Off-site domain controller

Hi,
I work for a small company who (for reasons of security, cooling, noise and power consumption) cannot run a server at their local office, so there are about 12 PCs in the office along with a D-Link DFL-260E router, and they have a server hosted in an off-site
rackspace centre. The server is running Windows Server 2012 and VPN tunnel is maintained to the D-Link router in the office. The D-Link router acts as the DHCP server for the office.
My predecessor configured the server as a domain controller, but at present none of the PCs in the office are members of this domain - I would like to address this but when I try to join my PC to the domain it fails to find the domain controller.
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
Are there any DNS settings I need to set up on the D-Link router and/or the off-site server to allow the PCs to join the domain?
The issue is possibly further complicated by the fact that the internal domain has been configured to use the same "mycompanyname.com" domain name as our public website - which is hosted entirely separately by a web hosting company and as such
"mycompanyname.com" resolves to the IP address of the web hosting server. I've read up a bit on split-dns but I'm not sure how to configure the router or server to accommodate it.
I would like to avoid tearing down and rebuilding the domain because it is a live environment and various other services running on the Windows Server are preconfigured to authenticate against it.
Any advice would be greatly appreciated.
Thanks.

HI
Domain Join
First we need to Test it :)
take one PC and assign DNS IP address as the Domain controller, Try to ping your domain name and it should resolve to the IP Domain controller IP address.
Then , Join the PC to Domain and you will be able to do it with out any issues.
Second
Yes, you need a split DNS configuration, YOu need all the public web address added on to the local domain controller.
Example : if you have a site xx.com and its poing to 195.x.x.x IP adress
on the domain controller add the host record point to public IP address for all web address.
Test access from the PC which we joind to domain
If you are able to access all sites and services, let do it for all
On DHCP, change the DNS to your domain controller and start adding PC to domain

Similar Messages

Turning on a Domain Controller after ntdsutil metadacleanup

Hello,
I was in the middle of doing a lifecycle replacement swapping out 2003 servers for 2008 R2 servers. I promoted my 2 Windows Server 2008 R2 domain controllers. I tried to demote my Windows 2003 SP1 server and kept getting lsass errors and
crashing my domain controller. After the lsass errors I simply turned off the domain controller and did a ntdsutil meta data cleanup on that domain controller. Unfortunately we installed the McAfee managed client on the new domain controllers and
broke the secure link so I had to demote them. After fixing the problem, I tried to promote them again and I keep getting lsass errors and the Windows Server 2003 SP1 domain controller blue screens so I need to bring the other 2003 server back online.
My question is, when I turn on the 2003 domain controller, will it continue as a domain controller even after metadata cleanup? The only reason I ask is because when I did metadata clean up it prompted with a message that if I turn the domain controller
back on it will be revived.

>>>My question is, when I turn on the 2003 domain controller, will it continue as a domain controller
even after metadata cleanup?
No. You are manually removing this DC from AD database.
You can promote this server as DC again if need. Start with a new OS
Santhosh Sivarajan | Houston, TX | www.sivarajan.com
ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
Blogs: Blogs
Twitter: Twitter
LinkedIn: LinkedIn
Facebook: Facebook
Microsoft Virtual Academy:
Microsoft Virtual Academy
This posting is provided AS IS with no warranties, and confers no rights.

AD account logging to a remote domain controller for authentication

Hi,
I have a weird issue with an AD account using a different logonserver when authenticating to AD. A domain admin account uses the local site domain controller but another account is using a remote domain controller as logonserver. I'm using both account
to logon to the same server (CRM 2011). But when I issue the command "set l' from the command line, they shows different logonserver value.
My issue is the crm account is pointing to a remote domain controller (windows 2012 R2) which I don't want and should use the local site domain controller (windows 2008 R2). The reason being is that the CRM server is on a test network (isolated) and
when we test an upgrade of CRM addon product called Experlogix, the upgrade requires to get authenticated by AD but it fails and I think the logonserver is the issue. When the crm account is used on the test server it points not to the local site domain controller
but to the remote dc which is not in the test server.
Thanks for your help!!!
AA

Start by checking that your are sites and subnets are well configured.
Use dssite.msc and make sure that:
You have AD sites that represent your physical sites
All the subnets in use are created and moved to the correct AD site
Your DCs belong to the correct AD site
You can read more about the DC Locator process here: http://social.technet.microsoft.com/wiki/contents/articles/24457.how-domain-controllers-are-located-in-windows.aspx
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile

AD Site with no Domain Controller

Hello,
I have a customer that wants to set up a GPO to add a printer only when users are at a new remote office. They do not want to set up a Domain Controller at this site, so I was wondering if the best way to set this up would be to create a new site, add the
sub net to this site, create the GPO, link it to this site, and use a low site link cost to make sure that a domain controller in North America is used, and not any of the DCs in their European sites.
Thanks!

That would indeed work. You would want to make sure the NA DCs have a lower cost link to the new site. They will likely enable auto-site coverage if it calculates out properly. If someone has turned off this feature you may need to re-enable it on DCs.
Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years.

Maintain access to network(shared folders) resources if the site loses access to a Domain Controller?

