Server 2012 Domain Controller / DNS Issue
If you did ipconfig /registerdns, I'm assuming you did ipconfig /flushdns prior to that correct? Just want to make sure...
Once you are sure you did both, go ahead and type in nslookup in the command prompt. What does it display as the current DNS server? Once you type that in, you can type in the IP address of your new DC and see what it resolves to. Please get back to us with those results when possible.
We had a domain controller go down in a multi domain controller environment. We set a new one up and promoted it to the domain. Assigned it all the necessary roles and joined it to the domain. It has been 4 days since we did this and we cannot ping it by host name. We can ping it by IP address. I have forced replication, which allowed me to ping it by host name for a few hours, but then it stopped working. I have tried to change the DNS primary to a different DC, making the host a secondary DNS, that didn't fix it. I am looking for any suggestions on how to fix it. I have done a ipconfig /registerdns , restarted DNS services but still not able to ping host name of DC on a consistent basis.
Any suggestions ?
[email protected]
This topic first appeared in the Spiceworks Community
Similar Messages
-
Renaming Windows Server 2012 Domain Controller with Exchange Server 2013
Is it possible to rename Windows Server 2012 Domain Controller, as we are using Exchange Server 2013 as a member server on Windows Server 2012 ?
We have some issues with the Domain Name, so want to rename..
Maybe somebody knows the best practices how to do this in best way???
Thanks.Hello,
You should do the following:
1. Promote another DC.
2. Transfer FSMO roles to that server.
3. Decommission old DC.
4. Rename it.
5. Promote it again as DC.
Here is useful link:
http://technet.microsoft.com/en-us/library/cc782761(v=ws.10).aspx#bkmk_renamesingle.
Hope it helps,
Adam
www.codetwo.com
If this post helps resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others
find the answer faster. -
Hardware Requirements for a Windows Server 2012 Domain Controller.
Hi,
I have a secondary office with 10 users with a domain controller that has reached its end of life. We like to upgrade the current hardware to serve as a domain controller and potentially as an onsite file server that will sync with head office during
off peak business hours.
Any recommendations for a low cost yet reliable hardware for the above solution ?Hi,
Thanks for your post.
I think you need to meet the requirement for upgrading to windows server 2012r2.
http://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_SysReqs
And you could refer to the following article about windows server 2012r2 domain controller configuration
Building Your First Domain Controller on 2012 R2
http://social.technet.microsoft.com/wiki/contents/articles/22622.building-your-first-domain-controller-on-2012-r2.aspx
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Server 2012 Domain Controller Logging event 2004, with error "crc check"...
Pretty new domain, and domain controller, running server 2012 as a Hyper-V VM.
Getting this error when it reboots. I have done a chkdsk, thinking maybe the vhdx file is corrupt in some way. Have also checked the system log for events talking about file corruption. Nothing.
The disk in question has 10+ GB free, so disk space is not an issue. I ran dcdiag /q /a & it told me that DFSR has logged events in the last 24 hours, but nothing else. AD seems to think everything is cool.
Not sure what to look at next... Thanks for any pointers/help.
The DFS Replication service stopped replication on volume C:. This failure can occur because the disk is full, the disk is failing, or a quota limit has been reached. This can also occur if the DFS Replication service encountered errors while attempting to
stage files for a replicated folder on this volume.
Additional Information:
Error: 23 (Data error (cyclic redundancy check).)
Volume: 0F55C346-589F-11E2-93EB-806E6F6E6963I have a series of the following Events logged, and then the 2nd event. The 2nd event is being logged every 8 hours.
Log Name: DFS Replication
Source: DFSR
Date: 2/15/2013 7:36:49 AM
Event ID: 2212
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: MyDC.Domain.lan
Description:
The DFS Replication service has detected an unexpected shutdown on volume C:. This can occur if the service terminated abnormally (due to a power loss, for example) or an error occurred on the volume. The service has automatically initiated a recovery process.
The service will rebuild the database if it determines it cannot reliably recover. No user action is required.
