Windows 2008 Active Directory Install - DNS Issues?

windows-server-2008 domain-name-system active-directory
12,396

The error 81 means server unreachable. Use err.exe from download.microsoft.com to lookup the error and you will see the following.

LDAP_SERVER_DOWN winldap.h

DNS is unable to create built in partitions means it was trying to create the DC=DomainDNSZones,DC=Domain,DC=Local and DC=ForestDNSZones,DC=Domain,DC=Local application partitions. To do that it would have to contact the domain naming master FSMO role holder (which is your only DC that you have). I wouldn't worry about this just yet as the zones (_msdcs.domain.local and domain.local) are likely stored in the domain partition at the moment beneath CN=microsoftDNS,CN=System,DC=Domain,DC=Local.

I would make sure you dont have any firewall software other than the inbuilt one. Have you got some 3rd party AV which bundles a firewall with it installed? You might want to turn all 3rd party firewalls off and then the Windows Firewall too (while you troubleshoot) as I dont know what firewall profile is currently active and what rules/traffic is allowed. Do you have more than one network interface on this machine?

open the wf.msc and on the left pane click the top most element and view its properties. Go through each tab for domain, public and private and turn them all off. DONT stop any Windows Firewall related services using services.msc.

Doing a "netstat -ano" will show what ports the server is listening on which should have entries indicating listening on TCP/UDP ports such as 389, 88, 135, 445 and so on. You need to see if you can connect to those ports from the relevant apps or some port scan utility such as portqry.exe from the Windows 2003 support tools or resource kit. Unfortunately its not bundled with the OS anymore but should work if you extract from the relevant download packages from download.microsoft.com.

Share:
12,396

Related videos on Youtube

bigtv
Author by

bigtv

Updated on September 17, 2022

Comments

  • bigtv
    bigtv almost 2 years

    I am attempting to setup a standalone Windows 2008(R2) server with Active Directory Domain Services. This install is purely for development purposes.

    I have installed the OS just fine, and I been through and added ADDS role which in turn add the DNS role. Everything installs just fine and I can run dcpromo which appears to complete successfully, however after the required reboot I can login using the new domain admin credentials but the event log reports various issues with the ADDS service and I am unable to open any of the related management interfaces.

    Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Computer:      computer.domain.local

The local domain controller could not connect with the following domain controller     hosting the following directory partition to resolve distinguished names. 

Domain controller:

Directory partition:
domain.local

    As this install was for development purposes, I was advised to use .local, although I have now run through the setup with various different configurations but I always hit the same issue.

    Looking at other posts, I have tried:

    dcdiag /e /fix

    This returns the following message:

    Ldap search capability attribute search failed on server conputername, return value = 81

    Not sure if this is a clue to anything?

    I am fairly sure this is DNS related as it seems the server cannot be found, I can confirm that my NIC is looking at 127.0.0.1 as it's primary DNS server.

    Any advice would be much appreciated.

    UPDATE:

    Digging deeper, i've found this event error?

    The DNS server was unable to create the built-in directory partition
    • SmallClanger
      SmallClanger over 13 years
      This is a stab in the dark, but try setting your DNS server to the primary IP of the server, rather than 127.0.0.1. Could be that the service won't respond on localhost.
    • joeqwerty
      joeqwerty over 13 years
      In addition, make sure the DNS server is set to listen on the correct ip address(es).
    • bigtv
      bigtv over 13 years
      I have done and checked all your advice and rebooted - no change. I am able to ping domain.local etc...
  • bigtv
    bigtv over 13 years
    This was simply a connectivity issue as I think you you suspected. No firewall were on but I discovered a local IP-SEC policy that was created and enabled by the hosting company which was blocking traffic. I disable and re-installed and it all worked. Thanks for steering me in the right direction.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can't add client machine to windows server 2008 domain controller
Unable to register a client to domain
Windows Server 2008 Domain alias for users to log on to?
Can't ping NETBIOS name of Server 2008 R2 domain
Preventing automatic DNS updates for multi-homed NIC in Windows Server environment
Automatic failover for domain controller
Error while scanning DNS role on Windows Server 2008 R2
Transitioning to new Server 2008 R2 Domain from Server 2003 -> Do I move DHCP or DNS first?
Should the DNS and DHCP server be on the same machine?
Use Linux BIND DNS server for my Windows Active Directory 2008 R2