Problem setting up DNS for running DCPromo

[Jennifer Bates]

Let me give you some back-story. We only have one Domain Controller.
It was a Windows NT PDC (named PDC) that was upgraded to Windows 2000.
Active Directory was installed but since the machine was upgraded
from NT, DNS was not installed. I was not here when this happened and
had no control over this process.

This machine is getting old and we need to set up another Domain
Controller (named DCON1). Our Domain is called xxxxxx.com and when we
run DCPromo, it claimes it cannot contact the domain 'xxxxxx.com'.
Fine, this is because we do not have a Microsoft DNS server that is
authoritative for that domain. Since we plan to retire the original
domain controller, I have installed DNS on DCON1. I believe I have it
set up correctly. It is configured to allow dynamic updates. I have
pointed this new machine and the original PDC to use this machine for
DNS. DCPromo still fails.

I believe this is because when I set up DNS, no SRV records were
created. The only record created was the A, SOA and NS record for
DCON1. I set up my computer to use this DNS and it registered
correctly. A host record was created for my machine. When I set up
PDC to use DCON1 for DNS, I configured TCP/IP to register itself with
DNS. I rebooted the machine but it did not register. Is there a
certain time period I have to wait? I created the host file manually
but I still could not run DCPROMO and I suspect it's because I still
don't have any SRV records.

I did some searching online and tried a few things.
- I ran ipconfig /registerdns on dcon1. Should I have done this on
PDC?
- I stopped and restated netlogon on dcon1
- I ran netdiag /fix
- I played around with dcdiag but wasn't really sure what to do or
what to look for.
- I ran nslookup and used the set type=srv but that didn't work

Did I do something wrong? Should the SRV records be on the DNS server
as soon as it's configured?

I need to run DCPROMO so that our domain will be configured properly
and so that I can retire the existing PDC and eventually add another
DC for redundancy.

thanks,
Jen

 

[Kevin D. Goodknecht [MVP]]

In

Let me give you some back-story. We only have one Domain Controller.
It was a Windows NT PDC (named PDC) that was upgraded to Windows 2000.
Active Directory was installed but since the machine was upgraded
from NT, DNS was not installed. I was not here when this happened and
had no control over this process.

This machine is getting old and we need to set up another Domain
Controller (named DCON1). Our Domain is called xxxxxx.com and when we
run DCPromo, it claimes it cannot contact the domain 'xxxxxx.com'.
Fine, this is because we do not have a Microsoft DNS server that is
authoritative for that domain. Since we plan to retire the original
domain controller, I have installed DNS on DCON1. I believe I have it
set up correctly. It is configured to allow dynamic updates. I have
pointed this new machine and the original PDC to use this machine for
DNS. DCPromo still fails.

I believe this is because when I set up DNS, no SRV records were
created. The only record created was the A, SOA and NS record for
DCON1. I set up my computer to use this DNS and it registered
correctly. A host record was created for my machine. When I set up
PDC to use DCON1 for DNS, I configured TCP/IP to register itself with
DNS. I rebooted the machine but it did not register. Is there a
certain time period I have to wait? I created the host file manually
but I still could not run DCPROMO and I suspect it's because I still
don't have any SRV records.

I did some searching online and tried a few things.
- I ran ipconfig /registerdns on dcon1. Should I have done this on
PDC?
- I stopped and restated netlogon on dcon1
- I ran netdiag /fix
- I played around with dcdiag but wasn't really sure what to do or
what to look for.
- I ran nslookup and used the set type=srv but that didn't work

Did I do something wrong? Should the SRV records be on the DNS server
as soon as it's configured?

I need to run DCPROMO so that our domain will be configured properly
and so that I can retire the existing PDC and eventually add another
DC for redundancy.

thanks,
Jen

Point the DC to its own address for DNS, then restart the Netlogon service
and run ipconfig /registerdns. If this does not seem to fix the problem I
will need to see an ipconfig /all and the actual domain name from ADU&C to
verify there is not a disjointed name space and that the domain is not a
single label domain name.

In an AD domain it is required that all members and DCs only use the AD DNS
server in TCP/IP properties.

 

[Guest]

I cannot point the DC to use itself for DNS because DNS is
not running on that machine. DNS is installed on the
machine I want to run DCPROMO on.

HEre is the IP info from the existing DC. The domain in
ADU&C is also ariessys.com


Host Name . . . . . . . . . . . . : pdc
Primary DNS Suffix . . . . . . . : ariessys.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ariessys.com
kfinder.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : ariessys.com
Description . . . . . . . . . . . : 3Com EtherLink
(3C905B-TX)
Physical Address. . . . . . . . . : 00-50-04-D2-8A-
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 198.115.92.15
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 198.115.92.1
DNS Servers . . . . . . . . . . . : 198.115.92.2
4.2.2.1
Primary WINS Server . . . . . . . : 198.115.92.15
Secondary WINS Server . . . . . . : 198.115.92.19

I think I will need to point the PDC to the new DNS machine
and stop and restart netlogin and run /register DNS.
However I have to do this off hours and may not be allowed
to do this for several weeks (yeah, I know).

