Help: Trouble setting up first two DC's.

I'm following the train signal videos and setting up my first two domain controllers however after configuring the two I am having trouble. The virtual machines on VMWare now get stuck at "Apply computer settings" during boot up. The machines boot up no problem in Safe Mode w/ Networking.

VM Info: (I have these machines network cards set to Bridge. My host machine is running off a wireless card) The other options are NAT and HOST Only. If I need to change to one of these please let me know.

Windows Server 2008 Enterprise

NY-DC1-2K8
Static Address:
IP: 192.168.1.107
Subnet: 255.255.255.0
Default Gateway: 192.168.1.1
DNS: 127.0.0.1 (Uses itself because its first DNS server in forest)
Alternate: 192.168.1.108 (Backup DC NY-DC2-2Kicon_cool.gif


I created a site on NY-DC1-2K8 and named it NewYork so that I can join another DC as a BDC for fault tolerance and efficiency.

Windows Server 2008 Enterprise

NY-DC2-2K8
Static Address:
IP: 192.168.1.108
Subnet: 255.255.255.0
Default Gateway: 192.168.1.1
DNS: 192.168.1.107 (Uses the NY-DC1-2K8 as primary)
Alternate: 127.0.0.1 (Uses itself in case NY-DC1-2K8 goes down)

The only difference between my static IP configuration and the Train signal videos is that he's using the IP address 192.168.5.2 which is on a different subnet correct? He's also using a switch. I'm running my host machine and two virtual machines off the same network. Regardless, after setting up these two DC's as listed, upon reboot they get stuck at "Applying computer settings" I researched this and found a brief explanation, however i'm not sure what it means.

If someone can please help me get back into my DC's i'd greatly appreciate it, it's got to be something with my DNS settings or VM + Host machine setup because as I said they boot fine in Safe mode with network enabled.

Also one other thing, after setting up these two DC's I wanted to test and see if replication was working properly. So I created a new OU in NY-DC2-2K8, then ran a repadmin /syncall command. However I was presented with an "Access Denied" I was on the administrator account. If anyone else can help with that also i'd greatly appreciate it! I cannot move on to the later labs until I get these two problems worked out icon_sad.gif

"Check this. All internal Active Directory domain clients should be
configured to use only an internal DNS Server hosting the zone name for the
Active Directory domain. This means no workstation or server, to include
all DCs and DNS servers, on the network should be configured to use any
external DNS for resolution, not even as a secondary DNS server. The
reason all domain members and DCs must use the local DNS for DNS in TCP/IP
properties, is because that is how clients find objects in Active Directory
(e.g. domain controllers, global catalogs, etc). If you point domain
clients (including domain controllers) to a DNS server which doesn't hold
this information, expect:

1) Long logon times (long waiting time for "Applying computer settings" or
clients unable to logon at all)
2) Slow boot times for DCs
3) No Active Directory replication
4) Administrators unable to manage parts of the domain
5) Group policy errors or failing outright
6) Poor (slow) network performance in general."
Currently studying for:
MCTS 70-642 Network Infrastructure

Comments

  • Mojo_666Mojo_666 Member Posts: 438
    ITVince wrote: »
    I'm following the train signal videos and setting up my first two domain controllers however after configuring the two I am having trouble. The virtual machines on VMWare now get stuck at "Apply computer settings" during boot up. The machines boot up no problem in Safe Mode w/ Networking.

    I only read this far TBH, first off when you say stuck, are they actually getting stuck? the reality is if a DC is looking at itself for primary DNS or another DC/DNS which is unavailable the DC boot up will go to maximum time out on everything and on server spec hardware will take approx 15 mins.

    To set up your first DC you should do this (simplified)

    Configure DNS to lok at itself
    Run DC Promo
    Reboot as prompted
    Clear all events from the event logs
    Do nothing for 24 hours
    Re Check the event logs an fix all issues.


    For you second DC

    Configure DNS to look at DC1
    Run DC Promo
    Reboot as prompted
    Test Replication by creating an OU or comp/user acc
    Configure DNS to look at itself
    Clear all events from the event logs
    Do nothing for 24 hours
    Re Check the event logs an fix all issues.


