Did I screw myself with the name I chose for my domain?

[ivwshane]

Ok I've decided to start playing with my home network/domain that I setup.

I created a domain, let's call it ivwshane.com, and installed AD and DNS on one of my servers and now I need to rebuild the system but I don't want to tear down the domain. So I setup another PC to take on the role of AD and DNS. After installing win2k server and joining it to the domain I ran DCPROMO and tried to create an additional domain controller but while going throught the wizard I get the following error;

"Failed finding a suitable domain controller for the domain ivwshane.com"

I don't understand why it can't find the domain controller even though it was able to join the domain. The only thing I can think of is that it can't find it because the search/request is being forwarded to the outside world.


Does anyone have any idea's or solutions?


Anyways I figure once I'm able to promote the new system to a DC all I will have to do is "un"DCPROMO the old DC and be sure not to check the "this is the last DC in the forest" option. And by doing it that way I assume it will automatically transfer all info to the new DC, including AD policies and DNS settings, GC. Am I correct in this thinking? If not what steps do I need to take to accomplish this goal?

Thanks for any help.

 

[stash]

Sounds like a DNS issue...the new server cant find a DNS entry for your existing domain controller.

From the new server, open a command prompt and type nslookup If it comes back with an error about not finding the default server, then your DNS is not set up correctly.

 

[Wizkid]

I've had similar problems... all DNS related...

 

[PeeluckyDuckee]

Is your 2nd computer configured as a DNS client of the 1st server machine? How long was it ago that you installed DNS and did DCPROMO on the 1st server?

About the 2nd machine, did you join in as a member server 1st before doing DCPromo or no?

I've encountered such problem in test labs before, and it was a DNS related issue. Specifically immediately after you do DCRPOMO and install DNS on the 1st machine, you have to wait a while until the DNS records are properly created and showing up before you can use the 2nd computer to join in.

Once you've successfully joined AD using the 2nd computer, you can take over the forest/domain roles by using ADUC and the command prompt. Before you remove the 1st DC from the domain though, I believe you have to remove the computer account off of the list of Domain Controllers. It may cause problems if you don't. I learned this the hard way.

 

[ivwshane]

Well I ran nslookup and it came up with the correct default server. Any other idea's?

 

[ivwshane]

<< Is your 2nd computer configured as a DNS client of the 1st server machine? How long was it ago that you installed DNS and did DCPROMO on the 1st server? >>



yes and at least a month ago.



<< About the 2nd machine, did you join in as a member server 1st before doing DCPromo or no? >>



yes I joined first and then ran dcpromo, I didn't wait very long to run dcpromo but long enough that I installed all the critical updates.



<< Once you've successfully joined AD using the 2nd computer, you can take over the forest/domain roles by using ADUC and the command prompt. Before you remove the 1st DC from the domain though, I believe you have to remove the computer account off of the list of Domain Controllers. It may cause problems if you don't. I learned this the hard way. >>



Are you saying I should run ADUC instead of DCPROMO or that after I DCPROMO I should run that?

Thanks for the input.

 

[PeeluckyDuckee]

ADUC = Active Directory Users and Computers

ADUC is not a command, but a management interface Transfer or take over the 5 operation master roles before you remove 1st computer from the domain, do a search in the help area for "seize operation master" for specific commands.

 

[ivwshane]

Do you know what's going on with my DCPROMO? I can ping everything and ipconfig looks correct, it just won't let me DCPROMO Why would it not be able to see any ADC? Do think there might have been a setting I enabled accidently that could prevent such a task?

 

[JustinLerner]

Peel. . is right. There are hierarchial and inter-server trust relationships that may also be at issue whether it is or isn't properly added as a member server to the domain. Seizing the operation master role is a good idea. (They don't call them PDC's and BDC's in 2000/.NET)

I don't believe you can have two domains/controllers with the same name or two PC systems with the same name. Demote one and name it something else or remove it from the domain.



<< "Well I ran nslookup and it came up with the correct default server. Any other idea's? " >>

So what's the response and the default server? The default should be the first DC, right? But if you want another to take over it's role, you need to do like Peelucky said. Follow the MS help and online instructions.

