I've read many post about this issue but can't get the issue resolved on my network. Or maybe can't get my head around the advice offered to apply it to my situation.
Network detail, the issues and steps taken are listed below, but my question is - could having left a server with DNS server role after dcpromoing it down from DC cause a problem? On that old server, if I look at my domain in the DNS forward lookup zone it appears as a secondary domain type while one the 2 DCs the same domain shows as active-directory-integrated-primary. Should I remove the DNS services from the old demoted DC? or change the zone on that server to ad integrated instead of secondary?
So, the details:
Existing 2003 domain, simple network, single domain name. Two existing 2003r2 DCs
Needed to P2V one of the existing Server 2003r2 standard Domain controller onto a new VMware server so it was dcpromoed down, though it was left as a DNS server. The other DC was left physical and held all the FSMO roles and GC, is a DNS, DHCP and WINS server.
Rather than promoting that server back up, I added a 2008r2 Enterprise server VM, ran adprep /forestprep, /domainprep and /gpprep which all appeared to succeed. Ran dcpromo, but I did not install the DNS service at the time for some reason I don't recall, though I did add it after dcpromo finished successfully. Transferred the FSMO roles to the new 2008r2 DC.
I ran into a couple issues right off the bat - first the _msdcs.domain.com zone was not added automatically which I thought was supposed to happen. I eventually added it manually.
Second, the DC will not register an SRV record. I can ipconfig /flushdns, registerdns, net stop and start dns and netlogon, etc. until I'm blue in the face and it never registers an SRV record based on the BPA. All I get is a couple 4010 events in the DNS event log. But if I look in the DNS console I see the _ldap record for it.
dcdiag run on the 2008r2 DC only shows an expected error since I haven't run /rodcprep yet. Run on the remaining 2003r2 DC shows no errors.
dcdiag /test:dns run on the 2008r2 DC shows the SRV record not registed on either DC.
Error:
Missing SRV record at DNS server 10.x.x.x:
_ldap._tcp.cc879c85-da3e-436f-91f9-0d412833d320.domains._ms
dcdiag /test:dns run on the remaining 2003r2 DC shows no errors.
I went through the netdsutil cleanup steps to make sure there was nothing left behind from the old demoted DC and everything looks clean already. No traces of the old DC left behind.
For the most part the network seems to be up and running, but I'm afraid to reboot the 2003r2 DC if I need to at some point until I get this straightened out.
Manning