dsdiag says go but dcpromo says no

[Jeremy@gilbarco]

Trying to add the first DC to a new tree in my forest.
dcdiag comes up clean, but when I try to dcpromo it
says "the DSA operation is unable to proceed because of a
DNS lookup failure" and errors out. Below is my DCDiag
stuff and the dcpromo.log file results. This box is not
runing DNS (and cannot).

dcpromo.log:
06/21 15:38:31 [INFO] Replicating
CN=Configuration,DC=ds,DC=root: received 803 out of
approximately 3067 objects
06/21 15:38:33 [INFO] Replicating
CN=Configuration,DC=ds,DC=root: received 1205 out of
approximately 3067 objects
06/21 15:38:34 [INFO] Replicating
CN=Configuration,DC=ds,DC=root: received 1514 out of
approximately 3067 objects
06/21 15:38:34 [INFO] Replicated the configuration
container.
06/21 15:38:34 [INFO] Error - Active Directory could not
create the object
CN=GILBARCODS,CN=Partitions,CN=Configuration,DC=ds,DC=root.
Check the event log for possible system errors. (8524)
06/21 15:38:37 [INFO] NtdsInstall for gilbarco.com
returned 8524
06/21 15:38:37 [INFO] DsRolepInstallDs returned 8524
06/21 15:38:37 [ERROR] Failed to install the directory
service (8524)
06/21 15:38:40 [INFO] The attempted domain controller
operation has completed

dcdiag:
Z:\Program Files\Resource
Kit>dcdiag /test:dcpromo /dnsdomain:gilbarco.com /newt
ree /forestroot:ds.root
Starting test: DcPromo
The DNS configuration is sufficient to allow this
computer to be promoted
as the first DC in the gilbarco.com Active Directory
domain.

Messages logged below this line indicate whether
this domain controller
will be able to dynamically register DNS records
required for the
location of this DC by other devices on the network.
If any
misconfiguration is detected, it might prevent
dynamic DNS registration
of some records, but does not prevent successful
completion of the Active
Directory Installation Wizard. However, we recommend
fixing the reported
problems now, unless you plan to manually update the
DNS database.

DNS configuration is sufficient to allow this domain
controller to
dynamically register the domain controller Locator
records in DNS.

The DNS configuration is sufficient to allow this
computer to dynamically
register the A record corresponding to its DNS name.

......................... gvrgilbarcodc01 passed
test DcPromo

 

[Herb Martin]

Trying to add the first DC to a new tree in my forest.
dcdiag comes up clean, but when I try to dcpromo it
says "the DSA operation is unable to proceed because of a
DNS lookup failure" and errors out. Below is my DCDiag
stuff and the dcpromo.log file results. This box is not
runing DNS (and cannot).

DCDiag cannot tell you anything about the NEW to-be-DC
and it's DNS setup.

The new DC much be able to find the existing DCs and to
find it's OWN Dynamic DNS even if these are separate DNS
servers.

How is your DNS rooted? With two trees you need one of
these solutions:

1) Internal root ("." zone) or common parent zone to search
downwards to all other zones
AND: every DNS server must be able to reach this zone
through root hints or forwarding.

2) Every DNS server to hold a secondary for the other DNS
zones (which it would not naturally need to hold)

3) Some near-equivalent to #2 using Win2003 or other
features such as Stub zone, conditional forwarding, or
BIND "views".

And each DNS zone supporting AD-Domains must be dynamic.

The Domain Naming Master must be online and resolvable by
one of the above methods.

--
Herb Martin

dcpromo.log:
06/21 15:38:31 [INFO] Replicating
CN=Configuration,DC=ds,DC=root: received 803 out of
approximately 3067 objects
06/21 15:38:33 [INFO] Replicating
CN=Configuration,DC=ds,DC=root: received 1205 out of
approximately 3067 objects
06/21 15:38:34 [INFO] Replicating
CN=Configuration,DC=ds,DC=root: received 1514 out of
approximately 3067 objects
06/21 15:38:34 [INFO] Replicated the configuration
container.
06/21 15:38:34 [INFO] Error - Active Directory could not
create the object
CN=GILBARCODS,CN=Partitions,CN=Configuration,DC=ds,DC=root.
Check the event log for possible system errors. (8524)
06/21 15:38:37 [INFO] NtdsInstall for gilbarco.com
returned 8524
06/21 15:38:37 [INFO] DsRolepInstallDs returned 8524
06/21 15:38:37 [ERROR] Failed to install the directory
service (8524)
06/21 15:38:40 [INFO] The attempted domain controller
operation has completed

