How to: configure a backup DC

[HMOOC]

Hello,

I would like to know how to configure a backup Domain Controller for the
small business 2003 server we're running. Is there a way? Additionally I
would like to set up this backup domain controller to be the backup VPN
server. If you can provide a link to follow the steps, that would be awesome.

Thank you,

Helen

[cjobes]

The first part is easy. You just install a 2003 server, join it into the
domain and run dcpromo. If you are using 2003 R2 you need to run forestprep
and domainprep from the R2 CD on the SBS first.

The second part really depends on your network setup and we would need more
details. SBS with one or two NICs, ISA yes/no, where is the second server
plugged in, etc.

Claus

"HMOOC" <HM...@discussions.microsoft.com> wrote in message
news:DE7FB3B0-BC24-4531...@microsoft.com...

[HMOOC]

Claus,

Does BDC have to be a windows 2003 server (we don't have the license to
install one right now)? We have 3 Windows 2000 Adv servers that I can use to
install.

Our SBS has 2 NIC (onboard dual NICs). I use team software to make the dual
NIC to look like one NIC. We don't use ISA. It’s a SBS standard edition.
The second server is one the 3 Windows 2000 file servers I have mentioned. I
did try to install Remote Routing via A/R program icon today on the file
server, but I did not get too far because it did not know how to authenticate
the users. I guess it was trying to find where Active Directory is and it
does not know where it is.

Can you give me some ideas how I can get the backup VPN going.

Thanks,
Helen

[cjobes]

You can use a 2000 server. Just join it and then run dcpromo.

As to the VPN configuration, here is a link...
http://www.microsoft.com/technet/community/columns/profwin/pw0201.mspx

Claus

"HMOOC" <HM...@discussions.microsoft.com> wrote in message

news:DE1AFF5D-6082-4351...@microsoft.com...

[HMOOC]

Wow, that's simple enough. Will running DCPROMO install AD on the file
server or would I have to do that before running DCPROMO? Sorry I am just a
bit confuse at this point. Thank you for the VPN link...it looks good.

[cjobes]

dcpromo will make the file server a DC and by definition a DC has the AD -
that's what makes it a DC.

And given that you are into fault tolerance, I probably would also install
DNS on that server.

"HMOOC" <HM...@discussions.microsoft.com> wrote in message

news:760D3A83-0E9D-45DD...@microsoft.com...

[HMOOC]

Hi Claus,

Just want to thank you for your help and response. You're a great help. I
am going to give it try with the information you have provided in the given
week.

Cheers,
Helen

[cjobes]

You are very welcome Helen, I'm going to catch some sleep now ... it's 1 AM.

Claus

"HMOOC" <HM...@discussions.microsoft.com> wrote in message

news:CDB479A5-D9F8-4839...@microsoft.com...

[philantill]

First, apologies for picking up on this old post but i'm hoping you'll be
able to clarify this.

Q1: If i add an W2003 R2 server (whatever version (e.g. std or enterprise),
apart fron SBS) to an 2003 SP1 SBS domain as an additional DC then i have to
use the R2 media to update the schema on the SBS SP1 server using the adprep
command?
Q2: MS article 917385 says 'the install disk 2 (R2 media with adprep on it)
is specific to the edition of windows server 2003' does this mean that i
have to use the adprep command from SBS 2003 R2 media to update the SBS 2003
SP1? I'm hoping i'm mistaken!
Many thanks

Phil

[Ben M. Schorr - MVP]

Aloha philantill,

I haven't tried it, but I don't think you'd need an SBS-specific version
of ADPREP. You DO have to use the version that's on Install disk 2, of the
Server 2003 R2 set, however. I had a client who banged their head against
the wall for weeks trying to add a 2003 R2 DC to their existing 2003 domain
and not being able to get ForestPrep to run properly on the old server.
Because they weren't using the right one...

-Ben-
Ben M. Schorr - MVP
Roland Schorr & Tower
http://www.rolandschorr.com
Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm

[kj]

Q1; Yes, if you complete the install of the new server with the second CD
making it an 2003 R2 version. If you complete the install using only the
first CD, then the new server will be 2003 SP1 and you will not need to
update the schema to add as a second DC. But, you won't have the R2 features
in that case.

Q2; Clear as mud, isn't it? This is referring to the schema versions only.
Doing the Adpreps using the R2 CD2 only updates the Active Directory Schema
to version 31. It does not alter the version of the SBS operating system.
Schema Version 31 is required for 2003 R2 servers to participate as Domain
Controllers.

