DNS\DCPROMO FAILS

[CST]

When adding a secondary domain controller to my 2000
network I get past the database location and the log file
location, DCPROMO starts to run, then comes back with the
following error:

Failed finding a sutiable domain controller for the domain
xxx.net
The specified domain either does not exist or could not be
contacted.

Does anyone have any clue why I keep getting this error?

 

[Danny Sanders]

Sounds like you don't have DNS set up correctly.
See:
Setting Up the Domain Name System for Active Directory

http://support.microsoft.com/default.aspx?scid=kb;en-us;237675

and

HOW TO: Promote and Demote Domain Controllers in Windows 2000

http://support.microsoft.com/default.aspx?scid=kb;en-us;238369


hth
DDS W 2k MVP MCSE

 

[Guest]

Well on my DC1 I have two NICS. One for the WAN (Public
Internet) and one for my LAN. The WAN side is using
DHCP. I have a static IP assigned to my LAN and the DNS
is pointing to my IP Address on DC1. I can add my DC2 to
the network, I can ping DC1 by IP Address and by name. I
just cant promote it to another domain controller on my
network. On my DNS it seems to be set up correctly.

Do you still think it's some kind of misconfiguration on
my DNS based on the information I have provided above? If
so where should I begin or what should I look for in my
DNS to see how\where it is misconfigured.

Thanks

 

[Kevin D. Goodknecht Sr. [MVP]]

In

When adding a secondary domain controller to my 2000
network I get past the database location and the log file
location, DCPROMO starts to run, then comes back with the
following error:

Failed finding a sutiable domain controller for the domain
xxx.net
The specified domain either does not exist or could not be
contacted.

Does anyone have any clue why I keep getting this error?

The first guess is you have your ISP's DNS in TCP/IP properties, or at least
your not using the AD DNS server only as you should be.
Post an ipconfig /all so I can stop guessing.

 

[CST]

Well on my DC1 I have two NICS. One for the WAN (Public
Internet) and one for my LAN. The WAN side is using
DHCP. I have a static IP assigned to my LAN and the DNS
is pointing to my IP Address on DC1. I can add my DC2 to
the network, I can ping DC1 by IP Address and by name. I
just cant promote it to another domain controller on my
network. On my DNS it seems to be set up correctly. I
have my zone set to "yes" for dynamic updates.

Do you still think it's some kind of misconfiguration on
my DNS based on the information I have provided above? If
so where should I begin or what should I look for in my
DNS to see how\where it is misconfigured.

Thanks

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Well on my DC1 I have two NICS. One for the WAN (Public
Internet) and one for my LAN. The WAN side is using
DHCP. I have a static IP assigned to my LAN and the DNS
is pointing to my IP Address on DC1. I can add my DC2 to
the network, I can ping DC1 by IP Address and by name. I
just cant promote it to another domain controller on my
network. On my DNS it seems to be set up correctly. I
have my zone set to "yes" for dynamic updates.

Do you still think it's some kind of misconfiguration on
my DNS based on the information I have provided above? If
so where should I begin or what should I look for in my
DNS to see how\where it is misconfigured.

Ooo, multihomed DC with one NIC using DHCP, ouch.
On the DHCP NIC Manually enter the IP of the private NIC for DNS.

Add the PublishAddresses and RegisterDnsARecords registry values for the DNS
and Netlogon services
1.. Click Start, click Run, type regedit, and then click OK.
2.. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

3.. On the Edit menu, point to New, and then click String Value to add the
following registry value:
Value name: PublishAddresses
Data type: REG_SZ
Value data: IP address of the server's local network adapter. If you have
to specify more than one IP address, separate the addresses with spaces.

4.. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

5.. On the Edit menu, point to New, and then click DWORD Value to add the
following registry value:
Value name: RegisterDnsARecords
Data type: REG_DWORD
Value data: 0

6..

7.. Add the A Records in DNS

8.. Complete these steps only if the Routing and Remote Access server is a
domain controller.

1.. Click Start, point to Programs or All Programs, point to
Administrative Tools, and then click DNS.
2.. In the DNS console, expand the server object, expand the Forward
Lookup Zones folder, and then click the folder for the local domain.
3.. On the Action menu, click New Host.
4.. In the IP address text box, type the IP address of the server's
local network adapter.
5.. Leave the Name box empty, click Create Associated PTR Record, and
then click Add Host.
6.. When you receive the "(same as parent folder) is not a valid host
name. Are you sure you want to add this record?" message, click Yes.

