I have a new 2008 domain as a pilot for the domain that I'll be building
soon for production. Single forest, single domain. Two 2008 DCs thus far,
both running integrated DNS zone.
-Netdiag report shows a failure for the DNS test when run from one of the
DCs...
DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'dc1.domain.internal.co.xxxxxx.tx.us.'.
OTAVAIL ]
The name 'FruitLoops.mcse.internal.co.travis.tx.us.' may not be
registered in DNS.
[FATAL] Could not open file C:\Windows\system32\config\netlogon.dns for
reading.
[FATAL] No DNS servers have the DNS records for this DC registered.
My concern with this is that a good bit of the info provided by google
points to single label DNS names, such as this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1. We are
local government, so we do have a legnthy FQDN, but if I need to resort to
something shorter such as mycounty.local I need to know ahead of time.
Another concern is that when I run netdiag from my vista laptop on the
domain, the dns test passes. There are also replication issues reported by
replmon.
-Next failure shown when run from 'dc1':
DC list test . . . . . . . . . . . : Failed
Failed to enumerate DCs by using the browser.
[ERROR_NO_BROWSER_SERVERS_FOUND]
Same failure shown when run from my laptop:
DC list test . . . . . . . . . . . : Failed
Failed to enumerate DCs by using the browser.
[ERROR_NOT_ENOUGH_SERVER_MEMORY]
Each DC is an ESX VM with 1.5 gb of ram, and I'm the only one using the
domain, so memory isn't an issue.
-On to dcdiag run from dc1:
Starting test: NetLogons
[dc1] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... dc1 failed test NetLogons
I'm running as an Enterprise and Domain Admin.
-Next:
Starting test: Replications
[Replications Check,dc1] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
error 0x2105
"Replication access was denied."
......................... dc1 failed test Replications
-Next:
Starting test: Services
Could not open NTDS Service on dc1, error 0x5 "Access is denied."
......................... dc1 failed test Services
Again, run as Ent/Domain admin.
-DCDiag from my laptop:
Starting test: VerifyReferences
Some objects relating to the DC dc1 have problems:
[1] Problem: Missing Expected Value
Base Object: CN=dc1,OU=Domain
Controllers,DC=domain,DC=internal,DC=co,DC=xxxxx,DC=tx,DC=us
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
I went straight to 2008 native mode, so it should be using DFS-R if I
understand it correctly....
I apologize for the verbosity, I just need to get this thing to a perfect
state before I attempt to go to production.