Scenario
Windows 7 users log on to workstations at a site. Domain Controller is up and does the domain authentication for those users across the WAN. Users are then accessing a local(same building) Shared directory on a Windows 2008r2 server, in order to open, modify,
save new files, etc.
Then, the site loses access to the Domain Controller due to a WAN outage.
Question
Will those users that have already logged onto their Windows 7 workstations continue to have access to the shared resources on the local Windows 2008r2 server with their cached credentials(assuming they don't logoff or restart their machines)?? This has
been the case in the past, but wondering if anything has changed with Windows 2008??
Thanks

Hi,
The duration that you can access the server depends on when the server requires re-authentication.
In Windows implementation, SMB session expiration is enforced based upon the client’s support of dynamic re-authentication capability [MS-SMB].
If the client enables the CAP_DYNAMIC_REAUTH capability bit, the server will enforce session expiration. If a client does not set CAP_DYNAMIC_REAUTH, the Windows server does not return STATUS_NETWORK_SESSION_EXPIRED.
The SMB dynamic re-authentication feature was introduced in Windows XP. From there, Windows-based clients set the CAP_DYNAMIC_REAUTH capability bit to indicate to the server that the client supports re-authentication when the Kerberos service ticket for
the session expires.
Windows servers do check CAP_DYNAMIC_REAUTH:
If clientCapabilities sets CAP_DYNAMIC_REAUTH, the server will set Server. Session.AuthenticationExpirationTime to the expiry time returned by AcceptSecuirtyContext.
If clientCapabilities does not set CAP_DYNAMIC_REAUTH, the server will not set Server. Session.AuthenticationExpirationTime, basically a CAP_DYNAMIC_REAUTH capability bit not set by the client means the session will not expire on the server side.
To configure Maximum lifetime for service ticket, you can use grouppolicy. The default value of
Maximum lifetime for service ticket
in Default Domain Policy is 600 minutes.
Note:This setting is applied to DC, not clients.
For detailed information, please view the link below
CIFS and SMB Timeouts in Windows
http://blogs.msdn.com/b/openspecification/archive/2013/03/19/cifs-and-smb-timeouts-in-windows.aspx
Maximum lifetime for service ticket
http://technet.microsoft.com/en-us/library/jj852188.aspx
Hope this helps.
Steven Lee
TechNet Community Support

Best Practices for Setting up a Windows 2012 R2 STD Domain Controller in a Remote Site

So I'm looking for an article or writeup similar to the "Adding Domain Controllers in Remote Sites" TechNet article but for Windows Server 2012 STD R2. Here is my scenario:
1. I want to setup the domain controller at Site A where the primary domain controller is located. The primary domain controller is Windows Server 2008 R2.
2. Once the DC is setup I plan on leaving it on our network for a few days before shipping it to remote Site B for installation
Other key items:
1. The remote Site B will have a different IP range than Site A but will be connected to Site A via a single VPN tunnel. All the DCs that replicate with each other are on the same domain.
2. The 2012 DC that I setup for Site B (same domain in same forest) will be a DHCP, DNS, and WSUS server all replicating to the primary DC at Site A
Questions:
1. What items can I setup while it's at Site A without effecting or conflicting with the existing network and domain controller? Can I setup a scope once the DHCP role is added?
2. All of our DCs replicate through Sites and Services, do I have to manually add this to our primary DC for the new DC going to remote Site B? Or when does this happen automatically when I promote the DC?
All and all I'm just looking for a list of Best Practices for 2012 or a Step by Step Guide. Any help would be appreciated.

Hi,
Thanks for your posting.
When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
For more and detail information, please refer to:
Best Practices for Adding Domain Controllers in Remote Sites
http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
Regards.
Vivian Wang

New Domain Controller does not show in our different site's Domain controller's Sites and Services

Hi,
we have two sites in our AD environment. OMA site and NY site. we have three domain controllers in our OMA site and two domain controllers in our NY site. All our DCs are windows server 2008R2 except one in our OMA site that is 2003R2 the domain
functional level is also 2003R2.
We decided to raise our functional level to 2008R2. I added a new domain controller in our OMA site and transferred all FESMOS from the DC that was running 2003R2 to this new domain controller.
the issue now is that our NY site does not make any connection with the new domain controller in OMA site. it does not even show it under sites and services. I have checked the DNS settings and everything. if you try to replicate the connections
from NY site it gives the following error: "The naming context is in the process of being removed or is not replicated from the specific server."
can anyone plz tell me why this is happening mt brain is just frozen at this moment and cant figure out why is this happening

