The first thing I would do is visually inspect all of the DNS records for the DCs and make sure they are all up to snuff with the new correct Ips and that the DCs are all pointing at the right Ips for the DNS servers.
joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brahim Bouchaiba Sent: Tuesday, August 03, 2004 9:48 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Checklist for changing IP Address on DC Hello Guys, I Followed the same steps to change the IP"s of 2 DC"s that I have but after I made the change I start getting replication errors.the event log is showing RPC server is unavailable .I tried forcing the replication but no success.I can ping both DC's from each other by names and IP's the dcdiag is showing errors: DC Diagnosis Performing initial setup: Done gathering initial info. Doing initial non skippeable tests Testing server: Default-First-Site-Name\EMMA2 Starting test: Connectivity ......................... EMMA2 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\EMMA2 Starting test: Replications [Replications Check,EMMA2] A recent replication attempt failed: From EMMA1 to EMMA2 Naming Context: CN=Schema,CN=Configuration,DC=emmanuel,DC=edu The replication generated an error (1722): The RPC server is unavailable. The failure occurred at 2004-08-03 08:48.02. The last success occurred at 2004-08-03 06:48.41. 5 failures have occurred since the last success. [EMMA1] DsBind() failed with error 1722, The RPC server is unavailable.. The source remains down. Please check the machine. [Replications Check,EMMA2] A recent replication attempt failed: From EMMA1 to EMMA2 Naming Context: CN=Configuration,DC=emmanuel,DC=edu The replication generated an error (1722): The RPC server is unavailable. The failure occurred at 2004-08-03 07:54.41. The last success occurred at 2004-08-03 07:23.03. 5 failures have occurred since the last success. The source remains down. Please check the machine. [Replications Check,EMMA2] A recent replication attempt failed: From EMMA1 to EMMA2 Naming Context: DC=emmanuel,DC=edu The replication generated an error (1722): The RPC server is unavailable. The failure occurred at 2004-08-03 08:50.07. The last success occurred at 2004-08-03 07:24.25. 8 failures have occurred since the last success. The source remains down. Please check the machine. ......................... EMMA2 passed test Replications Starting test: NCSecDesc ......................... EMMA2 passed test NCSecDesc Starting test: NetLogons ......................... EMMA2 passed test NetLogons Starting test: Advertising ......................... EMMA2 passed test Advertising Starting test: KnowsOfRoleHolders Warning: EMMA1 is the Schema Owner, but is not responding to DS RPC Bi d. Warning: EMMA1 is the Domain Owner, but is not responding to DS RPC Bi d. Warning: EMMA1 is the PDC Owner, but is not responding to DS RPC Bind. Warning: EMMA1 is the Rid Owner, but is not responding to DS RPC Bind. Warning: EMMA1 is the Infrastructure Update Owner, but is not respondi g to DS RPC Bind. ......................... EMMA2 failed test KnowsOfRoleHolders Starting test: RidManager [EMMA2] DsBindWithCred() failed with error 1722. The RPC server is una ailable. ......................... EMMA2 failed test RidManager Starting test: MachineAccount ......................... EMMA2 passed test MachineAccount Starting test: Services ......................... EMMA2 passed test Services Starting test: ObjectsReplicated ......................... EMMA2 passed test ObjectsReplicated Starting test: frssysvol Error: No record of File Replication System, SYSVOL started. The Active Directory may be prevented from starting. ......................... EMMA2 passed test frssysvol Starting test: kccevent ......................... EMMA2 passed test kccevent Starting test: systemlog ......................... EMMA2 passed test systemlog Running enterprise tests on : emmanuel.edu Starting test: Intersite ......................... emmanuel.edu passed test Intersite Starting test: FsmoCheck ......................... emmanuel.edu passed test FsmoCheck Any help is appreciated.thanks [EMAIL PROTECTED] writes: >Hi Roger, > >This is interesting. When I was going through the design process a >couple of years ago that was pretty much the best practice according to >Microsoft (primarily the Branch Office guides) where the 'island' >problem was laid out. We also had this validated by an external source. > >Our Unix/ BIND environment has a similar configuration (well basically >127.0.0.1) but its not fair to compare that. > >Carefully reading that KB article reflects pretty much the same scenario. >If >I think about it further, both these child DC's are in the same network >segment with very connectivity, so resolution (for that DC as a DNS >client) >is local and so is re-registration through (netlogon.dns) the netlogon >service. But neither DC is authoritative for the zone that comprises >the