Sign in with
Sign up | Sign in
Your question

DCPROMO in remote office

Last response: in Windows 2000/NT
Share
Anonymous
March 7, 2005 12:47:03 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have a site-to-site VPN connection between my main office and a remote
office. I want to setup a DC (DC2) in the remote office to join the existing
domain in my main office. I have set DC2's Local Area Network DNS settings
to point to the DNS server (DC1) at my main office. From DC2 I can ping
DC1's DNS name but when I try to run dcpromo on DC2 I get an error
indicating there is likely a DNS problem. DNS in my main office is working
fine. I have found articles discussing moving a DC to a remote site or
staging a DC in a main site then moving to a remote site but not any about
setting up the first DC in a remote site.

Any assistance is appreciated. Thanks!

More about : dcpromo remote office

Anonymous
March 7, 2005 11:45:34 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

What type of firewall do you have between the two? You have probably
blocked needed ports.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



"Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
> I have a site-to-site VPN connection between my main office and a remote
> office. I want to setup a DC (DC2) in the remote office to join the
existing
> domain in my main office. I have set DC2's Local Area Network DNS
settings
> to point to the DNS server (DC1) at my main office. From DC2 I can ping
> DC1's DNS name but when I try to run dcpromo on DC2 I get an error
> indicating there is likely a DNS problem. DNS in my main office is
working
> fine. I have found articles discussing moving a DC to a remote site or
> staging a DC in a main site then moving to a remote site but not any about
> setting up the first DC in a remote site.
>
> Any assistance is appreciated. Thanks!
Anonymous
March 7, 2005 11:45:35 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

The sites are connected via Cisco Pix 515E and 501. What ports are needed?
As I mentioned in the original message, I can ping from DC2 using the DNS
name of DC1 and it works but nslookup from DC2 to DC1 does not work.

"Paul Bergson" wrote:

> What type of firewall do you have between the two? You have probably
> blocked needed ports.
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
> "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
> message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
> > I have a site-to-site VPN connection between my main office and a remote
> > office. I want to setup a DC (DC2) in the remote office to join the
> existing
> > domain in my main office. I have set DC2's Local Area Network DNS
> settings
> > to point to the DNS server (DC1) at my main office. From DC2 I can ping
> > DC1's DNS name but when I try to run dcpromo on DC2 I get an error
> > indicating there is likely a DNS problem. DNS in my main office is
> working
> > fine. I have found articles discussing moving a DC to a remote site or
> > staging a DC in a main site then moving to a remote site but not any about
> > setting up the first DC in a remote site.
> >
> > Any assistance is appreciated. Thanks!
>
>
>
Related resources
Anonymous
March 7, 2005 11:45:35 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

The sites are connected via Cisco 515E(main office) and 501(remote). What
ports do I need to open? Like I said my original post, I can ping both ways
using the DNS names of the servers at both the remote site and the main
office site.

"Paul Bergson" wrote:

> What type of firewall do you have between the two? You have probably
> blocked needed ports.
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
> "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
> message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
> > I have a site-to-site VPN connection between my main office and a remote
> > office. I want to setup a DC (DC2) in the remote office to join the
> existing
> > domain in my main office. I have set DC2's Local Area Network DNS
> settings
> > to point to the DNS server (DC1) at my main office. From DC2 I can ping
> > DC1's DNS name but when I try to run dcpromo on DC2 I get an error
> > indicating there is likely a DNS problem. DNS in my main office is
> working
> > fine. I have found articles discussing moving a DC to a remote site or
> > staging a DC in a main site then moving to a remote site but not any about
> > setting up the first DC in a remote site.
> >
> > Any assistance is appreciated. Thanks!
>
>
>
Anonymous
March 7, 2005 2:28:58 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Does the machine's host (A) record show up in the zone? Does the machine
have a statice ip address(no offense intended)? If not, on DC2 enter a
static ip address, go to a comand prompt and type: ipconfig /registerdns.
Next, join the machine to the domain and restart. When the DC2 is backup,
try dcpromo again. It may be possible that the f/w is blocking something,
but start simple then try difficult. Not sure what ports may be used to
communicate...139, 389, or 443?

