Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Win2008 Server join to Win2003 domain question

2 views
Skip to first unread message

Jason Huang

unread,
Jan 4, 2010, 3:27:21 AM1/4/10
to
Hi,

We just set up our new Win 2008 Server, and we would like to join this Win
2008 from workgroup to the existed Win 2003 domain MyDomain.com.
The Win2008's DNS is set to the Win2003 AD domain controler, and the DNS in
the 2003 AD Domain Controler, I've added an A
record for the Win 2008 Server (FQDN = Win2008.MyDomain.com).
However, still won't make it.
I'm thinking the Win 2008 is very different from the Win 2003...
How can I fix the problem?
Thanks for help.


Jason

Meinolf Weber [MVP-DS]

unread,
Jan 4, 2010, 4:22:06 AM1/4/10
to
Hello Jason,

First there is no need to pre-create an A record, will be done automatically
when the domain is joined.

Which error message is shown when you try to join the server to the domain?
Normally there is no problem to join a Windows server 2008 to the Windows
server 2003 domain. Only if the 2008 machien should become domain controller
you have to upgrade the schema for it, but this is also no problem.

Additional post an unedited ipconfig /all from the 2008 and the 2003 machine,
so we can exclude DNS as a problem.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Paul Bergson [MVP-DS]

unread,
Jan 4, 2010, 8:17:42 AM1/4/10
to
What error message are you getting and post an ipconfig /all (As Meinolf
already requested) of both your 2003 dc and your 2008 machine. Feel free to
modify the first couple of octets to hide your internal ip address (If a
private ip address)

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This


posting is provided "AS IS" with no warranties, and confers no rights.

"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:uvwoDfRj...@TK2MSFTNGP02.phx.gbl...

Ace Fekay [MVP-DS, MCT]

unread,
Jan 4, 2010, 9:29:21 AM1/4/10
to
"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:uvwoDfRj...@TK2MSFTNGP02.phx.gbl...


Windows 2008 and 2003 functionality is basically the same regarding domain
memberships. Please provide the info requested by Paul and Meinolf to help
us assist in diagnosing this issue.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP: Directory Services

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.


Jorge Silva

unread,
Jan 4, 2010, 9:59:30 AM1/4/10
to
Hi
- Let's start with some basic testing.
- First make sure that your existing DNS infrastructure is working
correctly. To test that you may use some utilities like "nslint" or/and
"dcdiag". Check the flag options for each tool, run the tests and search for
errors in the output log.
- Assuming that everything is ok, make sure that the DNS, allows dynamic
records registration (this will be more secure if you've your DNS integrated
with Active Directory "DNSAI" - and that is only possible when you have DNS
configured in your DCs).
- Then, check if you don't have any firewalls between or installed in the
servers that may lock active directory and DNS port communications.
- Use Nslookup on the server to be add to the domain, and test if it's
correctly resolving the FQDN and DC.
- After you check that DNS is working correctly and no communications issues
exists, try the operation again. If it fails, take note of the error and
post it here, additionally also check for errors in the event log.

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:uvwoDfRj...@TK2MSFTNGP02.phx.gbl...

Jason Huang

unread,
Jan 4, 2010, 11:48:35 PM1/4/10
to
Hi,

Error message is: Logon Failure: The target account name is incorrect.

The Win 2003 Server ipconfig /all output:

Windows IP Configuration

Host Name . . . . . . . . . . . . : Win2003
Primary Dns Suffix . . . . . . . : mycom.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mycom.com
com

Ethernet adapter :

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-aa-bb-cc-dd-ee
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.0.51
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.0.51

Primary WINS Server . . . . . . . : 192.168.0.200

The Win 2008 Server ipconfig /all output:


Windows IP Configuration

Host Name . . . . . . . . . . . . : Win2008
Primary Dns Suffix . . . . . . . : mycom.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mycom.com

Ethernet adapter ???? 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE
(NDIS VBD ???) #2
Physical Address. . . . . . . . . : 00-aa-cc-DC-48-02
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter ???? 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE
(NDIS VBD ???)
Physical Address. . . . . . . . . : 00-aa-cc-DC-48-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
168.95.1.1
Primary WINS Server . . . . . . . : 192.168.0.200
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{3DE69E6B-1374-422A-8E42-C0CC5768BA2B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8067047D-397A-4917-8A94-9DB2260D971D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . :
2001:0:cf2e:3096:3885:75b:3f57:9b37(Preferred)
Link-local IPv6 Address . . . . . :
fe80::3885:75b:3f57:9b37%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> ���g��l��s�D:%23nD%23NBUjK...@TK2MSFTNGP05.phx.gbl...