Additional Information:
Volume: C:
GUID: 0F55C346-589F-11E2-93EB-806E6F6E6963
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="DFSR" />
<EventID Qualifiers="32768">2212</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-02-14T23:36:49.000000000Z" />
<EventRecordID>196</EventRecordID>
<Channel>DFS Replication</Channel>
<Computer>MyDC.domain.lan</Computer>
<Security />
</System>
<EventData>
<Data>0F55C346-589F-11E2-93EB-806E6F6E6963</Data>
<Data>C:</Data>
</EventData>
</Event>
Log Name: DFS Replication
Source: DFSR
Date: 2/15/2013 7:36:49 AM
Event ID: 2004
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MyDC.Domain.lan
Description:
The DFS Replication service stopped replication on volume C:. This failure can occur because the disk is full, the disk is failing, or a quota limit has been reached. This can also occur if the DFS Replication service encountered errors while attempting to
stage files for a replicated folder on this volume.
Additional Information:
Error: 23 (Data error (cyclic redundancy check).)
Volume: 0F55C346-589F-11E2-93EB-806E6F6E6963
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="DFSR" />
<EventID Qualifiers="49152">2004</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-02-14T23:36:49.000000000Z" />
<EventRecordID>197</EventRecordID>
<Channel>DFS Replication</Channel>
<Computer>MyDC.Domain.lan</Computer>
<Security />
</System>
<EventData>
<Data>0F55C346-589F-11E2-93EB-806E6F6E6963</Data>
<Data>C:</Data>
<Data>23</Data>
<Data>Data error (cyclic redundancy check).</Data>
</EventData>
</Event> -
ACS 4.1 support with Windows Server 2012 Domain controller
I am upgrading my Domain Controller / Active Directory from Windows Server 2003 to Windows Server 2012.
In my environment, I am using Cisco ACS 4.1 which is integrated with Windows Server 2003 Active Directory.
Will ACS4.1 will work fine with my new domain controller (Windows server 2012) or I need to upgrade my ACS too?
Regards,
JunaidJunaid,
ACS 4.x code doesn't even support Windows 2008 R2. Your best bet is to migrate the ACS from 4.x to ACS 5.4 Patch 2 or stay with windows 2003 or 2008 (Non-R2).
ACS 5.4 patch 2 supports Windows 2012 AD.
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/release/notes/acs_54_rn.html
Regards,
Jatin
**Do rate helpful posts** -
New Domain Controller DNS Issues
Hello,
We currently have 2 root Domain Controllers (ROOTDOM) and 4 child Domain Controllers (MYDOM). ROOTDOM is an empty domain, everything on our network uses the MYDOM domain.
These existing DCs were running Server 2003, so we upgraded the schema and added 2 Server 2008 DCs in ROOTDOM and 4 Server 2008 DCs in MYDOM. All servers are DNS servers and Global Catalog servers.
The AD replication status tool shows replication is working perfectly between the new and old DCs, and everything looks up to date in AD and DNS on all servers.
The new servers have a SYSVOL and NETLOGON share as they should.
The servers are all in the Domain Controllers AD group and have correct static IP addresses, forwarders are pointing to the 2 old 2003 ROOTDOM DCs which in turn point to an internet source which works fine.
The problem is that when I change the DNS server address of a machine in MYDOM to one of my new 2008 DCs, the machine appears to lose connectivity with the domain. As soon as I put the DNS server back to one of the existing 2003 DCs, connectivity resumes
as normal.
I really don't understand what else I'm missing on those 2008 DCs, could you give me any pointers of where to look?
ROOTDOM MYDOM
2003RDC1 2003DC1
2003RDC2 2003DC2
2008RDC1 2003DC3
2008RDC2 2003DC4
2008DC1
2008DC2
2008DC3
2008DC4
The issue is slightly complicated by the fact that 2008DC2 has a hardware failure so DCDIAG (understandably) reports replication issues to that at the moment.
Any pointers greatly appreciated.
