How much is a 'Jens Wet Panels Box'? Saturday, 13-Sep-14 09:22:00 CEST

A gentleman doesn't talk about politics Monday, 23-Feb-15 14:11:00 CET

Thursday, 29-Jan-15 00:20:00 CET

I got this blog engine back, I am so happy!

I had a really tough time behind me regarding technology

I had to look into corners of technology I had no idea I would go to get this blog back. The blog was technically dead for a week. I had to do a lot to get it back. This is the story about a blogs existence between life and death.

It all started with that I got new computer.

Actually it was not new, it was about to be discarded. If I had not received it then it would be thrown away. So I accepted it, like a cat or dog you pick up from the asylum. If you don’t pick up that poor thing, it will be put to sleep.

So when it arrived at home it all started. The very first time I started the “new” family member, a Dell Optiplex 330, one of its hard-disks had crashed. That in itself is a bad start but I got it working. I simply removed the faulty disk and reinstalled the computer on the remaining disks. Instead of three I now had two. It would become a Windows 7. I called it Jens-PC.

Unfortunately it would become a Dutch Windows 7. The reason for this was that I did not pay attention to what I bought and when I had removed the plastic cellophane around my new Windows 7 box then I discovered that it was in Dutch and not in English as I had intended. But then it was too late. I asked in the shop but they refused to take back the package. “But the paper seal is still unbroken!?” I got just one answer and it was “No, these are the rules of Media Markt.” “Broken cellophane packages we cannot take back”.

Here I was sitting with my Dutch Windows 7 machine. I had accepted my mistake, the new asylum computer would speak Dutch to me.

This blog post is going to be a technical story. No art, no funny anecdotes, just a very die-hard technical story. I put it on this blog because it is this blogs story. The way search works in Google I know the person whom this story concerns will find this and appreciate it. For the rest of you, you can as well skip this story.

I have my own domain controller at home. For the sake of security I will obscure the name of the domain, let’s call it OLD. The domain is running on a Windows 2003 server I bought ages ago and it is called SERVER. In reality OLD and SERVER was exactly the same name and I had no idea what was what. By profession I am a software developer and not a system administrator. These things don’t come naturally to me.

My network is very small. It is a domain controller behind a router. The router is a FRITZ!Box 7390.

When I reinstalled my new asylum computer I wanted to add it to the domain. So I tried this. To my very surprise I got an error message:

De volgende fout is opgetreden tijdens het opvragen van de SRV-bronrecord voor de servicelocatie in DNS die wordt gebruikt om een Active Directory-domeincontroller (AD DC) te vinden in het domein OLD.LOCAL:

De fout is: DNS-naam bestaat niet.
(foutcode 0x0000232B RCODE_NAME_ERROR)
De query was voor de SRV-record van _ldap._tcp.dc._msdcs.OLD.LOCAL
Mogelijke oorzaken van deze fout zijn:
- De DNS SRV-records die nodig zijn voor het vinden van een AD-domeincontroller voor het domein zijn niet bij DNS geregistreerd. Deze records worden automatisch bij een DNS-server geregistreerd wanneer een AD-domeincontroller aan een domein wordt toegevoegd. Deze records worden periodiek bijgewerkt door de AD-domeincontroller. Deze computer is geconfigureerd voor gebruik van DNS-servers met de volgende IP-adressen:
192.168.178.20
- Voor één of meer van de volgende zones geldt geen delegatie naar de onderliggende zone:
OLD.LOCAL

I am missing an SRV record? What is that? Huh? I searched anything that could help me understand what was wrong that could maybe help me solve the problem: 

http://serverfault.com/questions/422590/how-to-reference-a-domain-controller-out-of-the-local-network
http://support2.microsoft.com/kb/816587
http://blog.lithiumblue.com/2007/07/understanding-dns-srv-records-and-sip.html
http://forums.techarena.in/active-directory/972908.htm
http://www.it.cornell.edu/services/dhcp/howto/win2003dns.cfm
https://social.technet.microsoft.com/Forums/windowsserver/en-US/05b71490-2b9d-4db6-87cd-edc5db97a955/bind-dns-and-active-directory?forum=winservergen
http://technet.microsoft.com/es-es/library/cc759550(WS.10).aspx
http://support.microsoft.com/kb/241505

I tried again:

Let op: deze gegevens zijn bedoeld voor een netwerkbeheerder. Neem contact met de netwerkbeheerder op als u geen netwerkbeheerder bent. Meld bij uw netwerkbeheerder dat u deze gegevens hebt ontvangen en dat deze gegevens zijn opgeslagen in het bestand C:\Windows\debug\dcdiag.txt.

De volgende fout is opgetreden tijdens het opvragen van de SRV-bronrecord voor de servicelocatie in DNS die wordt gebruikt om een Active Directory-domeincontroller (AD DC) te vinden in het domein OLD.local:
De fout is: DNS-naam bestaat niet.
(foutcode 0x0000232B RCODE_NAME_ERROR)
De query was voor de SRV-record van _ldap._tcp.dc._msdcs.OLD.local
Mogelijke oorzaken van deze fout zijn:
- De DNS SRV-records die nodig zijn voor het vinden van een AD-domeincontroller voor het domein zijn niet bij DNS geregistreerd. Deze records worden automatisch bij een DNS-server geregistreerd wanneer een AD-domeincontroller aan een domein wordt toegevoegd. Deze records worden periodiek bijgewerkt door de AD-domeincontroller. Deze computer is geconfigureerd voor gebruik van DNS-servers met de volgende IP-adressen:
192.168.178.20
- Voor één of meer van de volgende zones geldt geen delegatie naar de onderliggende zone:
OLD.local

Just listen to this “The DNS name does not exist”. I tried several versions. OLD, OLD.LOCAL, OLDLOCAL. Nope. I tried OLDOLDLOCAL. Nope. I pinged, I flushed. I cursed. I tried again.