Ace Fekay [MCT]

unread,
Jan 5, 2010, 12:13:00 AM1/5/10
to

"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:%23lI8dJc...@TK2MSFTNGP04.phx.gbl...

Thank you for posting the requested info.

The reason why you are seeing errors, is because of a DNS IP addresses are
incorrect on the machines.

1. On Win2003, the DNS should be only set to 192.168.1.1. Your gateway is
192.168.0.51, but that is the router, and it doesn't have DNS running on it.
If your DC queries for a record in its own domain, it may be asking the
router, and it will not have the answer.

2. On Win2003, you should also disable WINS proxy. That's done in the
registry. Please backup your reg before making any changes.

Set the value for "EnableProxy" to 0 in the following key. This will disable
it.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\EnableProxy

More info on WINS proxy can be found here:
How to Disable NetBT Proxy on Incoming Connections
http://support.microsoft.com/kb/319848

3. On Win2008, it's using 192.168.1.1 an 168.95.1.1. I don't know what the
second IP is, so I looked it up. It is an internet DNS server. My
explanation applies to this machine, too. It must ONLY use 192.168.1.1 for
DNS. If there's anything else in there, it will cause problems to the point
that it cannot find the domain.

4. Win2003 shows 192.168.0.200 for WINS. If that is a real WINS server, also
specify that on the Win2003 machine.

Ace

Jason Huang

unread,
Jan 5, 2010, 2:19:43 AM1/5/10
to
Thanks a lot.
Now all the Win 2003 and Win 2008 have only 1 DNS 192.168.1.1, which is also
the IP of Win 2003 Server.
And the Win 2003 Win Proxy Enabled is set to No ( not reboot yet).
But, still can't join the domain, and get same error message:

Logon Failure: The target account name is incorrect.
However, in the Win 2008 I did the nslookup and get the following result:

Server: Win23.mycom.com
Address: 192.168.1.1

Name: mycom.com
Addresses: 192.168.1.1
192.168.2.208
192.168.2.209
192.168.2.111
192.168.2.2
192.168.2.222
192.168.2.201
192.168.2.202
192.168.2.213
192.168.2.130
192.168.2.203
192.168.2.205
192.168.2.206
192.168.2.207

Where all the 192.168.2.X is the Secondary AD controler (Win 2003) which has
multiple IP.
I'm not sure will this cause the Win 2008 join domain problem.
Thanks.

Meinolf Weber [MVP-DS]

unread,
Jan 5, 2010, 3:28:10 AM1/5/10
to
Hello Jason,

Ace already give you a good starting point for the 2 servers. Now your 3rd
machien comes into play, A DC shold NEVER be multihomed, more then one ip
address.

So please post also an unedited ipconfig /all from all additional existing
DC/DNS servers here and describe why this DC has that amount of ip addresses.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.


** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Paul Bergson [MVP-DS]

unread,
Jan 5, 2010, 8:09:57 AM1/5/10
to
Wow, I have never seen a DC with so many IP addresses. As Meinolf pointed
out, a dc can have only one ip address.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:udlp6ddj...@TK2MSFTNGP06.phx.gbl...

Ace Fekay [MCT]

unread,
Jan 5, 2010, 11:08:17 AM1/5/10
to
"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:udlp6ddj...@TK2MSFTNGP06.phx.gbl...