EDIT - DCDIAG results as follows:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = 2008DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Central-Site\2008DC1
Starting test: Connectivity
......................... 2008DC1 passed test Connectivity
Doing primary tests
Testing server: Central-Site\2008DC1
Starting test: Advertising
......................... 2008DC1 passed test Advertising
Starting test: FrsEvent
......................... 2008DC1 passed test FrsEvent
Starting test: DFSREvent
......................... 2008DC1 passed test DFSREvent
Starting test: SysVolCheck
......................... 2008DC1 passed test SysVolCheck
Starting test: KccEvent
......................... 2008DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... 2008DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... 2008DC1 passed test MachineAccount
Starting test: NCSecDesc
......................... 2008DC1 passed test NCSecDesc
Starting test: NetLogons
......................... 2008DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... 2008DC1 passed test ObjectsReplicated
Starting test: Replications
......................... 2008DC1 passed test Replications
Starting test: RidManager
......................... 2008DC1 passed test RidManager
Starting test: Services
......................... 2008DC1 passed test Services
Starting test: SystemLog
......................... 2008DC1 passed test SystemLog
Starting test: VerifyReferences
......................... 2008DC1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : MYDOM
Starting test: CheckSDRefDom
......................... MYDOM passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... MYDOM passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running enterprise tests on : ROOTDOM.mycompany.co.uk
Starting test: LocatorCheck
......................... ROOTDOM.mycompany.co.uk passed test
LocatorCheck
Starting test: Intersite
......................... ROOTDOM.mycompany.co.uk passed test
IntersiteHi Kev,
>>The problem is that when I change the DNS server address of a machine in MYDOM to one of my new 2008 DCs, the machine appears to lose connectivity with the domain.
Before going further, does the 2008 DC belong to MYDOM domain? For AD-integrated DNS servers and if these servers belong to the same domain, they should hold the same set
of DNS records.
Besides, we can check DNS event logs to see if some related events were logged.
Best regards,
Frank Shen -
Strange issues with domain controller/DNS server
Our domain controller/DNS server was working fine this morning. Then suddenly we stopped being able to access certain things on it. I could ping it, RDP into it, and access some files on it, but I couldn't run any applications hosted on it, accessing shared
network files was slow, and different people around the office were getting access denied errors to files and folders they had full control of in NTFS (and in shared permissions).
At first I noticed an NTP error so I registered w32tm and started the service and that got rid of the error but didn't fix anything.
Oddly, machines still had internet access.
We tried rebooting everything, restarting services, nothing has helped.
When I accessed the server directly through the console I could access everything, could connect to any machine in the office, nothing seemed to be wrong with it.
Any ideas?Is there any recent changes in your network or firewall or antivirus? Is there any change/updates performed in the AD side? I would suggest find out changes being done at the AD or Network/FIrewall level. You can run various diagnostic test within your AD
environment to find the overall health of the AD infra.
What does DCDIAG actually… do?
Active Directory Replication Status Tool Released
http://msmvps.com/blogs/ad/archive/2008/06/03/active-directory-health-checks-for-domain-controllers.aspx
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
Sorry if my attempt to be thorough in my description may result in excessive and unnecessary information.
I'm running into some problems with a single server running WS 2012 R2 as a domain controller (AD and DNS) and I’m trying to figure out what the cause is.
The network has ~10 computers on it connected through a cable business gateway (running DHCP) which feeds 2 switches and a wireless router acting as a switch. (I also turned on remote services, but the end users aren’t using that until I get certificates
setup.)
For 6+ months everyone had access to the shared files and databases on each workstation without issue.
In the last month users would occasionally have to re-enter their credentials to get access to shared server folders despite being on a domain account already.
Last week one of the computers intermittently cannot gain access to the shared folders– entering the correct credentials just results in the credentials being requested again and again: There’s an error icon at the bottom saying that “there are currently
no logon servers available to service the logon request”. While access is rejected I’m still able to ping the DC both via its name and IPV4 address.
(Pinging via its name results in an IPv6 address in the response.)
Other network connectivity appears intact (able to browse the web, perform network discovery.)