 

[Jremmen]

He should be able to promote the server to a DC without messing with any of the FSMOs. So thats not his problem, yet. If its 100% positivly not dns related then what else could it be? A GC problem?

 

[ivwshane]

Tell me if this is normal;

If I create a domain called ivwshane.com and it will not be connected to the internet should I be able to ping it? ie: ping ivwshane.com

If I should be able to ping it then I may have a problem. I can ping the default server though, masterserver.ivwshane.com

 

[phatcow]

<< If I create a domain called ivwshane.com and it will not be connected to the internet should I be able to ping it? ie: ping ivwshane.com >>


no.. unless you have that domain being a host being a real ip address.

 

[ivwshane]

So that might be my problem then?

 

[ivwshane]

I think that is what is causing the problem so now I need to think of a way to fix it. The things I would like to keep are GPO's and user accounts. Is it possible for me to create a new domain and transfer/import at least some of those objects?

Also if you don't plan on ever having an internet presence what kind of name do you pick for your domain, just ivwshane? or do you give it some kind of random extension?

 

[CrazyHelloDeli]

<< I think that is what is causing the problem so now I need to think of a way to fix it. The things I would like to keep are GPO's and user accounts. Is it possible for me to create a new domain and transfer/import at least some of those objects?

Also if you don't plan on ever having an internet presence what kind of name do you pick for your domain, just ivwshane? or do you give it some kind of random extension? >>



You can back up AD using NTbackup, just check the system state data, and youll get all AD accounts and GPO's. Restore it later.

As for domian, it doesnt matter at all the name. It could be ivwshane.fvck.you for what its worth

 

[ivwshane]

Then why can't I DCPROMO and make an additional controller?


AHH the frustration!!!

 

[PeeluckyDuckee]

Ok, why don't you tell us about your physical setup and any relevant configuration information, and we'll go from there. Guide us thru the DCPROMO process on the 2nd computer, how you answer the wizard, what message prompts you get, etc.

One thing, on the 2nd computer when it asked you to enter the domain you wish to join, did you try entering both as "ivwshane.com" or "ivwshane" ?? Reason I ask is that sometimes when I enter the .com into the domain it can't find it, but without it it's fine that way. Its one of those things, don't ask me why.

Also, the suggestiions I've provided you in previous posting was regard to your successful overcoming this problem and going ahead to remove the 1st DC off the domain. Just a clarification.

 

[ivwshane]

AHHH!!!

I just wrote about a page and a half describing what I did then anandtech gets hacked and I lose all of it


I just ran dcpromo and specified "additional domain controller" and left everything as default. I'm running DNS active directory intergrated if that matters.

As far as the physical layout I have it setup like this;

broadband modem connected to

linksys router with DHCP disabled

all computers are connected to it

1 DHCP, DNS, AD win2k server

1 FTP, web/file win2k server

and the rest are win2k or XP clients


I'm not sure what else you may need but just let me know and keep the thoughts coming.

 

[ivwshane]

Well I think I might have found out what my problem is. It appears that my SRV resource records where not present. I'm not sure what they do but I know they are important. Now I just have to figure out how to get them back. On the MS KB it says to stop and start the netlogon service but that doesn't seem to work. Well at least I'm learning.

 

[ivwshane]

Yeah for me!!! I got it to work! The problem was definitely with the SRV resource records not being present. I was able to recreate them, although I'm not sure what I did that fixed them. It was either fixed by me running netdiag /fix or from start/stopping net logon or it could have been from when I deleted and recreated the forward zone.

Now let's hope all will replicate to this new server, I'm guessing it should be pretty easy since I'm using an active directory intergrated DNS.

Thanks all for the replies!

 

[Woodie]

So it was DNS related....anyways...for the domain name question.
MS put out a suggested RFC a couple of years ago, basically suggesting that .local be defined and reserved as a private network name. (Kind of like the private IP address ranges). I don't think it went far, but it works for me.

Whatever you do, don't pick any name that could show up on the real Internet. We did that (at work!!), and somebody else bought the domain name. 5 years of cleanup, and we might finally be able to remove the domain name!