Server 2008 DNS issue

Rob_NNCC

Rob_NNCC

Member
Reaction score
4
Location
Northern Neck of Virginia
Hello all,
I have a client that has a home made server (SBS2011) with many issues, they just bought a new server(Server 2008 STD R2), and I want to migrate the domain and files over. Not a problem, just DC promo, copy some files, then move the DHCP roles over and re-create the shares, right?

Well, the first time I ran dcpromo I got all the way to the end where it actually starts to set up the system, and it bonked saying it could not find the domain.

I ran DCpromo again and now it bonks at the beginning when I tell it the domain name and the ad username/password. Same error, can not find the domain, mainly _ldap._tcp_msdcs.

So, I have two choices, I can repair the server set up by the previous tech, or I can recreate the domain. I would like to just move it over, so if any one has any pointers on how to resolve this issue it would be greatly appreciated. Thanks again!


Rob.
 
Ensure SBS is running properly..that TCP/IP is setup properly, DNS is functioning properly, etc.

I'd run the Best Practice Analyzer on that SBS box to ensure things are in good health, before trying to migrate a domain over.
http://technet.microsoft.com/en-us/library/gg508357.aspx

Actually...I understand the need to get SBS off of a cloner home-built server...but I'd say the first thing I would try is to move the image over to a proper tier-1 server. Just get it off of "motherboard/bargain of the month club parts" on a nice HP Proliant or Dell PowerEdge.

Migrating SBS to vanilla server 08...and they lose sooooo much cool functionality of SBS.
 
Thank you so much for your response.

I chose server 2008 R2 because they do not need the cool functionality of the server. If they where not already set up on a domain, I would not have needed to set one up. This server is basically only used as a file server for some software of theirs.

Now, I feel like a total dunce. I installed both msi's in the article you linked, ran the best practice analyzer (it does not show up where the TN article says it should) and I get a scan. The only things that come up are in compliance, and they are :
Can ping the gateway
you are now running BPA on a windows small business 2011 server.

This looks like a really neat tool.

It appears to me that the best practices analyzer is not seeing that this is a SBS 2011 install. In the drop down list for the best practices analyzer, SBS is not listed as a product, only the analyzer itself.

Here is a bit more info on whats going on:
1 server, 'old' SBS 2011.
Ip 10.0.0.2
name anp-server
domain anpva
Services: File, DHCP, DNS, DC

New server, Dell PE T310
Server 2008 R2
ip 10.0.0.4
name anp-server01
I want everything from the old server on this one


Now, the windows logs are telling on what is going on, I just do not know what to do.

See next post for error
 
Last edited:
DNS error on old server, I believe this is preventing DCpromo from working.

Log Name: System
Source: NETLOGON
Date: 5/25/2012 11:30:25 AM
Event ID: 5774
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ANP-SERVER.anpva.local
Description:
The dynamic registration of the DNS record 'anpva.local. 600 IN A 10.0.0.2' failed on the following DNS server:

DNS server IP address: ::
Returned Response Code (RCODE): 0
Returned Status Code: 0

For computers and users to locate this domain controller, this record must be registered in DNS.

USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.

ADDITIONAL DATA
Error Value: DNS name does not exist.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="NETLOGON" />
<EventID Qualifiers="0">5774</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-25T15:30:25.000000000Z" />
<EventRecordID>231113</EventRecordID>
<Channel>System</Channel>
<Computer>ANP-SERVER.anpva.local</Computer>
<Security />
</System>
<EventData>
<Data>anpva.local. 600 IN A 10.0.0.2</Data>
<Data>%%9003</Data>
<Data>::</Data>
<Data>0</Data>
<Data>0</Data>
<Binary>0000</Binary>
</EventData>
</Event>
 
