unable to add second DC to Domain in W2K3 due to DNS

[Alex de Jong]

I keep getting this message when I run DCPROMO:

"DNS was successfully queried for the service location (SRV) resource
record used to locate a domain controller for domain sliedrecht.lan:

The query was for the SRV record for
_ldap._tcp.dc._msdcs.sliedrecht.lan

The following domain controllers were identified by the query:

boondctmp.sliedrecht.lan

Common causes of this error include:

- Host (A) records that map the name of the domain controller to its
IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the
network or are not running.

For information about correcting this problem, click Help."

Actually this is an error message appearantly but all the info is just
like it should be and there is an A record and nslookup is working
fine and dcdiag /test:dcpromo says everything is fina and so does the
test:registerinDNS.

What are orther possibilities?

Alex de Jong

 

[Steve Duff [MVP]]

This is almost always because there is some
firewall restriction in effect between the two
machines, or the DC is multihomed and you
end up talking to the wrong adapter to promote.

If they are connected on the same LAN through a
switch, I'd suggest trying a netdiag /fix to make sure
that all the resource records are properly registered
on the DC.

If you are still having problems, I'd recommend
disjoining the new server from the domain and
then rejoining it. Then try DCPROMO again.

Steve Duff, MCSE
Ergodic Systems, Inc.

 

[Alex de Jong]

I have already disjoined/joined and tried it again after the netdiag
/fix. No result. The servers both have only one netwerkadapter. The
switch is not an issue so tells cisco (they dailed in) but to be sure
I have put the two servers on a hub together, again without result.

I have tried the dcpromo /adv options as well using a backup. But in
the process it makes connection again with the same 'error' message.

I have had problems with setting up DNS during the upgrade of the
first DC from NT4.0 to Win2003. I am starting to think my only option
is to return to NT 4.0 and perform the upgrade again. Is this a
serious option though ?

Alex

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I have already disjoined/joined and tried it again after
the netdiag
/fix. No result. The servers both have only one
netwerkadapter. The
switch is not an issue so tells cisco (they dailed in)
but to be sure
I have put the two servers on a hub together, again
without result.

I have tried the dcpromo /adv options as well using a
backup. But in
the process it makes connection again with the same
'error' message.

I have had problems with setting up DNS during the
upgrade of the
first DC from NT4.0 to Win2003. I am starting to think my
only option
is to return to NT 4.0 and perform the upgrade again. Is
this a
serious option though ?

You shouldn't have to, but since this was an NT4 upgrade, it may be possible
there is a disjointed namespace, cause from the Primary DNS suffix not
matching the AD Domain name or you do not have the DC pointing to its own
DNS server for DNS in TCP/IP properties. ipconfig /all will verify this

 

[Steve Duff [MVP]]

Have you done a netdom verify to check that
layer of the communication protocol?

You might post the netdiag and dcdiag results
from both machines. Maybe we can spot something.

(BTW the "A" record is not enough, the various SRV
resource records have to be in the right places
with the right values also -- the netdiag /fix should
correct any missing records.)

Steve Duff, MCSE
Ergodic Systems, Inc.

 

[Alex de Jong]

Well first of all thank you for all the reactions. But the show had to
go on and I decided to turn off the DC and promote a BDC to PDC again
and started the upgrade over again. This ran without a problem.

I do have some ideas what went wrong and would lik your opinion on
them wether I am talking bull or am wishfull thinking. Here are some
possible reasons I have come up with:

-WINS database was not providing the Sliedrecht.lan record (it was
provinding the netbios name sliedrecht)

-The policies to enable win95 client to logon (the digitally sign
stuff) was turned to disabled instead of not defined. Which made the
server communication not possible

All other tests were succesfull, even the netdom and all the srv
records were there. Even the dcdiag /test:dcpromo test was succesfull!

Thanks again
Alex de Jong

 

[Alex de Jong]

Finally when adding a third DC and encountering the same problem I
have found the solution as well...

I implemented the NT4Emulate registry key BEFORE DCPROMO. Appearently
this alters communication for DNS of some sort. After setting the
NeutralizeNT4Emulator key and rebooting DCPROMO worked like a charm!

Is this a bug perhaps? The reason I first implemented this key and
then ran DCPROMO was to be sure the key was effective as soon as the
Active Directory was online...

Alex de Jong