> Thanks a lot.
> Now all the Win 2003 and Win 2008 have only 1 DNS 192.168.1.1, which is
> also the IP of Win 2003 Server.
> And the Win 2003 Win Proxy Enabled is set to No ( not reboot yet).
> But, still can't join the domain, and get same error message:
> Logon Failure: The target account name is incorrect.
> However, in the Win 2008 I did the nslookup and get the following result:
>
> Server: Win23.mycom.com
> Address: 192.168.1.1
>
> Name: mycom.com
> Addresses: 192.168.1.1
> 192.168.2.208
> 192.168.2.209
> 192.168.2.111
> 192.168.2.2
> 192.168.2.222
> 192.168.2.201
> 192.168.2.202
> 192.168.2.213
> 192.168.2.130
> 192.168.2.203
> 192.168.2.205
> 192.168.2.206
> 192.168.2.207
>


WOW! and WOW! Where did they come from? Is there another DC??

If there is no additional DC that is multhomed, I think possibly that you
have extra entries in DNS called the LdapIpAddress record, which shows up as
a "(same as parent)" entry. They all need to be removed leaving only the
ones for the DC.


Also, please run the following and post the results. Keep in mind, you must
go into your _msdcs. and your testadservs.net zones properties, Zone
transfers, and allow zone transfers for the commands to run. You can turn
this off after you've completed the run

c:\nslookup
> ls -t srv _msdcs.testadservs.net
(hit enter and copy/paste results)

While still in the command, then run:
> ls -d testadservs.net
(hit enter and copy/paste results)

Ace


Jorge Silva

unread,
Jan 5, 2010, 11:49:10 AM1/5/10
to
This is starting to sound messy...
You said: I want to join a Windows 2008 server to a Domain that has 1 DC
that is running With Windows 2003. IS THIS Correct?
Assuming yes, I assume that the new Windows 2008 server does NOT have to be
an additional DC, correct?

Then you said that your existing DC (that is running Windows 2003) has the
following configuration:
IP Address 192.168.1.1
Subnet Mask 255.255.0.0
Default Gateway 192.168.0.51
DNS Servers 192.168.1.1
192.168.0.51
WINS Server 192.168.0.200

- I also assume that this DC doesn't run any other services than "Active
Directory" and "DNS", if it does, please say which ones.
- What server is the "192.168.0.200"? Is it a DC or a dedicated WINS server?

- As already stated, you should NOT USE the "192.168.0.51" as secondary DNS
server. To remove it:
1 - Remove the entry DNS entry "192.168.0.51" from IP adapter.
2 - Go to command line and run the following command (without the quotes)
"ipconfig /flushdns"
3 - Restart the DNS service on that DC.

- The second step is to run the tests that I already mentioned in my
previous post (let me know if you need help with that).

Assuming that everything is alright, now it's time to check the Server
(Windows 2008) to be added to your domain.

According with your post, the windows 2008 server to be added has the
following configuration:
IPv4 Address 192.168.1.2
Subnet Mask 255.255.0.0
Default Gateway 192.168.1.1
DNS Servers 192.168.1.1
168.95.1.1
Primary WINS Server 192.168.0.200

- The first thing that comes into my head when I look at this configuration,
is that you're running these servers to lab purposes, 16Bit mask address
sounds pretty big for 2 servers only :) and can complicate things.
Now:
- Where did the 168.95.1.1 come from?
- Again, What server is the "192.168.0.200"? Is it a DC or a dedicated WINS
server? Why it's in a different subnet?
- What is the purpose of that Windows 2008 new Server? Are you planning RRAS
for that server or something else?

My opinion, is that you're trying to do something else than just adding it
to the domain, and that should explain the reason why you're adding it so
many addresses, perhaps if you explain your entire infrastructure and your
plans for that server we could better assist you with that.


--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.


"Jorge Silva" <jorges...@hotmail.com> wrote in message
news:FC491F9F-AD82-4703...@microsoft.com...

Jason Huang

unread,
Jan 5, 2010, 8:18:25 PM1/5/10
to
Thanks.
The reason the another DC (name: kserver) has so many IP is because it also
working as the host of .Net web server, and we have several .Net application
running on line.

The known problem for the DC ksever is it's account can't sync with the
Primary DC.

