none
sbs 2011 DNS not updating during migration

    Question

  • I am nearly done migrating SBS 2011 Std to SBS 2011 Std on new hardware and think I have a DNS problem. DNS server is running on source and destination real machines, but the entries are not the same. The destination server only has basic entries; while the source server has what looks to be complete entries. The source server even has the entries of the domain client computers and the destination server doesn't. But only the destination is running DHCP server.

    It is like the source server is getting updated and the destination never was. But all quiries show the destination as the DNS server. Verified that the destination has the 5 FSMO roles. Both servers list both as GCs. Names and IP resolve OK. Both are DNS AD integrated. Nothing in DNS error logs. I don't know if DNS ever worked right on the destination server. Both have been restarted every 2-10 days for various reasons. Each DNS lists itself as the SOA, but I assume that is normal. Did a dcdiag /test:dns /dnsrecordregistration and it looks OK to me. It found the destination as the "home server". I've spent quite a bit of time looking at this and don't know what to do next. thanks

    _ldap._tcp.dc._msdcs.ffc.local  SRV service location:

              priority       = 0

              weight         = 100

              port           = 389

              svr hostname   = serverffc3.ffc.local

    _ldap._tcp.dc._msdcs.ffc.local  SRV service location:

              priority       = 0

              weight         = 100

              port           = 389

              svr hostname   = serverffc4.ffc.local

    serverffc3.ffc.local    internet address = 192.168.10.3

    serverffc4.ffc.local    internet address = 192.168.10.4

     

    • Moved by Sean Zhu -Moderator Tuesday, October 18, 2011 6:51 AM SBS2011 migration (From:Migration)
    Monday, October 17, 2011 5:21 PM

Answers

  • Something not right with replication of the DNS AD application partition.

    run dcdiag /c /v /e on both DCs

    Check the directory services event logs on both DCs

    repadmin /syncall

    Something should shake out


    /kj
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by 2G Wednesday, October 26, 2011 2:44 PM
    Tuesday, October 25, 2011 4:10 PM
    Moderator

All replies

  • Hello,

    It will be better to ask them here: http://social.technet.microsoft.com/Forums/en-US/category/sbsserver

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Monday, October 17, 2011 9:16 PM
  • Update: Repadmin results look fine and have no errors. As a test, I created a DNS conditional forward on the source server and it quickly replicated to the destination server. I also created test users in AD on both servers and they replicated fine.

    Tuesday, October 18, 2011 5:22 PM
  • Hi, you can upload dcdiag /test:dns /dnsrecordregistration /v  result and SBSSetup.log under C:\Program Files\Windows Small Business Server\Logs , so that we can help to check the root cause. Thanks.

     

    Sean Zhu
    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact tnmff@microsoft.com  


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, October 19, 2011 7:39 AM
    Moderator
  • C:\Users\ffcadmin>dcdiag /test:dns /dnsrecordregistration /v

    Directory Server Diagnosis

    Performing initial setup:

       Trying to find home server...

       * Verifying that the local machine SERVERFFC4, is a Directory Server.

       Home Server = SERVERFFC4

       * Connecting to directory service on server SERVERFFC4.

       * Identified AD Forest.

       Collecting AD specific global data

       * Collecting site info.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=FFC,DC=local,L

    DAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......

       The previous call succeeded

       Iterating through the sites

       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name

    ,CN=Sites,CN=Configuration,DC=FFC,DC=local

       Getting ISTG and options for the site

       * Identifying all servers.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=FFC,DC=local,L

    DAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......

       The previous call succeeded....

       The previous call succeeded

       Iterating through the list of servers

       Getting information for the server CN=NTDS Settings,CN=SERVERFFC3,CN=Servers,

    CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=FFC,DC=local

       objectGuid obtained

       InvocationID obtained

       dnsHostname obtained

       site info obtained

       All the info for the server collected

       Getting information for the server CN=NTDS Settings,CN=SERVERFFC4,CN=Servers,

    CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=FFC,DC=local

       objectGuid obtained

       InvocationID obtained

       dnsHostname obtained

       site info obtained

       All the info for the server collected

       * Identifying all NC cross-refs.

