Windows 2008 Active Directory Install - DNS Issues?
The error 81 means server unreachable. Use err.exe from download.microsoft.com to lookup the error and you will see the following.
LDAP_SERVER_DOWN winldap.h
DNS is unable to create built in partitions means it was trying to create the DC=DomainDNSZones,DC=Domain,DC=Local and DC=ForestDNSZones,DC=Domain,DC=Local application partitions. To do that it would have to contact the domain naming master FSMO role holder (which is your only DC that you have). I wouldn't worry about this just yet as the zones (_msdcs.domain.local and domain.local) are likely stored in the domain partition at the moment beneath CN=microsoftDNS,CN=System,DC=Domain,DC=Local.
I would make sure you dont have any firewall software other than the inbuilt one. Have you got some 3rd party AV which bundles a firewall with it installed? You might want to turn all 3rd party firewalls off and then the Windows Firewall too (while you troubleshoot) as I dont know what firewall profile is currently active and what rules/traffic is allowed. Do you have more than one network interface on this machine?
open the wf.msc and on the left pane click the top most element and view its properties. Go through each tab for domain, public and private and turn them all off. DONT stop any Windows Firewall related services using services.msc.
Doing a "netstat -ano" will show what ports the server is listening on which should have entries indicating listening on TCP/UDP ports such as 389, 88, 135, 445 and so on. You need to see if you can connect to those ports from the relevant apps or some port scan utility such as portqry.exe from the Windows 2003 support tools or resource kit. Unfortunately its not bundled with the OS anymore but should work if you extract from the relevant download packages from download.microsoft.com.
Related videos on Youtube
bigtv
Updated on September 17, 2022Comments
-
bigtv almost 2 years
I am attempting to setup a standalone Windows 2008(R2) server with Active Directory Domain Services. This install is purely for development purposes.
I have installed the OS just fine, and I been through and added ADDS role which in turn add the DNS role. Everything installs just fine and I can run dcpromo which appears to complete successfully, however after the required reboot I can login using the new domain admin credentials but the event log reports various issues with the ADDS service and I am unable to open any of the related management interfaces.
Log Name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Computer: computer.domain.local The local domain controller could not connect with the following domain controller hosting the following directory partition to resolve distinguished names. Domain controller: Directory partition: domain.local
As this install was for development purposes, I was advised to use .local, although I have now run through the setup with various different configurations but I always hit the same issue.
Looking at other posts, I have tried:
dcdiag /e /fix
This returns the following message:
Ldap search capability attribute search failed on server conputername, return value = 81
Not sure if this is a clue to anything?
I am fairly sure this is DNS related as it seems the server cannot be found, I can confirm that my NIC is looking at 127.0.0.1 as it's primary DNS server.
Any advice would be much appreciated.
UPDATE:
Digging deeper, i've found this event error?
The DNS server was unable to create the built-in directory partition
-
SmallClanger over 13 yearsThis is a stab in the dark, but try setting your DNS server to the primary IP of the server, rather than 127.0.0.1. Could be that the service won't respond on localhost.
-
joeqwerty over 13 yearsIn addition, make sure the DNS server is set to listen on the correct ip address(es).
-
bigtv over 13 yearsI have done and checked all your advice and rebooted - no change. I am able to ping domain.local etc...
-
-
bigtv over 13 yearsThis was simply a connectivity issue as I think you you suspected. No firewall were on but I discovered a local IP-SEC policy that was created and enabled by the hosting company which was blocking traffic. I disable and re-installed and it all worked. Thanks for steering me in the right direction.