Figured out that my domain controller was not installed correctly. Somehow it had problems. I was desperate. I searched for diagnostic tools. Nothing would help. I found this help page:

http://support2.microsoft.com/kb/324753/nl

What then happened is pivotal for this story. I followed some of the instructions but I did not pay attention to the details. I think my memory is obscured by the shock that hit me when I realized what I had done.

I remember starting a command line window.

Then I entered “dcpromo”. I pressed enter.

There was some message I did not read so carefully and then I clicked next maybe two times or three times. A windows opened. It displayed an animation. At first I did not look at the animation. The process just went on and on. Then I looked at the animation. It displayed a pen and a book. There was text in the book but the pen was not writing the book. The pen was erasing the book.

Possibly after ten minutes I read the text of the window. It said “When this procedure has finished your server is no longer a domain controller”.  

Help, help, help!

I was sitting and looking at the animation of a routine uninstalling the domain, bad, really bad, outer most bad. The consequence of this hit hard. All users on all computers would become invalid. The printer would not work. SQL server, websites, blogs would stop functioning. I was upset by my own deed.

Instead of adding a computer to the domain, I uninstalled the domain. That was a silly mistake. “Was this document helpful?” the page surveyed at the bottom of the page. So I thought I just start over and reinstall the domain again.

How difficult can it be?

Things can be really difficult. One of the problems was that the domain name OLD could not be used because somehow it was already registered in NetBIOS. On the Internet you can find much information about how to flush NetBIOS but all my experiments did not work out. Then I decided to call the new domain OLD0.

This time I got this error:

Diagnostic Failed
The registration diagnostic has been run 1 time.
Warning: Domain Controller functions like joining a domain, logging onto a domain, and Active Directory replication will not be available until the DNS infrastructure for Active Directory is correctly configured.
The DNS zone authoritative for the domain OLD0.local cannot be updated because it is the DNS root zone. Domain controllers will not send dynamic updates to the DNS root zone. If you want to use this domain name, select 'Install and configure the DNS server on this computer' below and create a delegation for the new DNS zone OLD0.local from the root zone to this DNS server.
For more information, including steps to correct this problem, see Help.
Details
The primary DNS server tested was: a.root-servers.net (198.41.0.4)
The zone was: . (root)
Domain controllers will not send dynamic updates to the DNS root zone.

If there was something I did not like in the error then it was that statement that I would have a domain where you could not join the domain. A domain that you cannot join is like a car without wheels.

I did not give it much of a hesitation, I just selected the second option. Just let it configure the DNS. If you can have computers do the work for you, why not just have them do it? Selected it to configure DNS for me.

Active Directory is now installed on this computer for the domain OLD0.local.
This domain controller is assigned to the site Default-First-Site-Name. Sites are managed with the Active Directory Sites and Services administrative tool.

When all was set up so nicely I went to my new but old asylum computer, Jens-PC, and tried to enter it to the domain. I got a very familiar and unwelcome message when I tried to add it to the domain.

Let op: deze gegevens zijn bedoeld voor een netwerkbeheerder. Neem contact met de netwerkbeheerder op als u geen netwerkbeheerder bent. Meld bij uw netwerkbeheerder dat u deze gegevens hebt ontvangen en dat deze gegevens zijn opgeslagen in het bestand C:\Windows\debug\dcdiag.txt.
De volgende fout is opgetreden tijdens het opvragen van de SRV-bronrecord voor de servicelocatie in DNS die wordt gebruikt om een Active Directory-domeincontroller (AD DC) te vinden in het domein OLD0.local:
De fout is: DNS-naam bestaat niet.
(foutcode 0x0000232B RCODE_NAME_ERROR)
De query was voor de SRV-record van _ldap._tcp.dc._msdcs.OLD0.local
Mogelijke oorzaken van deze fout zijn:
- De DNS SRV-records die nodig zijn voor het vinden van een AD-domeincontroller voor het domein zijn niet bij DNS geregistreerd. Deze records worden automatisch bij een DNS-server geregistreerd wanneer een AD-domeincontroller aan een domein wordt toegevoegd. Deze records worden periodiek bijgewerkt door de AD-domeincontroller. Deze computer is geconfigureerd voor gebruik van DNS-servers met de volgende IP-adressen:
192.168.178.20
- Voor één of meer van de volgende zones geldt geen delegatie naar de onderliggende zone:
OLD0.local

I still could not add Jens-PC to the domain. I was frustrated. However I figured out that I could get the SQL server of my SERVER to start and it even started to serve one of my websites but this blog you are reading now, it was dead.

How were things organized in my network? Could there be something else wrong? How about the FRITZ!Box for example? I logged into the configuration windows of my router and looked around. I actually found something that looked suspicious and that was the rebind protection. “Removing DNS requests into the own network”. I entered my domains name OLD0.local. No avail.

