Painful dcpromo experience (Solved!)
I guess I find it valuable to post painful experiences here. Maybe it will help someone else and it certainly gives me a chance to vent.
We were setting up a test forest (single domain) for some very simplistic testing. For some reason, we could not add machines to the domain or dcpromo a second DC. An extra complication is that we were using BIND DNS and all of the errors is diagnostic tools reported DNS issues. When I finally switched over to Windows DNS and still got the errors, I knew BIND was not an issue (in fact, Windows AD works quite well with BIND these days).
We noticed that all of the SRV and domain records pointed to the host name of the DC, but they were not the FQDN. The name was something like “DC-SERVER-01.” with a trailing dot. In the DNS world, this means that there is nothing beyond the dot. This did not resolve and NOTHING worked.
In the end, it turned out that the machine's “Full computer name” was not its FQDN as it should be. Usually, this gets switched when a machine is promoted to DC. Once I changed this, the domain worked normally. No time to figure out why it got that way, but all is well now.
One other note. You cannot just change the DC's full computer name using “Computer/Properties” like a normal server. You must either demote the DC, fix the name, and re-promote OR follow the instructions in this article. I followed the article and it all worked quite well.
https://support.microsoft.com/default.aspx?kbid=257623
Cheers!