My original question had to do with missing SRV records.
The DNS server is currently a member server (because I
can't run DCPROMO) and the DNS configuration is showing no
SRV records. Is this because it's not a domain controller
yet? Will they show up after I run DCPROMO successfully?

Jen

 

[Kevin D. Goodknecht [MVP]]

In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:

I cannot point the DC to use itself for DNS because DNS is
not running on that machine. DNS is installed on the
machine I want to run DCPROMO on.

HEre is the IP info from the existing DC. The domain in
ADU&C is also ariessys.com


Host Name . . . . . . . . . . . . : pdc
Primary DNS Suffix . . . . . . . : ariessys.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ariessys.com
kfinder.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : ariessys.com
Description . . . . . . . . . . . : 3Com EtherLink
(3C905B-TX)
Physical Address. . . . . . . . . : 00-50-04-D2-8A-
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 198.115.92.15
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 198.115.92.1
DNS Servers . . . . . . . . . . . : 198.115.92.2
4.2.2.1
Primary WINS Server . . . . . . . : 198.115.92.15
Secondary WINS Server . . . . . . : 198.115.92.19

I think I will need to point the PDC to the new DNS machine
and stop and restart netlogin and run /register DNS.
However I have to do this off hours and may not be allowed
to do this for several weeks (yeah, I know).

My original question had to do with missing SRV records.
The DNS server is currently a member server (because I
can't run DCPROMO) and the DNS configuration is showing no
SRV records. Is this because it's not a domain controller
yet? Will they show up after I run DCPROMO successfully?

Jen

Do you have DNS on the current DC?
Point all machines, domain members, DCs to the DNS server the DC is using.
Usually DNS is installed on the DC then the DC would point to its own
address for DNS only. Remove all externaL DNS from the NIC of DCs and
Members. Add your ISP's or other external DNS addresses only as forwarders
on the DNS server properties on the forwarders tab.
300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202&FR=1

 

[Guest]

NO, DNS is not installed on the current DC. When the
current DC was upgraded from NT, it did not require DNS for
some reason.

I have read that DNS does not have to on the current DC but
that the DC and the machine you are trying to run DCPROMO
on must point to the same MS DNS server. I have done that
but I cannot run DCPROMO.

Why are there no SRV records on the current DNS machine?

Jen

-----Original Message-----
In (e-mail address removed)

 

[Kevin D. Goodknecht [MVP]]

In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:

NO, DNS is not installed on the current DC. When the
current DC was upgraded from NT, it did not require DNS for
some reason.

DNS is not required until you run DCPROMO have you ran DCPROMO on the DC you
upgraded from NT4 yet?

I have read that DNS does not have to on the current DC but
that the DC and the machine you are trying to run DCPROMO
on must point to the same MS DNS server. I have done that
but I cannot run DCPROMO.

Do you have "Allow dynamic updates" set to "Yes" on the zone properties of
your AD Domain zone?
If not change that setting, then restart Netlogon on the DC and run ipconfig
/flushdns and ipconfig /registerdns

Why are there no SRV records on the current DNS machine?

My first guess would be that you do not have dynamic updates allowed on the
domain's zone.
You will also notice that on the current DC you have 4.2.2.2 listed as DNS
on the DC, remove that address. Then read the below article paying close
attention to step 3.
300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202&FR=1

 

[Jennifer Bates]

In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
DNS is not required until you run DCPROMO have you ran DCPROMO on the DC you
upgraded from NT4 yet?

You may need to re-read my first post which explained everything. The
first machine was an NT4 PDC. It was upgraded to Win2K and is still
acting as a Domain Controller. It has Active Directory installed but
not DNS. We need to retire this machine so we are trying to promote a
new machine. To do this, we need DNS installed which was installed in
the second machine. The new machine and the original machine were
pointed to DNS on the new machine. DCPROMO still failed saying that
the domain ariessys.com could not be found. When DNS was installed no
SRV records were created.

Do you have "Allow dynamic updates" set to "Yes" on the zone properties of
your AD Domain zone?
If not change that setting, then restart Netlogon on the DC and run ipconfig
/flushdns and ipconfig /registerdns

Per my original post, Allow Dynamic updates is set ot yes. It is also
not an Active Directory Zone yet because I have not been able to
promote the DNS machine to be a DC. Right now it is set at a standary
primary zone. Once I can promote the DC, then I was going to change
it.

My first guess would be that you do not have dynamic updates allowed on the
domain's zone.
You will also notice that on the current DC you have 4.2.2.2 listed as DNS
on the DC, remove that address. Then read the below article paying close
attention to step 3.
300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202&FR=1

IPconfig shows our external DNS because that is what we are using now.
When I tried to run DCPROMO on the new machine, I had both pointing to
IP of the new machine.

I think we are starting to go around in circles. Can you please reread
my original post so that you can see what was done and what I have
already tried.