Although it did not work I continued to think in terms of “Back to basics”. What was what and where and why in my network?

The router was my DHCP. It stands for Dynamic Host Configuration Protocol. This role of my router as DHCP was by “tradition”. It has always been like that. I never considered if this was right or wrong. It had become like that long before I got my domain controller. It worked so why change it?

Well, it was not working anymore so that little reason for not reconsidering the DHCP was gone. It turned out to be a correct conclusion. I had understood it so that the DHCP only give out IP addressed in the network but it is actually doing more. It also gives out hints about where the DNS is. Actually this I did not know at this time, which I would find out later. I decided to rebuild the domain controller functionality from scratch and I decided that the server would do the DHCP and not the router.

I made this plan:

1. Uninstall DC again. dcpromo
2. Flush NetBios. nbtstat –RR The reason was that I hoped I could reuse the OLD domain name.
3. Uninstall DNS.
4. Remove DHCP from Router.
5. Install DHCP in Server.
6. Point Server tcp ip dns to itself.
7. Install DNS again.
8. Install DC again. If install fails this time around I'm in deep problem.
9. Create Users.
10. Let computers join the domain.
11. Connect SQL server.
12. IIS
13. Repair, cry some, and continue to repair.

I decided to use the IP range starting from 192.168.178.20 until 192.168.178.200 and I wanted the server to be the first IP in the range. Another approach is to give servers and other fixed machines IP numbers outside the range. Oh well. The router however would be 192.168.178.1.

1. The first step of my plan went fine. Uninstalling a domain has a predictable and reliable result. It is just gone.

2. Tried to flush NetBIOS to see if OLD was still used. Is the NetBIOS stuff stored in lmhosts?

http://support2.microsoft.com/kb/101927
http://www.thatcomputerguy.us/index.php?option=com_content&view=article&id=154:cannot-clear-netbt-netbios-over-tcpip-disabled-in-in-ipconfig&catid=56:really-geeky-stuff&Itemid=61

3. Even though I failed on step 2 I figured out that I could proceed with step 3, uninstalling the DNS. Maybe that would help with the problem of step 2. Also step 3 when fine. I removed the DNS. By now it was a rather empty DNS but anyway, I removed it and restarted the server.

Then I tried to flush NetBIOS again to see if I could use OLD. No improvement. Searched for information:

http://www.ehow.com/how_7375696_purge-delete-computer-names-server.html

nbtstat -n still displays OLD.

Again, actually the problem with the NetBIOS name OLD would not stop me from working on the next step of my plan.

4. Removed DHCP from the router. This is the first time my network got no DHCP server ever. The result was imminent. It was no longer possible to search for information on internet.

I queried NetBIOS again and OLD was still available. Then I tried to uninstall WINS as well and then install it again. NetBIOS would still give me OLD.

5. Then I installed DHCP on my SERVER.

https://www.youtube.com/watch?v=A9x_0TYdwdI

All this time I had been connected to my server through RDP, or Remote Desktop. After installing DHCP the remote desktop window to my SERVER died. It died with a BEEP from the server room.

I could ping the SERVER but it would not let me log in on it.

Started a command line window. Entered this command

>ipconfig /all
Windows IP-configuratie
  Hostnaam  . . . . . . . . . . . . : Jens-PC
   Primair DNS-achtervoegsel . . . . :
   Knooppunttype . . . . . . . . . . : hybride
   IP-routering ingeschakeld . . . . : nee
   WINS-proxy ingeschakeld . . . . . : nee
   DNS-achtervoegselzoeklijst. . . . : fritz.box
Ethernet-adapter voor LAN-verbinding:
   Verbindingsspec. DNS-achtervoegsel: fritz.box
   Beschrijving. . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
   Fysiek adres. . . . . . . . . . . : 00-11-1F-16
   DHCP ingeschakeld . . . . . . . . : ja
   Autom. configuratie ingeschakeld  : ja
   IPv6-adres. . . . . . . . . . . . : 2001:980:aa9b:(voorkeur)
   Tijdelijk IPv6-adres. . . . . . . : 28:10b3:36ee:232f(voorkeur)
   IPv6-adres. . . . . . . . . . . . : fd3327(afgeschaft)
   Link-local IPv6-adres . . . . . . : ff1:3327%11(voorkeur)
   IPv4-adres. . . . . . . . . . . . : 192.168.178.33(voorkeur)
   Subnetmasker. . . . . . . . . . . : 255.255.255.0
   Lease verkregen . . . . . . . . . : vrijdag 23 januari 2015 21:39:00
   Lease verlopen. . . . . . . . . . : maandag 2 februari 2015 21:39:00
   Standaardgateway. . . . . . . . . : fe:141a%11, 192.168.178.1
   DHCP-server . . . . . . . . . . . : 192.168.178.1
   DHCPv6 IAID . . . . . . . . . . . : 234888905
   DHCPv6-client DUID. . . . . . . . : 00-01-0-1F-16
   DNS-servers . . . . . . . . . . . : fd00::c2241a, 192.168.178.20
   NetBIOS via TCPIP . . . . . . . . : ingeschakeld

Very well, the DHCP was the FRITZ!Box IP so this was not working at all. This was not my intention. My router, the FRITZ!Box was still serving as DHCP. I had not turned off DHCP properly. Checked the configuration again of the FRITZ!Box and rebooted it. Then I checked again. Now my machine responded:

>ipconfig /all
Windows IP-configuratie
   Hostnaam  . . . . . . . . . . . . : Jens-PC
   Primair DNS-achtervoegsel . . . . :
   Knooppunttype . . . . . . . . . . : hybride
   IP-routering ingeschakeld . . . . : nee
   WINS-proxy ingeschakeld . . . . . : nee
Ethernet-adapter voor LAN-verbinding:
   Verbindingsspec. DNS-achtervoegsel:
   Beschrijving. . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
   Fysiek adres. . . . . . . . . . . : 00-1E-C9-31-1F-16
   DHCP ingeschakeld . . . . . . . . : ja
   Autom. configuratie ingeschakeld  : ja
   IPv6-adres. . . . . . . . . . . . : 2001:980:aa9b27(voorkeur)
   Tijdelijk IPv6-adres. . . . . . . : 2006ee:232f(voorkeur)
   IPv6-adres. . . . . . . . . . . . : fd00::e3327(afgeschaft)
   Link-local IPv6-adres . . . . . . : fe8:ff327%11(voorkeur)
   IPv4-adres. . . . . . . . . . . . : 192.168.178.33(voorkeur)
   Subnetmasker. . . . . . . . . . . : 255.255.255.0
   Lease verkregen . . . . . . . . . : zaterdag 24 januari 2015 0:16:46
   Lease verlopen. . . . . . . . . . : zondag 1 februari 2015 0:16:45
   Standaardgateway. . . . . . . . . : fe80::c225c:141a%11, 192.168.178.1
   DHCP-server . . . . . . . . . . . : 192.168.178.20
   DNS-servers . . . . . . . . . . . : fec0:0ff::1%1,fec0f::2%1,fec0fff::3%1
   Primaire WINS-server. . . . . . . : 192.168.178.20
   NetBIOS via TCPIP . . . . . . . . : ingeschakeld

At this point I decided that I was done with point 5, I had successfully installed the DHCP server on my SERVER.

Then how about point 2 of my plan? I wanted to see that the NetBIOS name OLD had been removed from the network.

>nbtstat -n
LAN-verbinding:
IP-adres van knooppunt: [192.168.178.33] Scope-ID: []
                Tabel met lokale NetBIOS-namen
       Naam               Type         Status
    ---------------------------------------------
    JENS-PC        <20>  Uniek       Geregistreerd
    JENS-PC        <00>  Uniek       Geregistreerd
    WORKGROUP      <00>  Groep       Geregistreerd
    WORKGROUP      <1E>  Groep       Geregistreerd

That looked really promising! However, I still could not connect with my SERVER. It would not let me connect. I tried to ping my server. It looked like this:

>ping 192.168.178.20
Pingen naar 192.168.178.20 met 32 bytes aan gegevens:
Antwoord van 192.168.178.20: bytes=32 tijd=2 ms TTL=64
Antwoord van 192.168.178.20: bytes=32 tijd=1 ms TTL=64
Antwoord van 192.168.178.20: bytes=32 tijd=1 ms TTL=64
Antwoord van 192.168.178.20: bytes=32 tijd=3 ms TTL=64

Ping-statistieken voor 192.168.178.20:
    Pakketten: verzonden = 4, ontvangen = 4, verloren = 0
    (0% verlies).

De gemiddelde tijd voor het uitvoeren van één bewerking in milliseconden:
    Minimum = 1ms, Maximum = 3ms, Gemiddelde = 1ms

I also tried to ping the domain name:

>ping OLD
Pingen naar OLD [192.168.178.20] met 32 bytes aan gegevens:
Antwoord van 192.168.178.20: bytes=32 tijd=1 ms TTL=64
Antwoord van 192.168.178.20: bytes=32 tijd=1 ms TTL=64
Antwoord van 192.168.178.20: bytes=32 tijd=2 ms TTL=64
Antwoord van 192.168.178.20: bytes=32 tijd=2 ms TTL=64

Ping-statistieken voor 192.168.178.20:
    Pakketten: verzonden = 4, ontvangen = 4, verloren = 0
    (0% verlies).

De gemiddelde tijd voor het uitvoeren van één bewerking in milliseconden:
    Minimum = 1ms, Maximum = 2ms, Gemiddelde = 1ms

I was clueless. There was no other option than giving the server a monitor and a keyboard. Hmmm.... Have to crawl into my server room. It is in my cupboard. When I finally got the screen connected I got this message from the server: IP Conflict.

An IP conflict?

Maybe this was a good moment to reboot the server to see if it would work. It came up with and there was still an IP conflict on the network. Darn, it would not help.

On my new asylum computer I figured there was a way to get a Network Discovery Map of the machines connected on the network and through that I found out it was my Samsung TV that had got the same IP as the Server. Little sneaky thing!!!

I turned off the TV and the server became happy.

I had this idea that if I turned the TV back on again then it would realize that the IP it had was taken so there was no point taking the same IP. Nope. As soon the TV came on it took the server IP and instantly from my cupboard I heard a BEEP when the IP conflict message was displayed on the screen.

This was really annoying but I decided there would be no TV until I figured out how to fix that problem.

