DCPROMO in remote office

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have a site-to-site VPN connection between my main office and a remote
office. I want to setup a DC (DC2) in the remote office to join the existing
domain in my main office. I have set DC2's Local Area Network DNS settings
to point to the DNS server (DC1) at my main office. From DC2 I can ping
DC1's DNS name but when I try to run dcpromo on DC2 I get an error
indicating there is likely a DNS problem. DNS in my main office is working
fine. I have found articles discussing moving a DC to a remote site or
staging a DC in a main site then moving to a remote site but not any about
setting up the first DC in a remote site.

Any assistance is appreciated. Thanks!
11 answers Last reply
More about dcpromo remote office
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    What type of firewall do you have between the two? You have probably
    blocked needed ports.

    --

    Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

    This posting is provided "AS IS" with no warranties, and confers no rights.


    "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
    > I have a site-to-site VPN connection between my main office and a remote
    > office. I want to setup a DC (DC2) in the remote office to join the
    existing
    > domain in my main office. I have set DC2's Local Area Network DNS
    settings
    > to point to the DNS server (DC1) at my main office. From DC2 I can ping
    > DC1's DNS name but when I try to run dcpromo on DC2 I get an error
    > indicating there is likely a DNS problem. DNS in my main office is
    working
    > fine. I have found articles discussing moving a DC to a remote site or
    > staging a DC in a main site then moving to a remote site but not any about
    > setting up the first DC in a remote site.
    >
    > Any assistance is appreciated. Thanks!
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    The sites are connected via Cisco Pix 515E and 501. What ports are needed?
    As I mentioned in the original message, I can ping from DC2 using the DNS
    name of DC1 and it works but nslookup from DC2 to DC1 does not work.

    "Paul Bergson" wrote:

    > What type of firewall do you have between the two? You have probably
    > blocked needed ports.
    >
    > --
    >
    > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    > message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
    > > I have a site-to-site VPN connection between my main office and a remote
    > > office. I want to setup a DC (DC2) in the remote office to join the
    > existing
    > > domain in my main office. I have set DC2's Local Area Network DNS
    > settings
    > > to point to the DNS server (DC1) at my main office. From DC2 I can ping
    > > DC1's DNS name but when I try to run dcpromo on DC2 I get an error
    > > indicating there is likely a DNS problem. DNS in my main office is
    > working
    > > fine. I have found articles discussing moving a DC to a remote site or
    > > staging a DC in a main site then moving to a remote site but not any about
    > > setting up the first DC in a remote site.
    > >
    > > Any assistance is appreciated. Thanks!
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    The sites are connected via Cisco 515E(main office) and 501(remote). What
    ports do I need to open? Like I said my original post, I can ping both ways
    using the DNS names of the servers at both the remote site and the main
    office site.

    "Paul Bergson" wrote:

    > What type of firewall do you have between the two? You have probably
    > blocked needed ports.
    >
    > --
    >
    > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    > message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
    > > I have a site-to-site VPN connection between my main office and a remote
    > > office. I want to setup a DC (DC2) in the remote office to join the
    > existing
    > > domain in my main office. I have set DC2's Local Area Network DNS
    > settings
    > > to point to the DNS server (DC1) at my main office. From DC2 I can ping
    > > DC1's DNS name but when I try to run dcpromo on DC2 I get an error
    > > indicating there is likely a DNS problem. DNS in my main office is
    > working
    > > fine. I have found articles discussing moving a DC to a remote site or
    > > staging a DC in a main site then moving to a remote site but not any about
    > > setting up the first DC in a remote site.
    > >
    > > Any assistance is appreciated. Thanks!
    >
    >
    >
  4. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Does the machine's host (A) record show up in the zone? Does the machine
    have a statice ip address(no offense intended)? If not, on DC2 enter a
    static ip address, go to a comand prompt and type: ipconfig /registerdns.
    Next, join the machine to the domain and restart. When the DC2 is backup,
    try dcpromo again. It may be possible that the f/w is blocking something,
    but start simple then try difficult. Not sure what ports may be used to
    communicate...139, 389, or 443?