Last edited:
C:\Users\ANPAdmin>dcdiag

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = ANP-SERVER
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\ANP-SERVER
Starting test: Connectivity
......................... ANP-SERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\ANP-SERVER
Starting test: Advertising
......................... ANP-SERVER passed test Advertising
Starting test: FrsEvent
......................... ANP-SERVER passed test FrsEvent
Starting test: DFSREvent
......................... ANP-SERVER passed test DFSREvent
Starting test: SysVolCheck
......................... ANP-SERVER passed test SysVolCheck
Starting test: KccEvent
......................... ANP-SERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... ANP-SERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... ANP-SERVER passed test MachineAccount
Starting test: NCSecDesc
......................... ANP-SERVER passed test NCSecDesc
Starting test: NetLogons
[ANP-SERVER] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... ANP-SERVER failed test NetLogons
Starting test: ObjectsReplicated
......................... ANP-SERVER passed test ObjectsReplicated
Starting test: Replications
[Replications Check,ANP-SERVER] DsReplicaGetInfo(PENDING_OPS, NULL)
failed, error 0x2105 "Replication access was denied."
......................... ANP-SERVER failed test Replications
Starting test: RidManager
......................... ANP-SERVER passed test RidManager
Starting test: Services
Could not open NTDS Service on ANP-SERVER, error 0x5
"Access is denied."
......................... ANP-SERVER failed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000727A5
Time Generated: 05/25/2012 14:15:19
Event String:
The WinRM service is not listening for WS-Management requests.
A warning event occurred. EventID: 0x000727AA
Time Generated: 05/25/2012 14:15:19
Event String:
The WinRM service failed to create the following SPNs: WSMAN/ANP-SER
VER.anpva.local; WSMAN/ANP-SERVER.
An error event occurred. EventID: 0xC0000424
Time Generated: 05/25/2012 14:18:44
Event String:
\SystemRoot\SysWOW64\Drivers\FAMv4.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor fo
r a compatible version of the driver.
A warning event occurred. EventID: 0xA004001B
Time Generated: 05/25/2012 14:18:47
Event String: Intel(R) 82574L Gigabit Network Connection
A warning event occurred. EventID: 0xA004001B
Time Generated: 05/25/2012 14:18:53
Event String: Intel(R) 82579LM Gigabit Network Connection
A warning event occurred. EventID: 0x0000A000
Time Generated: 05/25/2012 14:20:23
Event String:
The Security System detected an authentication error for the server
ldap/ANP-SERVER.anpva.local. The failure code from authentication protocol Kerbe
ros was "An attempt was made to logon, but the netlogon service was not started.

A warning event occurred. EventID: 0x0000A000
Time Generated: 05/25/2012 14:20:24
Event String:
The Security System detected an authentication error for the server
LDAP/ANP-SERVER.anpva.local/anpva.local. The failure code from authentication pr
otocol Kerberos was "An attempt was made to logon, but the netlogon service was
not started.
A warning event occurred. EventID: 0x0000A000
Time Generated: 05/25/2012 14:20:24
Event String:
The Security System detected an authentication error for the server
ldap/ANP-SERVER.anpva.local/anpva.local@ANPVA.LOCAL. The failure code from authe
ntication protocol Kerberos was "An attempt was made to logon, but the netlogon
service was not started.
A warning event occurred. EventID: 0x00000420
Time Generated: 05/25/2012 14:20:34
Event String:
The DHCP service has detected that it is running on a DC and has no
credentials configured for use with Dynamic DNS registrations initiated by the D
HCP service. This is not a recommended security configuration. Credentials fo
r Dynamic DNS registrations may be configured using the command line "netsh dhcp
server set dnscredentials" or via the DHCP Administrative tool.
An error event occurred. EventID: 0x00000422
Time Generated: 05/25/2012 14:23:50
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\anpva.local\SysVol\anpva.local\Policies\{1A4B8976-4AF2-4027-8A08-890CAEC
5F8F2}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 05/25/2012 14:24:05
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\anpva.local\SysVol\anpva.local\Policies\{FB8F6C08-7D8A-49F5-A2BE-A835C93
695C8}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
An error event occurred. EventID: 0xC0001B72
Time Generated: 05/25/2012 14:24:26
Event String:
The following boot-start or system-start driver(s) failed to load:
A warning event occurred. EventID: 0x000727AA
Time Generated: 05/25/2012 14:28:35
Event String:
The WinRM service failed to create the following SPNs: WSMAN/ANP-SER
VER.anpva.local; WSMAN/ANP-SERVER.
A warning event occurred. EventID: 0x000727A5
Time Generated: 05/25/2012 14:48:28
Event String:
The WinRM service is not listening for WS-Management requests.
A warning event occurred. EventID: 0x000727AA
Time Generated: 05/25/2012 14:48:29
Event String:
The WinRM service failed to create the following SPNs: WSMAN/ANP-SER
VER.anpva.local; WSMAN/ANP-SERVER.
......................... ANP-SERVER failed test SystemLog
Starting test: VerifyReferences
......................... ANP-SERVER passed test VerifyReferences


Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : anpva
Starting test: CheckSDRefDom
......................... anpva passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... anpva passed test CrossRefValidation

Running enterprise tests on : anpva.local
Starting test: LocatorCheck
......................... anpva.local passed test LocatorCheck
Starting test: Intersite
......................... anpva.local passed test Intersite

C:\Users\ANPAdmin>

Please note that I am collecting this information here not just because I think it might help me now, but also because I have seen this before and it will be useful as reference, SO, YeOldeStonecat and others, thank you for reading this, but I am not triyng to get you to read all of this. I almost feel like a beginner spamming a form with HJT reports.
 