Just noticed this replication issue has been going on for a while now but we never noticed until I added new DC. here is the error log for the NY site DC.
Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          1/4/2014 8:11:40 AM
Event ID:      2042
Task Category: Replication
Level:         Error
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      NORDC1.vertrue.com
Description:
It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.
The reason that replication is not allowed to continue is that the two DCs may contain lingering objects. Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions
of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects". If the local destination DC was allowed to replicate with the source DC, these potential lingering object
would be recreated in the local Active Directory Domain Services database.
Time of last successful replication:
2013-05-16 15:26:38
Invocation ID of source directory server:
9236ac56-d046-4632-b072-acbe823c5f6c
Name of source directory server:
accde843-11b2-476c-9783-9b29252d0ba5._msdcs.vertrue.com
Tombstone lifetime (days):
90
The replication operation has failed.
User Action:
The action plan to recover from this error can be found at
http://support.microsoft.com/?id=314282.
If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD. To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects
<Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects. To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source
DC> <Destination DC DSA GUID> <NC>".
If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at
http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.
If you need Active Directory Domain Services replication to function immediately at all costs and don't have time to remove lingering objects, enable replication by setting the following registry key to a non-zero value:
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory Domain Services configuration data to vary between
DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved. DCs that fail to inbound replicate deleted objects within tombstone lifetime
number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC. Additionally, replication may continue to be blocked after this registry key is set, depending on whether lingering objects are
located immediately.
Alternate User Action:
Force demote or reinstall the DC(s) that were disconnected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" />
    <EventID Qualifiers="49152">2042</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>5</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2014-01-04T13:11:40.963263500Z" />
    <EventRecordID>38018</EventRecordID>
    <Correlation />
    <Execution ProcessID="660" ThreadID="1596" />
    <Channel>Directory Service</Channel>
    <Computer>NORDC1.vertrue.com</Computer>
    <Security UserID="S-1-5-7" />
</System>
<EventData>
    <Data>2013-05-16 15:26:38</Data>
    <Data>9236ac56-d046-4632-b072-acbe823c5f6c</Data>
    <Data>accde843-11b2-476c-9783-9b29252d0ba5._msdcs.vertrue.com</Data>
    <Data>90</Data>
    <Data>Allow Replication With Divergent and Corrupt Partner</Data>
    <Data>System\CurrentControlSet\Services\NTDS\Parameters</Data>
</EventData>
</Event>

Adding a Server 2008 R2 Domain Controller at a remote site

Hello. I have been trying to set up a hot site at a remote location. The story is long and involved but a few weeks ago it seemed to be finally working. Our setup is two mirrored 2008 R2 servers at main site, mirrored with Double Take.
The hot site is the same except that so far I only had one server working. The two sites connected via site to site VPN.
About a week later our primary server basically crashed. At first it worked but very slowly. I was on vacation at the time and so I am not sure of the sequence of events, or exactly what errors were presented, but my associate first tried rebooting.
It took over 20 minutes to boot and then it said something to the effect that no domain controllers were available (not sure about this message). He then discovered that the server at the remote site had some fsmo roles assigned to it. He transferred
the roles to the primary at the main site and then demoted the remote server to a workstation (but still a domain member).
After that, rebooting the primary was much faster and everything at the primary site is working again. Now I want to set the remote site up again, but avoid the problem. The way I originally set up the remote server was to use an IFM file, generated
from our primary. This should have made the remote server a catalog server, with DNS (which it did), but as far as I know should not have transferred any fsmo roles.
The remote server(s) are wanted to be in the same domain as the primary. They will also be mirrored from the primary (with Double Take). If we had total failure at the main site, we wish to be able to immediately begin operations at the hot site
(after a fail over). I freely admit that I am swimming out of my depth here. I am not sure that I have selected the correct architecture or used the correct options in setting up the remote servers. I am looking for information about what
went wrong, and whether some other setup is more desirable.
Thanks for any help, Russ
Russ

Philippe, thank you for you answers. I do not understand everything you said but I will address each point as best I can:
1. "In the remote site do you simply do a dcpromo / add the ADDS's role to make the server a active Domain Controller ?" Yes, but I use the method described at
http://technet.microsoft.com/en-us/library/cc753720(v=ws.10).aspx, The GUI method. At step #8 I specified to use advanced mode so I could use the IFM file.
2. "In your AD' Site and Service MMC, do you configured the remote site ?" R do not know what you mean by this. How does one configure the site as 'remote'?
3. "Do you added that remote server as a Global catalogue ?". Yes, when I built the IFM file I specified to add the global catalog.
4. "Do you added the PC in site 1, the IP of those DNS server in them ? (last of course) So the computer in the main site will talk to the remote server in case of a crash." I am not sure I understand this item. After the remote server
was added, all of the members of both domain servers automatically appeared in the DNS of all servers in the domain. I do not recall if the new items were last, but I expect that they would be.
I have since reviewed the happenings with my associate and have a little more information. The order of the problems and the actions taken are:
1. Our primary (production) system was still working but extremely slow, and he observed that the slowness was caused by a lot of traffic with the remote site. Rebooting the production server took over 25 minutes and the server to came up saying
that domain information was not available. After another 30 minutes or so he discovered that the domain data was now available and the server worked, but still slow.
2. He did not check to verify that roles were held by the remote server, but he transferred all roles from the remote to the production server using ntdsutil. I would expect that if the role was not held by the remote, the transfer command would have
shown that fact.
3. He then tried to demote the remote server but had an error that it could not be demoted because "the active directory service is missing mandatory configuration information".
4. He forcefully demoted the remote server.
5. After rebooting the production server again performance was slightly better but still slow (and the rebood was still very slow).
6. After some research he removed the remote domain controller's meta data from the production server and then rebooted the production server again.
At that point reboot was fast (under 5 minutes) and the production system was working at normal speed again.
All of the above leads me to believe that somehow the FSMO roles got added to, or moved to the remote site when I used the IFM file to create the new domain controller. However nothing I have read says that this should happen. I hope someone
here can give me a better answer as to what caused the problem, as I do not wish to interrupt our production system like this again.
Thank you, Russ
PS: Sorry for the delay in getting back to this but some other priorities took me away from it for a week.
Russ