Hope that helps.

--
/kj
"philantill" <phila...@discussions.microsoft.com> wrote in message
news:52D8C2C4-6D2A-4635...@microsoft.com...

[philantill]

Many thanks to kj & Ben for your quick replies - i think that's got my head
stright now!
Phil

[mcass]

don't know if you guys might be able to help....i've got a similar thread
going with a couple guys trying to help, but me as i am will try to post in
every similar thread.

dcpromo.exe does not work for me....i've followed the guides on adding
additional member servers to the sbs 2003 network, and get stuck at
installing AD. when it asks for the network credentials, it tells me that
the DC could not be located, even though the user that i'm logged into logged
into that dc....hmmm? anyone have some clues?

[cjobes]

Is the server that you are trying to run the dcpromo on a member server? Can
you connect from that server to shares on the SBS? What OS are you running
on that server and what SBS version do you have?

"mcass" <mc...@discussions.microsoft.com> wrote in message
news:9121F1A9-C458-42A2...@microsoft.com...

[mcass]

yes, it is a member server.....followed "add and manage additional servers in
a windows small business server network" doc that steve sent me the link to.
yes, the shares are accessible, even runs the login script. it is server
2003 standard...not the r2. sbs is 2003 premium.

[mcass]

wooops...made mistake...it was actually chris hanna that led me to that
document, but if you want to check out what all else has been going on...the
thread is called "server 2003 standard domain user local rights"....called it
that because it's just what it started out to be...i couldn't figure out why,
even though i joined the domain my domain users had no local rights on the
server. apparently i had to join the domain in a "different" way using the
sbs add member server wizard... still consider it weird...

[kj]

Run ipconfig / all from the member server and perhaps netdiag as well. Post
the complete results.

Also post the complete error from dcpromo.

Does the 2003 std OS have SP1?

--
/kj

"mcass" <mc...@discussions.microsoft.com> wrote in message

news:3FEFF1FF-FD3F-4F13...@microsoft.com...

[mcass]

ok...netdiag gives me an unrecognized command error....so i'm copying a
couple replies to a seperate thread for the other requested
information....here goes...

DNS DCPROMO.EXE ERRORS:
>>Subject: Re: server 2003 standard domain user local rights 10/17/2006 9:58 >>AM PST
>>
>>By: mcass In: microsoft.public.windows.server.sbs
>>
>>
>>I'm not quite sure how that's supposed to work....when I use the Configure
>>Your Server Wizard to add the Domain Controller role, select Additional
>>domain controller for an existing domain, it then takes me to the screen
>>where it asks for the network credentials. I type in the domain
>>Administrator account and password, the domain is already filled in with
>>"DI-COMM.local" and click next. It gives me an error:
>>
>>An Active Directory domain controller for the domain DI-COMM.local could not
>>be contacted.
>>
>>The details of the error are:
>>
>>The following error occurred when DNS was queried for the service location
>>(SRV) resource record used to locate a domain controller for domain
>>DI-COMM.local:
>>
>>The error was: "DNS name does not exist."
>>(error code 0x0000232B RCODE_NAME_ERROR)
>>
>>The query was for the SRV record for _ldap._tcp.dc._msdcs.DI-COMM.local
>>
>>Common causes of this error include the following:
>>
>>- The DNS SRV records required to locate a domain controller for the domain
>>are not registered in DNS. These records are registered with a DNS server
>>automatically when a domain controller is added to a domain. They are updated
>>by the domain controller at set intervals. This computer is configured to use
>>DNS servers with following IP addresses:
>>
>>4.2.2.2
>>192.168.254.1
>>
>>- One or more of the following zones do not include delegation to its child
>>zone:
>>
>>DI-COMM.local
>>local
>>. (the root zone)
>>
>>For information about correcting this problem, click Help.
>>
>>I'm not exactly sure what this is supposed to mean, but I've also tried
>>using just DI-COMM as the domain name instead of DI-COMM.local and got the
>>same error.
>>
>>Please Help!

>>Subject: Re: server 2003 standard domain user local rights 10/17/2006 10:16 >>AM PST
>>
>>By: mcass In: microsoft.public.windows.server.sbs
>>
>>
>>I was thinking....maybe....just maybe I needed to have my DNS addresses point
>>to the DC instead of the router, so I changed them, and got this error:
>>
>>The wizard cannot gain access to the list of domains in the forest.
>>This condition may be caused by a DNS lookup problem. For more
>>information...... http://go.microsoft.com/fwlink/?LinkId=5171
>>
>>The error is:
>>The RPC server is unavailable.
>>
>>I went to that link, but it didn't seem to have any relevant
>>information....I could be wrong though..??