Chris

"Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
message news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
> The sites are connected via Cisco 515E(main office) and 501(remote). What
> ports do I need to open? Like I said my original post, I can ping both
ways
> using the DNS names of the servers at both the remote site and the main
> office site.
>
> "Paul Bergson" wrote:
>
> > What type of firewall do you have between the two? You have probably
> > blocked needed ports.
> >
> > --
> >
> > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> >
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> >
> >
> >
> > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
> > message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
> > > I have a site-to-site VPN connection between my main office and a
remote
> > > office. I want to setup a DC (DC2) in the remote office to join the
> > existing
> > > domain in my main office. I have set DC2's Local Area Network DNS
> > settings
> > > to point to the DNS server (DC1) at my main office. From DC2 I can
ping
> > > DC1's DNS name but when I try to run dcpromo on DC2 I get an error
> > > indicating there is likely a DNS problem. DNS in my main office is
> > working
> > > fine. I have found articles discussing moving a DC to a remote site
or
> > > staging a DC in a main site then moving to a remote site but not any
about
> > > setting up the first DC in a remote site.
> > >
> > > Any assistance is appreciated. Thanks!
> >
> >
> >
Anonymous
March 7, 2005 2:28:59 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

No, there isn't an host record because at this point the machine (DC2) isn't
part of the domain. I wasn't sure if I should try to have it join at this
point but I will. And, yes, it has a static ip in it's network.

Thanks (and No offense taken Chris. )

Hugh

"C Hall" wrote:

> Does the machine's host (A) record show up in the zone? Does the machine
> have a statice ip address(no offense intended)? If not, on DC2 enter a
> static ip address, go to a comand prompt and type: ipconfig /registerdns.
> Next, join the machine to the domain and restart. When the DC2 is backup,
> try dcpromo again. It may be possible that the f/w is blocking something,
> but start simple then try difficult. Not sure what ports may be used to
> communicate...139, 389, or 443?
>
> Chris
>
> "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
> message news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
> > The sites are connected via Cisco 515E(main office) and 501(remote). What
> > ports do I need to open? Like I said my original post, I can ping both
> ways
> > using the DNS names of the servers at both the remote site and the main
> > office site.
> >
> > "Paul Bergson" wrote:
> >
> > > What type of firewall do you have between the two? You have probably
> > > blocked needed ports.
> > >
> > > --
> > >
> > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > >
> > >
> > >
> > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
> > > message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
> > > > I have a site-to-site VPN connection between my main office and a
> remote
> > > > office. I want to setup a DC (DC2) in the remote office to join the
> > > existing
> > > > domain in my main office. I have set DC2's Local Area Network DNS
> > > settings
> > > > to point to the DNS server (DC1) at my main office. From DC2 I can
> ping
> > > > DC1's DNS name but when I try to run dcpromo on DC2 I get an error
> > > > indicating there is likely a DNS problem. DNS in my main office is
> > > working
> > > > fine. I have found articles discussing moving a DC to a remote site
> or
> > > > staging a DC in a main site then moving to a remote site but not any
> about
> > > > setting up the first DC in a remote site.
> > > >
> > > > Any assistance is appreciated. Thanks!
> > >
> > >
> > >
>
>
>
Anonymous
March 7, 2005 4:52:10 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hugh,

In my experience, it's been best to make sure the dns server has a host
record for the server joining the domain first and have the server join the
domain before dcpromo. It just seems to go more smoothly.

