none
_msdcs doesnt exist!

    Question

  • Hi Guys,

    I had a couple of virtual servers set up for studying purposes. Both DC's and GC but one was the DNS server (server01) and the other (server02) was installed without DNS.

    To cut a long story short, I basically accidently copied over the snapshot of server01 with its older version, meaning it was lacking in a lot of work done on both servers, which was still all on server02.

    So I seized all the roles from server01 to server02, and ran dcpromo /forceremoval. In hope that I could then add it back to the domain and have it replicate from server02. So I installed DNS onto server02, and setup a forward lookup zone but it doesn't create the _msdcs zone, which I understand is normally created automatically upon installing AD DS. So when I try and add server01 to the domain, I get the following error.

    The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain contoso.com:

    The error was: "DNS name does not exist."
    (error code 0x0000232B RCODE_NAME_ERROR)

    The query was for the SRV record for _ldap._tcp.dc._msdcs.contoso.com

    Common causes of this error include the following:

    - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

    192.168.25.229

    - One or more of the following zones do not include delegation to its child zone:

    contoso.com.
    com.
    . (the root zone)

    For information about correcting this problem, click Help.

    x.x.25.229 is server02, I have set this under the adapter settings, so its pointing to the right place, but I am presuming the issue is with the missing _msdcs folder and its sub folders as this tells the servers in the domain where the dc, gc, etc servers are. How can I create this?

    Thanks in advance.

    Thursday, March 22, 2012 12:15 PM

Answers

  • <snipped>

    Event Logs:

    Application:
    no errors

    system:
    Multiple errors, all same event ID as below.

    The dynamic registration of the DNS record '_ldap._tcp.HEADQUARTERS._sites.ForestDnsZones.contoso.com. 600 IN SRV 0 100 389 SERVER02.contoso.com.' failed on the following DNS server: 

    DNS server IP address: ::                                            <------------- No IP address in the error message??
    Returned Response Code (RCODE): 0
    Returned Status Code: 0 

    <snipped>

    Directory Service:
    Event ID 1801 Warning.
    The partition DC=DomainDnsZones,DC=contoso,DC=com should be hosted at site CN=HEADQUARTERS,CN=Sites,CN=Configuration,DC=contoso,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

    DNS:
    Event ID 4011 - error
    The DNS server was unable to add or write an update of domain name contoso in zone contoso.com to the Active Directory.  Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is "0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0, best match of:
     'CN=MicrosoftDNS,CN=System,DC=contoso,DC=com'". The event data contains the error.

    Both SERVER01 & SERVER02 were both GC, but obviously SERVER01 has been demoted so is no longer.

    THis is what worries me:

    The partition DC=DomainDnsZones,DC=contoso,DC=com should be hosted at site CN=HEADQUARTERS,CN=Sites,CN=Configuration,DC=contoso,DC=com, but has not been instantiated yet.

    .

    Based on that and the other errors above, I believe the DomainDnsZones partition either does not exist or is corrupted. Let's do the following to get this kicked off:

    1. On server02, change the zone to non-AD integrated (Primary Zone only)
    2. Make sure updates are allowed on the zone
    3. If you created the _msdcs zone, make that non-AD integrated, too and make sure updates are allowed. If you didn't create it, create it now.
    4. In the grayed-out _msdcs folder, go to it's properties, and change the IP address and server name to Server02
    5. Rename c:\windows\system32\config\netlogon.dns to netlogon.dns.old, and netlogon.dnb to netlogon.dnb.old
    6. Run ipconfig /registerdns and restart the netlogon service.

    The above two actions will recreate the SRV records into both contoso.com and _msdcs.contoso.com zones

    .

    Now to deal with the partitions.

    Run the following and tell me what you get:

    dnscmd dserver2 /EnlistDirectoryPartition ForestDnsZones.contoso.com
    dnscmd dserver2 /EnlistDirectoryPartition DomainDnsZones.contoso.com

    .

    If you get "NS_ERROR_DP_ALREADY_ENLISTED     9904" then lets do the next steps. We're going to delete these two partitions.

    .

    Delete the two partition CrossRef objects using ADSIEdit.msc
     1.Navigate to the CrossRef object for the application partition on a specific DC (CN=Partitions,CN=Configuration,DC=Contoso,DC=Com)
     2.Delete the CrossRef object, essentially skipping to step 7 above.
     3.Force replication, validate that the partition is gone.
     4.Restart DNS, the service will re-add the partition.