Ports for Creating Additional Domain controller at my remote DRC site

Hello Expert,
I have my disaster recovery center (DRC) at a remote place, now I want to configure Additional domain controller (ADC) at my DRC, kindly share me the list of ports that I need to open at my firewall to configure this ADC. I am having Server 2008R2 environment.
Swaprakash..

Hi,
The blelow link has a detailed information of the required port should be open for AD communication
Active Directory Firewall Ports - Let's Try To Make This Simple
http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx
http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx
http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
Regards,
Rafic
If you found this post helpful, please give it a "Helpful" vote.
If it answered your question, remember to mark it as an "Answer".
This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

Domain Controller cannot access \\domain\netlogon causing Auth issues

Hi everyone, I have been spent all day trying to figure out what is going on here, I have a Domain controller (only DC in the environment) that is acting funny
I first noticed when I was attempting to RDP into a server in my domain I was getting "access denied" (but I could log in as a local admin). So when I looked at the Domain Controller, I ran a DCDiag DNS test and got some an AUTH error, but am not
able to figure out how to fix this.
Another thing I notice is when I am signed into the domain Controller (GP2010-a), I cannot browse to
\\contoso.com\netlogon or any similar share.
Here is the kicker, other servers on this domain, server3, server4, server5 etc... THEY CAN access
\\contoso.com\netlogon It is ONLY the Domain controller and Server2 that CANNOT access this share. The other servers also allow me to RDP into them fine, it is only 1 server that is affected by this strange behavior.
I have checked for no IP conflicts and as far as I can tell all the DNS records are correct.
Regarding the DYNAMIC ip warning, we have a reservation that assigns the IP
thanks for any input here as i'm really stuck,
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = GP2010-A
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site-Name\GP2010-A
      Starting test: Connectivity
         ......................... GP2010-A passed test Connectivity
Doing primary tests
   Testing server: Default-First-Site-Name\GP2010-A
      Starting test: DNS
         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... GP2010-A passed test DNS
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running partition tests on : contoso
   Running enterprise tests on : contoso.com
      Starting test: DNS
         Test results for domain controllers:
            DC: GP2010-A.contoso.com
            Domain: contoso.com
               TEST: Authentication (Auth)
                  Error: Authentication failed with specified credentials
               TEST: Basic (Basc)
                  Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
                  (can be a misconfiguration)
         Summary of test results for DNS servers used by the above domain
         controllers:
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235
            DNS server: 2001:500:2::c (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c
            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d
            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f
            DNS server: 2001:500:3::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42
            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b
            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30
            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30
            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1
            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53
            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35
         Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
            Domain: contoso.com
               GP2010-A                     FAIL WARN PASS PASS PASS PASS n/a
         ......................... contoso.com failed test DNS

Hi,
TEST: Basic (Basc)
                  Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
                  (can be a misconfiguration)
Do you have any NIC conifgured to get dynamic IP on your DC which is having issue? If yes, please disable that NIC. Also, please provide me the result of the below
1) On your DC which is having issue, run "ipconfig /all"
2) Repadmin /showrepl
Thanks,
Umesh.S.K
Thanks, there is only 1 nic card. It is getting a dhcp address because this is an AZURE Hyper-v machine and I have set an IP reservation for it. I have no way to hardcode the IP because it gets shut off/on all the time
C:\Users\Administrator>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\GP2010-A
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 007c755c-f56c-4e51-a211-fd4431f63927
DSA invocationID: 007c755c-f56c-4e51-a211-fd4431f63927

Windows Server 2012 Foundation, in a Workgroup - "The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller"...

Every few days we see two dialogs with the following messages:
Dialog 1, title: Check for Licensing Compliance is Incomplete
The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller.
Dialog 2, title: Check for Licensing Compliance is Incomplete
The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller. If the license compliance check cannot be completed, the server will automatically shut
down in 8 day(s) 23 hour(s) 0 minute(s).
The server is not (and never has been) joined to a domain or had any DC roles installed. In fact its still connected to the default Workgroup.
The server was configured in our office and never showed this message until it was installed on site. The main difference from what I can see is that when installed on site it was given a static IP address and does not have any DNS settings in the network
adapter properties.
I have scoured a number of forums on this error but in almost every other instance of this error message the servers are connected to a Domain Controller and the solutions generally are linked to dis-joining and rejoining the domain. Unfortunately this is
not an option for this scenario.
I initially thought that adding some relevant DNS server IP address may resolve the issue, however, we have the exact same model server configured exactly the same running at a different site that does not experience this problem. This server also has no
DNS server configured.
I have seen a post that suggests turning off the servers "Foundation Checking", but I'm unsure how to do this.