Good luck!
Chris


"Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
message news:577B9CA6-9C93-4A0D-B232-C7A608262316@microsoft.com...
> No, there isn't an host record because at this point the machine (DC2)
isn't
> part of the domain. I wasn't sure if I should try to have it join at this
> point but I will. And, yes, it has a static ip in it's network.
>
> Thanks (and No offense taken Chris. )
>
> Hugh
>
> "C Hall" wrote:
>
> > Does the machine's host (A) record show up in the zone? Does the machine
> > have a statice ip address(no offense intended)? If not, on DC2 enter a
> > static ip address, go to a comand prompt and type: ipconfig
/registerdns.
> > Next, join the machine to the domain and restart. When the DC2 is
backup,
> > try dcpromo again. It may be possible that the f/w is blocking
something,
> > but start simple then try difficult. Not sure what ports may be used to
> > communicate...139, 389, or 443?
> >
> > Chris
> >
> > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
> > message news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
> > > The sites are connected via Cisco 515E(main office) and 501(remote).
What
> > > ports do I need to open? Like I said my original post, I can ping
both
> > ways
> > > using the DNS names of the servers at both the remote site and the
main
> > > office site.
> > >
> > > "Paul Bergson" wrote:
> > >
> > > > What type of firewall do you have between the two? You have
probably
> > > > blocked needed ports.
> > > >
> > > > --
> > > >
> > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > > >
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > > >
> > > >
> > > >
> > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote
in
> > > > message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
> > > > > I have a site-to-site VPN connection between my main office and a
> > remote
> > > > > office. I want to setup a DC (DC2) in the remote office to join
the
> > > > existing
> > > > > domain in my main office. I have set DC2's Local Area Network DNS
> > > > settings
> > > > > to point to the DNS server (DC1) at my main office. From DC2 I
can
> > ping
> > > > > DC1's DNS name but when I try to run dcpromo on DC2 I get an
error
> > > > > indicating there is likely a DNS problem. DNS in my main office
is
> > > > working
> > > > > fine. I have found articles discussing moving a DC to a remote
site
> > or
> > > > > staging a DC in a main site then moving to a remote site but not
any
> > about
> > > > > setting up the first DC in a remote site.
> > > > >
> > > > > Any assistance is appreciated. Thanks!
> > > >
> > > >
> > > >
> >
> >
> >
Anonymous
March 7, 2005 4:52:11 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Chris,

After your last reply I "joined" the server to my domain without incident.
I waited about an hour then ran dcpromo. I'm still getting the same error,
it can't contact the active directory domain controller for the domain.
Seems weird since it was able to "join" the domain. NSLOOKUP ON DC2 (remote
office) gives the same results, "Can't find server name for address (of my
main office dns servers). Yet, if i run NSLOOKUP on my main office domain
controller (DC1) which is one of my DNS servers it finds DC2. I think it's
got to be a DNS issue on the remote site side. Should I configure DNS on the
server that I am trying to run dcpromo on (DC2)? If so, should I copy from
an existing file on another dns server in my domain?

Thanks for your help Chris,

Hugh
"C Hall" wrote:

> Hugh,
>
> In my experience, it's been best to make sure the dns server has a host
> record for the server joining the domain first and have the server join the
> domain before dcpromo. It just seems to go more smoothly.
>
> Good luck!
> Chris
>
>
> "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
> message news:577B9CA6-9C93-4A0D-B232-C7A608262316@microsoft.com...
> > No, there isn't an host record because at this point the machine (DC2)
> isn't
> > part of the domain. I wasn't sure if I should try to have it join at this
> > point but I will. And, yes, it has a static ip in it's network.
> >
> > Thanks (and No offense taken Chris. )
> >
> > Hugh
> >
> > "C Hall" wrote:
> >
> > > Does the machine's host (A) record show up in the zone? Does the machine
> > > have a statice ip address(no offense intended)? If not, on DC2 enter a
> > > static ip address, go to a comand prompt and type: ipconfig
> /registerdns.
> > > Next, join the machine to the domain and restart. When the DC2 is
> backup,
> > > try dcpromo again. It may be possible that the f/w is blocking
> something,
> > > but start simple then try difficult. Not sure what ports may be used to
> > > communicate...139, 389, or 443?
> > >
> > > Chris
> > >
> > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
> > > message news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
> > > > The sites are connected via Cisco 515E(main office) and 501(remote).
> What
> > > > ports do I need to open? Like I said my original post, I can ping
> both
> > > ways
> > > > using the DNS names of the servers at both the remote site and the
> main
> > > > office site.
> > > >
> > > > "Paul Bergson" wrote:
> > > >
> > > > > What type of firewall do you have between the two? You have
> probably
> > > > > blocked needed ports.
> > > > >
> > > > > --
> > > > >
> > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > > > >
> > > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > > >
> > > > >
> > > > >
> > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote
> in
> > > > > message news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
> > > > > > I have a site-to-site VPN connection between my main office and a
> > > remote
> > > > > > office. I want to setup a DC (DC2) in the remote office to join
> the
> > > > > existing
> > > > > > domain in my main office. I have set DC2's Local Area Network DNS
> > > > > settings
> > > > > > to point to the DNS server (DC1) at my main office. From DC2 I
> can
> > > ping
> > > > > > DC1's DNS name but when I try to run dcpromo on DC2 I get an
> error
> > > > > > indicating there is likely a DNS problem. DNS in my main office
> is
> > > > > working
> > > > > > fine. I have found articles discussing moving a DC to a remote
> site
> > > or
> > > > > > staging a DC in a main site then moving to a remote site but not
> any
> > > about
> > > > > > setting up the first DC in a remote site.
> > > > > >
> > > > > > Any assistance is appreciated. Thanks!
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
>
>
>
Anonymous
March 7, 2005 5:34:51 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hmmmm...you did say that DC2 has DC1 as the only DNS server, correct? This
isn't really the solution, but while we're talking about DNS....on DC1, do
you have it pointing to itself as the DNS server? And only itself...ie. no
ISP dns servers...

On DC2, CMD.EXE > ipconfig /flushdns. On DC1, stop and start the DNS service
and the NETLOGON server. Try nslookup again on DC2.