IPSETTINGS:
>>Subject: Re: server 2003 standard domain user local rights 10/19/2006 7:02 >>AM PST
>>
>>By: mcass In: microsoft.public.windows.server.sbs
>>
>>
>>let me first say, that i have tried for hours looking for microsoft documents
>>on how to add an additional domain server in a Windows SBS network, however
>>only come up with documents telling you it can be done (contrary to popular
>>belief)....but not how to do it.
>>
>>one nic in SBS server = 192.168.254.200 connected to main router
>>main router connected to dsl & cable connections...local ip = 192.168.254.1
>>one nic in additional Std. 2003 server = 192.168.254.197 connected to switch
>>- uplinked to router
>>
>>SBS Server host name = Torment2k3
>>Additional Server host name = DVR
>>(I have followed your last post stating that I should not have any other DNS
>>address besides the SBS server configured, however, since it still didn't
>>work, i added in the router as secondary DNS address incase the SBS goes >>down for maintanence or whatnot)
>>
>>C:\Documents and Settings\DVRAdmin>ipconfig /all
>>
>>Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : dvr
>> Primary Dns Suffix . . . . . . . : DI-COMM.local
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : DI-COMM.local
>>
>>Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
>> Physical Address. . . . . . . . . : 00-0E-0C-3D-BA-8B
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.254.197
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.254.1
>> DNS Servers . . . . . . . . . . . : 191.168.254.200
>> 192.168.254.1
>> Primary WINS Server . . . . . . . : 192.168.254.200

[kj]

>>I was thinking....maybe....just maybe I needed to have my DNS addresses
>>point
>>to the DC instead of the router, so I changed them, and got this error:

All Active Directory Workstations, Member Servers, and Domain Controllers,
MUST use Active Directory DNS servers.

Configure your SBS DNS setting to itself, DHCP settings, all static IP
devices, and your member server. Reboot all reconfigured devices. Install
the Windows 2003 support tools on all the servers. Run DCDiag on the
servers.

..and post an ipconfig /all

--
/kj
"mcass" <mc...@discussions.microsoft.com> wrote in message

news:46AEBF50-EB99-4979...@microsoft.com...

[mcass]

Here's dcdiag and ipconfig results:

C:\Documents and Settings\DVRAdmin>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : dvr
Primary Dns Suffix . . . . . . . : DI-COMM.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : DI-COMM.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0E-0C-3D-BA-8B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.254.197
Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.254.200

DNS Servers . . . . . . . . . . . : 191.168.254.200

Primary WINS Server . . . . . . . : 192.168.254.200

C:\Program Files\Support Tools>dcdiag /n:di-comm.local
The distinguished name of the domain is DC=di-comm,DC=local.

Domain Controller Diagnosis

Performing initial setup:
A domain controller holding di-comm.local could not be located.
The error is The specified domain either does not exist or could not be
conta
cted.
Try specifying a server with the /s option.

C:\Program Files\Support Tools>dcdiag /s:torment2k3

Domain Controller Diagnosis

Performing initial setup:
[torment2k3] LDAP bind failed with error 8341,
A directory service error has occurred..

C:\Program Files\Support Tools>

[cjobes]

You didn't post an IP config of your SBS NICs. We can't check anything
without that info.

"mcass" <mc...@discussions.microsoft.com> wrote in message

news:6668B82D-E3ED-4659...@microsoft.com...

[mcass]

oh...sorry, wasn't thinking about sbs. here it is.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : torment2k3

Primary Dns Suffix . . . . . . . : DI-COMM.local

Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes

DNS Suffix Search List. . . . . . : DI-COMM.local

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection

Physical Address. . . . . . . . . : 00-0E-0C-6A-71-26

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.254.200

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.254.1
DNS Servers . . . . . . . . . . . : 192.168.254.200
Primary WINS Server . . . . . . . : 192.168.1.200

C:\Documents and Settings\Administrator>

[cjobes]

I guess you have just one NIC in your SBS. What WINS server is the box
pointing to? It's in a different subnet. The WINS should point to your SBS.

"mcass" <mc...@discussions.microsoft.com> wrote in message

news:CC137BC1-08C5-433B...@microsoft.com...