    Reference: Are Your DNS Application Partitions Corrupt?
    http://cbfive.com/blog/post/Are-Your-DNS-Application-Partitions-Corrupt.aspx

    .

    Run dnscmd /Enumdirectorypartitions - you should see somethign like "Enlisted Deleted Auto Domain," but post your results.

    .

    Now lets recreate the partitions:

    Recreated DomainDnsZones and ForestDnsZones partitions in one step:

    1. Right click DNS Server Name
    2. Configure Default Application Directory Partitions.
    3. Click YES for Domain partition
    4. On Second Prompt, Click YES for Forest partition

    .

    Re-run dnscmd /Enumdirectorypartitions

    If successful, you should see:

     DomainDnsZones.contoso.com                    Enlisted Auto Domain
     ForestDnsZones.contoso.com                      Enlisted Auto Forest

    .

    Look at your event log again, and post any errors.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Ezeddean Tuesday, April 10, 2012 4:01 PM
    Friday, March 23, 2012 1:50 PM
  • At this point, let's not delete the partitions until we determine what else is going on.

    The error you're seeing, "RPC_S_SERVER_UNAVAILABLE" is what's causing everything.

    That could be indicative of a number of things, such as missing DNS entries, such as your error also states (look near the top) it's not able to resolve the following to an IP address:
    2a8a5f4b-3e71-495e-83cf-430578c46727._msdcs.contoso.com

    .

    Also, other things that will cause it are firewall restrictions (whether in the Windows firewall or the perimeter firewall if you have multiple Sites), or from an antivirus application blocking necessary traffic, whcih many of them do these days, and are detrimental for AD communications.

    So at this time, disable the Windows firewall, and uninstall any antivirus apps on all your DCs until you resolve this.

    .

    Look in your _msdcs.contoso.com zone. Do you see a CNAME entry called 2a8a5f4b-3e71-495e-83cf-430578c46727 that is pointing to server02.contoso.com?

    If not, create one:

    • Right click _msdcs.contoso.com,
    • Choose New CNAME
    • Type in 2a8a5f4b-3e71-495e-83cf-430578c46727
    • Then for the pointer, type in server02.contoso.com
    • Then run ipconfig /registedns
    • Restart the netlogon service

    .

    At this point, as I said, let's not delete the partitions.

    Let'suse ADSI Edit to see if you can load and view the data in the partitions. Use the procedure in the following link to show you how to use ADSI Edit. It's to find dupe zones, but the basics on how to use it apply.

    Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
    http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Ezeddean Tuesday, April 10, 2012 4:01 PM
    Thursday, March 29, 2012 3:03 PM
  • It appears that DomainDnsZones is corrupted. 

    Let's delete the Cross-Reference, then we'll recreate the partition. There are two ways to do this. I like the ADSI Edit method:

    Are Your DNS Application Partitions Corrupt?
    http://cbfive.com/blog/post/Are-Your-DNS-Application-Partitions-Corrupt.aspx


    Using ADSI Edit
     1.Navigate to the CrossRef object for the application partition on a specific DC (CN=Partitions,CN=Configuration,DC=Domain,DC=Com)
     2.Delete the CrossRef object, essentially skipping to step 7 above.
     3.Force replication, validate that the partition is gone.
     4.Restart DNS, the service will re-add the partition.

    Using NTDSUtil:
     1.Open the CMD prompt
     2.NTDSUtil
     3.Domain Management (In 2008 it changes to "partition management")
     4.Connections => connect to server ERICSDC01
     5.Quit
     6.List <--- to see zones
     7.Delete NC DC=DomainDNSZones,DC=Domain DC=Com (This Deletes the CrossRef Object)
     8.Force replication, validate that the partition is gone.
     9.Restart DNS, the service will re-add the partition.

    .

    Then wait a few minutes, and if you used ADSI Edit, refresh the console using the F5 button. You should see the cross reference show back up. Then run:
    dnscmd /Enumdirectorypartitions

    You should see something like this, which is what we're looking for:

    DomainDnsZones.contoso.com.lan                    Enlisted Deleted Auto Domain

    .

    Now recreate DomainDnsZones:

    Right click DNS Server Name
    Configure Default Application Directory Partitions.