domain controller locator CNAME record for DsaGuid._msdcs.ForestName. > >In fact, the article even states that after all these records are >updated through ADI (in the forest root domain) the DNS servers may be >changed to point themselves as their P DNS..... > >I am finding it hard to grasp this conecpt. > >Thanks, > > >----Original Message Follows---- >From: "Roger Seielstad" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: <[EMAIL PROTECTED]> >Subject: RE: [ActiveDir] Checklist for changing IP Address on DC >Date: Wed, 9 Jun 2004 07:46:49 -0400 > >I'm with Rick on this one - even though its not the root domain, it >doesn't matter. I'd still have all DC's point to peers for DNS >resolution. > >-------------------------------------------------------------- >Roger D. Seielstad - MTS MCSE MS-MVP >Sr. Systems Administrator >Inovis Inc. > > > > -----Original Message----- > > From: Devan Pala [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, June 08, 2004 11:35 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Checklist for changing IP Address on DC > > > > Hi Rick, > > > > Ah yes, the 'Island' issue...fortunately these are the child domain > > controllers (NOT authoritative for the _msdcs.ForestDNSName > > zone) the root > > domain controllers at our hub site are setup as you suggested 8-)). > > That is why I have this particular zone setup as secondaries on all > > child DC's to help with replication issues. > > > > Thank You for your reply. > > Devan. > > > > ----Original Message Follows---- > > From: "Rick Kingslan" <[EMAIL PROTECTED]> > > Reply-To: [EMAIL PROTECTED] > > To: <[EMAIL PROTECTED]> > > Subject: RE: [ActiveDir] Checklist for changing IP Address on DC > > Date: Tue, 8 Jun 2004 20:46:43 -0500 > > > > Devan, > > > > Looking over your plan - it all looks fine. You should be quite > > successful with getting the IP update done. > > > > However, I would like to submit and suggest that instead of > > DC1 DNS being > > set as: > > > > Primary: DC1 > > Secondary: DC2 > > > > Set it like this: > > > > Primary: DC2 > > Secondary DC1 > > > > If you have more than one DNS server, it's always a good idea to > > look at your peer for your lookups rather than yourself - especially > > if you are AD Integrated. Reasoning for this is to prevent the DNS > > servers from becoming 'islands' for the CNAME _msdcs.ForestDNSName > > records in your name resolution infrastructure. > > > > See this KB for more info. > > http://support.microsoft.com/default.aspx?scid=kb;en-us;275278 > > > > Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: > > Windows Server / Directory Services > > Windows Server / Rights Management > > Windows Security (Affiliate) > > Associate Expert > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > WebLog - www.msmvps.com/willhack4food > > > > > > > > _____ > > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala > > Sent: Tuesday, June 08, 2004 4:19 PM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] Checklist for changing IP Address on DC > > > > > > > > Hi all, > > > > I have 2 DC's in a site that need IP's to be updated to > > reflect network > > changes. > > > > Both DC's are DNS servers (ADI), DHCP servers (with manual > > redundant scopes, > > which are not changing). Each point to themselves for DNS and > > the other for > > secondary, with forwarding enabled to the forest root DNS servers. > > > > Here's my plan: > > > > On DC2: > > > > 1. Change the primary (P) DNS server to point to DC1 and > > secondary (S) > > to itself > > > > 2. Change all IP configuration (to reflect new IP segment > > & physically > > move the cable) > > > > 3. Test connectivity (pinging loopback adapter, IP, GW etc.) > > > > 4. Flush the DNS resolver cache > > > > 5. Re-register DNS names > > > > 6. Check DNS entry for DC2 on DC1's DNS server > > > > 7. Test name resolution on DC1 and subsequently DC2 > > > > 8. Change the P & S DNS server settings to point to itself and its > > replication partner or DC2 > > > > 9. Bounce the DNS and Netlogon services on DC2 > > > > 10. Check DNS entry on DC2 to verify correct name to IP > > entry (for DC2) > > > > 11. Test name resolution on DC2 > > > > 12. Change the DHCP client parameters (to reflect new DNS server and > > DHCP server) on both DC1 and DC2, restart DHCP server service on DC2 > > > > 13. Update secondary zone transfers for forest-wide locator > > records on > > master server (DC1) > > > > 14. Repeat steps for DC1 when DC2 is operational with new IP > > configuration, except for few different things like master > > server for DC1 > > (for secondary zone transfers etc.) > > > > I am just trying to verify my steps and see if I'm missing > > anything or any > > gotchas before proceeding... > > > > Thanks, > > List info : http://www.activedir.org/mail_list.htm List FAQ : > > http://www.activedir.org/list_faq.htm List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
