New 2008R2 Server To 2003 Domain

[ICTCity]

So I removed ALL IPv6 entries in the DNS server. I then restarted the DNS server service and attempted to open the AD Sites & Services with the same error. :-(

 

After the AD Sites & Services app came up I tried to manually connect to big-rig and it also failed with the interface unknown error. It also fails with the same error if I put in the IP address for connecting instead of the DNS name.

 

What are the next steps?

 

Ok, now we just need to set up NETLOGON properly, because it's trying to start with the wrong server's name (big-rig 2).

 

Now the point is: how to point netlogon to the right name?

 

Let's try this first:

 

Open the registry and select your computer, press CTRL+F and type big-rig2 and also check "Match whole string only". Once a result has been found, rename it to big-rig. After that press F3 (find next) and continue until the end.

Once done, restart the server and open a command prompt and type: net start netlogon and let me know if it's working or it gives you the same error.

[SailingNut]

Quite sadly, the same error after "cleasning" the registry.

 

Event viewer event ID = 5602

description = An internal error occurred while accessing the computer's local or network security database

 

Next? -)

 

On the plus side, dcdiag is looking a bit more like we're erasing traces of big-rig2. But the minus is that there seems to be an IPv6 entry "stuck" somewhere. Here's the output:

 

Directory Server Diagnosis


Performing initial setup:

Trying to find home server...

Home Server = big-rig

* Identified AD Forest. 
Done gathering initial info.


Doing initial required tests


Testing server: wtbhome\BIG-RIG2

Starting test: Connectivity

The host 63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net could

not be resolved to an IP address. Check the DNS server, DHCP, server

name, etc.

Neither the the server name (big-rig2.wtbhome.net) nor the Guid DNS

name (63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net) could

be resolved by DNS.  Check that the server is up and is registered

correctly with the DNS server. 
Got error while checking LDAP and RPC connectivity. Please check your

firewall settings.

......................... BIG-RIG2 failed test Connectivity



Doing primary tests


Testing server: wtbhome\BIG-RIG2

Skipping all tests, because server BIG-RIG2 is not responding to

directory service requests.



Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation


Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation


Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation


Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation


Running partition tests on : wtbhome

Starting test: CheckSDRefDom

......................... wtbhome passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... wtbhome passed test CrossRefValidation


Running enterprise tests on : wtbhome.net

Starting test: LocatorCheck

Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722

A Global Catalog Server could not be located - All GC's are down.

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722

A Primary Domain Controller could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(TIME_SERVER) call failed, error 1722

A Time Server could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

1722

A Good Time Server could not be located.

Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722

A KDC could not be located - All the KDCs are down.

......................... wtbhome.net failed test LocatorCheck

Starting test: Intersite

......................... wtbhome.net passed test Intersite

[ICTCity]

Quite sadly, the same error after "cleasning" the registry.

 

Event viewer event ID = 5602

description = An internal error occurred while accessing the computer's local or network security database

 

Next? -)

 

 

Open your DNS and add a new A record:

 

Name: big-rig2 (yes with number 2) IP: IP_big-rig

 

Add AAAA record:

 

Name: big-rig2 IPv6: IP_v6_big-rig

 

Add a CNAME:

 

from BIG-RIG2 to BIG-RIG

 

 

 

Flush DNS's cache.

[SailingNut]

Open your DNS and add a new A record:

 

Name: big-rig2 (yes with number 2) IP: IP_big-rig

 

Add AAAA record:

 

Name: big-rig2 IPv6: IP_v6_big-rig

 

Add a CNAME:

 

from BIG-RIG2 to BIG-RIG

 

 

 

Flush DNS's cache.

 

Unfortunately, when I go in to add the new A record it will not let me create the A record with IP_big-rig in the IP address field. It is insisting that I put in an IP address. Should I create the records with 192.168.0.2? (and whatever the IPv6 address is)

 

Or should I just try adding the CNAME?

[ICTCity]

Unfortunately, when I go in to add the new A record it will not let me create the A record with IP_big-rig in the IP address field. It is insisting that I put in an IP address. Should I create the records with 192.168.0.2? (and whatever the IPv6 address is)

 

Or should I just try adding the CNAME?

Well of course you have to put the real IP (192.168.0.2) eheh

[SailingNut]

OK, tried that and I get an error!

