Can't Add Second DC
-
So here is the environment: PDC is Server 2008 R2 x64. IP is .208. Secondary server is Server 2012 R2 x64. IP is .212. I can ping each server from the other. I have added the AD roles to the secondary server, the 2012 box. However, when I go to add it as a DC, it gives me the following error.
There is communication, as I just joined it to the domain before installing the roles. I can ping by IP and hostname. DNS server settings are set to itself as primary and the PDC as secondary. Not sure what's wrong here... -
Just tried switching the DNS server settings on the 2012 box to PDC as prim DNS and itself as secondary, at least for now. Now it works!
-
@ajstringham You should put itself as primary and the other one as Secondary and it should work.
-
The reason it worked when you change DNS to the 'PDC' as you call it (remember there are no PDC's any more) is because I'm guessing you have an AD integrated DNS setup, and the 2012 server was not a DC, so it's DNS services (assuming they were installed) didn't know about your actual DNS structure, therefore wouldn't be able to find the required records for becoming a DC.
Once you changed the 2012 to look at the 2008 for DNS, suddenly the 2012 box could find all the needed DNS records.
Now that the 2012's local DNS is populated (because it has local DNS installed, and the AD integrated DNS information flowed into that local install) you could move the 2012 box back to pointing to itself as the primary if you wanted - though in an SMB (you're setting up a demo environment I assume - so it's more like SMB) you should point the DCs at each other, not themselves in my opinion - which I realize differs from TheCreativeOnes).
-
@thecreativeone91 said:
@ajstringham You should put itself as primary and the other one as Secondary and it should work.
I set it as itself primary and the main DC as secondary again, like it was originally.
-
@Dashrender said:
The reason it worked when you change DNS to the 'PDC' as you call it (remember there are no PDC's any more) is because I'm guessing you have an AD integrated DNS setup, and the 2012 server was not a DC, so it's DNS services (assuming they were installed) didn't know about your actual DNS structure, therefore wouldn't be able to find the required records for becoming a DC.
Once you changed the 2012 to look at the 2008 for DNS, suddenly the 2012 box could find all the needed DNS records.
Now that the 2012's local DNS is populated (because it has local DNS installed, and the AD integrated DNS information flowed into that local install) you could move the 2012 box back to pointing to itself as the primary if you wanted - though in an SMB (you're setting up a demo environment I assume - so it's more like SMB) you should point the DCs at each other, not themselves in my opinion - which I realize differs from TheCreativeOnes).
Thanks for the explanation. That makes sense.
-
FYI, you could have manually added a non AD integrated DNS server (the one you installed on the non DC 2012) then everything would have worked.. but I'm not sure how DNS would have acted when you did join and now you'd have AD integrated trying to put stuff in there again.. .that would be a mess. lol
-
@ajstringham Your DNS is backwards. Never have the server you are working on set to use itself as the primary. BPA scan will tell you the same thing.
Always use the other DNS server as your primary, and a loopback for the secondary.
-
@Bill-Kindle said:
@ajstringham Your DNS is backwards. Never have the server you are working on set to use itself as the primary. BPA scan will tell you the same thing.
Always use the other DNS server as your primary, and a loopback for the secondary.
Ok, that's good to know. That's not what I've been taught. Is there a specific reason for that?
-
@Bill-Kindle said:
@ajstringham Your DNS is backwards. Never have the server you are working on set to use itself as the primary. BPA scan will tell you the same thing.
Always use the other DNS server as your primary, and a loopback for the secondary.
I've always run this way, I'm glad to know MS's BPA pushes for this as well.
-
@ajstringham said:
Ok, that's good to know. That's not what I've been taught. Is there a specific reason for that?
The reason you want a DC to point to another DC for it's Primary DNS is because when the DC in question is rebooted, there are potential processes that will make DNS calls before the local DNS server is fully up and running. If the DNS calls fail, the server will sit and timeout (Don't ask me why it doesn't move over to the secondary DNS entries - it never/rarely seems to use the secondary DNS entries) for several mins or more until either the local DNS services come up, or it FINALLY fails over to the secondary DNS entry.
-
Without wishing to hijack the thread, how often do you reboot DCs and should you stagger the rebooting or is it ok to reboot all DCs at the same time?
-
@Carnival-Boy said:
Without wishing to hijack the thread, how often do you reboot DCs and should you stagger the rebooting or is it ok to reboot all DCs at the same time?
Sure, you shouldn't need to reboot your DCs very often, But if the latency brought in by a DC making a query to another DNS server provides real performance issues on your network (short of your only other DNS server being over a WAN link - in that case I'd go local DNS first), then you have other problems you should resolve first.
As for rebooting all of your DCs, if possible, definitely stagger, otherwise you're taking your entire network down as DNS will be unavailable for everyone.
-
@Bill-Kindle said:
@ajstringham Your DNS is backwards. Never have the server you are working on set to use itself as the primary. BPA scan will tell you the same thing.
Always use the other DNS server as your primary, and a loopback for the secondary.
Yep, I said it backwards!
-
Thanks guys for all the help! I'm going to fix this...except I somehow lost access to the vSphere lab...I opened a helpdesk request but likely it'll be tomorrow before I can get access again. The helpdesk here, internally, is not particularly quick...