    If you have a pair of DC's you can configure them to look at themselves as primary and the other as secondary or the other way arround IMO the former is the better test, the later reduces those boot times from 15 mins to 5 though (assuming the other dc/dns is up an running)
  • unnamedplayerunnamedplayer Member Posts: 74 ■■□□□□□□□□
    Your set up should work ok, I'd boot up the first DC, let everything come up, log in, and then boot up the 2nd. I've noticed on my ESXi host, sometimes the VMs can take a while booting up or applying settings as well. I swear there are some funky things that go on with VMs sometimes. Like when I was labbing 2008 R1, I couldn't get consistent network communications between VMs unless I disabled Checksum Offloading.
    ITVince wrote: »
    Also one other thing, after setting up these two DC's I wanted to test and see if replication was working properly. So I created a new OU in NY-DC2-2K8, then ran a repadmin /syncall command. However I was presented with an "Access Denied" I was on the administrator account. If anyone else can help with that also i'd greatly appreciate it! I cannot move on to the later labs until I get these two problems worked out icon_sad.gif

    I think I've followed the TrainSignal videos you are using. They are with Coach right? I'd say they are OK, but I would definitely do research on Technet some of the things he shows you. There are things he presents that aren't quite clear or 100% accurate.

    For example, running repadmin /syncall as he does with no parameters synchronizes the Configuration partition not the domain partition. I think his example with the Test Dummy OU is a little misleading as to what repadmin /syncall is doing.

    Repadmin /syncall
  • ITVinceITVince Member Posts: 143
    To be honest I only waited about 3 minutes and was wondering why the wouldn't boot up as fast as before when they weren't DC's. They really take this long to boot up? Why is that?
    Currently studying for:
    MCTS 70-642 Network Infrastructure
  • ITVinceITVince Member Posts: 143
    Your set up should work ok, I'd boot up the first DC, let everything come up, log in, and then boot up the 2nd. I've noticed on my ESXi host, sometimes the VMs can take a while booting up or applying settings as well. I swear there are some funky things that go on with VMs sometimes. Like when I was labbing 2008 R1, I couldn't get consistent network communications between VMs unless I disabled Checksum Offloading.



    I think I've followed the TrainSignal videos you are using. They are with Coach right? I'd say they are OK, but I would definitely do research on Technet some of the things he shows you. There are things he presents that aren't quite clear or 100% accurate.

    For example, running repadmin /syncall as he does with no parameters synchronizes the Configuration partition not the domain partition. I think his example with the Test Dummy OU is a little misleading as to what repadmin /syncall is doing.

    Repadmin /syncall

    It worked for him but not me and I mirrored his setup, i'll dig deeper into the Repadmin /syncall command and see what I come up with, I appreciate the feedback and the heads up on that one. Yes its with "Coach" he does a pretty good job. Its nice to follow along rather then read about the labs sometimes.
    Currently studying for:
    MCTS 70-642 Network Infrastructure
  • Mojo_666Mojo_666 Member Posts: 438
    ITVince wrote: »
    To be honest I only waited about 3 minutes and was wondering why the wouldn't boot up as fast as before when they weren't DC's. They really take this long to boot up? Why is that?

    Because the DC's or rather AD needs DNS, and DNS will not function without AD (due to AD integrated DNS zones and of course DNS itself which host the SRV records to find all this stuff in the first place so you get stuck in a catch 22 situation where AD needs DNS but DNS won't run because it needs AD+DNS running and so on and so forth. (hence reduced boot times when pointing to a DC/DNS server that is already up an running)

    Messy huh? ;)

    Yes it really does takes 15 mins to boot up a DC and once booted you will see a bunch of errors in the event logs relating to the issues it had booting but these are normal, DC's are not meant to be rebooted very often and they can like I said, be configured to look at other DC's rather than themsleves. What you are seeing is normal behaviour but behaviour that you would not see very often in production as the DC's will not get bounced very often but of course you would see it in a lab more often because DC's are rebooted more or switched off overnight etc.