Thanks for your response Vivian.
I can confirm that this server is not (and never has been) a member of any active directory, it is configured as a Workgroup server. It was initially configured on a network that does have an active directory, but was never joined to it. During that time it
never displayed these messages.
The server was moved into production on a different site and network and setup with a static IP address.The site network does have its own active directory but the server was not joined to it. It is whilst on this new network that these messages began.
Since my original post DNS servers have been added and the Microsoft activation has been verified, however, the messages are still appearing.
There are only 2 user accounts configured on this server. The local admin account and another local admin user.
The remote desktop services roles have been installed but not yet configured. I don't think that has any bearing on this scenario though.
The description of this error in the above "Introduction to Windows Server 2012 Foundation" link states:
This error occurs when the server cannot finish checking the requirements for the root domain, forest trust configuration, or both. It usually happens when the server cannot connect to a domain controller. If the situation persists, the server will
shut down 10 days after the first time the compliance check failed. Each time this error message occurs, it will state the actual time remaining before the server will shut down. If you restart the server after it has shut down because of non-compliance, the
server will shut itself down again in 3 days.
The above description leads me to the following question - In a Workgroup environment, does the server still try to contact a domain controller to establish a level of trust? If this is the case could it be that the server can no longer see the initial DC
on its new network and this is what is triggering the messages?
Am I clutching at straws here?