[mcass]

yes, this was from previous network scheme. had to switch to 254.x because
we brought in a few vpn's from customer sites and had to switch ours to be
out of the range of anything we would come across. i changed it to 254.200,
still no difference in the dcpromo on the DVR BDC. DHCP from SBS was
assigning the new ip scheme however, just manual ip setting in tcp/ip for the
sbs nic. there are two nics in the machine, one is disabled because MS said
it would create a loop the way the previous administrator had setup it up.

i still can't figure out why the dcpromo on the server 2003 standard machine
is not working though. how can it not find the domain server, if i first
have to actually login into the domain server to get the gui to run
dcpromo....doesn't make any sense to me. i took the sbs from scratch and all
that has been added is a couple of proprietary 3rd party database hosting
(ayanova for workorders and quickbooks), added in some domain users, shares,
setup the sbs monitoring and reporting, and that's about it...there's nothing
that complicated on it....not even using the exchange or sql (other than what
monitoring and reporting uses) or anything else....DNS/AD/DHCP/USERS/SHARES
that's about it....why won't this work right?

[kj]

From a command line on the SBS server, run dcdiag /e /v and post the
complete results.

--
/kj

"mcass" <mc...@discussions.microsoft.com> wrote in message

news:33F48CA3-16BD-4ADB...@microsoft.com...

[mcass]

this is the dcdiag from the SBS Server....I did notice the IsmServ service
was not running and so 1 test failed. i immediately went into services on
the sbs and looked for an ismserv service, but found InterSite Messaging
service (assumed that's the one) and it was set to disabled. i set it to
manual and started the service, tried dcpromo from the DVR server and nothing
changed. i restarted the DVR server before i tried this and this time on
restart it started doing what it did before i successfully joined it to the
domain...taking forever and a day to login....this i assume is the cached
credentials you speak of. what made the change? i went through the proper
steps to join it to the domain....using sbs's stupid configure member servers
wizard and it worked after that on several restarts for about 3 days or
so...then i just didn't restart it anymore until now...and now it's doing the
same old thing again.....is MS wanting me to pull all my hair out???

anyway...here's the results from dcdiag /e /v on the SBS server:

C:\Program Files\Support Tools>dcdiag /e /v

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine torment2k3, is a DC.
* Connecting to directory service on server torment2k3.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\TORMENT2K3
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... TORMENT2K3 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\TORMENT2K3
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... TORMENT2K3 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC TORMENT2K3.
* Security Permissions Check for
DC=ForestDnsZones,DC=DI-COMM,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=DI-COMM,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=DI-COMM,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=DI-COMM,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=DI-COMM,DC=local
(Domain,Version 2)
......................... TORMENT2K3 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\TORMENT2K3\netlogon
Verified share \\TORMENT2K3\sysvol
......................... TORMENT2K3 passed test NetLogons
Starting test: Advertising
The DC TORMENT2K3 is advertising itself as a DC and having a DS.
The DC TORMENT2K3 is advertising as an LDAP server
The DC TORMENT2K3 is advertising as having a writeable directory
The DC TORMENT2K3 is advertising as a Key Distribution Center
The DC TORMENT2K3 is advertising as a time server
The DS TORMENT2K3 is advertising as a GC.
......................... TORMENT2K3 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=TORMENT2K3,CN=Servers,CN=Defaul
t-First-Site-Name,CN=Sites,CN=Configuration,DC=DI-COMM,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=TORMENT2K3,CN=Servers,CN=Defaul
t-First-Site-Name,CN=Sites,CN=Configuration,DC=DI-COMM,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=TORMENT2K3,CN=Servers,CN=Default-F
irst-Site-Name,CN=Sites,CN=Configuration,DC=DI-COMM,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=TORMENT2K3,CN=Servers,CN=Default-F
irst-Site-Name,CN=Sites,CN=Configuration,DC=DI-COMM,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=TORMENT2K3,CN=Se
rvers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DI-COMM,DC=local
......................... TORMENT2K3 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2110 to 1073741823
* torment2k3.DI-COMM.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1610 to 2109
* rIDPreviousAllocationPool is 1110 to 1609
* rIDNextRID: 1461
......................... TORMENT2K3 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC TORMENT2K3 on DC TORMENT2K3.
* SPN found :LDAP/torment2k3.DI-COMM.local/DI-COMM.local
* SPN found :LDAP/torment2k3.DI-COMM.local
* SPN found :LDAP/TORMENT2K3
* SPN found :LDAP/torment2k3.DI-COMM.local/DI-COMM
* SPN found
:LDAP/8a2aa298-5495-476f-8171-ac88824a7596._msdcs.DI-COMM.l
ocal
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/8a2aa298-5495-476f-81
71-ac88824a7596/DI-COMM.local
* SPN found :HOST/torment2k3.DI-COMM.local/DI-COMM.local
* SPN found :HOST/torment2k3.DI-COMM.local
* SPN found :HOST/TORMENT2K3
* SPN found :HOST/torment2k3.DI-COMM.local/DI-COMM
* SPN found :GC/torment2k3.DI-COMM.local/DI-COMM.local
......................... TORMENT2K3 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [TORMENT2K3]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... TORMENT2K3 failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
TORMENT2K3 is in domain DC=DI-COMM,DC=local
Checking for CN=TORMENT2K3,OU=Domain
Controllers,DC=DI-COMM,DC=local in
domain DC=DI-COMM,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=TORMENT2K3,CN=Servers,CN=Default-First
-Site-Name,CN=Sites,CN=Configuration,DC=DI-COMM,DC=local in domain
CN=Configurat
ion,DC=DI-COMM,DC=local on 1 servers
Object is up-to-date on all servers.
......................... TORMENT2K3 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... TORMENT2K3 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... TORMENT2K3 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minut
es.
......................... TORMENT2K3 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... TORMENT2K3 passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=TORMENT2K3,OU=Domain Controllers,DC=DI-COMM,DC=local and backlink
on

