Hello, we are finally migrating our AD environment. Till migration we had one AD 2003 SP2 AD controller (physical). We have decided to add second controller(VM) based on Windows 2008 R2. Firstly, new AD controller was fully patched with MS update before joining AD domain.
Specs of AD controllers:
1x physical 2003 SP2 (GC, all FSMO roles), dns role
1x virtual 2008 R2(reserved 4cores, 8gb ram, 2xhdd dedicated to AD in raid 1) - GC and dns as well
Both controllers work well and replicate data between themselves. Both are GC, and 2003 holds all FMSO roles.
DNSs on DC's are configured as follows: preferred DNS - itself, secondary- second DC.
We wanted to configure them crosswise (preferred to second DC and secondary to itself) but it gave a following, strange situation:
When only 2003 DC is online we cannot login to it with RDP and locally. Workstation login takes quite long so I assume it timesout to finally login with cached credentials. The error message is "The specified domain either does not exist or could not be contacted"
When only 2008 DC is online we can successfully login to it with RDP and workstation login takes quite long as well.
Unfortunatelly configuring preffered dns server to itself (local ip, not loopback) gives the same error.
Steps that were performed:
fully patch 2003 DC
fully patch 2008 R2
join 2008r2 to 2000 level domain served by 2003 DC
upgraded 2000 level domain to 2003
upgraded 2000 forest level to 2003
promoted 2008r2 as second GC DC
reconfigured dns as stated above.A
Above steps were performed in about one week time-span, so servers have had time to synchronize and replicate.
I would like to know what causes above situation, that without the new DC the old one doesn't serve clients nor DNS requests, so clients doesn't have internet access.
Next step is to add temporary third 2008r2 DC, migrate FSMO roles to them, demote 2003 and upgrade domain and forest to 2008 level but before that we wanted to test things and above situation occurred.
Additionally, when the old DC starts up without the new one it logs following errors:
DNS: event 4015 - critical error, check if dns service works and is availiable,
then, six DNS: event 4004 - error, dns server was unable to enumerate following dns zones <-this one repeats for every dns zone, including _mscds.domain_name.
I suspect dns service to fail but what's the reason? That's why server cant authenticate and serve dns requests
Any suggestions?