dcdiag:
Z:\Program Files\Resource
Kit>dcdiag /test:dcpromo /dnsdomain:gilbarco.com /newt
ree /forestroot:ds.root
Starting test: DcPromo
The DNS configuration is sufficient to allow this
computer to be promoted
as the first DC in the gilbarco.com Active Directory
domain.

Messages logged below this line indicate whether
this domain controller
will be able to dynamically register DNS records
required for the
location of this DC by other devices on the network.
If any
misconfiguration is detected, it might prevent
dynamic DNS registration
of some records, but does not prevent successful
completion of the Active
Directory Installation Wizard. However, we recommend
fixing the reported
problems now, unless you plan to manually update the
DNS database.

DNS configuration is sufficient to allow this domain
controller to
dynamically register the domain controller Locator
records in DNS.

The DNS configuration is sufficient to allow this
computer to dynamically
register the A record corresponding to its DNS name.

......................... gvrgilbarcodc01 passed
test DcPromo

 

[Jeremy@gilbarco]

Both domains are pointing to the same DNS servers which is
authoritative for both domains. None of the DC's have DNS
installed, they are all going to the central BIND based
server.

-----Original Message-----

Trying to add the first DC to a new tree in my forest.
dcdiag comes up clean, but when I try to dcpromo it
says "the DSA operation is unable to proceed because of a
DNS lookup failure" and errors out. Below is my DCDiag
stuff and the dcpromo.log file results. This box is not
runing DNS (and cannot).

DCDiag cannot tell you anything about the NEW to-be-DC
and it's DNS setup.

The new DC much be able to find the existing DCs and to
find it's OWN Dynamic DNS even if these are separate DNS
servers.

How is your DNS rooted? With two trees you need one of
these solutions:

1) Internal root ("." zone) or common parent zone to search
downwards to all other zones
AND: every DNS server must be able to reach this zone
through root hints or forwarding.

2) Every DNS server to hold a secondary for the other DNS
zones (which it would not naturally need to hold)

3) Some near-equivalent to #2 using Win2003 or other
features such as Stub zone, conditional forwarding, or
BIND "views".

And each DNS zone supporting AD-Domains must be dynamic.

The Domain Naming Master must be online and resolvable by
one of the above methods.

--
Herb Martin

dcpromo.log:
06/21 15:38:31 [INFO] Replicating
CN=Configuration,DC=ds,DC=root: received 803 out of
approximately 3067 objects
06/21 15:38:33 [INFO] Replicating
CN=Configuration,DC=ds,DC=root: received 1205 out of
approximately 3067 objects
06/21 15:38:34 [INFO] Replicating
CN=Configuration,DC=ds,DC=root: received 1514 out of
approximately 3067 objects
06/21 15:38:34 [INFO] Replicated the configuration
container.
06/21 15:38:34 [INFO] Error - Active Directory could not
create the object
CN=GILBARCODS,CN=Partitions,CN=Configuration,DC=ds,DC=root.
Check the event log for possible system errors. (8524)
06/21 15:38:37 [INFO] NtdsInstall for gilbarco.com
returned 8524
06/21 15:38:37 [INFO] DsRolepInstallDs returned 8524
06/21 15:38:37 [ERROR] Failed to install the directory
service (8524)
06/21 15:38:40 [INFO] The attempted domain controller
operation has completed

dcdiag:
Z:\Program Files\Resource
Kit>dcdiag /test:dcpromo /dnsdomain:gilbarco.com /newt
ree /forestroot:ds.root
Starting test: DcPromo
The DNS configuration is sufficient to allow this
computer to be promoted
as the first DC in the gilbarco.com Active Directory
domain.