Chris


"Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
message news:F8BFC0ED-A283-41A7-9B11-1008FF7CB7EF@microsoft.com...
> Chris,
>
> After your last reply I "joined" the server to my domain without incident.
> I waited about an hour then ran dcpromo. I'm still getting the same
error,
> it can't contact the active directory domain controller for the domain.
> Seems weird since it was able to "join" the domain. NSLOOKUP ON DC2
(remote
> office) gives the same results, "Can't find server name for address (of my
> main office dns servers). Yet, if i run NSLOOKUP on my main office domain
> controller (DC1) which is one of my DNS servers it finds DC2. I think
it's
> got to be a DNS issue on the remote site side. Should I configure DNS on
the
> server that I am trying to run dcpromo on (DC2)? If so, should I copy
from
> an existing file on another dns server in my domain?
>
> Thanks for your help Chris,
>
> Hugh
> "C Hall" wrote:
>
> > Hugh,
> >
> > In my experience, it's been best to make sure the dns server has a host
> > record for the server joining the domain first and have the server join
the
> > domain before dcpromo. It just seems to go more smoothly.
> >
> > Good luck!
> > Chris
> >
> >
> > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
> > message news:577B9CA6-9C93-4A0D-B232-C7A608262316@microsoft.com...
> > > No, there isn't an host record because at this point the machine (DC2)
> > isn't
> > > part of the domain. I wasn't sure if I should try to have it join at
this
> > > point but I will. And, yes, it has a static ip in it's network.
> > >
> > > Thanks (and No offense taken Chris. )
> > >
> > > Hugh
> > >
> > > "C Hall" wrote:
> > >
> > > > Does the machine's host (A) record show up in the zone? Does the
machine
> > > > have a statice ip address(no offense intended)? If not, on DC2 enter
a
> > > > static ip address, go to a comand prompt and type: ipconfig
> > /registerdns.
> > > > Next, join the machine to the domain and restart. When the DC2 is
> > backup,
> > > > try dcpromo again. It may be possible that the f/w is blocking
> > something,
> > > > but start simple then try difficult. Not sure what ports may be used
to
> > > > communicate...139, 389, or 443?
> > > >
> > > > Chris
> > > >
> > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote
in
> > > > message news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
> > > > > The sites are connected via Cisco 515E(main office) and
501(remote).
> > What
> > > > > ports do I need to open? Like I said my original post, I can ping
> > both
> > > > ways
> > > > > using the DNS names of the servers at both the remote site and the
> > main
> > > > > office site.
> > > > >
> > > > > "Paul Bergson" wrote:
> > > > >
> > > > > > What type of firewall do you have between the two? You have
> > probably
> > > > > > blocked needed ports.
> > > > > >
> > > > > > --
> > > > > >
> > > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > > > > >
> > > > > > This posting is provided "AS IS" with no warranties, and confers
no
> > > > rights.
> > > > > >
> > > > > >
> > > > > >
> > > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com>
wrote
> > in
> > > > > > message
news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
> > > > > > > I have a site-to-site VPN connection between my main office
and a
> > > > remote
> > > > > > > office. I want to setup a DC (DC2) in the remote office to
join
> > the
> > > > > > existing
> > > > > > > domain in my main office. I have set DC2's Local Area Network
DNS
> > > > > > settings
> > > > > > > to point to the DNS server (DC1) at my main office. From DC2
I
> > can
> > > > ping
> > > > > > > DC1's DNS name but when I try to run dcpromo on DC2 I get an
> > error
> > > > > > > indicating there is likely a DNS problem. DNS in my main
office
> > is
> > > > > > working
> > > > > > > fine. I have found articles discussing moving a DC to a
remote
> > site
> > > > or
> > > > > > > staging a DC in a main site then moving to a remote site but
not
> > any
> > > > about
> > > > > > > setting up the first DC in a remote site.
> > > > > > >
> > > > > > > Any assistance is appreciated. Thanks!
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> >
> >
> >
Anonymous
March 7, 2005 5:34:52 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Chris,

First I should add that I have 2 domain controllers in the main office for
redundancy and both also run DNS. Neither have an ISP DNS configured on
them, they point to themselves. My ISP DNS is setup as Forwarders.

I did the dns flush and stop/start DNS Server and Netlogon (on both DC's at
the main office). Problem still exist on DC2. Since you are a "Cisco"
certified guy, do you know if I need to open any special ports on the Pix
even if I'm using a VPN Tunnel? (You know everything about cisco stuff,
right? ...sorry, couldn't resist)

Thanks,
Hugh

"C Hall" wrote:

> Hmmmm...you did say that DC2 has DC1 as the only DNS server, correct? This
> isn't really the solution, but while we're talking about DNS....on DC1, do
> you have it pointing to itself as the DNS server? And only itself...ie. no
> ISP dns servers...
>
> On DC2, CMD.EXE > ipconfig /flushdns. On DC1, stop and start the DNS service
> and the NETLOGON server. Try nslookup again on DC2.
>
> Chris
>
>
> "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
> message news:F8BFC0ED-A283-41A7-9B11-1008FF7CB7EF@microsoft.com...
> > Chris,
> >
> > After your last reply I "joined" the server to my domain without incident.
> > I waited about an hour then ran dcpromo. I'm still getting the same
> error,
> > it can't contact the active directory domain controller for the domain.
> > Seems weird since it was able to "join" the domain. NSLOOKUP ON DC2
> (remote
> > office) gives the same results, "Can't find server name for address (of my
> > main office dns servers). Yet, if i run NSLOOKUP on my main office domain
> > controller (DC1) which is one of my DNS servers it finds DC2. I think
> it's
> > got to be a DNS issue on the remote site side. Should I configure DNS on
> the
> > server that I am trying to run dcpromo on (DC2)? If so, should I copy
> from
> > an existing file on another dns server in my domain?
> >
> > Thanks for your help Chris,
> >
> > Hugh
> > "C Hall" wrote:
> >
> > > Hugh,
> > >
> > > In my experience, it's been best to make sure the dns server has a host
> > > record for the server joining the domain first and have the server join
> the
> > > domain before dcpromo. It just seems to go more smoothly.
> > >
> > > Good luck!
> > > Chris
> > >
> > >
> > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
> > > message news:577B9CA6-9C93-4A0D-B232-C7A608262316@microsoft.com...
> > > > No, there isn't an host record because at this point the machine (DC2)
> > > isn't
> > > > part of the domain. I wasn't sure if I should try to have it join at
> this
> > > > point but I will. And, yes, it has a static ip in it's network.
> > > >
> > > > Thanks (and No offense taken Chris. )
> > > >
> > > > Hugh
> > > >
> > > > "C Hall" wrote:
> > > >
> > > > > Does the machine's host (A) record show up in the zone? Does the
> machine
> > > > > have a statice ip address(no offense intended)? If not, on DC2 enter
> a
> > > > > static ip address, go to a comand prompt and type: ipconfig
> > > /registerdns.
> > > > > Next, join the machine to the domain and restart. When the DC2 is
> > > backup,
> > > > > try dcpromo again. It may be possible that the f/w is blocking
> > > something,
> > > > > but start simple then try difficult. Not sure what ports may be used
> to
> > > > > communicate...139, 389, or 443?
> > > > >
> > > > > Chris
> > > > >
> > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote
> in
> > > > > message news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
> > > > > > The sites are connected via Cisco 515E(main office) and
> 501(remote).
> > > What
> > > > > > ports do I need to open? Like I said my original post, I can ping
> > > both
> > > > > ways
> > > > > > using the DNS names of the servers at both the remote site and the
> > > main
> > > > > > office site.
> > > > > >
> > > > > > "Paul Bergson" wrote:
> > > > > >
> > > > > > > What type of firewall do you have between the two? You have
> > > probably
> > > > > > > blocked needed ports.
> > > > > > >
> > > > > > > --
> > > > > > >
> > > > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > > > > > >
> > > > > > > This posting is provided "AS IS" with no warranties, and confers
> no
> > > > > rights.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com>
> wrote
> > > in
> > > > > > > message
> news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
> > > > > > > > I have a site-to-site VPN connection between my main office
> and a
> > > > > remote
> > > > > > > > office. I want to setup a DC (DC2) in the remote office to
> join
> > > the
> > > > > > > existing
> > > > > > > > domain in my main office. I have set DC2's Local Area Network
> DNS
> > > > > > > settings
> > > > > > > > to point to the DNS server (DC1) at my main office. From DC2
> I
> > > can
> > > > > ping
> > > > > > > > DC1's DNS name but when I try to run dcpromo on DC2 I get an
> > > error
> > > > > > > > indicating there is likely a DNS problem. DNS in my main
> office
> > > is
> > > > > > > working
> > > > > > > > fine. I have found articles discussing moving a DC to a
> remote
> > > site
> > > > > or
> > > > > > > > staging a DC in a main site then moving to a remote site but
> not
> > > any
> > > > > about
> > > > > > > > setting up the first DC in a remote site.
> > > > > > > >
> > > > > > > > Any assistance is appreciated. Thanks!
> > > > > > >
> > > > > > >
> > > > > > >
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
>
>
>
Anonymous
March 7, 2005 6:42:29 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Actually, I'm not Cisco certified...but will get there sometime this year...

