RE: [ActiveDir] Trying to run DCPromo and getting error 5171

[Rick Kingslan]

Title: Message

Replying off-line, as this whole thing is a bit out of control.   By all means, Diane - you're right.  It 1) shouldn't be this flippin' hard and 2) shouldn't be this flippin' hard.   As I'm sure tht you've followed, I've suggested the same thing at least twice, and Steve never comes back with the information requested or any results that make any logical sense at all.  I'm nearly convinced that his DNS is not accepting updates and the DNS server does not have the AD zones registered.  That wou;d explain why the GUIDs are not being resolved - because they don't exist.   But, I've asked him at least once before to check it visually.  Still no feedback.   Some folks You just can't help - no matter how much you want to.   Regardless - I'm back to reviewing Robbie Allen's new book.  Just a few days left on the review cycle and then it's copy edit time.  :-D   Take care! Rick Kingslan  MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Diane Ayers Sent: Tuesday, June 10, 2003 10:31 PM To: [EMAIL PROTECTED] Not being there, it hard to guess the problem via an email thread _but_ if NSlookup won't connect to a name server by IP address, that gives me a clear indication that something is up with DNS.  A missing PTR record(s) should have not impact with connecting to the name server with the NSlookup command via IP address.   We just had a situation this week where our NetOps guys decided to upgrade the DNS boxes without letting us know.  There where problems with the upgrades and the NetOps guys did not catch it.  Our exchange servers could no longer route mail.  A lot of folks scratching heads and calls to MS PSS.  A quick check with NSlookup to the nameserver that the servers were using showed the source of the problem.  The server could not enumerate the records for the AD zone....   Diane From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Tuesday, June 10, 2003 7:54 PM To: [EMAIL PROTECTED] Steve, Diane -   I agree that there is clearly something wrong with the DNS.  But, I'm not so sure that this is the indication.  This can also be caused (most likely) by a missing Reverse Lookup.   This was mentioned once before - have you looked into this yet, Steve?   I'm much more concerned with the missing registration for the GUID.   Steve - we (collectively) have made some suggestions.  Have you followed up on:   Checking the registration of the Active Directory Zones in DNS?  You should see 4:   _msdcs _sites _tcp _udp   Do these exist?  If not, go to the DNS applet and right click your domain fanmats.com.  Make sure that you're set for 'Yes' in Allow Dynamic Updates.  Go to Services, then stop and then start 'Netlogon'.  This will force a registration of DNS zones.   Please follow ALL STEPS on this page.  Some have been outlined here time and again by other people, but the steps need to be followed.   http://www.microsoft.com/windows2000/dns/tshoot/dns_tshoot2A.asp   This is a common problem.  DNS can be a real bear, but AD will NOT WORK without it.  You have to get this right, as you're finding.   And, if you want to bring back BOTH netdiag and dcdiag results (successful or not - many time successful results tell me a lot) please run them as follows:   dcdiag /fix   netdiag /fix   dcdiag /v /f:dcdiag.log   netdiag /debug /l  (this will automatically create a netdiag.log)   Good luck - we'll be waiting to here what you have found.   Rick Kingslan  MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone         From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Diane Ayers Sent: Tuesday, June 10, 2003 8:57 PM To: [EMAIL PROTECTED] >Can't find server name for address 172.16.0.30   If NSlookup can't connect to that IP address, something is fubar with the DNS service on 172.16.0.30.  Can you telnet to port 53 (DNS) on that box?  "telnet 172.16.0.30 53"   Diane From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of steve Sent: Tuesday, June 10, 2003 6:33 PM To: [EMAIL PROTECTED] Still having DNS problems!   I was able to run NLTEST and it passed. Went through both SERVERS and verified that it had 172.16.0.30 for DNS setting. “S2.fanmats.com”.   NSLOOKUP fails on both servers with errors. Please refer to NSLOOKUP.txt.   DCDDIAG.EXE FAILS. Please refer to DCDDIAG2.txt   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Monday, June 09, 2003 7:40 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Trying to run DCPromo and getting error 5171   Is the second machine pointing to the first server for DNS?     -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- From: steve [mailto:[EMAIL PROTECTED] Sent: Sunday, June 08, 2003 2:14 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Trying to run DCPromo and getting error 5171 Environment: 2 new servers   Servers Configuration: Windows 2000 as workgroup. Ran DcPromo on the server1. Verified that DNS was setup correctly, can ping server by name. Not using WINS.   Problem: Can't make second Server a DC.   Error message: When running DcPromo on second server, I receive the same error message. The link below explains my error message.   http://www.microsoft.com/windows2000/dns/tshoot/     Thanks, Steve