Check that you are the following: a Domain Admin (needed to move the RID Master, PDC Emulator, and Infrastructure Master) and also an Enterprise Admin needed to do Forrest-Level tasks like move the Domain Naming Master, and also a Schema Master to do things like update the schema to prepare for Server 2008 R2 and move the Schema Master.

You MUST be a member of Domain Admins, Enterprise Admins, and Schema Admins to do what you are attempting to do!


On the old Server 2008 (not R2),

1. Delete Any AD object for the new server and if it is already a DC demote it... remove it from the domain, etc. Heck, even delete any entries in DNS for the new server!

2. Make sure old DNS is set for Active Directory Integrated Zones.

3. Set a Static IP on the new server (will be needed because it will eventually host DNS)... Static Subnet Mask, Static Gateway, Static DNS Suffix, AND set the Primary DNS Server to the old DC...

4. Join the domain as a Member Server and verify forward & reverse DNS lookup... domain authentication... and all that fluff.

5. On the new server, set the Secondary DNS server to be the new server's IP... and install DNS on it. (things had better be AD integrated here or you are in for more problems)

6. Re-configure DHCP on the old server to also push the Secondary DNS Server, so workstations won't get confused.

6. Run ADPrep, Forrest Prep, etc. To prepare for a 2008 R2 Domain!

7. Promote to Domain Controller & make sure you have it as a Global Catalog Server!

8. Check Replication to verify everything is okay!

9. Transfer ALL 5 Roles (number is correct assuming 1 domain and 1 Forrest) :D

11. Install DHCP on the new server and make sure ALL the lease info replicated... Then remove DHCP from the old server.

12. Demote old Domain Controller and remove it or leave it... just make sure it isn't a DC anymore. It can still host DNS (or not... doesn't matter). Power it off to make sure it isn't needed and that everything works!

13. Raise Domain Function Level to Server 2008 R2

14. May as well Enable Server 2008 R2 Recycle Bin Feature :D


All of the above should take only about 1 hour. Been there & done this about 15 times for small businesses... Knock on Wood... no trouble yet. :D
 
Last edited:
That should go smoothly. You likely can't chnage the IP while it is already in a domain or at least while it already hosts DNS.

Demote it if a DC, remove DNS, remove DHCP...

Configure the NIC.
 
Old servers TCP/IP should look like this:
IP 10.0.0.2
SNM:255.255.255.0
gateway: prob 10.0.0.1 or 10.0.0.254
DNS 10.0.0.2 or 127.0.0.1

New server IP:10.0.0.4
SNM:255.255.25.0
gateway:same as above
DNS: initially to join the domain..10.0.0.2

Once it has joined active directory and rebooted a few times logging into the domain....you can adjust it to look at itself for the DCPROMO act...and put the SBS IP of .2 for secondary DNS to help things going.

I always show clients all the cool features of SBS....the flexibility of it's Exchange, and Sharepoint, and the remote portal. Once they see those features and you show how they can add to their functionality/collaboration, (esp since they've paid for SBS already)....you may find they want to use it. And they'll need your services for this...so NOW is when you can make extra money, and recurring money (be reselling stuff like e-mail filtering for them, domain management, etc).
 
Thanks guys, it was
The DHCP service has detected that it is running on a DC and has no
credentials configured for use with Dynamic DNS registrations initiated by the D
HCP service. This is not a recommended security configuration. Credentials fo
r Dynamic DNS registrations may be configured using the command line "netsh dhcp
server set dnscredentials" or via the DHCP Administrative tool.
An error event occurred. EventID: 0x00000422

I ran this, rebooted both machines, and it worked just fine.

Thanks for a reminder on the process and for shooting ideas on what caused this.
 
You must log in or register to reply here.

Similar threads

HCHTech
Hyper-V - Moving VM to a new host
Replies
6
Views
200
britechguy
britechguy
HCHTech
Slow opening times for files on a network drive
Replies
10
Views
375
trevm999
trevm999
autumn
Hyper V VM move to new hardware
Replies
6
Views
524
autumn
autumn
HCHTech
LBFO vs. SET teams
Replies
11
Views
1K
cypress
cypress
HCHTech
Fun with Group Policy
Replies
13
Views
935
GTP
GTP
Back
Top