    So really just chill and check the event logs, leave your DC's powered on and check them again after a day, if the event logs are fine then just down them as normal assuming that they will be OK and boot them about 15 mins before you need to use them. icon_thumright.gif

    I cannot stress how normal this is, it catches many people out and causes no end of questions on Experts Exchange.

    Rule of thumb,

    If a DC is looking at itself for DNS expect 15 minute boot times.
    If a DC is looking at another DC for DNS and that server is up expect 5 minute boot times.

    Test it out for yourself. icon_thumright.gif
  • ITVinceITVince Member Posts: 143
    Thank you, I'll learn to be more patient now icon_thumright.gif

    Replication seems to be working fine now too my two DC's in NY are now talking to one another. Making progress. Thanks guys
    Currently studying for:
    MCTS 70-642 Network Infrastructure
  • ITVinceITVince Member Posts: 143
    I think I've followed the TrainSignal videos you are using. They are with Coach right? I'd say they are OK, but I would definitely do research on Technet some of the things he shows you. There are things he presents that aren't quite clear or 100% accurate.

    So did you use these to pass your MCTS 70-640? icon_confused.gif:
    Currently studying for:
    MCTS 70-642 Network Infrastructure
  • unnamedplayerunnamedplayer Member Posts: 74 ■■□□□□□□□□
    ITVince wrote: »
    So did you use these to pass your MCTS 70-640? icon_confused.gif:

    Haven't taken the 70-640 yet. But, I will tell you, those videos are not going to cut it. I thought they were OK to start out with, because they let you see how to do things, but the level of technical detail is not there. Don't even get me started on the certificate and DNS videos. Those are kinda glossed over yet they are 15 and 17% of the exam respectively.

    It looks like TrainSignal re-released their 70-640 series with Ed Lieberman which include R2 coverage, but I haven't had a chance to look at them.

    I've found the MS Press Book combined with Mastering Server 2008 to be a pretty good study resource. Combine these with the Technet articles in Claymoore's 70-640 thread. I've also got the Sybex book which I originally purchased as my main study resource. Got a couple of chapters in before getting my hands on the MS Press Book and realized the MS book was much more in-depth.

    People knock the MS book for having a lot of typos, but I think the Sybex book as quite a few doozies itself. Actually after going through both books and reading Technet, you can definitely see these books were written early in the existence of Windows 2008. Hopefully the 2nd editions will be better.
  • ITVinceITVince Member Posts: 143
    Haven't taken the 70-640 yet. But, I will tell you, those videos are not going to cut it. I thought they were OK to start out with, because they let you see how to do things, but the level of technical detail is not there. Don't even get me started on the certificate and DNS videos. Those are kinda glossed over yet they are 15 and 17% of the exam respectively.

    It looks like TrainSignal re-released their 70-640 series with Ed Lieberman which include R2 coverage, but I haven't had a chance to look at them.

    I've found the MS Press Book combined with Mastering Server 2008 to be a pretty good study resource. Combine these with the Technet articles in Claymoore's 70-640 thread. I've also got the Sybex book which I originally purchased as my main study resource. Got a couple of chapters in before getting my hands on the MS Press Book and realized the MS book was much more in-depth.

    People knock the MS book for having a lot of typos, but I think the Sybex book as quite a few doozies itself. Actually after going through both books and reading Technet, you can definitely see these books were written early in the existence of Windows 2008. Hopefully the 2nd editions will be better.

    Now you've got me nervous....My plan is to read through Sybex, use the TrainSignal Videos (I have both Supercoach and the new R2 videos), as well as read through Windows R2 eBook. Might have to go through Claymores thread as well...man this is a lot of reading ahead of me. I'll take it a day at a time though. icon_study.gif Really dont want to have to read through the entire MS book ontop of Sybex....unless I have to...icon_confused.gif: When do you plan on taking your exam? Keep in touch so I know how it goes and what to expect, i'm still a good 2 months or so away, i'm still studying DNS Chapter 2 in Sybex. I'm making sure I read, re-read chapters until they fully stick before going to new chapters/topics.
    Currently studying for:
    MCTS 70-642 Network Infrastructure
  • wweboywweboy Member Posts: 287 ■■■□□□□□□□
    ITVince,

    Thanks for this topic, I'm in the same boat I've been using Train Signal mainly to study and I can agree with unnamedplayer, I thought I was ready I took some practice exams and my confidence went to ZERO.

