DCPROMO on a DHCP / DNS / RRAS server
jibbajabba
Member Posts: 4,317 ■■■■■■■■□□
I currently run a RRAS server with VPN / NAT enabled which also has its own DNS and DHCP role.
I am trying to promote this server to a domain controller (first DC, new Forrest) but I get an error which drives me mental.
Here you can see it can find the working DNS server (which is itself)
But then
Anyone seen this before ? I really don't want to remove the DNS role and let it reinstall it ...
I am trying to promote this server to a domain controller (first DC, new Forrest) but I get an error which drives me mental.
Here you can see it can find the working DNS server (which is itself)
But then
Anyone seen this before ? I really don't want to remove the DNS role and let it reinstall it ...
My own knowledge base made public: http://open902.com 
Comments
-
Devilsbane
Member Posts: 4,214 ■■■■■■■■□□
You are trying to install DNS again. Try unchecking the DNS box and see what happens.
EDIT: Well duh me, the box is grayed out. How about trying to change the name of the zone.Decide what to be and go be it. -
jibbajabba
Member Posts: 4,317 ■■■■■■■■□□
Thought about it, but on 2003 the zone had to be the same as the dns suffix and the intended domain (if you want to use a local pre-installed DNS server.My own knowledge base made public: http://open902.com
-
earweed
Member Posts: 5,192 ■■■■■■■■■□
Hopefully this is a lab environment.
Any particular reason you gave the server all these roles before making it a DC?No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives. -
jibbajabba
Member Posts: 4,317 ■■■■■■■■□□
Hopefully this is a lab environment.
Any particular reason you gave the server all these roles before making it a DC?
Yes, a lab. The need of a DC just came up later.My own knowledge base made public: http://open902.com -
Mojo_666
Member Posts: 438
Just delete the zone for the dns name you have chosen if they clash....it is only a lab after all.
-
jibbajabba
Member Posts: 4,317 ■■■■■■■■□□
....it is only a lab after all.
Yea ... but a well working one
It is easy to just remove the zone or the DNS role and let dcpromo do its thing, but would still love to know if there is a way to fix it
Makes me wonder if creating the AD zones manually would work ..My own knowledge base made public: http://open902.com -
Devilsbane
Member Posts: 4,214 ■■■■■■■■□□
Just delete the zone for the dns name you have chosen if they clash....it is only a lab after all.
Create the DNS zone on a different DNS server and transfer it over, make that one the primary and delete it on this one, and then transfer it back when the DC is up and running.Decide what to be and go be it. -
jibbajabba
Member Posts: 4,317 ■■■■■■■■□□
Devilsbane wrote: »Create the DNS zone on a different DNS server and transfer it over, make that one the primary and delete it on this one, and then transfer it back when the DC is up and running.
All my other DNS server are bind
My own knowledge base made public: http://open902.com -
wedge1988
Member Posts: 434 ■■■□□□□□□□
try disabling your network adapter. It's asking the domain name you specified for a record that doesnt exist. Disabling the network adapter will stop the server from contacting the authoritative dns server. (or change the dns server address to 127.0.0.1)
either that or create a record on the root dns server "rudlof.me.uk" and configure it for delegation as it states.
If that doesnt work then no idea what you have set up ~ wedge1988 ~ IdioT Certified~
MCSE:2003 ~ MCITP:EA ~ CCNP:R&S ~ CCNA:R&S ~ CCNA:Voice ~ Office 2000 MASTER ~ A+ ~ N+ ~ C&G:IT Diploma ~ Ofqual Entry Japanese -
jibbajabba
Member Posts: 4,317 ■■■■■■■■□□
try disabling your network adapter. It's asking the domain name you specified for a record that doesnt exist. Disabling the network adapter will stop the server from contacting the authoritative dns server. (or change the dns server address to 127.0.0.1)
either that or create a record on the root dns server "rudlof.me.uk" and configure it for delegation as it states.
If that doesnt work then no idea what you have set up
As mentioned in the first post, this server IS the DNS server which is not in a domain.
What is setup is simply a standalone server, which just happen to have the DNS and DHCP role installed. This is the only server in the network. The only other machines connected are test machines using a private range assigned by that particular DHCP server.
So the DNS is already on localhost as the server doesn't even have access to other DNS server .. in fact - that server doesn't even have internet access... As a result you cannot create a delegation as there is no domain yet to delegate to.
Basically imagine a fresh installed server, install the DNS role, use 'domain.local' which is used as dns suffix for every server in that network. Then at a later time decide to install the AD role as well ..
It will fail .. Back in the server 2003 days it was different which drives me crazy ..
Imagine you decide to use domain.local - now you had to configure the dns suffix on the server as domain.local, create a forward zone called domain.local and the you could add the AD role at a later date but it wouldn't work unless the forward zone was indeed called = domain you want to use.
I am talking about the manual way, not letting dcpromo doing all its things (if you know what I mean) .. I simply tried the same which doesn't seem to be possible with 2008 .. 2008 just doesn't seem to like the fact that
a. it itself is the only DNS server
b. there is no other DNS in a domainMy own knowledge base made public: http://open902.com -
Mojo_666
Member Posts: 438
As mentioned in the first post, this server IS the DNS server which is not in a domain.
What is setup is simply a standalone server, which just happen to have the DNS and DHCP role installed. This is the only server in the network. The only other machines connected are test machines using a private range assigned by that particular DHCP server.
So the DNS is already on localhost as the server doesn't even have access to other DNS server .. in fact - that server doesn't even have internet access... As a result you cannot create a delegation as there is no domain yet to delegate to.
Basically imagine a fresh installed server, install the DNS role, use 'domain.local' which is used as dns suffix for every server in that network. Then at a later time decide to install the AD role as well ..
It will fail .. Back in the server 2003 days it was different which drives me crazy ..
Imagine you decide to use domain.local - now you had to configure the dns suffix on the server as domain.local, create a forward zone called domain.local and the you could add the AD role at a later date but it wouldn't work unless the forward zone was indeed called = domain you want to use.
I am talking about the manual way, not letting dcpromo doing all its things (if you know what I mean) .. I simply tried the same which doesn't seem to be possible with 2008 .. 2008 just doesn't seem to like the fact that
a. it itself is the only DNS server
b. there is no other DNS in a domain
All dcpromo wants to do is install directory services and install and configure AD interrated dns correctly, it cannot do that because you already have a zone for the domain, so as far as the installer goes it cannot be authorative for that domain or own that domain as it is already in use and is assumed to be owned by someone else, if that someone else can delegate the zone fine but you are better off just deleting the zone as it is in a lab and letting the installer configure it for you.
Just delete the zone, uninstal the dns service or whatever but you have to do something that gets that zone file off the dns server you are trying to run dc promo on. -
jibbajabba
Member Posts: 4,317 ■■■■■■■■□□
Fair enough. It was just different on 2003 which is why it confused me a bit.My own knowledge base made public: http://open902.com
