Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
DNS replication
#1
Hallo Krysztof,

I found your blog and article about migration… I tried to doit but I have little problem and noboty who could I ask around me .. so I am trying to ask you

I started migration proces with my domain.... I Added Windows 2012 like another DC. AD replicated I can see all users on new server, but DNS didn´t replitaced.. My forwarding ZONE on DNS is emty... In Log I can SEE ID 4013
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
I found some solution how add in registry some key, but it didn´t help..

any IDEA?

Thank you very much for help..
Reply
#2
Hello,

for me this looks like your old DNS zone is configured as standard primary zone not integrated with Active Directory.
Can you verify that, please?

You can do that by opening DNS management console (dnsmgmt.msc) and click on DNZ zone right mouse button, choose "Properties". Under "General" tab you should see DNS zone type.

Additionally, you can use for that dnscmd utility available on your DNS server. Run command-prompt and type
Code:
dnsmcd /EnumZones
or
Code:
dnscmd /EnumZones >dns-zones.log

and place the output here, please.

We would be able to see if this is related with that configuration.

If so, you will have 2 options:
  • configure secondary zone on your Windows Server 2012 DNS server
  • convert DNS zone into Active Directory-Integrated zone

both are correct but the second is much more secure and its replication is encrypted. Standard zone is replicated (AXFR full transfer or IXFR incremental/changes transfer) using plain text.
AD-Integrated zone is replicated over RPC and it is stored within AD database, that's why this method of the configuration is much better.

Before you can convert zone to AD-I, you need to verify "Zone transfers" and "Name servers" tab of it to be sure that there are no other DNS servers using the zone.

We'll see basing on the output of dnscmd command, what to do next.
Regards,
Krzysztof
Reply
#3
I enclose log...

Enumerated zone list:

Zone count = 3

Zone name Type Storage Properties

. Cache AD-Domain
1.1.10.in-addr.arpa Primary File Update Rev
pearne.sepek Primary File Update

Command completed successfully.

thank you for any help....
Reply
#4
OK this looks like it was inherited from Windows 2000 server domain DNS server.

Quote:.                              Cache      AD-Domain
This is cached root domain not needed anymore in new DNS servers if you would like to have Internet access

Quote:1.1.10.in-addr.arpa            Primary    File            Update Rev
pearne.sepek                 Primary    File            Update

and these 2 zones, one forward and one reverse lookup are Standard Primary zones. That means they need to be allowed for replication to other DNS servers. By deafult it is not enabled. And they can be modified only on this DNS where they are primary. The rest DNS servers would store them as Standard Secondary zones in read-only mode.

So, you have 2 options as I wrote in previous post. I would strongly recommend converting them to Active Directory-Integrated zones.

To do that, log on to DNS server where they are available and open DNS Management console (dnsmgmt.msc) Select forward lookup zone from the list and click on it RMB then select "Properties". Under "General" tab click next to "Zone type" change button and select tick at the bottom of the window "Store the zone in Active Directory..." then confirm changes. Change also replication scope to "All DNS servers in the domain" available one button below.

Repeat above steps for reverse lookup zone.

If you do not use any Unix/Linux/Mac OS machines in your environment then change dynamic updates to "Secure only" for both forward and reverse lookup zones.

That's all, just wait couple of minutes until replication between DCs is done and you should she DNS zones on the new DC/DNS server.

I hope it worked for you and solved your issue.
Regards,
Krzysztof
Reply
#5
great..,

I choosed Active Directory-Integrated zones a I went throught steps described by you.. and replication started work....

uff..

thank yoo you very much for HEPL!!!!

Tomas
Reply
#6
No problem, you're welcome. I'm glad it worked for you!

Please verify if DNS zones on both servers contain the same records to be sure that DNS replication is working fine...
Regards,
Krzysztof
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)