I saw in another post a packet capture of a server being promoted to a dc
and the initial communication is dns. A query is sent to the dns server and
a reply returned from there. I would have to say I'm stumped at this point.
What do your logs say? Errors in event viewer? Post dns logs and if you have
any errors in event viewer, post those as well--in particular, look in
Directory Services and DNS. I could be wrong, but it seems to me if you have
the ports open mentioned below, you should be fine. I didn't mention it
below, but 53 is another port that should be open, which normally is...it's
for dns.


"Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
message news:0EFB90CE-D2DD-490C-8904-C094EB2FAA56@microsoft.com...
> Chris,
>
> First I should add that I have 2 domain controllers in the main office for
> redundancy and both also run DNS. Neither have an ISP DNS configured on
> them, they point to themselves. My ISP DNS is setup as Forwarders.
>
> I did the dns flush and stop/start DNS Server and Netlogon (on both DC's
at
> the main office). Problem still exist on DC2. Since you are a "Cisco"
> certified guy, do you know if I need to open any special ports on the Pix
> even if I'm using a VPN Tunnel? (You know everything about cisco stuff,
> right? ...sorry, couldn't resist)
>
> Thanks,
> Hugh
>
> "C Hall" wrote:
>
> > Hmmmm...you did say that DC2 has DC1 as the only DNS server, correct?
This
> > isn't really the solution, but while we're talking about DNS....on DC1,
do
> > you have it pointing to itself as the DNS server? And only itself...ie.
no
> > ISP dns servers...
> >
> > On DC2, CMD.EXE > ipconfig /flushdns. On DC1, stop and start the DNS
service
> > and the NETLOGON server. Try nslookup again on DC2.
> >
> > Chris
> >
> >
> > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote in
> > message news:F8BFC0ED-A283-41A7-9B11-1008FF7CB7EF@microsoft.com...
> > > Chris,
> > >
> > > After your last reply I "joined" the server to my domain without
incident.
> > > I waited about an hour then ran dcpromo. I'm still getting the same
> > error,
> > > it can't contact the active directory domain controller for the
domain.
> > > Seems weird since it was able to "join" the domain. NSLOOKUP ON DC2
> > (remote
> > > office) gives the same results, "Can't find server name for address
(of my
> > > main office dns servers). Yet, if i run NSLOOKUP on my main office
domain
> > > controller (DC1) which is one of my DNS servers it finds DC2. I think
> > it's
> > > got to be a DNS issue on the remote site side. Should I configure DNS
on
> > the
> > > server that I am trying to run dcpromo on (DC2)? If so, should I copy
> > from
> > > an existing file on another dns server in my domain?
> > >
> > > Thanks for your help Chris,
> > >
> > > Hugh
> > > "C Hall" wrote:
> > >
> > > > Hugh,
> > > >
> > > > In my experience, it's been best to make sure the dns server has a
host
> > > > record for the server joining the domain first and have the server
join
> > the
> > > > domain before dcpromo. It just seems to go more smoothly.
> > > >
> > > > Good luck!
> > > > Chris
> > > >
> > > >
> > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com> wrote
in
> > > > message news:577B9CA6-9C93-4A0D-B232-C7A608262316@microsoft.com...
> > > > > No, there isn't an host record because at this point the machine
(DC2)
> > > > isn't
> > > > > part of the domain. I wasn't sure if I should try to have it join
at
> > this
> > > > > point but I will. And, yes, it has a static ip in it's network.
> > > > >
> > > > > Thanks (and No offense taken Chris. )
> > > > >
> > > > > Hugh
> > > > >
> > > > > "C Hall" wrote:
> > > > >
> > > > > > Does the machine's host (A) record show up in the zone? Does the
> > machine
> > > > > > have a statice ip address(no offense intended)? If not, on DC2
enter
> > a
> > > > > > static ip address, go to a comand prompt and type: ipconfig
> > > > /registerdns.
> > > > > > Next, join the machine to the domain and restart. When the DC2