    Click YES for Domain partition
    On Second Prompt, Click NO for Forest partition

    .

    Now try to add DomainDnsZones in ADSI Edit.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Ezeddean Tuesday, April 10, 2012 4:00 PM
    Friday, March 30, 2012 2:31 PM

All replies

  • So, you didn't have DNS installed on DC2 before DC1 crashed? 

    Did you go through and create an AD integrated zone?

    Thursday, March 22, 2012 2:12 PM
  • Okay, let me try!

    Firstly if server02/DC is working as expected and the DNS installation on it was proper with AD integrated zone created successfully then this should work but in your case seems that you missed on something.

    If your DNS and AD is in good shape, just run these commands to re-register the DC srv records in DNS,

    Net stop netlogon

    ipconfig /flushdns

    ipconfig /registerdns

    net start netlogon

    net stop dns

    net start dns

     

    These commands will register the required resource records with DNS.

    If this doesn’t resolve your issue, run these tests on server02 and paste your results here

    dcdiag /q

    netdiag

     


     Sachin Gadhave

    View Sachin Gadhave's profile on LinkedIn

    Thursday, March 22, 2012 6:21 PM
  • First, let me say one thing. Disable the Snapshot feature and never use it with a domain controller. I can't stress this any further than typing out that sentence. AD does not play well with snapshots.

    Second, I'm not sure how you created your VM DCs. Did you build each of them from scratch, or did you clone them? If cloned, then that's another invitation for major problems due to duplicate machine SIDs.

    Third, DNS should have been installed on DC2 before removing DC1.

    Fourth:

    • If using HyperV, you must partially disable the time service on the HyperV host and in the settings of the guest machines, then set a time source on the PDC Emulator.
    • If using VMWare, you must completed disable VMWare's time service on the host.

    Virtualizing Domain Controllers and the Windows Time Service
    http://msmvps.com/blogs/acefekay/archive/2011/08/23/virtualizing-domain-controllers-and-the-windows-time-service.aspx

    .

    As for the missing _msdcs, if you look under contoso.com, do you see a yellow subfolder called _msdcs? If so, then you didn't lose it. If it exists, then:

    • Delete the _msdcs subfolder under contoso.com
    • Create a zone called _msdcs.contoso.com, allow Secure Updates, and set the Replication Scope to Al DCs in the Forest.
    • Right-click contoso.com, create New Delegation, type in _msdcs, then give it itself as the IP address, then run:
    • ipconfig /registerdns
    • restart the netlogon service (whether in Services, or net stop netlogon && net start netlogon)

    .

    More info:

    How to reconfigure an _msdcs subdomain to a forest-wide DNS application directory partition when you upgrade from Windows 2000 to Windows Server 2003
    http://support.microsoft.com/kb/817470/

    Technet Thread Title recreate _msdcs.localdomain and _msdcs folder under local domain 11:35 PM 1/28/2012
    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/838df738-18d2-4b5a-9460-0337399986bf/ 

    .

    Also, let's see the following to see how far you are:

    • A current, unedited  ipconfig /all from your two DCs
    • Post any event log errors. Check all the event logs  (including Windows Logs - the App & System logs, and under Application and Services Logs - the AD Web services, DFS Replication, Directory Services, DNS Server & File Replication Server logs).
    • Results of a netdom query fsmo
    • Are all DCs a global catalog?

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn


    Thursday, March 22, 2012 9:53 PM
  • @Sachin Gadhave Have gonew through these steps to no avail, also tried created the zone manually first as AD integrated and on a scope of forest wide, then did as you recommended but still didn't work, think the problem is that when I set up server02, and installed AD, I was instructed to not install DNS during the dcpromo wizard, as the self training kit I am using only wanted DNS in server01, so this is the problem. But as I installed it initially on server01 as AD integrated, can I not pull this info from some where in active directory.

    @Ace Fekay: Thanks for your detailed response.

    1- Have already learnt my lesson with the snapshot feature now, the hard way, so won't be using it again.

    2- No I didn't clone the .vhd, I built each one from scratch, though I have cloned others successfully by just running sysprep and ticking generalize and this then gives it a new SID, but like I said, I haven't in this case.

    3- Thank you, I will definately remember this for future reference.

    4- under contoso.com, no yellow subfolder, but I have just noticed a grey subfolder called _msdcs, and when I click on this there is a NS record in it, thats all. Think this has just appeared after I ran the above commands mentioned by Sachin.

