

sorry i was trying to edit them. They are all the same

Keep in mind, there are many issues surrounding single label name domain
names. Basically DNS is a tree with a hierarchal structure. DNS names start
at the root and read backwards. A name such as corp-dc-01.corpdomain.com has
a structure. The com is the TLD, (top level domain name), then the
"corpdomain" can be looked at as the first level name, or the second level
name (depending on who you talk to or books you read), then of course the
hostname, in this case it's corp-dc-01.

When a query is submitted for resolution, it looks at itself first to see if
it hosts the zone name. If it doesn't, then it will look at the TLD first
and submite a query based for that name. In the above example, it will query
the Root server (there are 13 on the internet that handle the com's, edu's,
net's, etc) for the TLD as a starter. It finds the Root server that has a
pointer for the com TLD, which it will then ask that server to find out who
owns the 'corpdomain' second level name under the 'com' name. Then of course
once it finds that server, will query for 'corp-dc-01'.

Now funny thing, (or not so funny, depending on what side of the fence you
are on) the resovler service looks at the single label name domain as a TLD.
In your case it looks at " tct4" as a TLD. We all know it is not a TLD, but
the resolver service doesn't know that. And since it is a single name, it
doesn't look to itself to see if it is hosting the zone but rather will
query the Roots first. Therfore anytime a query is set forth internally on a
single label name, it's really hitting the 13 Root servers first, before it
looks back at itself. It's just a fact of the way the resolver works.

The ISC discovered the numerous unnecessary query traffic hitting their Root
servers back in 2003 and found they were coming from Microsoft DNS servers
querying for a single label name. Microsoft immediately, based on trying to
be a friendly internet neighbor, came up with a way to stop this unnecessary
traffic to the 13 Root DNS servers by introducing code in Windows 2000 SP4
(and all newer operating systems), stopping this action. But then of course
this caused numerous problems with current AD installations that were single
label names. You should have seen all the posts back in the summer of 2003.
We were wondering where all of a sudden the issues came from. Issues
included numerous Netlogon errors, registration errors, and a host of
others. After some research and a note by one of the Microsoft engineers in
this newsgroup in 2003 explaining what was up, did we finally realize what
was going on.

So I would think it would be a matter of importance for you for your company
to fix this by changing the name or migrating to a new domain/forest. You
can use the bandaid shown in 300684, but I would think the easiest would be
the domain name changer tool, but keep in mind, if you have Exchange
installed, it really complicates it a bit. If you do have Exchange in the
forest, you may want to read these articles:

Supplemental steps for using the Exchange Server Domain Rename ...This
article describes how to use the Exchange Domain Rename Fixup tool together
with the Microsoft Windows Server 2003 domain rename tools. The file name
....
support.microsoft.com/kb/842116

Domain Rename - Rename a Windows 2003 Forest with Exchange 2003
....XDR-fixup modifies Exchange Active Directory attributes to reflect the
new domain name. The XDR-fixup tool does not replace the Windows Server 2003
domain ...
www.msexchange.org/tutorials/Domain-Rename.html



Good luck with everything! Plese do let us know how you will procede and if
you have any further questions.

Ace

 

[Meinolf Weber]

Hello Ace Fekay [MVP],

Allways nice to read the explanations from all of the MVP's, clear to understand
and often with a nice background story.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

 

[Ace Fekay [MVP]]

In

Hello Ace Fekay [MVP],

Allways nice to read the explanations from all of the MVP's, clear to
understand and often with a nice background story.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.

Thanks, Meinolf.

 

[Steve-O]

Just gettin back to this. Its a no go with the 842116 (my domain is set to
native)

Is the only option to build a new domain on a seperate server and then move
everything over to that new "proper" domain?

 

[Ace Fekay [MVP]]

In

Just gettin back to this. Its a no go with the 842116 (my domain is
set to native)

Is the only option to build a new domain on a seperate server and
then move everything over to that new "proper" domain?

I can't see the original post to get the specifics of what happened (since
it has expired and been removed), but I remember some of it. As a rule of
thumb, that is what's recommended, to start fresh with a new domain and
move/migrate everything into it.

Ace

 

[Steve-O]

Are there any particular rules of thumb? (i was reading about some caveats
with Exchange 2003 when changing to a different domain.)

Would i just demote all but the FSMO to member. Move the FSMO to the new
domain. Move all the others accordingly.

I guess the exchange server is the big quesion.

 

[Ace Fekay [MVP]]

In

Are there any particular rules of thumb? (i was reading about some
caveats with Exchange 2003 when changing to a different domain.)

Would i just demote all but the FSMO to member. Move the FSMO to the
new domain. Move all the others accordingly.

I guess the exchange server is the big quesion.

IIRC, you had a single label name domain.

The rule of thumb that many will agree with is to start fresh. For Exchange,
Exmerge all your mailboxes to PSTs. User CSVDE to export your user list to a
CSV file. Demote and disjoin everything.Then pick a server and promote it
into a new domain with the correct name. Get that up and running. Install
Exchange fresh on your member server. Then run the CSVDE tool to import the
CSV. If you didn't export them, manually create your user accounts. Make
sure they are the same alias names as the PST files to associate the PSTs to
the user accounts. Then run the Exmerge to import the PSTs in.

Ace

 

[Steve]

Would it be possible to contract out this work. I dont feel comfortable
doign this. I saw you were in Willow Grove...i am pretty close. let me know.

honeyendo at hotmail.com

thanks