Help: Trouble setting up first two DC's.
Last response: in Networking
I'm following the train signal videos and setting up my first two domain controllers however after configuring the two I am having trouble. The virtual machines on VMWare now get stuck at "Apply computer settings" during boot up. The machines boot up no problem in Safe Mode w/ Networking.
VM Info: (I have these machines network cards set to Bridge. My host machine is running off a wireless card) The other options are NAT and HOST Only. If I need to change to one of these please let me know.
Windows Server 2008 Enterprise
NY-DC1-2K8
Static Address:
IP: 192.168.1.107
Subnet: 255.255.255.0
Default Gateway: 192.168.1.1
DNS: 127.0.0.1 (Uses itself because its first DNS server in forest)
Alternate: 192.168.1.108 (Backup DC NY-DC2-2K8)
I created a site on NY-DC1-2K8 and named it NewYork so that I can join another DC as a BDC for fault tolerance and efficiency.
Windows Server 2008 Enterprise
NY-DC2-2K8
Static Address:
IP: 192.168.1.108
Subnet: 255.255.255.0
Default Gateway: 192.168.1.1
DNS: 192.168.1.107 (Uses the NY-DC1-2K8 as primary)
Alternate: 127.0.0.1 (Uses itself in case NY-DC1-2K8 goes down)
The only difference between my static IP configuration and the Train signal videos is that he's using the IP address 192.168.5.2 which is on a different subnet correct? He's also using a switch. I'm running my host machine and two virtual machines off the same network. Regardless, after setting up these two DC's as listed, upon reboot they get stuck at "Applying computer settings" I researched this and found a brief explanation, however i'm not sure what it means.
If someone can please help me get back into my DC's i'd greatly appreciate it, it's got to be something with my DNS settings or VM + Host machine setup because as I said they boot fine in Safe mode with network enabled.
Also one other thing, after setting up these two DC's I wanted to test and see if replication was working properly. So I created a new OU in NY-DC2-2K8, then ran a repadmin /syncall command. However I was presented with an "Access Denied" I was on the administrator account. If anyone else can help with that also i'd greatly appreciate it! I cannot move on to the later labs until I get these two problems worked out
"Check this. All internal Active Directory domain clients should be
configured to use only an internal DNS Server hosting the zone name for the
Active Directory domain. This means no workstation or server, to include
all DCs and DNS servers, on the network should be configured to use any
external DNS for resolution, not even as a secondary DNS server. The
reason all domain members and DCs must use the local DNS for DNS in TCP/IP
properties, is because that is how clients find objects in Active Directory
(e.g. domain controllers, global catalogs, etc). If you point domain
clients (including domain controllers) to a DNS server which doesn't hold
this information, expect:
1) Long logon times (long waiting time for "Applying computer settings" or
clients unable to logon at all)
2) Slow boot times for DCs
3) No Active Directory replication
4) Administrators unable to manage parts of the domain
5) Group policy errors or failing outright
6) Poor (slow) network performance in general."
VM Info: (I have these machines network cards set to Bridge. My host machine is running off a wireless card) The other options are NAT and HOST Only. If I need to change to one of these please let me know.
Windows Server 2008 Enterprise
NY-DC1-2K8
Static Address:
IP: 192.168.1.107
Subnet: 255.255.255.0
Default Gateway: 192.168.1.1
DNS: 127.0.0.1 (Uses itself because its first DNS server in forest)
Alternate: 192.168.1.108 (Backup DC NY-DC2-2K8)
I created a site on NY-DC1-2K8 and named it NewYork so that I can join another DC as a BDC for fault tolerance and efficiency.
Windows Server 2008 Enterprise
NY-DC2-2K8
Static Address:
IP: 192.168.1.108
Subnet: 255.255.255.0
Default Gateway: 192.168.1.1
DNS: 192.168.1.107 (Uses the NY-DC1-2K8 as primary)
Alternate: 127.0.0.1 (Uses itself in case NY-DC1-2K8 goes down)
The only difference between my static IP configuration and the Train signal videos is that he's using the IP address 192.168.5.2 which is on a different subnet correct? He's also using a switch. I'm running my host machine and two virtual machines off the same network. Regardless, after setting up these two DC's as listed, upon reboot they get stuck at "Applying computer settings" I researched this and found a brief explanation, however i'm not sure what it means.
If someone can please help me get back into my DC's i'd greatly appreciate it, it's got to be something with my DNS settings or VM + Host machine setup because as I said they boot fine in Safe mode with network enabled.