CN=TORMENT2K3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu
ration,DC=DI-COMM,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=TORMENT2K3,CN=Domain System Volume (SYSVOL share),CN=File
Replicatio
n Service,CN=System,DC=DI-COMM,DC=local
and backlink on
CN=TORMENT2K3,OU=Domain Controllers,DC=DI-COMM,DC=local are correct.
The system object reference (serverReferenceBL)
CN=TORMENT2K3,CN=Domain System Volume (SYSVOL share),CN=File
Replicatio
n Service,CN=System,DC=DI-COMM,DC=local
and backlink on
CN=NTDS
Settings,CN=TORMENT2K3,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=DI-COMM,DC=local
are correct.
......................... TORMENT2K3 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : DI-COMM
Starting test: CrossRefValidation
......................... DI-COMM passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DI-COMM passed test CheckSDRefDom

Running enterprise tests on : DI-COMM.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... DI-COMM.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\torment2k3.DI-COMM.local
Locator Flags: 0xe00003fd
PDC Name: \\torment2k3.DI-COMM.local
Locator Flags: 0xe00003fd
Time Server Name: \\torment2k3.DI-COMM.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\torment2k3.DI-COMM.local
Locator Flags: 0xe00003fd
KDC Name: \\torment2k3.DI-COMM.local
Locator Flags: 0xe00003fd
......................... DI-COMM.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS

C:\Program Files\Support Tools>

[kj]

OK well dcdiag looks good. Long logon times are symptomatic of DNS problems.
I know you might have already, but could you do a ipconfig/all from the
member server and post. Also, which version of 2003 is this member server
(RTM, SP1, R2, ???), and what account are you logging into to attempt the
dcpromo?

--
/kj
"mcass" <mc...@discussions.microsoft.com> wrote in message

news:B6960123-475A-46D9...@microsoft.com...

[mcass]

no problem...first a question or two. do the gateway and dns ip settings on
the member server always have to be the ip of the sbs server (i did have the
gateway pointed to the router)? because if that server is down, my gateway
and everything else goes with it....no internet or anything else right? why
would i want that for a backup dc? wouldn't that mean that it wouldn't be
operational either???

anyway...i am using a domain administrator account to login on the member
server...using THE domain admin account running dcpromo, and the os is
windows server 2003 standard with sp1 installed. here's the ip config from
the member server:

C:\Documents and Settings\DVRAdmin>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : dvr

Primary Dns Suffix . . . . . . . : DI-COMM.local

Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : DI-COMM.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection

Physical Address. . . . . . . . . : 00-0E-0C-3D-BA-8B

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.254.197

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.254.200
DNS Servers . . . . . . . . . . . : 191.168.254.200
Primary WINS Server . . . . . . . : 192.168.254.200

C:\Documents and Settings\DVRAdmin>

[kj]

Your "gateway" should always point to the 'egress' address. If you are not
using ISA, then the router is the correct entry.

On your member server change;

> DNS Servers . . . . . . . . . . . : 191.168.254.200

to be;

> DNS Servers . . . . . . . . . . . : 192.168.254.200

...reboot, and things should go much easier.

--
/kj
"mcass" <mc...@discussions.microsoft.com> wrote in message

news:7D19638D-CF83-4C9C...@microsoft.com...