Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Server 2012 DC with Server 2008 DC


  • Please log in to reply
3 replies to this topic

#1 aroshlakshan

aroshlakshan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 19 January 2015 - 07:26 AM

I have 2 DC's installed for my Domain. One is 2012(DC1) and the other one is 2008(DC2). 2008 one I installed later. I have the below setup.

DC1

  • IP - 192.168.1.4
  • Windows Server 2012
  • DNS : 127.0.0.1, 192.168.1.11

 

DC2

  • IP - 192.168.1.11
  • Windows Server 2008 R2
  • DNS : 192.168.1.4, 127.0.0.1

Workstation Computer

  • Windows XP
  • IP - 192.168.1.32
  • DNS : 192.168.1.11

Because I want to test the new DC(DC2), I shut down DC1 and tried to log in to the Workstation computer but it says the Domain is not available. But when I turn on the DC1 and try to log in, it logs me in fine even though the DNS I set on the workstation computer is only DC2 IP. That means, the workstation computer user account is always authenticated by DC1 even though the request goes through DC2. I'm not sure what is going on here. Any ideas??



BC AdBot (Login to Remove)

 


#2 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 21 January 2015 - 03:57 PM

x64 absolutely right not conditional forwarders but just forwarders. Thanks for the correction.

 

This does not sound like a DNS issue but a AD one.  Simple test would be to do a nslookup domain name; nslookup xp workstation name; nslookup DC1 or DC2 name.  Then shutdown DC1 and do the same nslookups.  If all resolve you know dns isn't the issue.

 

Any replication errors?  With DC1 down you should bring up the console.msc on DC2 to check that the machine and user accounts exist.



#3 aroshlakshan

aroshlakshan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 23 January 2015 - 02:58 AM

I found these...

 

I have checked and both DCs are DNS and GC servers. Also, I have used repadmin. The results are below with few other commands I have run

2012 Server(DC1)

PS C:\Windows\system32> wmic.exe ComputerSystem get DomainRole
DomainRole
5

PS C:\Windows\system32> NetDOM /query FSMO
Schema master               TECHEN-DC1.techencounters.local
Domain naming master        TECHEN-DC1.techencounters.local
PDC                         TECHEN-DC1.techencounters.local
RID pool manager            TECHEN-DC1.techencounters.local
Infrastructure master       TECHEN-DC1.techencounters.local
The command completed successfully.

PS C:\Windows\system32> nslookup
Default Server:  UnKnown
Address:  192.168.1.11

PS C:\Windows\system32> DCDIAG /TEST:DNS

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = TECHEN-DC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\TECHEN-DC1
      Starting test: Connectivity
         ......................... TECHEN-DC1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\TECHEN-DC1

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... TECHEN-DC1 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : techencounters

   Running enterprise tests on : techencounters.local
      Starting test: DNS
         Test results for domain controllers:

            DC: TECHEN-DC1.techencounters.local
            Domain: techencounters.local


               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record in zone techencounters.local

         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: fe80::1 (<name unavailable>)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed
on the DNS server fe80::1
               TECHEN-DC1                   PASS PASS PASS PASS WARN PASS n/a
         ......................... techencounters.local passed test DNS

 

PS C:\Windows\system32> Repadmin /showrepl

Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\TECHEN-DC1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 65145d0e-e0c0-43b4-a847-b58f11e4b1a8
DSA invocationID: 65145d0e-e0c0-43b4-a847-b58f11e4b1a8

==== INBOUND NEIGHBORS ======================================

DC=techencounters,DC=local
    Default-First-Site-Name\TECHEN-DC2 via RPC
        DSA object GUID: 526aa5fa-56f9-4bf1-8d17-aca5be387591
        Last attempt @ 2015-01-23 12:17:59 was successful.

CN=Configuration,DC=techencounters,DC=local
    Default-First-Site-Name\TECHEN-DC2 via RPC
        DSA object GUID: 526aa5fa-56f9-4bf1-8d17-aca5be387591
        Last attempt @ 2015-01-23 12:17:59 was successful.

CN=Schema,CN=Configuration,DC=techencounters,DC=local
    Default-First-Site-Name\TECHEN-DC2 via RPC
        DSA object GUID: 526aa5fa-56f9-4bf1-8d17-aca5be387591
        Last attempt @ 2015-01-23 12:17:59 was successful.

