- I have 3 2008R2 AD servers that are all DNS servers, each of which are in a different site.
- This is a lab so I power these off and on again frequently.
When I powered on all the servers simultaneously tonight the Role holder (first DC which holdsall my roles) refused to start DNS
Why? Because AD wasn't finished synchronizing with the other DCs. It even proclaimed that it knew it was the role holder, but did not consider it valid because it could not replicate (event ID: 2092) .
And why could AD not replicate with other DCs? Because "Active Directory Domain Services could not use DNS to resolve the IP address of the source domain controller..." (event ID: 2088).
So DNS can't start till AD is done replicating and AD can't replicate until it can resolve names with DNS.
I pointed the role holder to another DC in a different site for its primary DNS and restarted AD services. Everything worked.
My question is what are the best practices for this kind of set up? Shouldn't all my DCs point to themselves for DNS? And also, I read that my Roles holder should only have to replicate with just one other DC, not every DC in the domain when it first boots up is this correct?
Thanks for any assistance on this. I read http://support.microsoft.com/kb/305476, but I'm still a bit confused.