With the TV turned off my server got happy and stopped complaining. Actually, later I found that it is possible to put machines with fixed IP outside the range of DHCP. So for example the server would be outside the range. When doing so no machine in the range cannot by accident take one of the fixed IPs. I thought that all IPs had to be in the range but that was not so.

Now I could connect with RDP again. Logically because what I actually tried to connect to was the TV. A Samsung TV is maybe not so good at RDP. Oh well, already had the screen connected to my server so I could use that instead of RDP.

During this IP conflict drama I noticed that devices were loaded into the new DHCP. This gave me delighted feeling.

Is point 2 of my plan still an issue? Is the name OLD still in use in NetBIOS?

OLD was back in the list!

Then started on point 6 of my plan. Point the server to SERVER as a DNS.

Point 7. Do I dare install the DNS? I have to. So I installed it again but it was really empty. An empty DNS is not of much use. I checked NetBIOS. No improvement.

At this point my asylum computer “Jens-PC” gave this result of the command ipconfic /all

Windows IP-configuratie
   Hostnaam  . . . . . . . . . . . . : Jens-PC
   Primair DNS-achtervoegsel . . . . :
   Knooppunttype . . . . . . . . . . : hybride
   IP-routering ingeschakeld . . . . : nee
   WINS-proxy ingeschakeld . . . . . : nee
Ethernet-adapter voor LAN-verbinding:
   Verbindingsspec. DNS-achtervoegsel:
   Beschrijving. . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
   Fysiek adres. . . . . . . . . . . : 0031-1F-16
   DHCP ingeschakeld . . . . . . . . : ja
   Autom. configuratie ingeschakeld  : ja
   IPv6-adres. . . . . . . . . . . . : 2007:ff327(voorkeur)
   Tijdelijk IPv6-adres. . . . . . . : 2080:8d36(voorkeur)
   Link-local IPv6-adres . . . . . . : fe80::ed17:10(voorkeur)
   IPv4-adres. . . . . . . . . . . . : 192.168.178.33(voorkeur)
   Subnetmasker. . . . . . . . . . . : 255.255.255.0
   Lease verkregen . . . . . . . . . : zaterdag 24 januari 2015 11:10:52
   Lease verlopen. . . . . . . . . . : zondag 1 februari 2015 11:21:06
   Standaardgateway. . . . . . . . . : fe825141a%10, 192.168.178.1
   DHCP-server . . . . . . . . . . . : 192.168.178.20
   DNS-servers . . . . . . . . . . . : ff::1%1, feff::2%1, f0:0:::3%1
   Primaire WINS-server. . . . . . . : 192.168.178.20
   NetBIOS via TCPIP . . . . . . . . : ingeschakeld

Somehow, there is an IPv6 DNS on my network. But it is not working, or is it?

I moved on to point 8. Install the domain controller again. I held my breath...

Here we go again. It was not possible call the domain OLD. Logical, it was in use in the NetBIOS name table.

Since this is really not what I wanted I had to search for information. Apparently I had to get my DNS configured properly. So I tried with this so I went back to configuring DNS, point 7.

Right clicked OLD in my DNS configuration window and started the action “Configure DNS”. I selected “Create a forward lookup zone”. Had to decide if this server should maintain the zone. It does. Named the zone something random "MainZone".

Then came an information screens about dynamic update. The DNS could not be installed properly without an Active Directory, it would not be possible to work with dynamic update.

I would simply not be able to install the DNS properly before the Active Directory was installed properly.

Here I decided that the root cause of the challenge at this point was my desire to keep the domain name OLD. If I decided to use the domain name NEW then I would have no problem with NetBIOS names.

Also, why would I keep the domain name? To spare me from work? Well, that was a long lost goal. I had destroyed the domain so nothing would come for free from here. Just sticking to old ideas would cost me more. So, I decided to call the new domain NEW.

I started that dreadful program DCPROMO again again.

Netbios Domain Name: NEW
Where to store the Active Directory Database folder: C:\Windows\NTDS
Log folder: C:\Windows\NTDS
Sysvol folder: C:\Windows\SYSVOL

Then comes a screen where you have to check DNS or install DNS. I tried to use the option of validating DNS.

DNS Diagnostic Failed.
The registration diagnostic has been run 1 time.
Warning: Domain Controller functions like joining a domain, logging onto a domain, and Active Directory replication will not be available until the DNS infrastructure for Active Directory is correctly configured.
The DNS zone authoritative for the domain NEW.local cannot be updated because it is the DNS root zone. Domain controllers will not send dynamic updates to the DNS root zone. If you want to use this domain name, select 'Install and configure the DNS server on this computer' below and create a delegation for the new DNS zone NEW.local from the root zone to this DNS server.
For more information, including steps to correct this problem, see Help.
Details
The primary DNS server tested was: a.root-servers.net (198.41.0.4)
The zone was: . (root)
Domain controllers will not send dynamic updates to the DNS root zone.

Again, I was clueless and absolutely sure that a screen telling me I cannot join a domain that is a screen saying, hey dude – give up! Added 192.168.178.20 to a.root-servers.net entry of DNS. Tried to perform the diagnostic again.