    Chris

    "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    message news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
    > The sites are connected via Cisco 515E(main office) and 501(remote). What
    > ports do I need to open? Like I said my original post, I can ping both
    ways
    > using the DNS names of the servers at both the remote site and the main
    > office site.
    >
    > "Paul Bergson" wrote:
    >
    > > What type of firewall do you have between the two? You have probably
    > > blocked needed ports.
    > >
    > > --
    > >
    > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    > >
    > > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    > >
    > >
    > >
    > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    > > message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
    > > > I have a site-to-site VPN connection between my main office and a
    remote
    > > > office. I want to setup a DC (DC2) in the remote office to join the
    > > existing
    > > > domain in my main office. I have set DC2's Local Area Network DNS
    > > settings
    > > > to point to the DNS server (DC1) at my main office. From DC2 I can
    ping
    > > > DC1's DNS name but when I try to run dcpromo on DC2 I get an error
    > > > indicating there is likely a DNS problem. DNS in my main office is
    > > working
    > > > fine. I have found articles discussing moving a DC to a remote site
    or
    > > > staging a DC in a main site then moving to a remote site but not any
    about
    > > > setting up the first DC in a remote site.
    > > >
    > > > Any assistance is appreciated. Thanks!
    > >
    > >
    > >
  5. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    No, there isn't an host record because at this point the machine (DC2) isn't
    part of the domain. I wasn't sure if I should try to have it join at this
    point but I will. And, yes, it has a static ip in it's network.

    Thanks (and No offense taken Chris. )

    Hugh

    "C Hall" wrote:

    > Does the machine's host (A) record show up in the zone? Does the machine
    > have a statice ip address(no offense intended)? If not, on DC2 enter a
    > static ip address, go to a comand prompt and type: ipconfig /registerdns.
    > Next, join the machine to the domain and restart. When the DC2 is backup,
    > try dcpromo again. It may be possible that the f/w is blocking something,
    > but start simple then try difficult. Not sure what ports may be used to
    > communicate...139, 389, or 443?
    >
    > Chris
    >
    > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    > message news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
    > > The sites are connected via Cisco 515E(main office) and 501(remote). What
    > > ports do I need to open? Like I said my original post, I can ping both
    > ways
    > > using the DNS names of the servers at both the remote site and the main
    > > office site.
    > >
    > > "Paul Bergson" wrote:
    > >
    > > > What type of firewall do you have between the two? You have probably
    > > > blocked needed ports.
    > > >
    > > > --
    > > >
    > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    > > >
    > > > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    > > >
    > > >
    > > >
    > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    > > > message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
    > > > > I have a site-to-site VPN connection between my main office and a
    > remote
    > > > > office. I want to setup a DC (DC2) in the remote office to join the
    > > > existing
    > > > > domain in my main office. I have set DC2's Local Area Network DNS
    > > > settings
    > > > > to point to the DNS server (DC1) at my main office. From DC2 I can
    > ping
    > > > > DC1's DNS name but when I try to run dcpromo on DC2 I get an error
    > > > > indicating there is likely a DNS problem. DNS in my main office is
    > > > working
    > > > > fine. I have found articles discussing moving a DC to a remote site
    > or
    > > > > staging a DC in a main site then moving to a remote site but not any
    > about
    > > > > setting up the first DC in a remote site.
    > > > >
    > > > > Any assistance is appreciated. Thanks!
    > > >
    > > >
    > > >
    >
    >
    >
  6. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hugh,

    In my experience, it's been best to make sure the dns server has a host
    record for the server joining the domain first and have the server join the
    domain before dcpromo. It just seems to go more smoothly.