Things that ‘seem’ to allow access on this computer until the next failure:
Entering a different domain username and password into the windows credentials request has allowed access a couple of times.
Disconnecting and reconnecting the network cable allowed the original username to be used to log on (at least once.)
After removing it from and then rejoining it to the domain (a few hours ago) it experienced the problem once more. Also, logging on with domain credentials created a TEMP user folder instead of the folder with the domain username.
Looking at the event logs, I notice there are quite a few warnings and errors reported regarding DC access on many of the computers; maybe this is normal?
Most Problematic Computer:
Event ID 8016: System failed to register host A or AAAA resource records. (With an unknown Ipv6 and the server’s ipv4 address in the DNS server list.)
Event ID 131: NtpClient unable to set a domain peer to use as a time source because of DNS resolution error on ‘Server.domain.local’
‘No such host is known.”
Event ID 5719: NETLOGON. This computer was not able to setup a secure session with a domain controller in the domain due …..: there are currently no logon servers available to service the logon request.
And then pairs of: Event 1500: The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. & Event 1054:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
Event 1030: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation
at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
On the server I’ve run DCDIAG and DCDIAG /test:DNS and those all appeared to pass.
Ipconfig/all from the server:
Connection-specific DNS Suffix
Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-LM
Physical Address. . . . . . . . . : FC-4D-D4-F2-A1-83
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:b155:a0b0:892d:9ed5(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::b155:a0b0:892d:9ed5%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.10.42(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%13
10.1.10.1
DHCPv6 IAID . . . . . . . . . . . : 234638804
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3F-7D-B9-68-05-CA-24-31-C4
DNS Servers . . . . . . . . . . . : ::1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ipconfig/all from the problematic computer:
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix
. : wp.comcast.net
Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-63-C2-B8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:8f5:1606:d0a8:6b25(Prefe
rred)
Temporary IPv6 Address. . . . . . : 2601:8:a182:1100:283e:f9e8:4841:6c50(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::8f5:1606:d0a8:6b25%3(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.10.31(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, March 10, 2015 9:19:02 AM
Lease Expires . . . . . . . . . . : Tuesday, March 17, 2015 1:23:15 PM
Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%3
10.1.10.1
DHCP Server . . . . . . . . . . . : 10.1.10.1
DHCPv6 IAID . . . . . . . . . . . : 54535618
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-6B-AA-F0-DE-F1-9C-07-D4
DNS Servers . . . . . . . . . . . : 2001:558:feed::1
2001:558:feed::2
10.1.10.42
NetBIOS over Tcpip. . . . . . . . : Enabled
Any thoughts? I was assuming it was a Domain Controller/DNS error, but I don't know where to check next. Could a failing piece of hardware be the culprit?
Thanks,
-JTHi,
According to the error you have posted.
A Netlogon 5719 event indicates that the client component of Netlogon was unable to locate a DC for the domain it was trying to perform an operation against.
Most of the time this is caused by network issues or name resolution (DNS/WINS) issues, you could refer to:
Netlogon 5719 and the Disappearing Domain [Controller]
http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
Did you refer to this KB article?
Event ID 5719 is logged when you start a Domain Member
http://support.microsoft.com/kb/938449
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
service stack update 2871777 to enable installation of RDP Connection Broker on 2012 domain controller - downloaded file will not execute.
Downloaded x64 update for server 2012 R2 (KB2871777) - file downloaded is named Windows8-RT-KB2871777-x64.msu
When downloaded to server 2012 R2, upon launching the files, the message reads "Windows Update Standalone Installer"
"The update is not applicable t your computer"
If this is the wrong update please point me to the correct one - I cannot find another instance of this update anywhere.
I am unable to remove the active directory from this server, so I need to use this fix if at all possible, in order to use RDP.
I have tried every workaround I can find. The goal is to have remote users access RDP to run a remote session and access apps and files
on the server. we have Hyper-V enabled and have successfully deployed 10 RDP licenses to the license server) also on the PDC.
