We recently added a new 2008 R2 DC to an existing 2003 forest with one 2003 DC. We haven't raised any functional levels. The 2003 DC was powered down (it hadn't been demoted yet, but all the FSMOs are on the 2008R2 DC) and the 2008R2 was then rebooted. We got the following error in the event log on the 2008R2 upon reboot (note the 2003DC was still offline).
For sake of the question,
Server01 = Server 2003 Box - Primary DNS itself, secondary Server02
Server02 = Server 2008R2 (FSMOs) - Primary DNS itself, Secondary Server 01
The DNS server timed out attempting an Active Directory service operation on DC=server02,DC=domain.local,cn=MicrosoftDNS,DC=DomainDnsZones,DC=domain,DC=local. Check Active Directory to see that it is functioning properly. The event data contains the error.
This required a restart of the DNS server and it started working again (at this point the 2003 DC was booting back up). Is this just because it was unable to speak to the other DC (and thus it's replication partner) or is there more at fault here?
Best Answer
Don't have a DC use itself for DNS first. Have it use another DC first and the loopback address last.