    Good luck!
    Chris


    "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    message news:577B9CA6-9C93-4A0D-B232-C7A608262316@microsoft.com...
    > No, there isn't an host record because at this point the machine (DC2)
    isn't
    > part of the domain. I wasn't sure if I should try to have it join at this
    > point but I will. And, yes, it has a static ip in it's network.
    >
    > Thanks (and No offense taken Chris. )
    >
    > Hugh
    >
    > "C Hall" wrote:
    >
    > > Does the machine's host (A) record show up in the zone? Does the machine
    > > have a statice ip address(no offense intended)? If not, on DC2 enter a
    > > static ip address, go to a comand prompt and type: ipconfig
    /registerdns.
    > > Next, join the machine to the domain and restart. When the DC2 is
    backup,
    > > try dcpromo again. It may be possible that the f/w is blocking
    something,
    > > but start simple then try difficult. Not sure what ports may be used to
    > > communicate...139, 389, or 443?
    > >
    > > Chris
    > >
    > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    > > message news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
    > > > The sites are connected via Cisco 515E(main office) and 501(remote).
    What
    > > > ports do I need to open? Like I said my original post, I can ping
    both
    > > ways
    > > > using the DNS names of the servers at both the remote site and the
    main
    > > > office site.
    > > >
    > > > "Paul Bergson" wrote:
    > > >
    > > > > What type of firewall do you have between the two? You have
    probably
    > > > > blocked needed ports.
    > > > >
    > > > > --
    > > > >
    > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    > > > >
    > > > > This posting is provided "AS IS" with no warranties, and confers no
    > > rights.
    > > > >
    > > > >
    > > > >
    > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote
    in
    > > > > message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
    > > > > > I have a site-to-site VPN connection between my main office and a
    > > remote
    > > > > > office. I want to setup a DC (DC2) in the remote office to join
    the
    > > > > existing
    > > > > > domain in my main office. I have set DC2's Local Area Network DNS
    > > > > settings
    > > > > > to point to the DNS server (DC1) at my main office. From DC2 I
    can
    > > ping
    > > > > > DC1's DNS name but when I try to run dcpromo on DC2 I get an
    error
    > > > > > indicating there is likely a DNS problem. DNS in my main office
    is
    > > > > working
    > > > > > fine. I have found articles discussing moving a DC to a remote
    site
    > > or
    > > > > > staging a DC in a main site then moving to a remote site but not
    any
    > > about
    > > > > > setting up the first DC in a remote site.
    > > > > >
    > > > > > Any assistance is appreciated. Thanks!
    > > > >
    > > > >
    > > > >
    > >
    > >
    > >
  7. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Chris,

    After your last reply I "joined" the server to my domain without incident.
    I waited about an hour then ran dcpromo. I'm still getting the same error,
    it can't contact the active directory domain controller for the domain.
    Seems weird since it was able to "join" the domain. NSLOOKUP ON DC2 (remote
    office) gives the same results, "Can't find server name for address (of my
    main office dns servers). Yet, if i run NSLOOKUP on my main office domain
    controller (DC1) which is one of my DNS servers it finds DC2. I think it's
    got to be a DNS issue on the remote site side. Should I configure DNS on the
    server that I am trying to run dcpromo on (DC2)? If so, should I copy from
    an existing file on another dns server in my domain?

    Thanks for your help Chris,

    Hugh
    "C Hall" wrote:

    > Hugh,
    >
    > In my experience, it's been best to make sure the dns server has a host
    > record for the server joining the domain first and have the server join the
    > domain before dcpromo. It just seems to go more smoothly.
    >
    > Good luck!
    > Chris
    >
    >
    > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    > message news:577B9CA6-9C93-4A0D-B232-C7A608262316@microsoft.com...
    > > No, there isn't an host record because at this point the machine (DC2)
    > isn't
    > > part of the domain. I wasn't sure if I should try to have it join at this
    > > point but I will. And, yes, it has a static ip in it's network.
    > >
    > > Thanks (and No offense taken Chris. )
    > >
    > > Hugh
    > >
    > > "C Hall" wrote:
    > >
    > > > Does the machine's host (A) record show up in the zone? Does the machine
    > > > have a statice ip address(no offense intended)? If not, on DC2 enter a
    > > > static ip address, go to a comand prompt and type: ipconfig
    > /registerdns.
    > > > Next, join the machine to the domain and restart. When the DC2 is
    > backup,
    > > > try dcpromo again. It may be possible that the f/w is blocking
    > something,
    > > > but start simple then try difficult. Not sure what ports may be used to
    > > > communicate...139, 389, or 443?
    > > >
    > > > Chris
    > > >
    > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    > > > message news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
    > > > > The sites are connected via Cisco 515E(main office) and 501(remote).
    > What
    > > > > ports do I need to open? Like I said my original post, I can ping
    > both
    > > > ways
    > > > > using the DNS names of the servers at both the remote site and the
    > main
    > > > > office site.
    > > > >
    > > > > "Paul Bergson" wrote:
    > > > >
    > > > > > What type of firewall do you have between the two? You have
    > probably
    > > > > > blocked needed ports.
    > > > > >
    > > > > > --
    > > > > >
    > > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    > > > > >
    > > > > > This posting is provided "AS IS" with no warranties, and confers no
    > > > rights.
    > > > > >
    > > > > >
    > > > > >
    > > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote
    > in
    > > > > > message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
    > > > > > > I have a site-to-site VPN connection between my main office and a
    > > > remote
    > > > > > > office. I want to setup a DC (DC2) in the remote office to join
    > the
    > > > > > existing
    > > > > > > domain in my main office. I have set DC2's Local Area Network DNS
    > > > > > settings
    > > > > > > to point to the DNS server (DC1) at my main office. From DC2 I
    > can
    > > > ping
    > > > > > > DC1's DNS name but when I try to run dcpromo on DC2 I get an
    > error
    > > > > > > indicating there is likely a DNS problem. DNS in my main office
    > is
    > > > > > working
    > > > > > > fine. I have found articles discussing moving a DC to a remote
    > site
    > > > or
    > > > > > > staging a DC in a main site then moving to a remote site but not
    > any
    > > > about
    > > > > > > setting up the first DC in a remote site.
    > > > > > >
    > > > > > > Any assistance is appreciated. Thanks!
    > > > > >
    > > > > >
    > > > > >
    > > >
    > > >
    > > >
    >
    >
    >
  8. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hmmmm...you did say that DC2 has DC1 as the only DNS server, correct? This
    isn't really the solution, but while we're talking about DNS....on DC1, do
    you have it pointing to itself as the DNS server? And only itself...ie. no
    ISP dns servers...

    On DC2, CMD.EXE > ipconfig /flushdns. On DC1, stop and start the DNS service
    and the NETLOGON server. Try nslookup again on DC2.