DNS Diagnostic Failed
The registration diagnostic has been run 2 times.
Warning: Domain Controller functions like joining a domain, logging onto a domain, and Active Directory replication will not be available until the DNS infrastructure for Active Directory is correctly configured.
The DNS zone authoritative for the domain NEW.local cannot be updated because it is the DNS root zone. Domain controllers will not send dynamic updates to the DNS root zone. If you want to use thisdomain name, select 'Install and configure the DNS server on this computer' below and create a delegation for the new DNS zone NEW.local from the root zone to this DNS server.
For more information, including steps to correct this problem, see Help.
Details
The primary DNS server tested was: a.root-servers.net (198.41.0.4)
The zone was: . (root)
Domain controllers will not send dynamic updates to the DNS root zone.

That gave no difference. This strange IP is it having precedence over my IP? Tried to be clever and deleted it and replaced it with the IP of my own server.

DNS Diagnostic Failed
The registration diagnostic has been run 3 times.
Warning: Domain Controller functions like joining a domain, logging onto a domain, and Active Directory replication will not be available until the DNS infrastructure for Active Directory is correctly configured.
The DNS zone authoritative for the domain NEW.local cannot be updated because it is the DNS root zone. Domain controllers will not send dynamic updates to the DNS root zone. If you want to use this domain name, select 'Install and configure the DNS server on this computer' below and create a delegation for the new DNS zone NEW.local from the root zone to this DNS server.
For more information, including steps to correct this problem, see Help.
Details
The primary DNS server tested was: a.root-servers.net (198.41.0.4)
The zone was: . (root)
Domain controllers will not send dynamic updates to the DNS root zone.

On this I tried to flush the DNS. Maybe my change was stuck in the cache?

DNS Diagnostic Failed
The registration diagnostic has been run 4 times.
Warning: Domain Controller functions like joining a domain, logging onto a domain, and Active Directory replication will not be available until the DNS infrastructure for Active Directory is correctly configured.
The DNS zone authoritative for the domain NEW.local cannot be updated because it is the DNS root zone. Domain controllers will not send dynamic updates to the DNS root zone. If you want to use this domain name, select 'Install and configure the DNS server on this computer' below and create a delegation for the new DNS zone NEW.local from the root zone to this DNS server.
For more information, including steps to correct this problem, see Help.
Details
The primary DNS server tested was: a.root-servers.net (198.41.0.4)
The zone was: . (root)
Domain controllers will not send dynamic updates to the DNS root zone.

Here at this point I realized I would never ever be able to set up DNS myself. The second option having DCPROMO to install the DNS was what I had to use. So it did.

So on to next screen. Permissions. Selected the second option.

Entered Directory Services Restore Mode Administrator Password

Then came a summary:

Configure this server as the first domain controller in a new forest of domain trees.

The new domain name is NEW.local. This is also the name of the new forest.
The NetBIOS name of the domain is NEW
Database folder: C:\WINDOWS\NTDS
Log file folder: C:\WINDOWS\NTDS
SYSVOL folder: C:\WINDOWS\SYSVOL
The DNS service will be installed and configured on this computer. This computer will be configured to use this DNS server as its preferred DNS server.
The password of the new domain administrator will be the same as the password of the administrator of this computer.

It sounded all great! I started the domain controller installation.

I note that you CAN cancel the installation of the domain when you install it. When I are destroying your domain controller it is not possible to cancel the operations. Is there a philosophical reason for this? After installation I had to restart the server.

A service did not start but for the rest. Now I had the domain NEW!

Now I tried to ping my new domain from my asylum computer.

>ping NEW.local
Ping-aanvraag kan host NEW.local niet vinden.
Controleer de naam en probeer het opnieuw.

I could not ping google.com

In DNS I started the action Configure a DNS Server...

Selected Create a forward and reverse lookup zones.

“Yes, create a forward lookup zone now (recommended).” Had to give a name of the primary zone.

I gave the zone the name "NEWPrimary".

Dynamic update? Yes, huraaahhh. I could select the first option. Allow only secure dynamic updates (recommended for active directory). So I followed this action and I came with a couple of questions like what it would be called and what IP to use etc.

Should this server forward DNS requests it cannot answer. Yes! Entered the DNS of my ISP.

So now I went back to my asylum computer jens-pc to find out what I knows about the new domain controller and DNS. It found NEW.local. I was able to ping google.com

With great hope I created a new user in the new domain NEW.

Then I tried to add Jens-PC to the domain NEW and it worked!

And the new user could log in and reach the Internet. Well, after entering a static IP of the new DNS server but never the less, this was great!

My main website already worked! Amazing. It is based on a SQL server and ASP.NET and it just worked.

My blog though was still dead. So now it was time to get my blog up and running.

IIS? What’s up with IIS? Why is it serving one site but not another? I found out that I made my blog with an application pool of dot.net 4.0 Searched around and thought that maybe this would be an important document:

https://msdn.microsoft.com/en-us/library/vstudio/k6h9cz8h(v=vs.100).aspx

Ok so I CD to the directory of the DotNet C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319>aspnet_regiis.exe -lv
1.1.4322.0      Valid (Root)    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
2.0.50727.0     Valid           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
4.0.30319.0     Valid           C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll

So I got 3 valid installations of dot.net on my Windows 2003 server.

I decided to upgrade to the next version of blogengine.net. By doing that I surely would get my blog up and running.

For this I made this plan: 

1. Make a backup of my blog.
2. Download the new DotNetBlogEngine.
3. Get it up and running.
4. Then I migrate my old blog data to the new blog.

So...