Remove a domain controller when dcpromo bombs

i'm trying to demote one server in a two server setup
i start dcpromo , it gets part way through and then bombs with an "Access is denied" error
which is b~@:!hit. Ive tied this 2 or 3 times with known good passwords(see dcpromoui.log below)
So how can i fix that or delete the controller without using dcpromo
cheers
dave
============================
dcpromoui E28.638 0466 13:58:28.218   Enter DS::DemoteDC
dcpromoui E28.638 0467 13:58:28.218     Enter State::IsLastDCInDomain false
dcpromoui E28.638 0468 13:58:28.218     Enter State::IsForcedDemotion false
dcpromoui E28.638 0469 13:58:28.218     Enter State::GetAdminPassword
dcpromoui E28.638 046A 13:58:28.218     Enter State::GetAppPartitionList
dcpromoui E28.638 046B 13:58:28.218     Enter AllocateAppPartitionList
dcpromoui E28.638 046C 13:58:28.218     Calling DsRoleDemoteDc
dcpromoui E28.638 046D 13:58:28.218     lpServer               : (null)
dcpromoui E28.638 046E 13:58:28.218     lpDnsDomainName        : (null)
dcpromoui E28.638 046F 13:58:28.218     ServerRole             : DsRoleServerMember
dcpromoui E28.638 0470 13:58:28.218     lpAccount              : (null)
dcpromoui E28.638 0471 13:58:28.218     Options                : 0x80
dcpromoui E28.638 0472 13:58:28.218     fLastDcInDomain        : false
dcpromoui E28.638 0473 13:58:28.218     cRemoteNCs             : 0
dcpromoui E28.638 0474 13:58:28.250     HRESULT = 0x00000000
dcpromoui E28.638 0475 13:58:28.250     Enter DeallocateAppPartitionList
dcpromoui E28.638 0476 13:58:28.250     Enter DoProgressLoop
dcpromoui E28.638 0477 13:58:28.250       Enter State::GetOperation DEMOTE
dcpromoui E28.638 0478 13:58:28.250       Enter ProgressDialog::UpdateButton
dcpromoui E28.638 0479 13:58:29.765       Enter ProgressDialog::UpdateText Active Directory Domain Services successfully transferred the remaining data in directory partition DC=ForestDnsZones,DC=data-action,DC=co,DC=uk to Active Directory Domain Controller \\nasbox.data-action.co.uk.
dcpromoui E28.638 047A 13:58:43.297       Enter ProgressDialog::UpdateText Stopping service NETLOGON
dcpromoui E28.638 047B 13:58:44.797       Enter ProgressDialog::UpdateText Stopping service IsmServ
dcpromoui E28.638 047C 13:58:47.797       Enter ProgressDialog::UpdateText Stopping service kdc
dcpromoui E28.638 047D 13:58:49.297       Enter ProgressDialog::UpdateText Creating a new local security account manager (SAM) database...
dcpromoui E28.638 047E 13:58:50.875       Enter ProgressDialog::UpdateText Removing Active Directory Domain Services objects that refer to the local Active Directory Domain Controller from the remote Active Directory Domain Controller nasbox.data-action.co.uk...
dcpromoui E28.638 047F 13:59:02.875       Enter ProgressDialog::UpdateText Configuring service NTDS
dcpromoui E28.638 0480 13:59:04.375       Enter ProgressDialog::UpdateText Configuring service NETLOGON
dcpromoui E28.638 0481 13:59:05.875       Enter ProgressDialog::UpdateText Configuring service DFSR
dcpromoui E28.638 0482 13:59:07.375       Enter ProgressDialog::UpdateText The attempted domain controller operation has completed
dcpromoui E28.638 0483 13:59:07.375       Enter ProgressDialog::UpdateButton
dcpromoui E28.638 0484 13:59:07.375       Progress loop complete.
dcpromoui E28.638 0485 13:59:07.375       Calling DsRoleGetDcOperationResults
dcpromoui E28.638 0486 13:59:07.375       Error 0x0 (!0 => error)
dcpromoui E28.638 0487 13:59:07.375       Operation results:
dcpromoui E28.638 0488 13:59:07.375       OperationStatus      : 0x5 !0 => error
dcpromoui E28.638 0489 13:59:07.375       DisplayString        : The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
dcpromoui E28.638 048A 13:59:07.375       ServerInstalledSite : (null)
dcpromoui E28.638 048B 13:59:07.375       OperationResultsFlags: 0x0
dcpromoui E28.638 048C 13:59:07.375       Enter ProgressDialog::UpdateText The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
dcpromoui E28.638 048D 13:59:07.375       Enter State::SetOperationResultsMessage The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
dcpromoui E28.638 048E 13:59:07.375       Enter State::SetOperationResultsFlags 0x0
dcpromoui E28.638 048F 13:59:07.375   Exception caught
dcpromoui E28.638 0490 13:59:07.375   catch completed
dcpromoui E28.638 0491 13:59:07.375   handling exception
dcpromoui E28.638 0492 13:59:07.375   Enter State::ClearHiddenWhileUnattended
dcpromoui E28.638 0493 13:59:07.375   Enter EnableConsoleLocking
dcpromoui E28.638 0494 13:59:07.375     Enter RegistryKey::Create SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
dcpromoui E28.638 0495 13:59:07.375     Enter RegistryKey::SetValue-DWORD DisableLockWorkstation
dcpromoui E28.638 0496 13:59:07.375   Enter State::SetOperationResults result FAILURE
dcpromoui E28.638 0497 13:59:07.375   Enter ProgressDialog::UpdateText
dcpromoui E28.638 0498 13:59:07.375   Enter State::IsOperationRetryAllowed
dcpromoui E28.638 0499 13:59:07.375     true
dcpromoui E28.638 049A 13:59:07.375   credentials were invalid, hr=0x80070005
dcpromoui E28.638 049B 13:59:07.375   Enter GetErrorMessage 80070005
dcpromoui E28.638 049C 13:59:07.375   Enter State::GetOperationResultsMessage The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
dcpromoui E28.638 049D 13:59:07.375   Enter State::GetOperation DEMOTE
dcpromoui E28.638 049E 13:59:07.375   Enter State::GetParentDomainDnsName
dcpromoui E28.638 049F 13:59:44.469   credential retry canceled
dcpromoui E28.638 04A0 13:59:44.469   Enter ComposeFailureMessage
dcpromoui E28.638 04A1 13:59:44.469     Enter State::GetOperationResultsMessage The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
dcpromoui E28.638 04A2 13:59:44.469     Enter State::GetOperationResultsFlags 0x0
dcpromoui E28.638 04A3 13:59:44.469     Enter State::GetOperationResultsFlags 0x0
dcpromoui E28.638 04A4 13:59:44.469     Enter State::SetFailureMessage The operation failed because:
The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
"Access is denied."
dcpromoui E28.638 04A5 13:59:44.469   posting message to progress window
dcpromoui E28.318 04A6 13:59:44.469               Enter ProgressDialog::UpdateText Operation Stopped
dcpromoui E28.318 04A7 13:59:44.485               Enter ProgressDialog::OnDestroy
dcpromoui E28.318 04A8 13:59:44.485             OPERATION FAILED
dcpromoui E28.318 04A9 13:59:44.485           Enter State::GetNeedsReboot false
dcpromoui E28.318 04AA 13:59:44.485           Enter State::IsOperationRetryAllowed
dcpromoui E28.318 04AB 13:59:44.485             true
dcpromoui E28.318 04AC 13:59:44.485           Enter Wizard::SetNextPageID id = 156
dcpromoui E28.318 04AD 13:59:44.485             push 142
dcpromoui E28.318 04AE 13:59:44.485         Enter FailurePage::OnInit
dcpromoui E28.318 04AF 13:59:44.485           Enter MultiLineEditBoxThatForwardsEnterKey::Init
dcpromoui E28.318 04B0 13:59:44.485             Enter ControlSubclasser::Init
dcpromoui E28.318 04B1 13:59:44.485         Enter FailurePage::OnSetActive
dcpromoui E28.318 04B2 13:59:44.485           Enter State::GetOperationResultsCode FAILURE
dcpromoui E28.318 04B3 13:59:44.485           Enter State::GetNeedsReboot false
dcpromoui E28.318 04B4 13:59:44.485           Enter State::GetFailureMessage The operation failed because:
The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
"Access is denied."
dcpromoui E28.318 04B5 13:59:47.876         Enter DCPromoWizardPage::OnWizNext
dcpromoui E28.318 04B6 13:59:47.876           Enter FailurePage::Validate
dcpromoui E28.318 04B7 13:59:47.876           Enter Wizard::SetNextPageID id = 154
dcpromoui E28.318 04B8 13:59:47.876             push 156
dcpromoui E28.318 04B9 13:59:47.876         Enter FinishPage::OnInit
dcpromoui E28.318 04BA 13:59:47.876           Enter MultiLineEditBoxThatForwardsEnterKey::Init
dcpromoui E28.318 04BB 13:59:47.876             Enter ControlSubclasser::Init
dcpromoui E28.318 04BC 13:59:47.876         Enter FinishPage::OnSetActive
dcpromoui E28.318 04BD 13:59:47.876           Enter State::GetNeedsReboot false
dcpromoui E28.318 04BE 13:59:47.876           Enter getCompletionMessage
dcpromoui E28.318 04BF 13:59:47.876             Enter State::GetOperation DEMOTE
dcpromoui E28.318 04C0 13:59:47.876             Enter State::GetOperationResultsCode FAILURE
dcpromoui E28.318 04C1 13:59:47.876             Enter NeedDsBinaryWarning
dcpromoui E28.318 04C2 13:59:47.876               Enter Computer::RemoveLeadingBackslashes
dcpromoui E28.318 04C3 13:59:47.876               Enter GetProductTypeFromRegistry
dcpromoui E28.318 04C4 13:59:47.876                 Enter RegistryKey::Open System\CurrentControlSet\Control\ProductOptions
dcpromoui E28.318 04C5 13:59:47.876                 Enter RegistryKey::GetValue-String ProductType
dcpromoui E28.318 04C6 13:59:47.876                 LanmanNT
dcpromoui E28.318 04C7 13:59:47.876                 prodtype : 0x2
dcpromoui E28.318 04C8 13:59:47.876             Enter State::GetFinishMessages
dcpromoui E28.318 04C9 13:59:59.751         Enter FinishPage::OnWizFinish
dcpromoui E28.318 04CA 13:59:59.766         Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04CB 13:59:59.766         Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04CC 13:59:59.766         Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04CD 13:59:59.766       Enter State::GetNeedsReboot false
dcpromoui E28.318 04CE 13:59:59.766       Enter State::GetUserCancelled false
dcpromoui E28.318 04CF 13:59:59.766       Enter State::GetOperationResultsCode FAILURE
dcpromoui E28.318 04D0 13:59:59.766       Enter State::GetHadNonCriticalFailures
dcpromoui E28.318 04D1 13:59:59.766         bHadNonCriticalFailures = false
dcpromoui E28.318 04D2 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D3 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D4 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D5 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D6 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D7 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D8 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D9 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04DA 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04DB 13:59:59.766       Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04DC 13:59:59.766     exitCode = 54
dcpromoui E28.318 04DD 13:59:59.766   Enter State::UnbindFromReplicationPartnetDC
dcpromoui E28.318 04DE 13:59:59.766 closing log