    Chris


    "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    message news:F8BFC0ED-A283-41A7-9B11-1008FF7CB7EF@microsoft.com...
    > Chris,
    >
    > After your last reply I "joined" the server to my domain without incident.
    > I waited about an hour then ran dcpromo. I'm still getting the same
    error,
    > it can't contact the active directory domain controller for the domain.
    > Seems weird since it was able to "join" the domain. NSLOOKUP ON DC2
    (remote
    > office) gives the same results, "Can't find server name for address (of my
    > main office dns servers). Yet, if i run NSLOOKUP on my main office domain
    > controller (DC1) which is one of my DNS servers it finds DC2. I think
    it's
    > got to be a DNS issue on the remote site side. Should I configure DNS on
    the
    > server that I am trying to run dcpromo on (DC2)? If so, should I copy
    from
    > an existing file on another dns server in my domain?
    >
    > Thanks for your help Chris,
    >
    > Hugh
    > "C Hall" wrote:
    >
    > > Hugh,
    > >
    > > In my experience, it's been best to make sure the dns server has a host
    > > record for the server joining the domain first and have the server join
    the
    > > domain before dcpromo. It just seems to go more smoothly.
    > >
    > > Good luck!
    > > Chris
    > >
    > >
    > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    > > message news:577B9CA6-9C93-4A0D-B232-C7A608262316@microsoft.com...
    > > > No, there isn't an host record because at this point the machine (DC2)
    > > isn't
    > > > part of the domain. I wasn't sure if I should try to have it join at
    this
    > > > point but I will. And, yes, it has a static ip in it's network.
    > > >
    > > > Thanks (and No offense taken Chris. )
    > > >
    > > > Hugh
    > > >
    > > > "C Hall" wrote:
    > > >
    > > > > Does the machine's host (A) record show up in the zone? Does the
    machine
    > > > > have a statice ip address(no offense intended)? If not, on DC2 enter
    a
    > > > > static ip address, go to a comand prompt and type: ipconfig
    > > /registerdns.
    > > > > Next, join the machine to the domain and restart. When the DC2 is
    > > backup,
    > > > > try dcpromo again. It may be possible that the f/w is blocking
    > > something,
    > > > > but start simple then try difficult. Not sure what ports may be used
    to
    > > > > communicate...139, 389, or 443?
    > > > >
    > > > > Chris
    > > > >
    > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote
    in
    > > > > message news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
    > > > > > The sites are connected via Cisco 515E(main office) and
    501(remote).
    > > What
    > > > > > ports do I need to open? Like I said my original post, I can ping
    > > both
    > > > > ways
    > > > > > using the DNS names of the servers at both the remote site and the
    > > main
    > > > > > office site.
    > > > > >
    > > > > > "Paul Bergson" wrote:
    > > > > >
    > > > > > > What type of firewall do you have between the two? You have
    > > probably
    > > > > > > blocked needed ports.
    > > > > > >
    > > > > > > --
    > > > > > >
    > > > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    > > > > > >
    > > > > > > This posting is provided "AS IS" with no warranties, and confers
    no
    > > > > rights.
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com>
    wrote
    > > in
    > > > > > > message
    news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
    > > > > > > > I have a site-to-site VPN connection between my main office
    and a
    > > > > remote
    > > > > > > > office. I want to setup a DC (DC2) in the remote office to
    join
    > > the
    > > > > > > existing
    > > > > > > > domain in my main office. I have set DC2's Local Area Network
    DNS
    > > > > > > settings
    > > > > > > > to point to the DNS server (DC1) at my main office. From DC2
    I
    > > can
    > > > > ping
    > > > > > > > DC1's DNS name but when I try to run dcpromo on DC2 I get an
    > > error
    > > > > > > > indicating there is likely a DNS problem. DNS in my main
    office
    > > is
    > > > > > > working
    > > > > > > > fine. I have found articles discussing moving a DC to a
    remote
    > > site
    > > > > or
    > > > > > > > staging a DC in a main site then moving to a remote site but
    not
    > > any
    > > > > about
    > > > > > > > setting up the first DC in a remote site.
    > > > > > > >
    > > > > > > > Any assistance is appreciated. Thanks!
    > > > > > >
    > > > > > >
    > > > > > >
    > > > >
    > > > >
    > > > >
    > >
    > >
    > >
  9. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Chris,

    First I should add that I have 2 domain controllers in the main office for
    redundancy and both also run DNS. Neither have an ISP DNS configured on
    them, they point to themselves. My ISP DNS is setup as Forwarders.

    I did the dns flush and stop/start DNS Server and Netlogon (on both DC's at
    the main office). Problem still exist on DC2. Since you are a "Cisco"
    certified guy, do you know if I need to open any special ports on the Pix
    even if I'm using a VPN Tunnel? (You know everything about cisco stuff,
    right? ...sorry, couldn't resist)

    Thanks,
    Hugh

    "C Hall" wrote:

    > Hmmmm...you did say that DC2 has DC1 as the only DNS server, correct? This
    > isn't really the solution, but while we're talking about DNS....on DC1, do
    > you have it pointing to itself as the DNS server? And only itself...ie. no
    > ISP dns servers...
    >
    > On DC2, CMD.EXE > ipconfig /flushdns. On DC1, stop and start the DNS service
    > and the NETLOGON server. Try nslookup again on DC2.
    >
    > Chris
    >
    >
    > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    > message news:F8BFC0ED-A283-41A7-9B11-1008FF7CB7EF@microsoft.com...
    > > Chris,
    > >
    > > After your last reply I "joined" the server to my domain without incident.
    > > I waited about an hour then ran dcpromo. I'm still getting the same
    > error,
    > > it can't contact the active directory domain controller for the domain.
    > > Seems weird since it was able to "join" the domain. NSLOOKUP ON DC2
    > (remote
    > > office) gives the same results, "Can't find server name for address (of my
    > > main office dns servers). Yet, if i run NSLOOKUP on my main office domain
    > > controller (DC1) which is one of my DNS servers it finds DC2. I think
    > it's
    > > got to be a DNS issue on the remote site side. Should I configure DNS on
    > the
    > > server that I am trying to run dcpromo on (DC2)? If so, should I copy
    > from
    > > an existing file on another dns server in my domain?
    > >
    > > Thanks for your help Chris,
    > >
    > > Hugh
    > > "C Hall" wrote:
    > >
    > > > Hugh,
    > > >
    > > > In my experience, it's been best to make sure the dns server has a host
    > > > record for the server joining the domain first and have the server join
    > the
    > > > domain before dcpromo. It just seems to go more smoothly.
    > > >
    > > > Good luck!
    > > > Chris
    > > >
    > > >
    > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    > > > message news:577B9CA6-9C93-4A0D-B232-C7A608262316@microsoft.com...
    > > > > No, there isn't an host record because at this point the machine (DC2)
    > > > isn't
    > > > > part of the domain. I wasn't sure if I should try to have it join at
    > this
    > > > > point but I will. And, yes, it has a static ip in it's network.
    > > > >
    > > > > Thanks (and No offense taken Chris. )
    > > > >
    > > > > Hugh
    > > > >
    > > > > "C Hall" wrote:
    > > > >
    > > > > > Does the machine's host (A) record show up in the zone? Does the
    > machine
    > > > > > have a statice ip address(no offense intended)? If not, on DC2 enter
    > a
    > > > > > static ip address, go to a comand prompt and type: ipconfig
    > > > /registerdns.
    > > > > > Next, join the machine to the domain and restart. When the DC2 is
    > > > backup,
    > > > > > try dcpromo again. It may be possible that the f/w is blocking
    > > > something,
    > > > > > but start simple then try difficult. Not sure what ports may be used
    > to
    > > > > > communicate...139, 389, or 443?
    > > > > >
    > > > > > Chris
    > > > > >
    > > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote
    > in
    > > > > > message news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
    > > > > > > The sites are connected via Cisco 515E(main office) and
    > 501(remote).
    > > > What
    > > > > > > ports do I need to open? Like I said my original post, I can ping
    > > > both
    > > > > > ways
    > > > > > > using the DNS names of the servers at both the remote site and the
    > > > main
    > > > > > > office site.
    > > > > > >
    > > > > > > "Paul Bergson" wrote:
    > > > > > >
    > > > > > > > What type of firewall do you have between the two? You have
    > > > probably
    > > > > > > > blocked needed ports.
    > > > > > > >
    > > > > > > > --
    > > > > > > >
    > > > > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    > > > > > > >
    > > > > > > > This posting is provided "AS IS" with no warranties, and confers
    > no
    > > > > > rights.
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com>
    > wrote
    > > > in
    > > > > > > > message
    > news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
    > > > > > > > > I have a site-to-site VPN connection between my main office
    > and a
    > > > > > remote
    > > > > > > > > office. I want to setup a DC (DC2) in the remote office to
    > join
    > > > the
    > > > > > > > existing
    > > > > > > > > domain in my main office. I have set DC2's Local Area Network
    > DNS
    > > > > > > > settings
    > > > > > > > > to point to the DNS server (DC1) at my main office. From DC2
    > I
    > > > can
    > > > > > ping
    > > > > > > > > DC1's DNS name but when I try to run dcpromo on DC2 I get an
    > > > error
    > > > > > > > > indicating there is likely a DNS problem. DNS in my main
    > office
    > > > is
    > > > > > > > working
    > > > > > > > > fine. I have found articles discussing moving a DC to a
    > remote
    > > > site
    > > > > > or
    > > > > > > > > staging a DC in a main site then moving to a remote site but
    > not
    > > > any
    > > > > > about
    > > > > > > > > setting up the first DC in a remote site.
    > > > > > > > >
    > > > > > > > > Any assistance is appreciated. Thanks!
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > >
    > > >
    > > >
    >
    >
    >
  10. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Actually, I'm not Cisco certified...but will get there sometime this year...