Messages logged below this line indicate whether
this domain controller
will be able to dynamically register DNS records
required for the
location of this DC by other devices on the network.
If any
misconfiguration is detected, it might prevent
dynamic DNS registration
of some records, but does not prevent successful
completion of the Active
Directory Installation Wizard. However, we recommend
fixing the reported
problems now, unless you plan to manually update the
DNS database.

DNS configuration is sufficient to allow this domain
controller to
dynamically register the domain controller Locator
records in DNS.

The DNS configuration is sufficient to allow this
computer to dynamically
register the A record corresponding to its DNS name.

......................... gvrgilbarcodc01 passed
test DcPromo

.

 

[Herb Martin]

Both domains are pointing to the same DNS servers which is
authoritative for both domains. None of the DC's have DNS
installed, they are all going to the central BIND based
server.

If your DNS dynamic?

Have you delegated and added the child zone -- making it too
dynamic?

You really do require a dynamic DNS service for all DNS zones
which do/will support Active Director.

While it is theoretically possible to avoid this requirement it
is practically unworkable and defeats much of the reliability of
AD.

--
Herb Martin

-----Original Message-----

Trying to add the first DC to a new tree in my forest.
dcdiag comes up clean, but when I try to dcpromo it
says "the DSA operation is unable to proceed because of a
DNS lookup failure" and errors out. Below is my DCDiag
stuff and the dcpromo.log file results. This box is not
runing DNS (and cannot).

DCDiag cannot tell you anything about the NEW to-be-DC
and it's DNS setup.

The new DC much be able to find the existing DCs and to
find it's OWN Dynamic DNS even if these are separate DNS
servers.

How is your DNS rooted? With two trees you need one of
these solutions:

1) Internal root ("." zone) or common parent zone to search
downwards to all other zones
AND: every DNS server must be able to reach this zone
through root hints or forwarding.

2) Every DNS server to hold a secondary for the other DNS
zones (which it would not naturally need to hold)

3) Some near-equivalent to #2 using Win2003 or other
features such as Stub zone, conditional forwarding, or
BIND "views".

And each DNS zone supporting AD-Domains must be dynamic.

The Domain Naming Master must be online and resolvable by
one of the above methods.

--
Herb Martin

dcpromo.log:
06/21 15:38:31 [INFO] Replicating
CN=Configuration,DC=ds,DC=root: received 803 out of
approximately 3067 objects
06/21 15:38:33 [INFO] Replicating
CN=Configuration,DC=ds,DC=root: received 1205 out of
approximately 3067 objects
06/21 15:38:34 [INFO] Replicating
CN=Configuration,DC=ds,DC=root: received 1514 out of
approximately 3067 objects
06/21 15:38:34 [INFO] Replicated the configuration
container.
06/21 15:38:34 [INFO] Error - Active Directory could not
create the object
CN=GILBARCODS,CN=Partitions,CN=Configuration,DC=ds,DC=root.
Check the event log for possible system errors. (8524)
06/21 15:38:37 [INFO] NtdsInstall for gilbarco.com
returned 8524
06/21 15:38:37 [INFO] DsRolepInstallDs returned 8524
06/21 15:38:37 [ERROR] Failed to install the directory
service (8524)
06/21 15:38:40 [INFO] The attempted domain controller
operation has completed

dcdiag:
Z:\Program Files\Resource
Kit>dcdiag /test:dcpromo /dnsdomain:gilbarco.com /newt
ree /forestroot:ds.root
Starting test: DcPromo
The DNS configuration is sufficient to allow this
computer to be promoted
as the first DC in the gilbarco.com Active Directory
domain.

Messages logged below this line indicate whether
this domain controller
will be able to dynamically register DNS records
required for the
location of this DC by other devices on the network.
If any
misconfiguration is detected, it might prevent
dynamic DNS registration
of some records, but does not prevent successful
completion of the Active
Directory Installation Wizard. However, we recommend
fixing the reported
problems now, unless you plan to manually update the
DNS database.

DNS configuration is sufficient to allow this domain
controller to
dynamically register the domain controller Locator
records in DNS.

The DNS configuration is sufficient to allow this
computer to dynamically
register the A record corresponding to its DNS name.

......................... gvrgilbarcodc01 passed
test DcPromo

.