this is what i decided to do. unfortunately the metadata cleanup did not complete
Access is denied? - that sounds familiar
the server is still listed in "AD Sites and Services" (and cannot be deleted by the management snapin)
===================================================
select operation target:
select operation target:
select operation target:
select operation target: select server 1
Site - CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk
Domain - DC=data-action,DC=co,DC=uk
Server - CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-ac
tion,DC=co,DC=uk
        DSA object - CN=NTDS Settings,CN=LPSERVER,CN=Servers,CN=Palatine,CN=Site
s,CN=Configuration,DC=data-action,DC=co,DC=uk
        DNS host name - lpServer.data-action.co.uk
No current Naming Context
select operation target:
select operation target: quit
metadata cleanup:
metadata cleanup:
metadata cleanup: remove selected server
Transferring / Seizing FSMO roles off the selected server.
Removing FRS metadata for the selected server.
Unable to find server reference on "CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,
CN=Configuration,DC=data-action,DC=co,DC=uk".
LDAP error 0x5e(94 (No result present in message).
The attempt to remove the FRS settings on CN=LPSERVER,CN=Servers,CN=Palatine,CN=
Sites,CN=Configuration,DC=data-action,DC=co,DC=uk failed because "Element not fo
und.";
metadata cleanup is continuing.
DsRemoveDsServerW error 0x5(Access is denied.)
metadata cleanup:
metadata cleanup:

Cant't Add Domain Controller

We have an aging directory service deployment that began with Server 2003 and was upgrade to Server 2008 R2. A while back I remember trying to add a new 2008 R2 domain controller and it gave me some error. We have 5 domain controllers at 5 offices, all the
major 5 roles are installed at the main office. Now I NEED to replace these servers with new 2012 R2 servers that are joined to the domain and ready to role.
And the error hath returned...
(And first off, I have raised domain functionality to 2008 level via sites/domains MMC, and prepped it years ago when I upgraded to 2008. It seems I have a really awful domain corruption issue of some kind, and I suspect the underlying DFS share for AD (sysvol)
is possibly part of the problem.
I am tempting to start a new domain, but I dont want to change 60+ desktops over and have all those users hate me as they will not have every single profile setting copied over (like their outlook databases that will need redownloaded, and their CAD
settings that dont seem to copy with my hacker style profile migration process)
So, can anyone suggest some troubleshooting tips, or is their a way to backup and restore the AD database to the new server and tell the old servers to go away? Back in the SBS days we use to do something called a swing migration, but I dont think it will
fit this situation easily.
Troubleshooting steps and all advise is welcome!
Thanks,
Andy