 

Dialog reads:

 

The host record big-rig2.wtbhome.net cannot be created. Refused

 

Nothing in the event log.

[ICTCity]

Retry and look here:

http://support.microsoft.com/kb/815224

EventLog.txt

[SailingNut]

Retry and look here:

http://support.microsoft.com/kb/815224

 

So, I tried the workaround listed in the KB article and no joy. When I double click on the "Manage auditing and security log" entry under "User Rights Assignment" the ass and remove buttoms are both disabled.

 

Also, I tried the "add the record twice" and I keep getting the same error.

 

Won't be able to try things for over a week due to many circumstances. Looking forward to something new to try when I'm able to "play" with this.

 

Thanks again!

[ICTCity]

you have to change this policy in the Default Domain Policy GPO not in local policy.

 

Let me know.

[SailingNut]

Finally got a moment to try this and when I open group policy management there is nothing listed. So I went to "Add forrest" and entered my domain name in the dialog. When I clicked OK it gave me the error "The specified domain either does not exist or could not be contacted."

 

I did some googling on that error but could not seem to find anything that looked useful to me.

[ICTCity]

Finally got a moment to try this and when I open group policy management there is nothing listed. So I went to "Add forrest" and entered my domain name in the dialog. When I clicked OK it gave me the error "The specified domain either does not exist or could not be contacted."

 

I did some googling on that error but could not seem to find anything that looked useful to me.

 

Can you add an alias (cname) in DNS which redirects from big-rig2 to big-rig? Not a A record, just the alias. Then flush and try again.

[SailingNut]

Can you add an alias (cname) in DNS which redirects from big-rig2 to big-rig? Not a A record, just the alias. Then flush and try again.

 

Tried the GUI and command line and both failed with the "refused" error.

[ICTCity]

Ok, I still have something to try...

 

Open: C:\Windows\System32\Drivers\etc\HOSTS

 

add this entry:

 

fd47:dced:df9d:5a5f::1 (which should be your IPv6 address) big-rig

 

Once you're finished, try to open DOMAIN AND TRUSTS and AD SITES AND SERVICES.

 

If you still have trouble, run dcdiag /fix

 

Let me know.

[SailingNut]

Ok, I still have something to try...

 

Open: C:\Windows\System32\Drivers\etc\HOSTS

 

add this entry:

 

fd47:dced:df9d:5a5f::1 (which should be your IPv6 address) big-rig

 

Once you're finished, try to open DOMAIN AND TRUSTS and AD SITES AND SERVICES.

 

If you still have trouble, run dcdiag /fix

 

Let me know.

 

I tried that and still had an error opeing the domains & trusts. I then tried to run a just plain dcdiag and it failed with an ldap error. Once I removed the entry from the hosts file I was able to run dcdiag again.

 

Should I try the dcdiag /fix without the IPv6 address in the hosts file? (Guessing the answer is yes on that one.)

 

One other bit of info is that I tried a disgnostic step to determine the health of the GC that I found on the Microsoft TechNet. I used the following command line:

 

nltest /dsgetdc:wtbhome /force /gc

 

It responded with status 1355 0x54b ERROR_NO_SUCH_DOMAIN

 

That seems bad to me.

[ICTCity]

Yes, dcdiag /fix.

 

I hope it's just a mistake in the name... try this:

 

nltest /dsgetdc:wtbhome.net /force /gc

[SailingNut]

Yes, dcdiag /fix.

 

I hope it's just a mistake in the name... try this:

 

nltest /dsgetdc:wtbhome.net /force /gc

 

using the .net suffix did not work. Same error from nltest

 

The dcdiag /fix failed because it's looking for big-rig2. Here's the output:

 

Directory Server Diagnosis


Performing initial setup:

Trying to find home server...

Home Server = big-rig

* Identified AD Forest. 
Done gathering initial info.


Doing initial required tests


Testing server: wtbhome\BIG-RIG2

Starting test: Connectivity

The host 63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net could

not be resolved to an IP address. Check the DNS server, DHCP, server

name, etc.

Neither the the server name (big-rig2.wtbhome.net) nor the Guid DNS

name (63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net) could

be resolved by DNS.  Check that the server is up and is registered

correctly with the DNS server. 
Got error while checking LDAP and RPC connectivity. Please check your

firewall settings.