This is another DC ipconfig/all output:

Windows IP Configuration

Host Name . . . . . . . . . . . . : kserver


Primary Dns Suffix . . . . . . . : mycom.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mycom.com

com

Ethernet adapter �??�u:


Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/0 CT Network Connection
Physical Address. . . . . . . . . : 00-11-mm-aa-cc-80


DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.2.222


Subnet Mask . . . . . . . . . . . : 255.255.0.0

IP Address. . . . . . . . . . . . : 192.168.2.213


Subnet Mask . . . . . . . . . . . : 255.255.0.0

IP Address. . . . . . . . . . . . : 192.168.2.209


Subnet Mask . . . . . . . . . . . : 255.255.0.0

IP Address. . . . . . . . . . . . : 192.168.2.208


Subnet Mask . . . . . . . . . . . : 255.255.0.0

IP Address. . . . . . . . . . . . : 192.168.2.207


Subnet Mask . . . . . . . . . . . : 255.255.0.0

IP Address. . . . . . . . . . . . : 192.168.2.206


Subnet Mask . . . . . . . . . . . : 255.255.0.0

IP Address. . . . . . . . . . . . : 192.168.2.205


Subnet Mask . . . . . . . . . . . : 255.255.0.0

IP Address. . . . . . . . . . . . : 192.168.2.203


Subnet Mask . . . . . . . . . . . : 255.255.0.0

IP Address. . . . . . . . . . . . : 192.168.2.202


Subnet Mask . . . . . . . . . . . : 255.255.0.0

IP Address. . . . . . . . . . . . : 192.168.2.201


Subnet Mask . . . . . . . . . . . : 255.255.0.0

IP Address. . . . . . . . . . . . : 192.168.2.130


Subnet Mask . . . . . . . . . . . : 255.255.0.0

IP Address. . . . . . . . . . . . : 192.168.2.111


Subnet Mask . . . . . . . . . . . : 255.255.0.0

IP Address. . . . . . . . . . . . : 192.168.2.2


Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.0.51

DNS Servers . . . . . . . . . . . : 192.168.1.1
168.95.1.1

Primary WINS Server . . . . . . . : 192.168.0.200


The IP 192.168.0.200 is a real WINS Server's IP.


"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
???????:6cb2911dbba68...@msnews.microsoft.com...

Jason Huang

unread,
Jan 6, 2010, 1:08:50 AM1/6/10
to
Thanks a lot!

The Win 2008 will NOT be a DC, just wanna join the Win 2003 MyCom.com
domain.
192.168.0.200 is WINS Server, not a DC.

There are two DCs in my domain, 192.168.1.1(Primary) and 192.168.2.2
(Secondary).
These two DCs have problem to SYNC with each other, due to fail to sync over
some time limit,
and these two DCs has DNS server running, but the Secondary has not added
any zone yet.

Now these two DC's tcp/ip has to only 1 dsn: 192.168.1.1, and have done the
ipconfig/flushdns.

The 168.95.1.1 is the ISP's dns.

And I have also removed some "(same as parent)" (host) A entries from the
192.168.1.1 DNS service,
leaves only two "(same as parent)" (host)A entries: 192.168.1.1,
192.168.2.2.

The reason that the DC 192.168.1.2 is multimhomed is because it is also
working as the .Net web server,
we assigned each .Net web application with a 192.168.2.x ip.

We are planning to set up the the new Win 2008 Server as MS SQL Server DB
server, and I wanna remote logging to the Win2008 from my Win XP which is
logged on to my domain already.


"Jorge Silva" <jorges...@hotmail.com>
???????:209F094F-9988-49EA...@microsoft.com...

Ace Fekay [MVP-DS, MCT]

unread,
Jan 6, 2010, 3:03:12 AM1/6/10
to
"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:OVlim4mj...@TK2MSFTNGP02.phx.gbl...

Jason,

I can see why it can't sync. You really, and truly honestly need to not use
a DC to run a webserver. More than one IP causes numerous problems. Imagine
what happens when there are 10. I would highly suggest to use a member
server as a webserver and give it as many IPs as you want, but not a DC.

Otherwise, we really can't help you straighten this out, unless you're up to
some registry changes. Please read my following blog explaining the
implications to a DC, why it causes harm to a DC, and how to workaround it
(registry and other changes), if you want to continue using this as a DC.