As Thameur mentioned, please check your Forest Functional Level as it need to be Windows Server 2003 or higher. More details here: http://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_FunctionalLevels
You can also start with this troubleshooting guide: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password

Domain Controller Authentication Fail Since Upgrade

When I boot my Mac Pro at the office, the network's domain controller prompts me for my domain login. Since upgrading to Yosemite, the domain controller rejects my credentials. However, I can go to "Connect To Server" and browser the entire network despite the domain controller not authenticating me as a user.
To summarize, since switching to Yosemite:
1. Can't login to the network when I submit my credentials
2. Can browse the network without my credentials
My theory is that the only reason #2 works is because #1 is working but Yosemite is just mistakenly telling me I wasn't authenticated.
So what's the problem you may ask if I can browse the network anyway? The problem is that I can't mount any of the network drives to my desktop because Yosemite doesn't think I'm authenticated to do such. If I can solve this authentication problem, then I should get my mounted network drives back.
Thanks in advance.

Hi,
TEST: Basic (Basc)
Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
(can be a misconfiguration)
Do you have any NIC conifgured to get dynamic IP on your DC which is having issue? If yes, please disable that NIC. Also, please provide me the result of the below
1) On your DC which is having issue, run "ipconfig /all"
2) Repadmin /showrepl
Thanks,
Umesh.S.K
Thanks, there is only 1 nic card. It is getting a dhcp address because this is an AZURE Hyper-v machine and I have set an IP reservation for it. I have no way to hardcode the IP because it gets shut off/on all the time
C:\Users\Administrator>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\GP2010-A
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 007c755c-f56c-4e51-a211-fd4431f63927
DSA invocationID: 007c755c-f56c-4e51-a211-fd4431f63927

Windows Domain Controller on Windows Server 2012 R2: Hyper-V roaming profiles not loading due to slow connection

I have racked my brain and done everything that I know to do for about two weeks now. I am setting up a new system at our fire department and I am having the worst luck with getting the workstations to login to the domain controller with roaming
profiles. It keeps telling me that the roaming profile could not be loaded because of a slow connection. These are workstations that are connected directly to the switch that the DC is connected to. I have tried multiple connections regarding
the layout (DC into the router, router into the switch). The router is a Cisco RV220W. I have two VLANS, one for public and one for private domain. The Private VLAN has DHCP turned off since I am providing it through the DC. I currently
have a connection from the Private VLAN going to the unmanaged switch that the workstations and server are plugged into.
The server is a Dell PowerEdge R420 that has 6 NIC ports (1 dual port and 1 quad port). I have a virtual switch setup on Hyper-V for an external port (let's say Card 2 Port 3) that is assigned to the WS 2012R2 Domain Controller. The DC can see
the internet fine and the workstations can connect to the shared folders on the server. I can retrieve files by just using the computer name or FQDN. The DC is also running DNS and DHCP. The DNS has the _msdcs setup from when I installed
the active directory role. I have attempted to assign static IP addresses to the workstations:
IP:                     10.0.0.80
Subnet:             255.255.255.0
IPV4 Gateway: 10.0.0.1
IPV4 DNS:        10.0.0.12
I've attempted "append the specific DNS suffix", I've "registered the connection in DNS", I've used "use this connections suffix in DNS registration".
The server is assigned:
IP:                     10.0.0.12
Subnet:             255.255.255.0
IPV4 Gateway: 10.0.0.1
IPV4 DNS:         10.0.0.12
The DNS entries have forwarders that forward to my ISP DNS servers for lookup
I've enabled and disabled DHCP, I've installed a new VM just to create another DC to make sure that I didn't goof up when I created it.
I've lost my patience with this project and am sinking fast. Can someone please offer some advice as to what I've done wrong? I've created this exact scenario at work many times but, I've never done it with Windows Server 2012. Is this
possibly something to do with the Dell PowerEdge server (Generation 12) with the SR-IOV? I am going to attempt to work on it some more tomorrow when I get over there. I think there may be an issue with the SR-IOV not being enabled on the machine
through the Dell Bios. Would the SR-IOV really cause the workstations to report a slow connection? When I login at the domain controller the roaming profiles and folder redirection work fine so, I know the GPO settings are correct. I don't
have "ignore slow connections" or any of those GPO's set. I need to get it working the correct way so, I didn't want to fool the server when there is another underlying problem. Any help that someone can offer, I am more than willing
to listen. If you need more information, please ask.
Thanks,
Jay

So, I've managed to research this some more since Thursday and I've come to the conclusion that Hyper-V does a horrible job of supporting Qualcomm NIC cards. That's the only thing I can conclude as far as where the issue is originating. I've read many
post and walkthroughs but nothing that has helped. The issue wasn't with any settings in the domain controller. The issue was that there really is a slow connection originating at the domain controller that is a VM and has network connectivity through the
virtual switch from Hyper-V. So, next question is, how do I get the DC to have better connectivity through the NIC that Hyper-V won't give it? If hyper-v would allow passthrough, this would be so much simpler. VM-ware is looking really good at this point.
Im disappointed in MS right now.

Off-site domain controller

Similar Messages

Maybe you are looking for