    I saw in another post a packet capture of a server being promoted to a dc
    and the initial communication is dns. A query is sent to the dns server and
    a reply returned from there. I would have to say I'm stumped at this point.
    What do your logs say? Errors in event viewer? Post dns logs and if you have
    any errors in event viewer, post those as well--in particular, look in
    Directory Services and DNS. I could be wrong, but it seems to me if you have
    the ports open mentioned below, you should be fine. I didn't mention it
    below, but 53 is another port that should be open, which normally is...it's
    for dns.


    "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    message news:0EFB90CE-D2DD-490C-8904-C094EB2FAA56@microsoft.com...
    > Chris,
    >
    > First I should add that I have 2 domain controllers in the main office for
    > redundancy and both also run DNS. Neither have an ISP DNS configured on
    > them, they point to themselves. My ISP DNS is setup as Forwarders.
    >
    > I did the dns flush and stop/start DNS Server and Netlogon (on both DC's
    at
    > the main office). Problem still exist on DC2. Since you are a "Cisco"
    > certified guy, do you know if I need to open any special ports on the Pix
    > even if I'm using a VPN Tunnel? (You know everything about cisco stuff,
    > right? ...sorry, couldn't resist)
    >
    > Thanks,
    > Hugh
    >
    > "C Hall" wrote:
    >
    > > Hmmmm...you did say that DC2 has DC1 as the only DNS server, correct?
    This
    > > isn't really the solution, but while we're talking about DNS....on DC1,
    do
    > > you have it pointing to itself as the DNS server? And only itself...ie.
    no
    > > ISP dns servers...
    > >
    > > On DC2, CMD.EXE > ipconfig /flushdns. On DC1, stop and start the DNS
    service
    > > and the NETLOGON server. Try nslookup again on DC2.
    > >
    > > Chris
    > >
    > >
    > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
    > > message news:F8BFC0ED-A283-41A7-9B11-1008FF7CB7EF@microsoft.com...
    > > > Chris,
    > > >
    > > > After your last reply I "joined" the server to my domain without
    incident.
    > > > I waited about an hour then ran dcpromo. I'm still getting the same
    > > error,
    > > > it can't contact the active directory domain controller for the
    domain.
    > > > Seems weird since it was able to "join" the domain. NSLOOKUP ON DC2
    > > (remote
    > > > office) gives the same results, "Can't find server name for address
    (of my
    > > > main office dns servers). Yet, if i run NSLOOKUP on my main office
    domain
    > > > controller (DC1) which is one of my DNS servers it finds DC2. I think
    > > it's
    > > > got to be a DNS issue on the remote site side. Should I configure DNS
    on
    > > the
    > > > server that I am trying to run dcpromo on (DC2)? If so, should I copy
    > > from
    > > > an existing file on another dns server in my domain?
    > > >
    > > > Thanks for your help Chris,
    > > >
    > > > Hugh
    > > > "C Hall" wrote:
    > > >
    > > > > Hugh,
    > > > >
    > > > > In my experience, it's been best to make sure the dns server has a
    host
    > > > > record for the server joining the domain first and have the server
    join
    > > the
    > > > > domain before dcpromo. It just seems to go more smoothly.
    > > > >
    > > > > Good luck!
    > > > > Chris
    > > > >
    > > > >
    > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote
    in
    > > > > message news:577B9CA6-9C93-4A0D-B232-C7A608262316@microsoft.com...
    > > > > > No, there isn't an host record because at this point the machine
    (DC2)
    > > > > isn't
    > > > > > part of the domain. I wasn't sure if I should try to have it join
    at
    > > this
    > > > > > point but I will. And, yes, it has a static ip in it's network.
    > > > > >
    > > > > > Thanks (and No offense taken Chris. )
    > > > > >
    > > > > > Hugh
    > > > > >
    > > > > > "C Hall" wrote:
    > > > > >
    > > > > > > Does the machine's host (A) record show up in the zone? Does the
    > > machine
    > > > > > > have a statice ip address(no offense intended)? If not, on DC2
    enter
    > > a
    > > > > > > static ip address, go to a comand prompt and type: ipconfig
    > > > > /registerdns.
    > > > > > > Next, join the machine to the domain and restart. When the DC2
    is
    > > > > backup,