1. Where is that thing?

Stopped the blog in IIS.

Compressed the entire directory and placed it on a safe place.

2. So I go to: http://www.dotnetblogengine.net/

All right, here comes a little setback again. Dot.Net 4.5 is not supported on Server 2003. All the latest DotNetBlogEngine releases are making use of DotNet 4.5 and higher. So no option.

Hmm....

Then I came up with the idea of migrating to the same version but in another app of IIS. I also tried to make the source code version of the BlogEngine working but that also failed.

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319>aspnet_regiis.exe -ga iwam_SERVER

Start granting iwam_SERVER access to the IIS configuration and other directories used by ASP.NET.

Finished granting iwam_SERVER access to the IIS configuration and other directories used by ASP.NET.

The blog was not working. I gave up on my blog for a while. After installation of the domain controller I had been using one entire day trying to get the blog up and running. I was really at the end of the rope on that blog-thing.

Where are my emails configurations?

Started MMC. Added my MailEnable MMC plugin and there they were!!! Cool.

Then I returned to the blog and I came up with the idea that I should not use a separate pool for my blog. Started on this just to discover that the main site that originally worked is no longer working.

Both my site www.sunneras.se was dead and www.jens.malmgren.nl were also dead.

So...

Found this link: http://support2.microsoft.com/kb/894670

Ugh, hate Dutch help pages. What is this stuff in English? This is just useless information. It takes me 10 minutes to figure out from the Dutch text I have to start IIS configuration. Why not just say that?

Nope. Not my problem. I have absolute paths.

At this situation I had to have a break from my blog. There was more things to do. For example my Vista computer had to be added to the domain NEW.

Funny, I found out it had been turned on the whole time while I destroyed my domain. It could be the reason that the OLD NetBIOS name was kept. I don’t try to think too much about the things how they are and why they are and what had happened if things had been different. For example that my Vista had been turned off. Had NetBIOS then succeeded in flushing the name OLD?

Removed the vista from my old domain by adding it to a workgroup. Then I added it to the new domain. Worked really well. One thing is clear. Adding computers to its domain that is something I can do with my new network!

On the Vista computer a person logs in locally and use OutLook 2013 to read email. Ideally I should have an exchange server for things as Email but since I did not like Exchange I never installed it in the domain. To be really clear on this I actually installed it. Then played around with it, found it absolutely horrible, then I removed it. After that I had the installation of Exchange in the CD drive for several years.

So I create the user for the Vista computer and log in on the computer with the new user credentials. By doing this I get the users local profile file structure. Then I logged out again and logged in as administrator.

Now I opened the local profile directories of the old user from the lost domain. Then I opened the user profile directories from the same user on the new domain.

Where are the data files of Outlook?

Here:

https://support.office.microsoft.com/en-us/article/Locating-the-Outlook-data-files-0996ece3-57c6-49bc-977b-0d1892e2aacc?CorrelationId=07bb51e6-fc2c-4030-a508-949fef444933&ui=en-US&rs=en-US&ad=US

To found out I have to make hidden files and directories visible. Windows E, alt key and then Folder options...

Had to configure email before the folders where became equal.

Then I could copy the data files. Then I went back to the user and configured outlook to open the moved data file. Pfff....

Printer?

If the printer on the server is not available anymore?

Turned on the printer sharing on the server.

Went back to the vista and connected to it.

Adding a printer on a computer IN the domain is easy but the computers outside the domain they are slightly more difficult. It would be so nice if the DNS was discovered automatically but Network Discovery is turned off as it seems. I have two people with Windows 8.1 computers outside the domain. Cheaper simply to buy them Windows Home Premium.

Turning on Network Discovery sounds like a nightmare. Oh well, I just add the DNS setting in the network settings of these machines. Then they get access to DNS through the new domain and then they can get on to the Internet. Some solutions works but leave you with a feeling, it is not right but it works. Sometime soon it show up as an issue.

When I come so far I thought I turn on the TV again.

That stupid thing tried to get the IP of the server. BEEP! There I had the IP conflict again.

To solve this I got the MacAdress number of the TV and then I made a reservation in the DHCP for the TV and assigned it to another IP.

On the TV the MacAdress was given with ':' between every other character but adding them without ‘:’ in DHCP on the server did the trick.

When I played around with reserving an IP by connecting it to the mac address I found out that there exists hints to be sent out by DHCP of where the DNS is so I entered these. Could even specify the name of the domain. The TV responded beautifully on this. However...

The iPad 2 in the house did not react on this. It cannot find the DNS. Hmm... Inconvenient.

Information in various sites suggests that my DHCP change is the absolutely essential DHCP trick. Two iPhones reacted nicely. The Android devices worked from the very beginning. No fuss, just worked. Well they are based on Linux so that is no wonder...? A bit later the iPad also discovered the DNS and could find pages on Internet. Nice. When Apple products knows to find their way to Internet then things started to feel solidly configured.

Two laptops outside the domain now also started to wake up and realize where the DNS was and listened to it. They had IP numbers from the new DHCP server. Fantastic! It started to feel like this HELL-process was worthwhile.

Tested a locked down and SEO secured work laptop. It worked as well! This laptop don't enter the domain but it needs to find its way to Internet via VPN etc. It also worked. Great!

So, now time for my own laptop to enter the new domain. Entering the domain went fine. The fingerprint login method was not working anymore for the new domain. That was expected by now. I have to come back to that later.

