DCPROMO on a DHCP / DNS / RRAS server

jibbajabba

I currently run a RRAS server with VPN / NAT enabled which also has its own DNS and DHCP role.

I am trying to promote this server to a domain controller (first DC, new Forrest) but I get an error which drives me mental.

Here you can see it can find the working DNS server (which is itself)





But then



Anyone seen this before ? I really don't want to remove the DNS role and let it reinstall it ...

Devilsbane

You are trying to install DNS again. Try unchecking the DNS box and see what happens.

EDIT: Well duh me, the box is grayed out. How about trying to change the name of the zone.

jibbajabba

Thought about it, but on 2003 the zone had to be the same as the dns suffix and the intended domain (if you want to use a local pre-installed DNS server.

earweed

Hopefully this is a lab environment.

Any particular reason you gave the server all these roles before making it a DC?

jibbajabba

earweed wrote: »

Hopefully this is a lab environment.

Any particular reason you gave the server all these roles before making it a DC?

Yes, a lab. The need of a DC just came up later.

Mojo_666

Just delete the zone for the dns name you have chosen if they clash....it is only a lab after all.

jibbajabba

Mojo_666 wrote: »

....it is only a lab after all.

Yea ... but a well working one

It is easy to just remove the zone or the DNS role and let dcpromo do its thing, but would still love to know if there is a way to fix it

Makes me wonder if creating the AD zones manually would work ..

Devilsbane

Mojo_666 wrote: »

Just delete the zone for the dns name you have chosen if they clash....it is only a lab after all.

Create the DNS zone on a different DNS server and transfer it over, make that one the primary and delete it on this one, and then transfer it back when the DC is up and running.

jibbajabba

Devilsbane wrote: »

Create the DNS zone on a different DNS server and transfer it over, make that one the primary and delete it on this one, and then transfer it back when the DC is up and running.

All my other DNS server are bind

wedge1988

try disabling your network adapter. It's asking the domain name you specified for a record that doesnt exist. Disabling the network adapter will stop the server from contacting the authoritative dns server. (or change the dns server address to 127.0.0.1)

either that or create a record on the root dns server "rudlof.me.uk" and configure it for delegation as it states.

If that doesnt work then no idea what you have set up

jibbajabba

wedge1988 wrote: »

try disabling your network adapter. It's asking the domain name you specified for a record that doesnt exist. Disabling the network adapter will stop the server from contacting the authoritative dns server. (or change the dns server address to 127.0.0.1)

either that or create a record on the root dns server "rudlof.me.uk" and configure it for delegation as it states.

If that doesnt work then no idea what you have set up

As mentioned in the first post, this server IS the DNS server which is not in a domain.

What is setup is simply a standalone server, which just happen to have the DNS and DHCP role installed. This is the only server in the network. The only other machines connected are test machines using a private range assigned by that particular DHCP server.

So the DNS is already on localhost as the server doesn't even have access to other DNS server .. in fact - that server doesn't even have internet access... As a result you cannot create a delegation as there is no domain yet to delegate to.

Basically imagine a fresh installed server, install the DNS role, use 'domain.local' which is used as dns suffix for every server in that network. Then at a later time decide to install the AD role as well ..

It will fail .. Back in the server 2003 days it was different which drives me crazy ..

Imagine you decide to use domain.local - now you had to configure the dns suffix on the server as domain.local, create a forward zone called domain.local and the you could add the AD role at a later date but it wouldn't work unless the forward zone was indeed called = domain you want to use.

I am talking about the manual way, not letting dcpromo doing all its things (if you know what I mean) .. I simply tried the same which doesn't seem to be possible with 2008 .. 2008 just doesn't seem to like the fact that

a. it itself is the only DNS server
b. there is no other DNS in a domain

Mojo_666

Gomjaba wrote: »

As mentioned in the first post, this server IS the DNS server which is not in a domain.

What is setup is simply a standalone server, which just happen to have the DNS and DHCP role installed. This is the only server in the network. The only other machines connected are test machines using a private range assigned by that particular DHCP server.

So the DNS is already on localhost as the server doesn't even have access to other DNS server .. in fact - that server doesn't even have internet access... As a result you cannot create a delegation as there is no domain yet to delegate to.

Basically imagine a fresh installed server, install the DNS role, use 'domain.local' which is used as dns suffix for every server in that network. Then at a later time decide to install the AD role as well ..

It will fail .. Back in the server 2003 days it was different which drives me crazy ..

Imagine you decide to use domain.local - now you had to configure the dns suffix on the server as domain.local, create a forward zone called domain.local and the you could add the AD role at a later date but it wouldn't work unless the forward zone was indeed called = domain you want to use.

I am talking about the manual way, not letting dcpromo doing all its things (if you know what I mean) .. I simply tried the same which doesn't seem to be possible with 2008 .. 2008 just doesn't seem to like the fact that

a. it itself is the only DNS server
b. there is no other DNS in a domain

All dcpromo wants to do is install directory services and install and configure AD interrated dns correctly, it cannot do that because you already have a zone for the domain, so as far as the installer goes it cannot be authorative for that domain or own that domain as it is already in use and is assumed to be owned by someone else, if that someone else can delegate the zone fine but you are better off just deleting the zone as it is in a lab and letting the installer configure it for you.

Just delete the zone, uninstal the dns service or whatever but you have to do something that gets that zone file off the dns server you are trying to run dc promo on.

jibbajabba

Fair enough. It was just different on 2003 which is why it confused me a bit.