I read one post that suggested installing RD Connection Broker in one instance of a VM and AD DS in the other - not sure if that means we remove
AD DS from physical server. We only have one 2012 server (plus a server 2008 with Ad DS) and a server 2003. Trying to make this all work so we can deploy 10 remote desktop users.KB2871777 appears to be for 2012 (non R2) only.
As to the other problem maybe this one helps.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/bbf47aa2-8ae5-4f22-9827-afee5a11417a/install-remote-desktop-services-failed-on-windows-2012-server?forum=winserverTS
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. -
Server 2008 Domain Controller won't sync with domain for time
Hi,
I have a Windows Server 2008 Domain Controller, a physical machine. When I run w32tm /query /status it shows the source as: Local CMOS clock. What ever I seem to try I cannot get it to look at the PDC to sync for time. Using RsOP I can see the correct policy
is in place, pointing to the correct server. I have checked the registry key and the correct server is in there under \HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Paramaters.
I have tried various w32tm commands such as seeting the /manualpeerlist to the correct server, /syncfromflags:DOMHIER. I have also used w32tm /config /update, making sure to restart the w32time service.
But whatever I do I cannot get it to sync from the network, it always shows Local CMOS clock. The time on the server is starting to drift now. When I use w32tm /resync /rediscover I get an error message: "The computer did not resync because no time
data was available". There is no firewall between the 2 servers blocking port 123.
Any ideas why this is happening?
Thankssee:
http://jorgequestforknowledge.wordpress.com/2010/09/26/configuring-and-managing-the-windows-time-service-part-1/
http://jorgequestforknowledge.wordpress.com/2010/09/26/configuring-and-managing-the-windows-time-service-part-2/
http://jorgequestforknowledge.wordpress.com/2010/09/26/configuring-and-managing-the-windows-time-service-part-3/
http://jorgequestforknowledge.wordpress.com/2010/09/26/configuring-and-managing-the-windows-time-service-part-4/
<o:p></o:p>
Cheers,<o:p></o:p>
(HOPEFULLY THIS INFORMATION HELPS YOU!)
Jorge de Almeida Pinto | MVP Identity & Access - Directory Services
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: http://jorgequestforknowledge.wordpress.com/disclaimer/
################# Jorge's Quest For Knowledge ###############
###### BLOG URL: http://JorgeQuestForKnowledge.wordpress.com/ #####
#### RSS Feed URL: http://jorgequestforknowledge.wordpress.com/feed/ ####
-------------------------------------------------------------------------------------------------------<o:p></o:p>
"akira251" wrote in message news:[email protected]...
Hi,
I have a Windows Server 2008 Domain Controller, a physical machine. When I run w32tm /query /status it shows the source as: Local CMOS clock. What ever I seem to try I cannot get it to look at the PDC to sync for time. Using RsOP I can see the correct policy
is in place, pointing to the correct server. I have checked the registry key and the correct server is in there under \HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Paramaters.
I have tried various w32tm commands such as seeting the /manualpeerlist to the correct server, /syncfromflags:DOMHIER. I have also used w32tm /config /update, making sure to restart the w32time service.
But whatever I do I cannot get it to sync from the network, it always shows Local CMOS clock. The time on the server is starting to drift now. When I use w32tm /resync /rediscover I get an error message: "The computer did not resync because no time
data was available". There is no firewall between the 2 servers blocking port 123.
Any ideas why this is happening?
Thanks
Jorge de Almeida Pinto [MVP-DS] (http://jorgequestforknowledge.wordpress.com/) -
New Domain controller, DNS client settings before FSMO transfer
I recently promoted a new domain controller. It is the fourth domain controller and third in the site. I plan to decommission the other two domain controllers in the site leaving just the new one. Right now the new domain controller points
its tcp\ip client to the other other domain controller\DNS servers as primary and itself at the bottom. The other domain controllers point to themselves as primary and the newest domain controller on the bottom of the list. Clients on the network
use the original domain controllers as DNS from DHCP first and then the new domain controller DNS. Is it okay to transfer all the FSMO roles to the new domain controller or should I make all the DNS clients point to it first?Hi,
It is possible to first change your FSMO roles and after this is done then point your DNS clients to the new DC. This should not be a problem.
some interesting information about assigning your FSMO Roles: http://www.windowsdevcenter.com/pub/a/windows/2004/06/15/fsmo.html
Hope this helps you out. -
What is the effect of stopping the EFS service on a 2012 Domain Controller?
