Win2k8 AD Replication problem

By neil.scott ·
I installed a Win2k8 domain controller (let's call it DC1) successfully in my lab situation.
I then installed a new server (lets call it DC2) and then promoted it as a second domain controller.
This went well, the AD user accounts from DC1 were replicated to DC2.

A problem developed after I rebooted DC1. The boot process takes hangs for 5-10 minutes with the message "Applying computer settings" displayed.

The Active Directory Domain Services log has the following entry:

"Active Directory Domain Services could not use DNS to resolve the IP address of the source domain controller listed below. . . ."

There are other log entries in the system indicating that replication has failed.

Forcing replication also fails.

DC1 and DC2 are connected on the same network and are members of the same domain.

Are there additional steps such as DNS forwarding, zone transfers etc required to get replication to work?

Is there an authorization problem?

Initially, I had the following IPv4 Networking details:

DNS : pointing to itself

DNS : pointing to DC1

I have now tried criss-crossing DNS addresses so that:

DC1's primary DNS address points to DC2
DC2's primary DNS address points to DC1

Using nslookup I can resolve names and IP addresses correctly, but the issue of replication exists.

Thanks in advance.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Couple of tricks

by ian.wall In reply to Win2k8 AD Replication pro ...

I'd start by demoting the second domain controller, or if it's in a lab start again from scratch if you can.

I have found a couple of annoyances on Server 2008 (which are actually important but annoying when you forget to turn them off) such as Windows Firewall.

Try to telnet to DC2 on port 53 and see what happens. If you get a failure to connect it's most likely Windows Firewall.

Check your authorised zone transfers and see how it is transferring might be that zone transfers are disabled or DC2 isn't in the name server list and thus isn't sent the details.

Let us know how you get on :)

Collapse -

No solution yet

by neil.scott In reply to Couple of tricks

I have images of my system that I am able to return to and start over from scratch. I have done this a few times and I end up with the the same problem.

Disabling the windows firewall didn't help.

I did notice that zone transfers were disabled, but after enabling them for all servers it didn't help either.

I have run dcdiag and repadmin and both commands produce errors with replication.

It seems that the other DC cannot be contacted when replication is attempted.

DNS lookups and pinging by names works flawlessly.

I can only put it down to a setup issue prior to promoting the second domain controller, or maybe an incorrect step during the dcpromo wizard. Having said that I did follow the TechNet tutorial on adding a second domain controller.

Are there any tricks required to prepare the server before promotion?

Collapse -

making a DC doesn't necessarily creae a DNS server

by CG IT In reply to Win2k8 AD Replication pro ...

Sounds like there is no DNS server running on DC #2 which can resolve queries for the DNS zone.

If you change DC #1s primary DNS server to itself, and DC #2s primary DNS server to DC #1, probably will work.

To get failover, you have to install DNS server on DC #2 and set zone transfers to Active Directory intergrated. AD intergrated zone transfers should allow the zone on your DNS server running on DC #1 to transfer to the DNS server running on DC #2.

Check with Microsoft Technet for the how to article on installing DNS on a second DC for failover and redundancy.

AD replication only replicates Active Directory, not DNS

Collapse -

Replication temporarlily working

by neil.scott In reply to making a DC doesn't neces ...

I have been able to get replication working based on the suggestions given, but as soon as I reboot either server, they take forever to reach the logon page and replication stops working.

DNS resolution works fine, it's just the replication that is broken.

I have tried everything I can to get this to work, but it's simply not happening.

I would have thought that it would be easier than this. It shouldn't take this much effort.

I don't know what to try next.

Related Discussions

Related Forums