    My main problem with the videos is the amount of servers you make are crazy and when you start "Connecting" NY and Chicago they don't talk about the real aspects of what you need to do they just tell you to make another server.

    I need to get a book and hit that like you :) its nice to know someone on these forums are exactly where I am.

    My setup -
    XPS 420 8GB ram
    VMWare workstation using VMNET 5 I'm running a virtual PFSense router.

    Oh yeah you want to do do yourself a favor and make your first domain a DHCP server it makes life a tad easier a few times I've forgot to do something really simple and wonder why the computer wouldn't talk to the domain.

    Good luck on your studying ITVince!
  • ITVinceITVince Member Posts: 143
    wweboy wrote: »
    ITVince,

    Thanks for this topic, I'm in the same boat I've been using Train Signal mainly to study and I can agree with unnamedplayer, I thought I was ready I took some practice exams and my confidence went to ZERO.

    My main problem with the videos is the amount of servers you make are crazy and when you start "Connecting" NY and Chicago they don't talk about the real aspects of what you need to do they just tell you to make another server.

    I need to get a book and hit that like you :) its nice to know someone on these forums are exactly where I am.

    My setup -
    XPS 420 8GB ram
    VMWare workstation using VMNET 5 I'm running a virtual PFSense router.

    Oh yeah you want to do do yourself a favor and make your first domain a DHCP server it makes life a tad easier a few times I've forgot to do something really simple and wonder why the computer wouldn't talk to the domain.

    Good luck on your studying ITVince!

    I hope my 12 GB of Ram is enough, his network toplogy map is quite large by the end of the videos :). So they don't go as in depth as they need to...that may be the case but its a good foundation for getting some hand on lab expereince. I'm hoping the Sybex book fills in the details. Still need to find a good R2 Practice test. I ran about 10 VM's no problem and Starcraft2 and still had about 4 GB left. I'm using VMWare Player wish I had a workstation license. Why make the first domain a DHCP server? All servers will have statically assigned IP addresess, for clients that join to the domain? I figured enabling the "bridged" connection on my VM Nic Cards will allow for clients to use my Wireless Routers DHCP services and have IP information filled that way. What do you think? In the real world, yeah i'd have to assign DHCP roles to some servers for my clients. :)
    Currently studying for:
    MCTS 70-642 Network Infrastructure
  • wweboywweboy Member Posts: 287 ■■■□□□□□□□
    Yeah you want to make your servers static every time. Your 12GB will be easy to handle and to be honest if I don't need the server running I don't bother. Yes it says make 2 domain controllers for example I make them and set them up then I just stop the second one.

    Until you start changing FSMO roles you won't need that second DC running while doing your work on DC1 or the other locations such as New York, Chicago or Tokyo.

    Have fun studying :)
  • TrainSignal_EdTrainSignal_Ed Registered Users Posts: 2 ■□□□□□□□□□
    Hi everyone,

    My name is Ed Liberman and I am an instructor at Train Signal. I just wanted to quickly chime in and let you know that I recently created a new version of our 70-640 Windows Server Active Directory Training course (I believe this was mentioned in a previous reply). I would like to address some of the questions that have been asked in this thread.

    ITVince, it looks like your setup is just fine and you might need to continue to be patient with your servers. This is not an uncommon problem when working with virtual machines. I have run into similar problems here while creating the course. I will sometimes even mention it if I know that a certain process takes longer than expected. If you are still having difficulties then you might want to switch to my new version of the course. Both should work just fine, but I tried to "trim the fat" on how many virtual machines you need to have running to complete the course. This may help your speed issue.

    The only change I would make to the setup is that I would have both domain controllers point to themselves for DNS and point to the other as an alternate. This is how I have my machines set up and they both boot up just fine.

