Windows 2012 – Problems creating new forest / domain from scratch

OK so I decided to take a look at Windows Server 2012 and obviously the first thing you want to do after installation is to add AD DS. This is a pretty straightforward operation, not a whole lot different to how it’s done in Windows 2008. Simply select roles and features, add AD DS and follow the wizard through, creating the new forest, domain and DNS on the way.

However this is where I started to see some problems. I can’t say for sure whether I am the only one to experience this problem but as soon as the installation finished I was unable to open any AD tools and I was presented with an error similar to the following:

“The Specified Domain Does Not Exist or Could not be Contacted”.

My initial reaction after some minor troubleshooting was simply to remove and re-install it, after all this was a brand new installation and I really shouldn’t be seeing these issues on such a virgin server. I removed and reinstalled twice but still saw the same issue. Now as much as I love a challenge, I’ve been a busy man recently with one thing and another and finally this was an opportunity to use one of my support calls up that came with my Technet subscription. Last year I didn’t use any and it annoyed me I couldn’t carry them over. But I digress. I will therefore blog their analysis which finally fixed the issue. Apologies for the slightly iffy grammar, I’ve tried to fix the worst of it! I am still at a loss why I have experienced this issue, I’d be interested to hear if anyone else has had similar issues with server 2012.

___________________

=> On server 2012 made sure we have default shares “Sysvol & Netlogon” available as shared. This wasn’t the case.

=> With server 2012(a New Forest & Domain) the Sysvol replication is done by DFSR, thus checked the events in DFSR for any errors/warnings. We found the following :-

“The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled

=> We ran the following Command in order to recover from the Issue, and resume the replication :-

“wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid=”69718B5D-152F-11E2-93E8-806E6F6E6963″ call ResumeReplication”

(Note: enter appropriate GUID)

=> Since server 2012 is the only server part of Forest/Domain, we followed the KB :- 2218556 (http://support.microsoft.com/kb/2218556) and made the server authoritative.

=> Once done we had the “Sysvol & Netlogon” available as Shared, and were able to open the AD Snap-Ins and DNS was up & running fine.

__________________________________________________________________________________

With Server 2012 being the first DC in domain, the Sysvol replication is done using DFSR and detailed analysis of the DFSR logs yesterday revealed the DFSR service itself was in a state of error. We were getting an event id 2213 wherein the DFSR Jet database was not shutdown properly. This happens every time the service is stopped. Moreover by default auto recovery is not enabled for DFSR and without this starting and running correctly, he Sysvol & Netlogon shares weren’t getting shared. When we found the event we first fixed the DFSR database for Sysvol as per the KB and then resumed the replication using WMI command. This made sure the database is set correctly and the replication is underway. Sysvol and Netlogon were then shared.

MICROSOFT SUMMATION

PROBLEM DESCRIPTION:-

Unable to Open AD Snap-Ins and Getting The Specified Domain Does Not Exist or Could not be Contacted

RESOLUTION:-

=> We promoted a server to a domain controller running 2012, the dcpromo process went fine without any issues, however when the server was restarted we couldn’t open any of the AD Snap-Ins and not DNS

=> The DNS zones failed to load and the snap-ins error out with “The Specified Domain Does not exist or could not be contacted

=> When checked the serer we found the Default Shares of “Sysvol & Netlogon” missing

=> The server is running 2012 so the Sysvol replication would be on DFSR, thus we need to make the server authoritative for the same

=> We first made sure we have policies and scripts created fine, once done we followed the steps in KB 2218556 (The steps were followed in LDP as ADSIEDIT would not load the partitions)

=> Once we were able to perform the steps we checked the events, were getting the event for DFSR Database issues, also checked the Debug Logs in Detail, and ran the following :-

wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid=”69718B5D-152F-11E2-93E8-806E6F6E6963″ call ResumeReplication

=> We got the event id :- 4602 and the sysvol , netlogon got shared fine

RELATED KNOWLEDGSE BASE ARTICLES :-

http://support.microsoft.com/kb/2218556

 

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.