Note If the server is a global catalog server, go to step 7. If the
server is not a global catalog server, you do not have to complete steps 7
through 11. To determine if the server is a global catalog server, follow
these steps:
1.. Click Start, point to Programs or All Programs, point to
Administrative Tools, and then click Active Directory Sites and Services.
2.. In the Active Directory Sites and Services console, expand the
Sites folder, expand the site that contains the server, and then expand the
server object.
3.. Right-click NTDS Settings, and then click Properties.
4.. On the General tab, locate the Global Catalog check box. If this
check box is checked, the server is a global catalog server.
7.. Under the Forward Lookup Zones folder in the DNS console, expand the
folder for the local domain, expand the MSDCS folder, and then click the GC
folder.
8.. On the Action menu, click New Host.
9.. In the IP address box, type the IP address of the server's local
network adapter.
10.. Leave the Name box empty, click Create Associated PTR Record, and
then click Add Host.
11.. When you receive the "(same as parent folder) is not a valid host
name. Are you sure you want to add this record?" message, click Yes.

Run netdiag /fix
Then try DCPROMO again.

 

[Guest]

Is the only way to fix this problem by editing the
registry? I didn't really want to get into the registry.
Do you have another way of configuring this, or is regedit
my only option?

My DC1 with two NICS works fine. All my clients can
access network resources, and are able to get to the
internet without any problems.

The problem arises when adding a second DC to my network,
dcpromo fails to find my domain controller.

Please let me know if you know of another route to fix my
problem, one that does not involve editing the registry.

Thanks.

 

[Kevin D. Goodknecht Sr. [MVP]]

In (e-mail address removed) <[email protected]>
wrote their comments
Then Kevin replied below:

Is the only way to fix this problem by editing the
registry? I didn't really want to get into the registry.
Do you have another way of configuring this, or is regedit
my only option?

My DC1 with two NICS works fine. All my clients can
access network resources, and are able to get to the
internet without any problems.

The problem arises when adding a second DC to my network,
dcpromo fails to find my domain controller.

Please let me know if you know of another route to fix my
problem, one that does not involve editing the registry.

All domain controllers that are multi-homed need the registry fixed, that is
why it is not recommended to multi-home a domain controller.

You have to fix the registry and create the records.

 

[Guest]

I'm a little confused on step 7 "Add the A records in DNS"
What is the A record and where do I add it? Thanks.

-----Original Message-----
In (e-mail address removed)

 

[Guest]

Also, This network was set up prior to me coming here.
They fired there network administrator, and have been
through several admins in the past 4 years, which is one
reason this network is the way it is. I am pretty much
here to fix it! On his DNS I am not seeing MSDCS, TCP, GC
folders under the domain. This is rather unusual
correct? How do I fix this problem? Is this a total
separate issue from the registry fix?

The fact that my DC1's DNS does not contain the records
MSDCS, TCP, GC means that DNS was not installed correctly
to begin with, right? Any idea's on how to fix this.

Thanks.

-----Original Message-----
In (e-mail address removed)

 

[Kevin D. Goodknecht Sr. [MVP]]

In (e-mail address removed) <[email protected]>
wrote their comments
Then Kevin replied below:

I'm a little confused on step 7 "Add the A records in DNS"
What is the A record and where do I add it? Thanks.

My new reader put the the numbers in when I pasted it from the article.
To add the records follow steps 1 thru 6 and 7 thru 11 if it is a global
catalog.

 

[Ace Fekay [MVP]]

In

Also, This network was set up prior to me coming here.
They fired there network administrator, and have been
through several admins in the past 4 years, which is one
reason this network is the way it is. I am pretty much
here to fix it! On his DNS I am not seeing MSDCS, TCP, GC
folders under the domain. This is rather unusual
correct? How do I fix this problem? Is this a total
separate issue from the registry fix?

The fact that my DC1's DNS does not contain the records
MSDCS, TCP, GC means that DNS was not installed correctly
to begin with, right? Any idea's on how to fix this.

Thanks.

Unfortunate that you got stuck with this configuration... You can of course
avoid all of this administrative overhead by removing one of the NICs.

Is there any way you can remove one of the NICs? What's the current purpose
of the dual NICs? Offering Internet access/NAT? If so, it would be
beneficial to go with a 3rd party hardware device, such as a $40.00 Linksys
router, to offer this service. Multihomed NICs are problematic with AD, as
you;ve seen.

Also, the rules of engagement when it comes to AD and proper DNS
registration, so the proper SRV records show up in DNS (_msdcs, _sites,
_dup, _tcp), the Primary DNS Suffix of the machine must match the name of AD
and match the name of the zone in DNS that has updates enabled. This of
course also means that you must only use your internal DNS in your IP
properties (DC, member servers and clients alike), or other things can and
*will*go wrong.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.