Hello,
The Encrypting File System service was started and is running on a production 2012 Domain Controller, which is not a standard in our shop. What is the potential impact if I stop the service?
Thanks for your help! SdeDotHi,
Have you already encrypted files or folders using EFS service in your domain?
If not, and you are not planning to use it to encrypt files or folders in the future, then it is OK to disable it.
If you have encrypted files with EFS service, make sure that they are all decrypted before disabling the service, otherwise no users will be able to access them.
More information for you:
How to Disable or Enabled EFS Encryption in Vista, Windows 7, and Windows 8
http://www.vistax64.com/tutorials/102501-encryption-disable-enable.html
How to: Disable Encrypted File System (EFS) on Windows 2008 R2
http://markswinkels.nl/2012/06/how-to-disable-encrypted-file-system-efs-on-windows-2008-r2/
Please Note: Since these web sites are not hosted by Microsoft, these links may change without notice. Microsoft does not guarantee the accuracy of this information.
Best Regards,
Amy Wang -
Are there any known issues with a 2003 server authenticating to a 2012 domain controller
I am trying to get off of these 2003 domain controllers. But I still have a couple of 2003 servers that will be decommissioned by early next year. If I change my environment and get rid of the two 2003 dc's, and promote two 2012 dc's. Will I have any issues
with the 2003 servers authenticating? I have a very small maintenance window, and do not have time to test on my own. I was hoping someone else has tried this before, and knows the results.Hi,
I am not aware of any issues with 2012 as domain controller role. There was an issue with 2012 R2 as domain controller role related to the AES encryption for computer password, but MS issued a hotfix and a rollup (covers many other issues along).
https://support.microsoft.com/kb/910205?wa=wsignin1.0
Once you upgrade your schema to support 2012 domain controllers you can start promoting those and eliminate 2003 ones.
I have been running this in our environment and I see no issues. In fact i am using 2012 R2 DC which were problematic.
Here is another good link to upgrade from 2003 to 2012 or 2012 R2.
http://blogs.msmvps.com/mweber/2012/07/30/upgrading-an-active-directory-domain-from-windows-server-2003-or-windows-server-2003-r2-to-windows-server-2012/
Hope it helps.
Regards,
Calin -
Dear Experts,
In our office we have a domain controller call it 'Office.com', all computers and corporate servers e.g. exchange, antivirus etc. are member of this 'office.com', it is also having a DNS. All users in office have there preferred DNS set to the corporate
DNS
We are working for ministry and offering services to them from our data center so have many servers which are for ministry but they are in our data center. For all these servers we created another DNS server which contains all entries for these servers in
forward and reverse lookup zones. In this DNS we also created a forward lookup zone for our corporate servers and zone name is 'office.com'
What we are trying to have is name resolution of all servers which are listed in other DNS build in our office on Win 2008 R2 for ministry servers
If the user change his preferred DNS to ministry DNS he can resolve the ministry server but then we can not control any thing through group policy since they are using other DNS and not the corporate DNS.
How this can be done ? like any group policy applied to corporate domain controller must take effect on users and in addition to this user must also be able to resolve server names in ministry project DNS
Please assist ASAP.
regards,Hello,
ok so the GPO setting doesn't apply in any case.
Clients machines use the first DNS server in the list of configured ones on the NIC. If that one is available search for additional DNS servers will stop.
What i can not really understand is your description about the second DNS server. This should normally either another DC with AD integrated DNS, so everything is replicatedwithin AD replication or you use a secondary DNS on domain member server that pulls
the informations from the Master.
It sounds for me that you have configured a machine with DNS server role and created manually the zone with the same name as the domainand manually create there the required A records?