       * Found 2 DC(s). Testing 1 of them.

       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\SERVERFFC4

          Starting test: Connectivity

             * Active Directory LDAP Services Check

             Determining IP4 connectivity

             * Active Directory RPC Services Check

             ......................... SERVERFFC4 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\SERVERFFC4

          Test omitted by user request: Advertising

          Test omitted by user request: CheckSecurityError

          Test omitted by user request: CutoffServers

          Test omitted by user request: FrsEvent

          Test omitted by user request: DFSREvent

          Test omitted by user request: SysVolCheck

          Test omitted by user request: KccEvent

          Test omitted by user request: KnowsOfRoleHolders

          Test omitted by user request: MachineAccount

          Test omitted by user request: NCSecDesc

          Test omitted by user request: NetLogons

          Test omitted by user request: ObjectsReplicated

          Test omitted by user request: OutboundSecureChannels

          Test omitted by user request: Replications

          Test omitted by user request: RidManager

          Test omitted by user request: Services

          Test omitted by user request: SystemLog

          Test omitted by user request: Topology

          Test omitted by user request: VerifyEnterpriseReferences

          Test omitted by user request: VerifyReferences

          Test omitted by user request: VerifyReplicas

          Starting test: DNS

             DNS Tests are running and not hung. Please wait a few minutes...

             See DNS test in enterprise tests section for results

             ......................... SERVERFFC4 passed test DNS

     

       Running partition tests on : ForestDnsZones

          Test omitted by user request: CheckSDRefDom

          Test omitted by user request: CrossRefValidation

       Running partition tests on : DomainDnsZones

          Test omitted by user request: CheckSDRefDom

          Test omitted by user request: CrossRefValidation

       Running partition tests on : Schema

          Test omitted by user request: CheckSDRefDom

          Test omitted by user request: CrossRefValidation

       Running partition tests on : Configuration

          Test omitted by user request: CheckSDRefDom

          Test omitted by user request: CrossRefValidation

       Running partition tests on : FFC

          Test omitted by user request: CheckSDRefDom

          Test omitted by user request: CrossRefValidation

       Running enterprise tests on : FFC.local

          Starting test: DNS

             Test results for domain controllers:

                DC: SERVERFFC4.FFC.local

                Domain: FFC.local

                   TEST: Authentication (Auth)

                      Authentication test: Successfully completed

                   TEST: Basic (Basc)

                      The OS

                      Microsoft Windowsr Small Business Server 2011 Standard  (Servi

    ce Pack level: 1.0)

                      is supported.

                      NETLOGON service is running

                      kdc service is running

                      DNSCACHE service is running

                      DNS service is running

                      DC is a DNS server

                      Network adapters information:

                      Adapter

                      [00000007] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Clien

    t):

                         MAC address is B8:AC:6F:8F:5B:42

                         IP Address is static

                         IP address: 192.168.10.4, fe80::9c90:b473:6e77:e3d5, fe80::

    13be:4437:34ae:d795

                         DNS servers:

                            192.168.10.4 (SERVERFFC4) [Valid]

                      The A host record(s) for this DC was found

                      The SOA record for the Active Directory zone was found

                      The Active Directory zone on this DC/DNS server was found prim

    ary

                      Root zone on this DC/DNS server was not found

                   TEST: Records registration (RReg)

                      Network Adapter

                      [00000007] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Clien

    t):

     

                         Matching CNAME record found at DNS server 192.168.10.4:

                         1d21c747-32d1-4129-bd60-1adb71eb2652._msdcs.FFC.local

                         Matching A record found at DNS server 192.168.10.4:

                         SERVERFFC4.FFC.local

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _ldap._tcp.FFC.local

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _ldap._tcp.e89e0af6-8cee-4eee-bf10-6505b1676ff7.domains._ms

    dcs.FFC.local

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _kerberos._tcp.dc._msdcs.FFC.local

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _ldap._tcp.dc._msdcs.FFC.local

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _kerberos._tcp.FFC.local

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _kerberos._udp.FFC.local

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _kpasswd._tcp.FFC.local

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _ldap._tcp.Default-First-Site-Name._sites.FFC.local

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.FFC

    .local

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.FFC.loc

    al

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _kerberos._tcp.Default-First-Site-Name._sites.FFC.local

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _ldap._tcp.gc._msdcs.FFC.local

                         Matching A record found at DNS server 192.168.10.4:

                         gc._msdcs.FFC.local

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _gc._tcp.Default-First-Site-Name._sites.FFC.local

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.FFC.loc

    al

                         Matching  SRV record found at DNS server 192.168.10.4:

                         _ldap._tcp.pdc._msdcs.FFC.local

             Summary of test results for DNS servers used by the above domain

             controllers:

                DNS server: 192.168.10.4 (SERVERFFC4)

                   All tests passed on this DNS server

                   Name resolution is functional._ldap._tcp SRV record for the fores

    t root domain is registered

             Summary of DNS test results:

     

                                                Auth Basc Forw Del  Dyn  RReg Ext

                _________________________________________________________________

                Domain: FFC.local

                   SERVERFFC4                   PASS PASS n/a  n/a  n/a  PASS n/a

             ......................... FFC.local passed test DNS

          Test omitted by user request: LocatorCheck

          Test omitted by user request: Intersite

    Wednesday, October 19, 2011 7:06 PM
  • I am not able to send the SBS setup log. I think it is too big. I tried sending half and that didn't work either.

    Wednesday, October 19, 2011 8:19 PM
  • >"The Active Directory zone on this DC/DNS server was found prim

    ary"

     

    Should be "Integrated".

     

    You could switch the zone to AD Integrated and it should then replicate correctly.

     

     


    /kj
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, October 19, 2011 9:01 PM
    Moderator
  • In DNS Manager, all zones on both computers show "Active Directory-Integrated". If I click "change", there is a checkmark where there should be on store this zone in Active Directory. 

    dcdiag /test:dns /dnsrecordregistration /v on the source server also shows the zone as "primary" like you spotted on the destination server. Here are some screen shots.

     

    Thursday, October 20, 2011 4:07 AM
  • This is the fully populated source server DNS.

    And this is the destination server with no subfolders:

    Thursday, October 20, 2011 4:11 AM
  • I checked the DNS record registration on two other SBS 2011 networks and they show Active Directory Integrated Primary. So IMHO this is a valid reading and not the problem at all.

    I also checked the DNS zone serial numbers and they are the same on both servers.

    Friday, October 21, 2011 3:28 PM
  • Yes, looks like a generalization by diag.

    On the source server FFC.local and the _msdcsffc.lcoal zones, Replication is to all DNS servers in the domain. Click on the "Name Servers" tab and ensure that the target server is there also.

    Also check the DNS event log on both servers.

     


    /kj
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, October 21, 2011 5:38 PM
    Moderator
  • Replication is set to all DNS servers in the domain. Domain is server 2003 level, but tried DNS replication to all 2000 level server with no success and changed back to all servers in domain. Both servers are listed as name servers and verified as OK. Nothing but normal starts and stops in DNS logs.
    Monday, October 24, 2011 4:44 PM
  • Something not right with replication of the DNS AD application partition.

    run dcdiag /c /v /e on both DCs

    Check the directory services event logs on both DCs

    repadmin /syncall

    Something should shake out


    /kj
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by 2G Wednesday, October 26, 2011 2:44 PM
    Tuesday, October 25, 2011 4:10 PM
    Moderator