I carried out the same trick on my Lenovo laptop to migrate data files of Outlook from old user to new user. 

My license for FL Studio is stored per user but the previous user don't exists anymore. So I had to download the license again. It worked. Ready to make music!

Pinnacle Studio 17 just loaded. I am happy about that. It was initially hanging a little bit but not complaining about license.

So then it was time to get Android Studio up and running for my Android App development. It complained there was no JVM installation found. “Please install a 64 bit JDK”. “If you already have a JDK installed, define a JAVA_HOME variable in Computer > System Properties > System Settings Environment Variables”. Oh well. This dialog box is nice example of user friendliness. Put up a modal dialog with complex explanations of what people should do to fix an error. Then when they click ok it the instructions are gone and people are sitting there clueless.

I did it differently, I just search for environment variables. Much quicker. But then... Where is the JDK? I found it in program files.

The Android SDK Location had to be migrated over from the old user.

C:\Users\olduser\AppData\Local\Android\sdk

When I worked on my Lenovo laptop I had a much needed break from my dead blog. But I had to come back to the dead blog. Looked at application pool identity mystery:

http://www.iis.net/learn/manage/configuring-security/application-pool-identities

Nope.

Created a temporary page for my failing blog. It just said that my blog was dead. I made up a new plan:

1. Set up the blog internally on my network in local DNS. Then I can work on this without disturbing the lot. Later I will remove this and make it available on Internet.
2. Added a DNS entry. A primary zone local.malmgren.nl and pointed it to my server.
3. Downloaded DotNetBlogEngine 2.5.0.0 source code. Unpacked it.
4. Created a project in VS.

Point 4 failed. I was not able to load the source in Visual Studio 2003. Also, it turned out that my emails failed when I made this forward zone. This plan was really bad. Removed that zone again to get my emails to work again.

While looking around in VS 2003 I found much more detailed event viewer in inside VS 2003. Maybe I could use the information in the event viewer to find out what was wrong with my blog. So the plan of making the source code work had brought me to look better at the events produced.

I also found out there should be some form of MMC plugin for configuring DotNet but I couldnot find this so easily.

Well, I never had to use any configuration of DotNet 4.0 so I did not look for it. Now I started to look for it. I could not find it.

So I found I had the original DotNet 4.0 still in my download directory. So I started the installation program of it and it asked if I wanted to repair the installation of DotNet 4.0 so I decided to do that.

After repair I could find that two configuration buttons were enabled in one of the IIS property tabs for the blog site. I had a look in there but could not find anything obviously wrong.

The search continued. I produced one search query after another in Google to find pages that could help me “how to debug access rights in a dotnet web application on iis 6.0”

http://www.codeproject.com/Articles/38132/Remote-IIS-Debugging-Debug-your-ASP-NET-Applicatio
http://blog.laksha.net/2007/06/enabling-aspnet-debugging-step-by-step.html

I found this VBS script:

C:\WINDOWS\system32>cscript iisapp.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
W3WP.exe PID: 5384   AppPoolId: DefaultAppPool
W3WP.exe PID: 3716   AppPoolId: AppPoolDotNet4

http://blogs.msdn.com/b/david.wang/archive/2005/12/31/howto-basics-of-iis6-troubleshooting.aspx

I tried WFetch!

http://www.microsoft.com/en-us/download/confirmation.aspx?id=17275

DOTNET Need access as well...

http://stackoverflow.com/questions/6292053/iis6-anonymous-access-problem

THEN I started to notice something.

For all websites in IIS the anonymous user was written IUSR_SERVER but on my blog it was written  NEW\IUSR_SERVER.

I tried to remove the domain name but that failed. It came back automatically.

Then I thought that I had to create a new application and then point it to the old directory. This was something I already tried before repairing dotnet and what not. In this I made a little mistake.

I pointed my new website to a scrap directory of one of my first attempts to try out the DotNetBlogEngine. This was an essential mistake because this scrap directory not been tempered with, at all. It loaded the blog!

Now I was able to start my blog. I thought I started my blog but it was a completely other empty blog. I tried to log in with my regular password that I use for my blog but it would not accept it. Then I started to reset the admin password of my blog but indeed I was resetting the blog in the directory I thought I had pointed the IIS application but it was actually pointing somewhere else so there happened nothing.

When I after a long time realized that I mixed up directories I tried with the correct directory and wonder above wonder the anonymous access problem was gone. Now I was greeted with a dot.net error message. I was so delighted.

Event Type:Warning
Event Source:ASP.NET 4.0.30319.0
Event Category:Web Event 
Event ID:1309
Date:1/29/2015
Time:12:20:27 AM
User:N/A
Computer:SERVER
Description:
Event code: 3005  Event message: An unhandled exception has occurred.  Event time: 1/29/2015 12:20:27 AM Event time (UTC): 1/28/2015 11:20:27 PM  Event ID: 2399d1bdb34654  Event sequence: 716  Event occurrence: 2  Event detail code: 0    …

It turned out to be a trivial error. DotNetBlogEngine directories needs to be configured properly for it to work and when I did that it was all working again.

So here we are. My blog is back!

Thanks for reading this.

Remember… If you are a domain administrator don’t do this
Windows+R,dcpromo,next,next,ok.

 

Regards,
Jens