is
> > > > backup,
> > > > > > try dcpromo again. It may be possible that the f/w is blocking
> > > > something,
> > > > > > but start simple then try difficult. Not sure what ports may be
used
> > to
> > > > > > communicate...139, 389, or 443?
> > > > > >
> > > > > > Chris
> > > > > >
> > > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com>
wrote
> > in
> > > > > > message
news:A7FB9C0A-8B15-415F-B50F-F35A7DF89A52@microsoft.com...
> > > > > > > The sites are connected via Cisco 515E(main office) and
> > 501(remote).
> > > > What
> > > > > > > ports do I need to open? Like I said my original post, I can
ping
> > > > both
> > > > > > ways
> > > > > > > using the DNS names of the servers at both the remote site and
the
> > > > main
> > > > > > > office site.
> > > > > > >
> > > > > > > "Paul Bergson" wrote:
> > > > > > >
> > > > > > > > What type of firewall do you have between the two? You have
> > > > probably
> > > > > > > > blocked needed ports.
> > > > > > > >
> > > > > > > > --
> > > > > > > >
> > > > > > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> > > > > > > >
> > > > > > > > This posting is provided "AS IS" with no warranties, and
confers
> > no
> > > > > > rights.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > "Hugh Norsworthy" <HughNorsworthy@discussions.microsoft.com>
> > wrote
> > > > in
> > > > > > > > message
> > news:5B931CD5-FD65-4621-802A-B75CDC5169A4@microsoft.com...
> > > > > > > > > I have a site-to-site VPN connection between my main
office
> > and a
> > > > > > remote
> > > > > > > > > office. I want to setup a DC (DC2) in the remote office
to
> > join
> > > > the
> > > > > > > > existing
> > > > > > > > > domain in my main office. I have set DC2's Local Area
Network
> > DNS
> > > > > > > > settings
> > > > > > > > > to point to the DNS server (DC1) at my main office. From
DC2
> > I
> > > > can
> > > > > > ping
> > > > > > > > > DC1's DNS name but when I try to run dcpromo on DC2 I get
an
> > > > error
> > > > > > > > > indicating there is likely a DNS problem. DNS in my main
> > office
> > > > is
> > > > > > > > working
> > > > > > > > > fine. I have found articles discussing moving a DC to a
> > remote
> > > > site
> > > > > > or
> > > > > > > > > staging a DC in a main site then moving to a remote site
but
> > not
> > > > any
> > > > > > about
> > > > > > > > > setting up the first DC in a remote site.
> > > > > > > > >
> > > > > > > > > Any assistance is appreciated. Thanks!
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> >
> >
> >
Anonymous
March 7, 2005 9:59:11 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:F8BFC0ED-A283-41A7-9B11-1008FF7CB7EF@microsoft.com,
Hugh Norsworthy <HughNorsworthy@discussions.microsoft.com> commented
Then Kevin replied below:
> Chris,
>
> After your last reply I "joined" the server to my domain
> without incident.

Try netdiag /fix & dcdiag /fix on the current DC.
And dcdiag /test:D cpromo /DnsDomain:<Active_Directory_Domain_DNS_Name>
/ReplicaDC on this one.

> I waited about an hour then ran dcpromo. I'm still
> getting the same error, it can't contact the active
> directory domain controller for the domain. Seems weird
> since it was able to "join" the domain. NSLOOKUP ON DC2
> (remote office) gives the same results, "Can't find
> server name for address (of my main office dns servers).
> Yet, if i run NSLOOKUP on my main office domain
> controller (DC1) which is one of my DNS servers it finds
> DC2. I think it's got to be a DNS issue on the remote
> site side. Should I configure DNS on the server that I
> am trying to run dcpromo on (DC2)?

You can install DNS but don't point the machine to itself until the AD zone
has replicated

> If so, should I copy
> from an existing file on another dns server in my domain?
No, the zone will replicate after it is promoted, which will cause a zone
conflict if you have a secondary zone already on the server.




--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
!