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights. -
Hi all,
We have been battling a problem for the last couple of days when we try to add the first windows server 2012 DC to an already existing Domain.
The Server installation goes smoothly and we can add the computer to the domain and its all green.
After we promote the server to a domain controller the WinRM service starts acting up (not responding anymore).
The server manager console shows Remote Management as disabled, and when we try to enable it via the console or Powershell it freezes up.
The AD DS part of the console is saying that there are post-promotion tasks that need to be completed but once we click on the task it takes us to the promotion wizard again, that basically complains that: Failed to open the runspace pool. The Server Manager
WinRM plug-in might be corrupted or missing.
In the Remote Management Event log we see the following entry: "The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)" Event ID 138
We are unable to do anything with the server (demote, add roles, remotely manage...). We tryed the following already:
1. Recreate from scratch
2. Checking the GPOs to see if there is anything setup about RM -> came up with nothing
We just ran out of ideas so HELP PLEASE !
BR
Tomaz PraprotnikHi Cicely,
Yes the error from the Windows Remote Management event log contains (I took out the User and FQDN of the Computer):
Log Name: Microsoft-Windows-WinRM/Operational
Source: Microsoft-Windows-WinRM
Date: 3/29/2013 1:38:53 PM
Event ID: 138
Task Category: Response handling
Level: Error
Keywords: Client
User:
Computer:
Description:
The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
<EventID>138</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>10</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000002</Keywords>
<TimeCreated SystemTime="2013-03-29T12:38:53.786357100Z" />
<EventRecordID>6876</EventRecordID>
<Correlation ActivityID="{18FCFBD2-2B38-0003-D261-FD18382BCE01}" />
<Execution ProcessID="1084" ThreadID="2924" />
<Channel>Microsoft-Windows-WinRM/Operational</Channel>
<Computer></Computer>
<Security UserID="" />
</System>
<EventData>
</EventData>
</Event>
There is also another entry that sometimes comes up:
Log Name: Microsoft-Windows-WinRM/Operational
Source: Microsoft-Windows-WinRM
Date: 3/29/2013 1:36:34 PM
Event ID: 142
Task Category: Response handling
Level: Error
Keywords: Client
User:
Computer:
Description:
WSMan operation Invoke failed, error code 2150859046
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
<EventID>142</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>10</Task>
<Opcode>2</Opcode>
<Keywords>0x4000000000000002</Keywords>
<TimeCreated SystemTime="2013-03-29T12:36:34.076973400Z" />
<EventRecordID>6869</EventRecordID>
<Correlation ActivityID="{18FCFBD2-2B38-0001-F328-FD18382BCE01}" />
<Execution ProcessID="4888" ThreadID="4392" />
<Channel>Microsoft-Windows-WinRM/Operational</Channel>
<Computer></Computer>
<Security UserID="" />
</System>
<EventData>
<Data Name="operationName">Invoke</Data>
<Data Name="errorCode">2150859046</Data>
</EventData>
</Event>
Best regards
Tomaz Praprotnik
Maybe you are looking for
-
Call Event from One View to another View
Hi All, I have 2 views in my Webdynpro application .View 1 has a input field and View2 has a button. When the user enters a value in the input field and clicks on Enter, i want to call the button action in View2. I created Navigation link from view1
-
NullPointer Exception at oracle.adfinternal.view.faces.lifecycle.Lifecycle
Hi to all. When the session expire i have this exception, everyone knows how to solve it? java.lang.NullPointerException at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl$ApplyRequestValuesCallback.invokeContextCallback(LifecycleImpl.java
-
Problems installing new Adobe Flash Player
Several web sites that I visit give the message that I need to update my Adobe Flash Player. I go to the Adobe site and download the update and go through the install, but when I go back to the page saying that I need to update the flash player it s
-
Error 5002 when trying to rent movies
I havn't had any problems renting movies in the past but today I am recieving error 5002 and it says you can't rent at this time. Anyone know how to fix this?
-
Help