According to the KB articles I have read, the DNS server doesn't have
to be the DC. In my network DNS is installed on a new memeber server
that I want to promote to DC but DCPROMO is failing even when I have
both the new memeber server and the original DC (upgraded from NT)
pointed to it for DNS. Allow Dynamic Updates is set to yes but still
no SRV records have been created.

thanks,
Jen

 

[Kevin D. Goodknecht [MVP]]

In

You may need to re-read my first post which explained everything. The
first machine was an NT4 PDC. It was upgraded to Win2K and is still
acting as a Domain Controller. It has Active Directory installed but
not DNS. We need to retire this machine so we are trying to promote a
new machine. To do this, we need DNS installed which was installed in
the second machine. The new machine and the original machine were
pointed to DNS on the new machine. DCPROMO still failed saying that
the domain ariessys.com could not be found. When DNS was installed no
SRV records were created.

Per my original post, Allow Dynamic updates is set ot yes. It is also
not an Active Directory Zone yet because I have not been able to
promote the DNS machine to be a DC. Right now it is set at a standary
primary zone. Once I can promote the DC, then I was going to change
it.

It may not be AD Integrated but it is the zone for the AD domain and it
should have the SRV records in it unless you have a disjointed name space.

IPconfig shows our external DNS because that is what we are using now.
When I tried to run DCPROMO on the new machine, I had both pointing to
IP of the new machine.

I think we are starting to go around in circles. Can you please reread
my original post so that you can see what was done and what I have
already tried.

I have reread several times I'm trying to rule out a disjointed name space.

According to the KB articles I have read, the DNS server doesn't have
to be the DC. In my network DNS is installed on a new memeber server
that I want to promote to DC but DCPROMO is failing even when I have
both the new memeber server and the original DC (upgraded from NT)
pointed to it for DNS. Allow Dynamic Updates is set to yes but still
no SRV records have been created.

I am not mis-understanding your question, I am trying to find out why the
SRV records have not been created by the original DC, you know, the one you
upgraded from NT4. It should have created the SRV records in what ever DNS
server it is pointed to for DNS that support DDNS when you DCPROMOed it.
That is the reason why I asked if you ever ran DCPROMO on the machine you
upgraded from NT4.

They should be there if the zone allow dynamic updates, and there is not a
disjointed name space. I have not ruled out a disjointed name space yet.

If you would please do this send me a screen print of ADU&C and your current
DNS server with your local Domain's Forward Lookup Zone open. You already
posted the ipconfig from your current DC so I have that.
I want to see if I can figure this out it may be that the forward lookup
zone is mis-named, I've seen that happen before.
You stated you was not around when DCPROMO was done, I need to see if it was
done correctly.

 

[Guest]

Hi Kevin,

I appreciate all the effort you putting into my problem.
Before I send you the screen shots, I think I may see where
the problem lies.

I just talked to the person who did the upgrade of the NT
machine. He had to follow a checklist from MS to do it
correctly. THere may be something wrong still be he did
confirm that he ran DCPROMO on it. HOwever, he did not set
up DNS.

When I installed DNS on the new machine, the only records
created where the A, NS and SOA for that machine. Should
the SRV records be created then? They weren't. I then
pointed the current DC to use hte new DNS server. I made
sure that tcp/ip properties were set to regiter it in DNS.
I them rebooted the machine assuming it would register upon
login. It didn't so I manually created a host record for
the DC.

What I am wondering is if I ran ipconfig /register DNS on
the DC would it create the host file on the DNS machine AND
create the SRV records. To the SRV records only get
created when a DC is registered in DNS?

Maybe I should just forget about doing DNS on the new
machine and set it up on the current DC instead. What do
you think?

thanks,
Jen

 

[Kevin D. Goodknecht [MVP]]

In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:

Hi Kevin,

I appreciate all the effort you putting into my problem.
Before I send you the screen shots, I think I may see where
the problem lies.

I just talked to the person who did the upgrade of the NT
machine. He had to follow a checklist from MS to do it
correctly. THere may be something wrong still be he did
confirm that he ran DCPROMO on it. HOwever, he did not set
up DNS.

When I installed DNS on the new machine, the only records
created where the A, NS and SOA for that machine. Should
the SRV records be created then? They weren't. I then
pointed the current DC to use hte new DNS server. I made
sure that tcp/ip properties were set to regiter it in DNS.
I them rebooted the machine assuming it would register upon
login. It didn't so I manually created a host record for
the DC.

What I am wondering is if I ran ipconfig /register DNS on
the DC would it create the host file on the DNS machine AND
create the SRV records. To the SRV records only get
created when a DC is registered in DNS?

Maybe I should just forget about doing DNS on the new
machine and set it up on the current DC instead. What do
you think?

It might be easier to get right if you install DNS on the current DC.
Here is how to do that:
Install DNS then create a Forward Lookup zone for your domain name, Allow
dynamic updates on the zone.
In TCP/IP properties change it to point to its own IP address ONLY for DNS.
Restart the Netlogon Service
Run ipconfig /flushdns and ipconfig /registerdns


If that does not create these sub folders in your domain zone send me the
screen print of your zone and ADU&C.
_udp
_tcp
_sites
_msdcs