    Mojo_666, I don't want to get in a bickering match with you on this, but I do not agree with your comments about it taking 15 minutes for a domain controller to boot if it is pointing to itself for DNS. I have all of my domain controllers pointing to themselves for DNS (in both production and test/teaching environments) and it does not take anywhere close to 15 minutes for the computers to boot. Most of the documentation I have looked at says that Microsoft recommends that a domain controller point to itself first for DNS. If you have documentation which explains differently then I would be very curious to see it. I always want to make sure my students have the latest and greatest information so I would be happy to change my position on this if you have more information.

    unnamedplayer and wweboy, certification is something that I have been helping people to achieve for over a decade. I have ALWAYS told my students that you should never count on only one resource as being all encompassing for the exam. As much as I or anyone else may try to give you everything you need for the exam, the information is just way too broad to guarantee complete coverage of everything on the exam. This is why we include the Transcender practice exams with our courses. The hope is that between my lessons and the practice exam questions that you will have all the tools you need to get ready to pass the exam and be successful in your IT career. Now, this doesn't mean that you shouldn't reference any additional material. I make references to using TechNet articles in my lessons and Transcender gives references to back their explanations as well. I have a bonus lesson which is included with all our courses explaining how to use practice exams as additional study material and NOT just as a practice exam which gives you a score to see if your ready for the real exam. I can't go into the complete detail of what I mean, but please watch that video to get the complete explanation.

    wweboy, I completely agree with your last comment about not having all the servers running at all times. When I am creating courses I turn off all unnecessary virtual machines. I usually try to tell my viewers which ones I have running going into the demonstrations. The purpose behind creating 2 domain controllers is to demonstrate how a real environment should be configured, but I too will sometimes shut the second one down if replication is not going to be factor in the lesson. The only thing that I will caution everyone about is that replication is always taking place and the more you do with that second domain controller offline the longer you can expect it to take to boot up when you decide to use it. For this reason I recommend that you leave it running as often as possible if you have the resources to support it. Also, this only applies to test/learning environments. I never take down additional domain controllers in production environments.

    I hope I have helped to answer some of your questions and concerns. I wish you all the best in your success as IT professionals.

    Ed Liberman
  • ITVinceITVince Member Posts: 143
    Ed, thanks so much for the reply, my primary DC takes only 5 or so minutes to boot and it is pointing to itself for DNS. I just had to be a little more patient it wasnt as instantenous as it was before promoting it. icon_thumright.gif Ed, what are your recommendations for studying for the new 70-640 exam which now includes R2 material? This has flustered us now since many of us have been studying R1 material from Sybex and MS Books. Hopefully it'll be an easy addition when it comes to studying.
    Currently studying for:
    MCTS 70-642 Network Infrastructure
  • TrainSignal_EdTrainSignal_Ed Registered Users Posts: 2 ■□□□□□□□□□
    I wouldn't worry too much about the R2 updates. The updates for Active Directory are not that significant. Most of them are things like the addition of new Group Policy settings and things like that. In those cases there is really no difference in what you are studying since we teach the concept of how to use Group Policy not the actual settings. There are a few specific updates to Active Directory and I am currently creating a few extra bonus videos for those topics. They will be complete and made available by the end of the year.
  • Mojo_666Mojo_666 Member Posts: 438
    Mojo_666, I don't want to get in a bickering match with you on this, but I do not agree with your comments about it taking 15 minutes for a domain controller to boot if it is pointing to itself for DNS

    This I not something I read in a book, it is something I sat down with a stop watch and timed after having a discussion with a colleague about varying boot times and the pros and cons of how best to configure DNS, so it doesn’t matter if you disagree with me or not because it will not change what I saw and tested with my own 2 hands on no less than 10 separate occasions.

    Anyway the point I was making was just to be a little more patient.
  • earweedearweed Member Posts: 5,192 ■■■■■■■■■□
    Mojo_666 wrote: »
    This I not something I read in a book, it is something I sat down with a stop watch and timed after having a discussion with a colleague about varying boot times and the pros and cons of how best to configure DNS, so it doesn’t matter if you disagree with me or not because it will not change what I saw and tested with my own 2 hands on no less than 10 separate occasions.