DC=DomainDnsZones,DC=techencounters,DC=local
    Default-First-Site-Name\TECHEN-DC2 via RPC
        DSA object GUID: 526aa5fa-56f9-4bf1-8d17-aca5be387591
        Last attempt @ 2015-01-23 12:17:59 was successful.

DC=ForestDnsZones,DC=techencounters,DC=local
    Default-First-Site-Name\TECHEN-DC2 via RPC
        DSA object GUID: 526aa5fa-56f9-4bf1-8d17-aca5be387591
        Last attempt @ 2015-01-23 12:17:59 was successful.

 

2008 R2 Server (DC2)

PS C:\Windows\system32> wmic.exe ComputerSystem get DomainRole
DomainRole
4

PS C:\Windows\system32> NetDOM /query FSMO
Schema master               TECHEN-DC1.techencounters.local
Domain naming master        TECHEN-DC1.techencounters.local
PDC                         TECHEN-DC1.techencounters.local
RID pool manager            TECHEN-DC1.techencounters.local
Infrastructure master       TECHEN-DC1.techencounters.local
The command completed successfully.

PS C:\Windows\system32> nslookup
Default Server:  localhost
Address:  ::1

PS C:\Users\aroshlw> DCDIAG /TEST:DNS

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = TECHEN-DC2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\TECHEN-DC2
      Starting test: Connectivity
         ......................... TECHEN-DC2 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\TECHEN-DC2

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... TECHEN-DC2 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : techencounters

   Running enterprise tests on : techencounters.local
      Starting test: DNS
         Test results for domain controllers:

            DC: TECHEN-DC2.techencounters.local
            Domain: techencounters.local


               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record in zone techencounters.local

               TECHEN-DC2                   PASS PASS PASS PASS WARN PASS n/a
         ......................... techencounters.local passed test DNS

 

PS C:\Users\aroshlw> Repadmin /showrepl
 

Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\TECHEN-DC2
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 526aa5fa-56f9-4bf1-8d17-aca5be387591
DSA invocationID: bd7d7c99-e814-4efb-9743-da4f1c629a2e

==== INBOUND NEIGHBORS ======================================

DC=techencounters,DC=local
    Default-First-Site-Name\TECHEN-DC1 via RPC
        DSA object GUID: 65145d0e-e0c0-43b4-a847-b58f11e4b1a8
        Last attempt @ 2015-01-23 13:04:59 was successful.

CN=Configuration,DC=techencounters,DC=local
    Default-First-Site-Name\TECHEN-DC1 via RPC
        DSA object GUID: 65145d0e-e0c0-43b4-a847-b58f11e4b1a8
        Last attempt @ 2015-01-23 12:24:50 was successful.

CN=Schema,CN=Configuration,DC=techencounters,DC=local
    Default-First-Site-Name\TECHEN-DC1 via RPC
        DSA object GUID: 65145d0e-e0c0-43b4-a847-b58f11e4b1a8
        Last attempt @ 2015-01-23 12:24:50 was successful.

DC=DomainDnsZones,DC=techencounters,DC=local
    Default-First-Site-Name\TECHEN-DC1 via RPC
        DSA object GUID: 65145d0e-e0c0-43b4-a847-b58f11e4b1a8
        Last attempt @ 2015-01-23 12:24:50 was successful.

DC=ForestDnsZones,DC=techencounters,DC=local
    Default-First-Site-Name\TECHEN-DC1 via RPC
        DSA object GUID: 65145d0e-e0c0-43b4-a847-b58f11e4b1a8
        Last attempt @ 2015-01-23 12:24:50 was successful.

 

 

Any ideas?



#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 23 January 2015 - 10:06 AM

Didn't do the nslookups as requested.  Looks like DC 2 is bound to ipv6 and DC1 is bound to ipv4.  Does not appear DC1 has a host NS record in DNS since it came up "unknown".

 

PS C:\Windows\system32> nslookup
Default Server:  localhost
Address:  ::1

 

PS C:\Windows\system32> nslookup
Default Server:  UnKnown
Address:  192.168.1.11

understand what to do?  Both should be talking the same protocol


Edited by Wand3r3r, 23 January 2015 - 06:41 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users