    _________________________________

    Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\administrator.CONTOSO>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SERVER02
       Primary Dns Suffix  . . . . . . . : contoso.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : contoso.com

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
    pter
       Physical Address. . . . . . . . . : 00-15-5D-19-B3-09
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::9564:c7a4:c907:d821%10(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.25.229(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.25.1
       DNS Servers . . . . . . . . . . . : 192.168.25.229
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{C93ED3BC-352E-4B08-8829-444CDB0DA
    BF3}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    C:\Users\administrator.CONTOSO>

    _________________________________

    Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\Administrator.SERVER01>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SERVER01
       Primary Dns Suffix  . . . . . . . : contoso.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : contoso.com

    Ethernet adapter Local Area Connection 2:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
    pter
       Physical Address. . . . . . . . . : 00-15-5D-19-B3-0F
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::c09:e9b8:b9f6:41ec%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.25.225(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.25.1
       DNS Servers . . . . . . . . . . . : 192.168.25.229
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{6EFF4D97-7E26-48BE-B88D-675581199
    F39}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 02-00-54-55-4E-01
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:107d:146b:3f57:e61e(Pref
    erred)
       Link-local IPv6 Address . . . . . : fe80::107d:146b:3f57:e61e%12(Preferred)
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled

    C:\Users\Administrator.SERVER01>AppData

    _________________________________

    SERVER02

    Event Logs:

    Application:
    no errors

    system:
    Multiple errors, all same event ID as below.

    The dynamic registration of the DNS record '_ldap._tcp.HEADQUARTERS._sites.ForestDnsZones.contoso.com. 600 IN SRV 0 100 389 SERVER02.contoso.com.' failed on the following DNS server: 

    DNS server IP address: ::
    Returned Response Code (RCODE): 0
    Returned Status Code: 0 

    For computers and users to locate this domain controller, this record must be registered in DNS. 

    USER ACTION 
    Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
      Or, you can manually add this record to DNS, but it is not recommended. 

    ADDITIONAL DATA
    Error Value: DNS name does not exist.

    Source: NETLOGON
    Event ID: 5774
    Level: Error
    Computer: SERVER02.contoso.com

    DFS:
    Event ID 5002 & 5008 errors, due to not being able to contact SERVER01.contoso.com, though this is obviously expected.

    Directory Service:
    Event ID 1801 Warning.
    The partition DC=DomainDnsZones,DC=contoso,DC=com should be hosted at site CN=HEADQUARTERS,CN=Sites,CN=Configuration,DC=contoso,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

    DNS:
    Event ID 4011 - error
    The DNS server was unable to add or write an update of domain name contoso in zone contoso.com to the Active Directory.  Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is "0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0, best match of:
     'CN=MicrosoftDNS,CN=System,DC=contoso,DC=com'". The event data contains the error.

    Event ID 4013 - warning
    The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

    _________________________________

    Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\administrator.CONTOSO>netdom query fsmo
    Schema master               SERVER02.contoso.com
    Domain naming master        SERVER02.contoso.com
    PDC                         SERVER02.contoso.com
    RID pool manager            SERVER02.contoso.com
    Infrastructure master       SERVER02.contoso.com
    The command completed successfully.

    C:\Users\administrator.CONTOSO>

    _________________________________

    Both SERVER01 & SERVER02 were both GC, but obviously SERVER01 has been demoted so is no longer.

    Regards


    Ezeddean Yousif Osman

    Friday, March 23, 2012 10:24 AM
  • Alright post a screenshot of DNS

    Were you able to demote server1 gracefully?  

    Delete the grayed out MSDCS folder restart netlogon service

    Friday, March 23, 2012 1:21 PM
  • @Sachin Gadhave Have gonew through these steps to no avail, also tried created the zone manually first as AD integrated and on a scope of forest wide, then did as you recommended but still didn't work, think the problem is that when I set up server02, and installed AD, I was instructed to not install DNS during the dcpromo wizard, as the self training kit I am using only wanted DNS in server01, so this is the problem. But as I installed it initially on server01 as AD integrated, can I not pull this info from some where in active directory.

    @Ace Fekay: Thanks for your detailed response.

    1- Have already learnt my lesson with the snapshot feature now, the hard way, so won't be using it again.