    Anyway the point I was making was just to be a little more patient.
    Was this on VMs (in a test lab) or something in a production environment. I set my VMs up to point to themselves and didn't have that long a wait and way less of a wait on a powerful enough machine to run the VMs properly.
    True about being patient though as the boot time is still a few minutes (mine's around 4 minutes now) but I don't even take my VMs off line or reboot them that much anymore.
    No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
  • Mojo_666Mojo_666 Member Posts: 438
    earweed wrote: »
    Was this on VMs (in a test lab) or something in a production environment. I set my VMs up to point to themselves and didn't have that long a wait and way less of a wait on a powerful enough machine to run the VMs properly.
    True about being patient though as the boot time is still a few minutes (mine's around 4 minutes now) but I don't even take my VMs off line or reboot them that much anymore.

    These were physical 2003SP2 production servers running on PowerEdge 2950's and 2850's. I have not timed anything for a few years now mind but I still advise people of a possible 15 min wait as it should cover all configurations....but again the point is to convey patience and normality when people start to worry because they have considerably slower load times since running dcpromo.

    15 Mins might not apply in the lab these days but if you are ever in a production environment working on some older kit don't panic if the DC's are taking a LOT longer than you are used to. icon_thumright.gif
  • Mojo_666Mojo_666 Member Posts: 438
    ITVince wrote: »
    Most of the documentation I have looked at says that Microsoft recommends that a domain controller point to itself first for DNS. If you have documentation which explains differently then I would be very curious to see it.

    No documentation from Microsoft just a tip from me on reducing reboot times of DC's, my comments in this thread regarding configurations are in line with Microsoft as are my configurations, but if you do want to reduce reboot times you can point DNS at another server. If you need to bounce a DC and you want it up sooner rather than later then you can point it to your other DC. (However as I stated if all DC's are off then there is no benefit from doing this) This is something I have done a lot on 2003 DC's when for example I need to bounce a GC and I want it to come up faster, 10 mins faster for me in some cases.
  • earweedearweed Member Posts: 5,192 ■■■■■■■■■□
    "Check this. All internal Active Directory domain clients should be
    configured to use only an internal DNS Server hosting the zone name for the
    Active Directory domain. This means no workstation or server, to include
    all DCs and DNS servers, on the network should be configured to use any
    external DNS for resolution, not even as a secondary DNS server. The
    reason all domain members and DCs must use the local DNS for DNS in TCP/IP
    properties, is because that is how clients find objects in Active Directory
    (e.g. domain controllers, global catalogs, etc). If you point domain
    clients (including domain controllers) to a DNS server which doesn't hold
    this information, expect:

    1) Long logon times (long waiting time for "Applying computer settings" or
    clients unable to logon at all)
    2) Slow boot times for DCs
    3) No Active Directory replication
    4) Administrators unable to manage parts of the domain
    5) Group policy errors or failing outright
    6) Poor (slow) network performance in general."
    You'll see this again in your 70-646/647 studies. You'll use forwarders and/or conditional forwarders set up in DNS to get out to the internet. That way your clients never mess with an external DNS server unless trying to access the internet. You'll learn a lot more about DNS in 642 (I'd recommend reading the DNS chapters from the 642 book if you already have it)
    No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
  • MentholMooseMentholMoose Member Posts: 1,525 ■■■■■■■■□□
    I don't think anyone is suggesting pointing anything to a non-DC for DNS. That would cause problems unless the DNS server has the zone for AD domain. They are just arguing about if it's better to configure a DC to use itself for primary DNS, or use another DC. Anyway this Microsoft article has some guidance about the various options:
    Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
    MentholMoose
    MCSA 2003, LFCS, LFCE (expired), VCP6-DCV
  • nmagnernmagner Registered Users Posts: 2 ■□□□□□□□□□
    I've installed Windows Server 2008 R2 in my home "virtual" test environment. I have AD DS, integrated DNS installed. My configuration as follows:
    VMware: Windows Server 2008 R2 - Network adapter connection: Bridged
    DC1: IPv4 Configuration
    IP: BLANK - Subnet Mask: BLANK - Default Gateway: BLANK. Preferred DNS is configured to 127.0.0.1 and Alernative DNS to 192.168.0.1.
    Is DC1 configuration correct?
    What IPv4 settings will I put in for DC2 so it points at DC1?
Sign In or Register to comment.