DNS & New DC issue

paradigm · 1 Mar 2009 at 22:28

Hey guys,

I'm trying to add a new DNS server and Domain Controller to my existing Server 2003 forest/root domain. The new machine is a virtual Server 2008 box (sat within a Server 2008 R2 Hyper-V box), and whilst it will DCPromo absolutely fine, it will never replicate the primary zone within DNS (or the reverse lookup zone for that matter), stating the error:

Event Log said:
The DNS server was unable to add or write an update of domain name mydomainname in zone .tld to the Active Directory.

If I try and add the new server to the list of nameservers within the DNS snap-in on the existing server, I get a warning about the server not being authorized, which I believe to be impossible for a DC.

halp?

Cheers

iaind · 1 Mar 2009 at 23:03

I havent worked with 2008 so I dont think I can offer much help, although can I ask why you're using 2008 if your existing forest is 2003?

It sounds like some sort of policy/rights assignment issue within AD, someone could have fudged some permissions somewhere or locked it down. Is the server in the same OU as the other DCs? Just to ensure the same GPOs are being applied

paradigm · 1 Mar 2009 at 23:18

It is indeed in the same OU, and the reason for 2008 is that I want to upgrade. Its only really a testbed (small personal domain at home).

iaind · 1 Mar 2009 at 23:20

Fair enough, I didnt think many companies would be running beta software on a production system.

Is it an AD integrated DNS zone?

paradigm · 2 Mar 2009 at 13:26

Fixed it in the end, most of the problems stemming from the fact that (i'd forgotten) I had an orphaned subdomain (test.mydomain.tld) in the same forest. Got rid of that, plus a few LingeringObjects, and bingo