Ace


Jason Huang

unread,
Jan 6, 2010, 3:22:00 AM1/6/10
to
Even I delete some "(same as parent)" entries, they seem come back later.
By the way, the command in the nslookup
ls -t srv _msdcs.testadservs.net
Do I need to replace the testadservs.net to myns.mycom at all?
Thanks again.

Meinolf Weber [MVP-DS]

unread,
Jan 6, 2010, 4:51:26 AM1/6/10
to
Hello Jason,

As Ace said a DC shouldn't run any other application, especially no web server,
Exchange or SQL. Additional you have also the 168.x.x.x as DNS server on
the NIC listed. So at least kick this out and maybe you are lucky, presonal
i think it wan't even if the wrong DNS is removed.

Best regards

>>>> rs \EnableProxy

Meinolf Weber [MVP-DS]

unread,
Jan 6, 2010, 4:54:24 AM1/6/10
to
Hello Jason,

Move the webservices to another server and use only one ip address for the
DC with the correct DNS servers, remove 168.x.x.x, on the NIC and your problems
with the new machine will go away, i am sure.

Or think about demoting that server to member server, IF the applications
are not effected with that step and you can leave ti multihomed for the web
service.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Meinolf Weber [MVP-DS]

unread,
Jan 6, 2010, 4:59:19 AM1/6/10
to
Hello Jason,

That your DCs are not in sync belongs to the above listd problem with multihoming
and external DNS servers on the NIC.

If they are over the tombstone lifetime, what i assume about the time limit
error, the safest way is to kick out the machine, with the error listed,
with dcpromo or dcpromo /forceremoval and check the AD database, DNS , AD
sites and services etc. for old entries of it according to:
http://support.microsoft.com/kb/555846/en-us

Please run "repadmin /showrepl" and post the output here from both DCs.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.


** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Jorge Silva

unread,
Jan 6, 2010, 8:17:27 AM1/6/10
to
Ok,
Let's start with a basic test.
- Unplug the multihomed DC from network.
- Run ipconfig /flushdns on both (Win2008 and the DC that is plugged to your
network switch).
- Restart the DNS service on the online DC.
- On the DC that is online run the following command (without the quotes):
"netdom query fsmo". Post here the results.
- Check the name of the Win2008 to be added to the domain, then go to the
online DC and make sure that you DON'T have ANY account with the same name.
- In the win2008 server Point the Preferred DNS server to the ONLINE DC. Try
to add it again to the Domain. If it fails post here the exact error
message. Go to the DC and check the eventlog for error messages that were
logged when you attempted to add that new server.

- Plug the unplugged DC to the network again.

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.


"Jason Huang" <JasonHu...@hotmail.com> wrote in message

news:uk9B9apj...@TK2MSFTNGP06.phx.gbl...

Ace Fekay [MVP-DS, MCT]

unread,
Jan 6, 2010, 10:46:50 AM1/6/10
to

"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:eUZYjlqj...@TK2MSFTNGP06.phx.gbl...

> Even I delete some "(same as parent)" entries, they seem come back later.
> By the way, the command in the nslookup
> ls -t srv _msdcs.testadservs.net
> Do I need to replace the testadservs.net to myns.mycom at all?
> Thanks again.
>

Yes, replace it with mycom.com. However, it's ok, you don't have to run it.
The ipconfig you posted is enough to diagnose it, as we already did, and you
have our recommendations to resolve it, one of which I agree with Meinolf is
to demote this machine to a member server and remove the DNS address
168.95.1.1.

Even if you delete the "(same as parent)" record, it will return
automatically. This is because the netlogon service is putting it back in.
That is one of the services running on the DC that ensures proper SRV
records are registered in DNS. However, since there are 10-15 addresses, the
service is registering all of them.

A web server should never be a DC. Any reason this machine is a DC? Is it
safe for you to demote it?

If you really want to keep it, as I mentioned earlier there are steps you
can perform to change a dmoain controller's default functionality that
include multiple registry changes. I forgot to post my blog link, which I
apologize. I posted it below. It shows you why this configuration is
detrimental on a DC, but if you want to keep it as a DC for whatever reason,
it shows steps to alter the configuration to work with multiple IPs,
multiple NICs and/or RRAS installed.

