DNS question

Cant figure this one out guys, need help.

I had a DC (Server01) and a member server (Server02) for my 290 exam that I have carried over for the 291. So I promoted the member server to the role of DC. It is an additional DC in the same domain contoso.com. I added the role of DNS to Server01 without any problems. All settings are good, A, NS, SOA and SRV records are all there.

But when I add the DNS role to the other DC i.e. Server02 whether I use the Manage your Server wizard or through Add/Remove Windows Components, it tries to add the role but ends up at saying "Cannot complete the wizard". I looked in the Event Viewer on both servers if there were any DNS related errors, but found none. When I open dnsmgmt on Server02, it doesnt have itself in the box, only Server01 is there. Even when I click Connect to DNS Server and try to connect to itself, it says that the server is not available. Similar thing on the other server as well, click the Connect to DNS Server wizard and enter in server02.contoso.com, it says the server is not a Windows Server 2003/2000 Computer.

Settings for the two servers:

Server01

IP Address : 192.168.0.101
Mask: 255.255.255.0
Preferred DNS Server : 192.168.0.101

Server02

IP Address : 192.168.2.128
Mask: 255.255.255.0
Preferred DNS Server : 192.168.0.101

The IP address of Server02 was automatically assigned by the VMWare network adapters. I just made the same address static. Both servers can ping each other by name and by IP address. Launching an NS lookup on Server01 to find Server02.contoso.com is successful too.

So, why cant I add the DNS role to Server02?

Please let me know if you need more information to troubleshoot my problem.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

dynamik

astorrs wrote:

If you're okay with starting over go ahead and start the rebuild, while its running follow the steps here on server1 to cleanup the mess server2 probably left behind: http://support.microsoft.com/kb/216498

He told you how to do that already

You need to use ntdsutil to remove the metadata.

astorrs

You were probably selecting the wrong server, make sure you pick server2 when you get to this step:

13. Type select server number, where number is the number associated with the server you want to remove. You receive a confirmation listing the selected server, its Domain Name System (DNS) host name, and the location of the server's computer account you want to remove.

Essendon

dynamik wrote:

astorrs wrote:

If you're okay with starting over go ahead and start the rebuild, while its running follow the steps here on server1 to cleanup the mess server2 probably left behind: http://support.microsoft.com/kb/216498

He told you how to do that already

You need to use ntdsutil to remove the metadata.

Yeah, I know he's told me to that already

. But the problem is I cannot complete the remove operation. It just says "Selected server cannot delete its own metadata.

Andrew, I am not selecting the wrong server. I am selecting server2 man. I am having a look at experts-exchange to see if they have someone who had this problem of not being able to remove metadata.

astorrs

Can you confirm you are you picking server1 for this step?

under "Procedure 1"
5. Type connect to server servername, and then press ENTER. You should receive confirmation that the connection is successfully established. If an error occurs, verify that the domain controller being used in the connection is available and the credentials you supplied have administrative permissions on the server.

Essendon

Can you confirm you are you picking server1 for this step?

Do you mean that I connect to server1 in this step even though I am physically at server1?

astorrs

Yes, you only use server2 when you are selecting the one to delete in step #13

Essendon

I will give that a shot as soon as I get home from work. Seems it will work now as I was not doing it at the right server.

Essendon

There's been some respite from the problems it seems, finally

As Andrew pointed out that I wasnt connected to the right computer which was why I was getting the error that the selected computer cannot delete own metadata.

This time I connected to server1 and then did the cleanup on server2 and got the following message when I hit enter at the final step:

Removing FRS metadata from the selected server.
Searching for FRS members under "CN=server02,dc=contoso...."
Deleting subtree under "cn=server02,dc=contoso.com....."
The attempt to remove the FRS settings on "cn=server02,cn=default-first-site,cn=sites,cn=configuration,dc=contoso...." failed because "Element not found"

metadata cleanup is continuing
"cn=server02,cn=servers,cn=default-first-site,cn=sites....." removed from server server01

----

Is the above normal in this scenario??

I also followed all instructions in the following link, (after the above steps) http://www.petri.co.il/delete_failed_dcs_from_ad.htm

I have deleted all records of server2 from the DNS snap-in on server01, i.e. SRV, A, CNAME, and MX. And also deleted server2 in AD Sites and Services.

server2 disappeared from the DC's OU automatically.

Seems things have gone quite well, which is a relief. Now please give me some advice.

1. I should never turn server02 on again? It was a virtual machine anyways, so I delete the machine in VMWare?
2. I should not name a computer server2 again as it might revive the computer object?
3. How do I tell for sure that there an no traces left of server2? (nslookup etc.??)

Thank you for your help everyone, especially Sie and Andrew.

astorrs

MobilOne wrote:

Is the above normal in this scenario??

...

1. I should never turn server02 on again? It was a virtual machine anyways, so I delete the machine in VMWare?
2. I should not name a computer server2 again as it might revive the computer object?
3. How do I tell for sure that there an no traces left of server2? (nslookup etc.??)

Yes the missing objects were a part of the problem as to why the DC wasn't functioning (the dcpromo only half worked).

1. Yes, delete the VM (aka "reformat" the hardware)

2. You can reuse the name. All records of it should be gone.

3. Do an NSLOOKUP for server2 and enable Advanced view in ADUC and perform a search just to be safe, but you should be fine.

P.S. You're 290/291 adventures while they are more difficult than most are still giving you some great experience.

wedge1988

dont forget the DNS setup procedure either, do you want dns on server 2 cause if you do dont tell server 2 to use server 1's dns while you install DNS. it would more than likely return an error saying it cannot set up dns because of some issue.

am i making myself clear? lol.

Essendon

astorrs wrote:

P.S. You're 290/291 adventures while they are more difficult than most are still giving you some great experience.

Undoubtedly have! Thank you for tips.

wedge1988 wrote:

if you do dont tell server 2 to use server 1's dns while you install DNS

server2 had been pointing to server1 for DNS. But the problems were because server2 had not been correctly promoted to DC.

Now that server2 is dead and server1 has no knowledge of it, I am getting some very welcome event logs, with some saying "All problems preventing file replication have been resolved..." and "Server1 is now replicating with other DC's".

Thank you all once again!

P.S. Next time I promote a server to DC I am going to do scrutinise the process very carefully and scour the event logs for any illnesses!

astorrs

Here's another tip (if I haven't told you before) look for those shares (net view \\<dc name>) as its basically the last thing done after AD loads.

And just to be safe, maybe do a dcdiag and make sure everything is kosher.

Essendon

astorrs wrote:

Here's another tip (if I haven't told you before) look for those shares (net view \\<dc name>) as its basically the last thing done after AD loads.

You already have told me that, but thanks for ramming home the point.

astorrs wrote:

And just to be safe, maybe do a dcdiag and make sure everything is kosher.

Will do.

P.S. I have a few more questions, that I'll post shortly in a new thread.

Sie

Glad to see you got it sorted!

Essendon

Am I gald too!!!