Also one other thing, after setting up these two DC's I wanted to test and see if replication was working properly. So I created a new OU in NY-DC2-2K8, then ran a repadmin /syncall command. However I was presented with an "Access Denied" I was on the administrator account. If anyone else can help with that also i'd greatly appreciate it! I cannot move on to the later labs until I get these two problems worked out
"Check this. All internal Active Directory domain clients should be
configured to use only an internal DNS Server hosting the zone name for the
Active Directory domain. This means no workstation or server, to include
all DCs and DNS servers, on the network should be configured to use any
external DNS for resolution, not even as a secondary DNS server. The
reason all domain members and DCs must use the local DNS for DNS in TCP/IP
properties, is because that is how clients find objects in Active Directory
(e.g. domain controllers, global catalogs, etc). If you point domain
clients (including domain controllers) to a DNS server which doesn't hold
this information, expect:
1) Long logon times (long waiting time for "Applying computer settings" or
clients unable to logon at all)
2) Slow boot times for DCs
3) No Active Directory replication
4) Administrators unable to manage parts of the domain
5) Group policy errors or failing outright
6) Poor (slow) network performance in general."
More about : trouble setting
Lots of details and I will need to read it over more when I'm awake. The first thing that comes to mind in this situation is DNS.
DC1's first DNS source should be DC2, and then itself. DC2 should point to DC1 first, itself second.
When a DC is turned on and boots up, it needs to find another DNS server and at that point it determines if it should 'promote' itself back to DC status.
In addition to that your Infrastructure FSMO role holder should not be a Global Catalog generally. In your case since you have only 2 DCs, both DCs can be a Global Catalog. Larger environments you will not want to do this.
Start with DNS settings, verify you have a forward and reverse look up. (Forward goes name to IP, reverse is IP to name)
Within DNS, you should set up Forwarders to point to your ISP's DNS server as well.
There is no such thing as a BDC anymore after Windows NT. Your 'main' DC is actually the PDC Emulator FSMO role holder for access. There are 5 total FSMO roles and each of those role holders are primary DCs because of these roles. With 2 DCs, both will be primaries.
To sum up what you should have done so far:
You have a created a new forest with a single domain. The first DC was setup, everything working, etc. Then you joined another server to the domain. From there you added the ADDS role and ran DCPROMO to bring the server up. At that point everything should be configured.
Instead of running repadmin or replmon at this point, you should start by running DCDIAG on each DC and reviewing the output of each. You may want to output the info to a txt file (dcdiag >> C:\dcdiag.log) to review later.
DCDiag also has a /f (I think it is /f offhand) to run some basic fixes to resolve issues.
From each DC make sure you can ping by name the other DC. If you can not, try the FQDN name of each (servername.domain.com/inc/loc/whatever).
Give that a try and let us know how it turns out.
DC1's first DNS source should be DC2, and then itself. DC2 should point to DC1 first, itself second.
When a DC is turned on and boots up, it needs to find another DNS server and at that point it determines if it should 'promote' itself back to DC status.
In addition to that your Infrastructure FSMO role holder should not be a Global Catalog generally. In your case since you have only 2 DCs, both DCs can be a Global Catalog. Larger environments you will not want to do this.
Start with DNS settings, verify you have a forward and reverse look up. (Forward goes name to IP, reverse is IP to name)
Within DNS, you should set up Forwarders to point to your ISP's DNS server as well.
There is no such thing as a BDC anymore after Windows NT. Your 'main' DC is actually the PDC Emulator FSMO role holder for access. There are 5 total FSMO roles and each of those role holders are primary DCs because of these roles. With 2 DCs, both will be primaries.
To sum up what you should have done so far:
You have a created a new forest with a single domain. The first DC was setup, everything working, etc. Then you joined another server to the domain. From there you added the ADDS role and ran DCPROMO to bring the server up. At that point everything should be configured.
Instead of running repadmin or replmon at this point, you should start by running DCDIAG on each DC and reviewing the output of each. You may want to output the info to a txt file (dcdiag >> C:\dcdiag.log) to review later.
DCDiag also has a /f (I think it is /f offhand) to run some basic fixes to resolve issues.
From each DC make sure you can ping by name the other DC. If you can not, try the FQDN name of each (servername.domain.com/inc/loc/whatever).
Give that a try and let us know how it turns out.
Related ressources:
- Forumreviving ad after first dc crashed
- ForumSetting up my first RAID-0 with two Samsung 840 Pro SSD's, any tips?
- Forumtrouble setting up new machine
- Forum"Using XP Home Fax utility after setting up a network"
- ForumPoor quality of lunar images with 20 D/C 90
- ForumDell laptop DC power jack pinout
- ForumTaking over Operations Master / DC roles
- ForumTrouble setting up SSDs in RAID 0
- ForumTrouble setting up a Webserver
- ForumDc not Functioning Properly.
- ForumLaserjet III DC power supply probs
- ForumDC Qualifier Report
- ForumFirst gaming PC build (~$2000): Opinions and parts help
- ForumNeed Help ! Trouble building computer - UPDATE
- ForumNoob trouble manually setting ram timing/clock/voltage
- ForumHelp with Setting up two monitors ...strange frustrating problem
- ForumSetting up SLI/Crossfire & I have two options?? Any help would be gr8!
- ForumDC 5750 Front USB Not Detected
- ForumRouter Setup
- Forum[Solved] Help with router
- More resources
Read discussions in other Networking categories
!