Multihomed DCs with DNS, RRAS, multiple IPs, and/or PPPoE adapters
http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

I hope you find it helpful.

Ace


Jason Huang

unread,
Jan 6, 2010, 10:44:09 PM1/6/10
to

Thanks so much!
I'm thinking demoting the Secondary DC (192.168.2.2) to just member server,
and put all .Net web applications on this member server. Then join the
Win2008 to the domain.
I would dcpromo another member server(192.168.1.15) as an AD Server, and
switch it to be the Primary AD server, cuz the current AD root server
192.168.1.1 is kind of old( 6 years old).


"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
???????:6cb2911dbcbd8...@msnews.microsoft.com...

Jason Huang

unread,
Jan 7, 2010, 12:45:16 AM1/7/10
to
I'm wondering why a DC shouldn't run the SQL Server.


"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
???????:6cb2911dbcba8...@msnews.microsoft.com...

Meinolf Weber [MVP-DS]

unread,
Jan 7, 2010, 2:54:25 AM1/7/10
to
Hello Jason,

A DC is the heart of the domain and should only run it's basic tasks, AD,
DNS, GC and maybe DHCP. Any additional application requires additional performance
or more important depending on the application/role lowers security setttings
on a DC. Also if you have the need to demote the DC you have to be sure that
the SQL instances will work after demoting or you have to move SQL to another
server at that time.

Meinolf Weber [MVP-DS]

unread,
Jan 7, 2010, 2:56:36 AM1/7/10
to
Hello Jason,

Make sure to have the replication problems solved/corrected before going
into deeper changes of the network.

Ace Fekay [MVP-DS, MCT]

unread,
Jan 7, 2010, 8:39:03 AM1/7/10
to
"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911dbdc08...@msnews.microsoft.com...

> Hello Jason,
>
> A DC is the heart of the domain and should only run it's basic tasks, AD,
> DNS, GC and maybe DHCP. Any additional application requires additional
> performance or more important depending on the application/role lowers
> security setttings on a DC. Also if you have the need to demote the DC you
> have to be sure that the SQL instances will work after demoting or you
> have to move SQL to another server at that time.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

In addition, a DC once promoted, disables write-behind cache on the drive
controllers. SQL uses this feature for performance and transactional
logging. Same with Exchange. Disabling write-behind cache on the controller
affects performance as well, and impacts SQL and Exchange processes, besides
the fact that disabling this feature may hinder recovering emails or
database transactions during a power outage shutdown, but AD needs this
feature. And this feature cannot be enabled on a DC. If you change it, the
DC puts it back automatically within seconds. The only exception to the rule
is on SBS server, wihch was designed to deal with this condition.

Ace

Jorge Silva

unread,
Jan 11, 2010, 4:09:38 PM1/11/10
to

Hi
Is it ok, now?

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.


"Jason Huang" <JasonHu...@hotmail.com> wrote in message

news:uk9B9apj...@TK2MSFTNGP06.phx.gbl...

Jason Huang

unread,
Jan 11, 2010, 9:46:37 PM1/11/10
to
Thanks.
The Win2008 server has joined the domain MyCom.com as a member server
successfully, and the server 192.168.2.2 is now also a member server with
lots of IPs working as the .Net web server.

"Jorge Silva" <jorges...@hotmail.com>
???????:1F09260B-38FA-4CD2...@microsoft.com...

Jorge Silva

unread,
Jan 13, 2010, 4:06:40 PM1/13/10
to
Ok, excellent.

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.


"Jason Huang" <JasonHu...@hotmail.com> wrote in message

news:OzV0xFzk...@TK2MSFTNGP02.phx.gbl...

Ace Fekay [MVP-DS, MCT]

unread,
Jan 13, 2010, 4:51:33 PM1/13/10
to
"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:OzV0xFzk...@TK2MSFTNGP02.phx.gbl...

> Thanks.
> The Win2008 server has joined the domain MyCom.com as a member server
> successfully, and the server 192.168.2.2 is now also a member server with
> lots of IPs working as the .Net web server.
>


Good to hear. :-)

Ace

0 new messages