......................... BIG-RIG2 failed test Connectivity



Doing primary tests


Testing server: wtbhome\BIG-RIG2

Skipping all tests, because server BIG-RIG2 is not responding to

directory service requests.



Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation


Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation


Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation


Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation


Running partition tests on : wtbhome

Starting test: CheckSDRefDom

......................... wtbhome passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... wtbhome passed test CrossRefValidation


Running enterprise tests on : wtbhome.net

Starting test: LocatorCheck

Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722

A Global Catalog Server could not be located - All GC's are down.

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722

A Primary Domain Controller could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(TIME_SERVER) call failed, error 1722

A Time Server could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

1722

A Good Time Server could not be located.

Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722

A KDC could not be located - All the KDCs are down.

......................... wtbhome.net failed test LocatorCheck

Starting test: Intersite

......................... wtbhome.net passed test Intersite

[ICTCity]

It's frustrating, the last thing you can try is to use dcpromo /removal on your DNS. Once completed rename the server (as long it will be a standalone server), then retry the dcpromo to setup the domain again.

 

Be sure to be ready to setup a new DC in case this scenario will not work properly. I really apologize with you but this is my last idea :(

[SailingNut]

OK, I did a full search of the boot HD on the server for the string big-rig2 and here are the files where the string was found. I'm thinking of trying a "cleansing" of those references. What do you think? Sound crazy?

 

C:\Users\Administrator\AppData\Roaming\Microsoft\MMC\dnsmgmt (no extension but content is XML)

C:\Users\Administrator\AppData\Roaming\Microsoft\MMC\ServerManager (no extension but content is XML)

C:\Windows\System32\config\netlogon.dns

C:\Windows\System32\config\netlogon.dnb

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms (binary file)

 

I did find a ton of hits, but they were mostly log files. These were the only ones tlat looked like they might do something.

 

Any of these sound promising to you?

 

Also, I checked and the registry is "clean" of references to big-rig2 so, it's tog to be in the files above where it's "holding on to" that name.

[ICTCity]

I know those files, but I actually don't know if they can edited "on the fly". My suggestion is:

 

Start in safe mode, modify files, restart.

 

Anyway, make sure you're ready to reinstall a new dc... you know, just in case.

[SailingNut]

Tried a bunch of things without any good luck, but think I may have some progress that we can work with.

 

I edited the two netlogon files and no luck. I found out that those are written out when the netlogon service starts. (Or in my case attempts to start.)

 

So, I went down the path of getting the AD DNS entries corrected and I tried editing the AD database with ADSIEdit. I did change one thing from big-rig2 to big-rig, but no help. I then restored to a backup I made just before doing that.

 

Next I put an entry in the hosts file to point big-rig2 to the same IP as big-rig. I then ran dcdiag and the output gave me some hope that we might be able to make progress from here. Here's the output:

 

Directory Server Diagnosis

 

 

Performing initial setup:

 

Trying to find home server...

 

Home Server = big-rig

 

* Identified AD Forest.

Done gathering initial info.

 

 

Doing initial required tests

 

 

Testing server: wtbhome\BIG-RIG2

 

Starting test: Connectivity

 

The host 63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net could

 

not be resolved to an IP address. Check the DNS server, DHCP, server

 

name, etc.

 

Got error while checking LDAP and RPC connectivity. Please check your

 

firewall settings.

 

......................... BIG-RIG2 failed test Connectivity

 

 

 

Doing primary tests

 

 

Testing server: wtbhome\BIG-RIG2

 

Skipping all tests, because server BIG-RIG2 is not responding to

 

directory service requests.

 

 

 

Running partition tests on : ForestDnsZones

 

Starting test: CheckSDRefDom

 

......................... ForestDnsZones passed test CheckSDRefDom

 

Starting test: CrossRefValidation

 

......................... ForestDnsZones passed test

 

CrossRefValidation

 

 

Running partition tests on : DomainDnsZones

 

Starting test: CheckSDRefDom

 

......................... DomainDnsZones passed test CheckSDRefDom

 

Starting test: CrossRefValidation

 

......................... DomainDnsZones passed test

 

CrossRefValidation

 

 

Running partition tests on : Schema

 

Starting test: CheckSDRefDom

 

......................... Schema passed test CheckSDRefDom

 

Starting test: CrossRefValidation

 

......................... Schema passed test CrossRefValidation

 

 

Running partition tests on : Configuration

 

Starting test: CheckSDRefDom

 

......................... Configuration passed test CheckSDRefDom

 

Starting test: CrossRefValidation

 

......................... Configuration passed test CrossRefValidation

 

 

Running partition tests on : wtbhome

 

Starting test: CheckSDRefDom

 

......................... wtbhome passed test CheckSDRefDom

 

Starting test: CrossRefValidation

 

......................... wtbhome passed test CrossRefValidation

 

 

Running enterprise tests on : wtbhome.net

 

Starting test: LocatorCheck

 

Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1717

 

A Global Catalog Server could not be located - All GC's are down.