    2- No I didn't clone the .vhd, I built each one from scratch, though I have cloned others successfully by just running sysprep and ticking generalize and this then gives it a new SID, but like I said, I haven't in this case.

    3- Thank you, I will definately remember this for future reference.

    4- under contoso.com, no yellow subfolder, but I have just noticed a grey subfolder called _msdcs, and when I click on this there is a NS record in it, thats all. Think this has just appeared after I ran the above commands mentioned by Sachin.

    _________________________________

    Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\administrator.CONTOSO>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SERVER02
       Primary Dns Suffix  . . . . . . . : contoso.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : contoso.com

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
    pter
       Physical Address. . . . . . . . . : 00-15-5D-19-B3-09
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::9564:c7a4:c907:d821%10(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.25.229(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.25.1
       DNS Servers . . . . . . . . . . . : 192.168.25.229
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{C93ED3BC-352E-4B08-8829-444CDB0DA
    BF3}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    C:\Users\administrator.CONTOSO>

    _________________________________

    Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\Administrator.SERVER01>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SERVER01
       Primary Dns Suffix  . . . . . . . : contoso.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : contoso.com

    Ethernet adapter Local Area Connection 2:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
    pter
       Physical Address. . . . . . . . . : 00-15-5D-19-B3-0F
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::c09:e9b8:b9f6:41ec%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.25.225(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.25.1
       DNS Servers . . . . . . . . . . . : 192.168.25.229
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{6EFF4D97-7E26-48BE-B88D-675581199
    F39}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 02-00-54-55-4E-01
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:107d:146b:3f57:e61e(Pref
    erred)
       Link-local IPv6 Address . . . . . : fe80::107d:146b:3f57:e61e%12(Preferred)
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled

    C:\Users\Administrator.SERVER01>AppData

    _________________________________

    SERVER02

    Event Logs:

    Application:
    no errors

    system:
    Multiple errors, all same event ID as below.

    The dynamic registration of the DNS record '_ldap._tcp.HEADQUARTERS._sites.ForestDnsZones.contoso.com. 600 IN SRV 0 100 389 SERVER02.contoso.com.' failed on the following DNS server: 

    DNS server IP address: ::
    Returned Response Code (RCODE): 0
    Returned Status Code: 0 

    For computers and users to locate this domain controller, this record must be registered in DNS. 

    USER ACTION 
    Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
      Or, you can manually add this record to DNS, but it is not recommended. 

    ADDITIONAL DATA
    Error Value: DNS name does not exist.

    Source: NETLOGON
    Event ID: 5774
    Level: Error
    Computer: SERVER02.contoso.com

    DFS:
    Event ID 5002 & 5008 errors, due to not being able to contact SERVER01.contoso.com, though this is obviously expected.

    Directory Service:
    Event ID 1801 Warning.
    The partition DC=DomainDnsZones,DC=contoso,DC=com should be hosted at site CN=HEADQUARTERS,CN=Sites,CN=Configuration,DC=contoso,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

    DNS:
    Event ID 4011 - error
    The DNS server was unable to add or write an update of domain name contoso in zone contoso.com to the Active Directory.  Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is "0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0, best match of:
     'CN=MicrosoftDNS,CN=System,DC=contoso,DC=com'". The event data contains the error.

    Event ID 4013 - warning
    The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

    _________________________________

    Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\administrator.CONTOSO>netdom query fsmo
    Schema master               SERVER02.contoso.com
    Domain naming master        SERVER02.contoso.com
    PDC                         SERVER02.contoso.com
    RID pool manager            SERVER02.contoso.com
    Infrastructure master       SERVER02.contoso.com
    The command completed successfully.

    C:\Users\administrator.CONTOSO>

    _________________________________

    Both SERVER01 & SERVER02 were both GC, but obviously SERVER01 has been demoted so is no longer.

    Regards


    Ezeddean Yousif Osman

    I'm waiting for your DCDIAG report from Server02, that's where the cause of the issue is hidden.

    Please post it here. Thanks!


     Sachin Gadhave

    View Sachin Gadhave's profile on LinkedIn

    Friday, March 23, 2012 1:21 PM
  • <snipped>

    Event Logs:

    Application:
    no errors

    system:
    Multiple errors, all same event ID as below.