    > > > > > > try dcpromo again. It may be possible that the f/w is blocking
    > > > > something,
    > > > > > > but start simple then try difficult. Not sure what ports may be
    used
    > > to
    > > > > > > communicate...139, 389, or 443?
    > > > > > >
    > > > > > > Chris
    > > > > > >
    > > > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com>
    wrote
    > > in
    > > > > > > message
    news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
    > > > > > > > The sites are connected via Cisco 515E(main office) and
    > > 501(remote).
    > > > > What
    > > > > > > > ports do I need to open? Like I said my original post, I can
    ping
    > > > > both
    > > > > > > ways
    > > > > > > > using the DNS names of the servers at both the remote site and
    the
    > > > > main
    > > > > > > > office site.
    > > > > > > >
    > > > > > > > "Paul Bergson" wrote:
    > > > > > > >
    > > > > > > > > What type of firewall do you have between the two? You have
    > > > > probably
    > > > > > > > > blocked needed ports.
    > > > > > > > >
    > > > > > > > > --
    > > > > > > > >
    > > > > > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    > > > > > > > >
    > > > > > > > > This posting is provided "AS IS" with no warranties, and
    confers
    > > no
    > > > > > > rights.
    > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com>
    > > wrote
    > > > > in
    > > > > > > > > message
    > > news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
    > > > > > > > > > I have a site-to-site VPN connection between my main
    office
    > > and a
    > > > > > > remote
    > > > > > > > > > office. I want to setup a DC (DC2) in the remote office
    to
    > > join
    > > > > the
    > > > > > > > > existing
    > > > > > > > > > domain in my main office. I have set DC2's Local Area
    Network
    > > DNS
    > > > > > > > > settings
    > > > > > > > > > to point to the DNS server (DC1) at my main office. From
    DC2
    > > I
    > > > > can
    > > > > > > ping
    > > > > > > > > > DC1's DNS name but when I try to run dcpromo on DC2 I get
    an
    > > > > error
    > > > > > > > > > indicating there is likely a DNS problem. DNS in my main
    > > office
    > > > > is
    > > > > > > > > working
    > > > > > > > > > fine. I have found articles discussing moving a DC to a
    > > remote
    > > > > site
    > > > > > > or
    > > > > > > > > > staging a DC in a main site then moving to a remote site
    but
    > > not
    > > > > any
    > > > > > > about
    > > > > > > > > > setting up the first DC in a remote site.
    > > > > > > > > >
    > > > > > > > > > Any assistance is appreciated. Thanks!
    > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > >
    > > > > > >
    > > > > > >
    > > > >
    > > > >
    > > > >
    > >
    > >
    > >
  11. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    In news:F8BFC0ED-A283-41A7-9B11-1008FF7CB7EF@microsoft.com,
    Hugh Norsworthy <HughNorsworthy@discussions.microsoft.com> commented
    Then Kevin replied below:
    > Chris,
    >
    > After your last reply I "joined" the server to my domain
    > without incident.

    Try netdiag /fix & dcdiag /fix on the current DC.
    And dcdiag /test:dcpromo /DnsDomain:<Active_Directory_Domain_DNS_Name>
    /ReplicaDC on this one.

    > I waited about an hour then ran dcpromo. I'm still
    > getting the same error, it can't contact the active
    > directory domain controller for the domain. Seems weird
    > since it was able to "join" the domain. NSLOOKUP ON DC2
    > (remote office) gives the same results, "Can't find
    > server name for address (of my main office dns servers).
    > Yet, if i run NSLOOKUP on my main office domain
    > controller (DC1) which is one of my DNS servers it finds
    > DC2. I think it's got to be a DNS issue on the remote
    > site side. Should I configure DNS on the server that I
    > am trying to run dcpromo on (DC2)?

    You can install DNS but don't point the machine to itself until the AD zone
    has replicated

    > If so, should I copy
    > from an existing file on another dns server in my domain?
    No, the zone will replicate after it is promoted, which will cause a zone
    conflict if you have a secondary zone already on the server.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
Ask a new question

Read More

Office DNS Active Directory Windows