 

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1717

 

A Primary Domain Controller could not be located.

 

The server holding the PDC role is down.

 

Warning: DcGetDcName(TIME_SERVER) call failed, error 1717

 

A Time Server could not be located.

 

The server holding the PDC role is down.

 

Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

 

1717

 

A Good Time Server could not be located.

 

Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1717

 

A KDC could not be located - All the KDCs are down.

 

......................... wtbhome.net failed test LocatorCheck

 

Starting test: Intersite

 

......................... wtbhome.net passed test Intersite

 

[ICTCity]

Mhhhh almost the same problem as before... the problem is that netlogon has still the "big-rig2" in its config...

 

Adding the big-rig2 pointer to host file doesn't help... actually during replication and connectivity test things are made in a different way.

 

The point is: netlogon has a config file somewhere, and as you said, once it has been modified, the service re-write it and you still have the same problem.

 

I think the problem is the server's name, we have to find a way to change it...

 

Have you already tried this?

 

 netdom renamecomputer %computername% /NewName: /userd: /password:* 

 

Let me know...

[SailingNut]

The part that seemed to give me hopw was the line:

 

The host 63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net could not be resolved to an IP address. Check the DNS server, DHCP, server

 

I see that entry in ADSIEdit, but the problem is that the entry for the dnsRecord is an octet string and I don't know the meaning of the entire entry. I have been able to determine that the last 4 octets are the IPv4 address (at least in another record)

 

Thinking that if we clear this up that maybe some of the other tools might start working and we'll be able to clean things up.

 

Am I just clinging to false hope there?

 

if I try the netdom method to rename the computer, I'm assuming that I should name it back to big-rig2 correct? So the syntax wuold be:

 

netdom renamecomputer big-rig /NewName:big-rig2 /userid:{admin account} /password:{admin password}

 

Correct?

[ICTCity]

The part that seemed to give me hopw was the line:

 

The host 63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net could not be resolved to an IP address. Check the DNS server, DHCP, server

 

I see that entry in ADSIEdit, but the problem is that the entry for the dnsRecord is an octet string and I don't know the meaning of the entire entry. I have been able to determine that the last 4 octets are the IPv4 address (at least in another record)

 

Thinking that if we clear this up that maybe some of the other tools might start working and we'll be able to clean things up.

 

Am I just clinging to false hope there?

 

if I try the netdom method to rename the computer, I'm assuming that I should name it back to big-rig2 correct? So the syntax wuold be:

 

netdom renamecomputer big-rig /NewName:big-rig2 /userid:{admin account} /password:{admin password}

 

Correct?

 

Let's give it a try...

 

Click here: http://www.translatorscafe.com/cafe/units-converter/numbers/calculator/octal-to-decimal/

 

You can easly convert from octal to decimal.

 

In this case you also add in HOST file this line:

 

63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net IP_big-rig or localhost... no idea... but I think it's the same...

 

Wait before the rename... try this first.

[SailingNut]

Let's give it a try...

 

Click here: http://www.translatorscafe.com/cafe/units-converter/numbers/calculator/octal-to-decimal/

 

You can easly convert from octal to decimal.

 

In this case you also add in HOST file this line:

 

63fa3998-2396-4450-b046-a8ceb3bf85dc._msdcs.wtbhome.net IP_big-rig or localhost... no idea... but I think it's the same...

 

Wait before the rename... try this first.

 

It's not the octal to decimal that is giving me a problem. It's the meaning of the entire octet string. There are lots of bytes in there but I've only figured out what the last 4 are in a regular DNS entry. I may need to change things other than just the IP address. (Currently it has a nonsensical IP address)

[ICTCity]

So you could just add the string in host file..

can you PM the string pls?