    The dynamic registration of the DNS record '_ldap._tcp.HEADQUARTERS._sites.ForestDnsZones.contoso.com. 600 IN SRV 0 100 389 SERVER02.contoso.com.' failed on the following DNS server: 

    DNS server IP address: ::                                            <------------- No IP address in the error message??
    Returned Response Code (RCODE): 0
    Returned Status Code: 0 

    <snipped>

    Directory Service:
    Event ID 1801 Warning.
    The partition DC=DomainDnsZones,DC=contoso,DC=com should be hosted at site CN=HEADQUARTERS,CN=Sites,CN=Configuration,DC=contoso,DC=com, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

    DNS:
    Event ID 4011 - error
    The DNS server was unable to add or write an update of domain name contoso in zone contoso.com to the Active Directory.  Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is "0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0, best match of:
     'CN=MicrosoftDNS,CN=System,DC=contoso,DC=com'". The event data contains the error.

    Both SERVER01 & SERVER02 were both GC, but obviously SERVER01 has been demoted so is no longer.

    THis is what worries me:

    The partition DC=DomainDnsZones,DC=contoso,DC=com should be hosted at site CN=HEADQUARTERS,CN=Sites,CN=Configuration,DC=contoso,DC=com, but has not been instantiated yet.

    .

    Based on that and the other errors above, I believe the DomainDnsZones partition either does not exist or is corrupted. Let's do the following to get this kicked off:

    1. On server02, change the zone to non-AD integrated (Primary Zone only)
    2. Make sure updates are allowed on the zone
    3. If you created the _msdcs zone, make that non-AD integrated, too and make sure updates are allowed. If you didn't create it, create it now.
    4. In the grayed-out _msdcs folder, go to it's properties, and change the IP address and server name to Server02
    5. Rename c:\windows\system32\config\netlogon.dns to netlogon.dns.old, and netlogon.dnb to netlogon.dnb.old
    6. Run ipconfig /registerdns and restart the netlogon service.

    The above two actions will recreate the SRV records into both contoso.com and _msdcs.contoso.com zones

    .

    Now to deal with the partitions.

    Run the following and tell me what you get:

    dnscmd dserver2 /EnlistDirectoryPartition ForestDnsZones.contoso.com
    dnscmd dserver2 /EnlistDirectoryPartition DomainDnsZones.contoso.com

    .

    If you get "NS_ERROR_DP_ALREADY_ENLISTED     9904" then lets do the next steps. We're going to delete these two partitions.

    .

    Delete the two partition CrossRef objects using ADSIEdit.msc
     1.Navigate to the CrossRef object for the application partition on a specific DC (CN=Partitions,CN=Configuration,DC=Contoso,DC=Com)
     2.Delete the CrossRef object, essentially skipping to step 7 above.
     3.Force replication, validate that the partition is gone.
     4.Restart DNS, the service will re-add the partition.

    Reference: Are Your DNS Application Partitions Corrupt?
    http://cbfive.com/blog/post/Are-Your-DNS-Application-Partitions-Corrupt.aspx

    .

    Run dnscmd /Enumdirectorypartitions - you should see somethign like "Enlisted Deleted Auto Domain," but post your results.

    .

    Now lets recreate the partitions:

    Recreated DomainDnsZones and ForestDnsZones partitions in one step:

    1. Right click DNS Server Name
    2. Configure Default Application Directory Partitions.
    3. Click YES for Domain partition
    4. On Second Prompt, Click YES for Forest partition

    .

    Re-run dnscmd /Enumdirectorypartitions

    If successful, you should see:

     DomainDnsZones.contoso.com                    Enlisted Auto Domain
     ForestDnsZones.contoso.com                      Enlisted Auto Forest

    .

    Look at your event log again, and post any errors.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Ezeddean Tuesday, April 10, 2012 4:01 PM
    Friday, March 23, 2012 1:50 PM
  • Here is my dcdiag result:

    Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\administrator.CONTOSO>dcdiag

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = SERVER02
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: HEADQUARTERS\SERVER02
          Starting test: Connectivity
             The host 2a8a5f4b-3e71-495e-83cf-430578c46727._msdcs.contoso.com could
             not be resolved to an IP address. Check the DNS server, DHCP, server
             name, etc.
             ......................... SERVER02 failed test Connectivity

    Doing primary tests

       Testing server: HEADQUARTERS\SERVER02
          Skipping all tests, because server SERVER02 is not responding to
          directory service requests.


       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running partition tests on : contoso
          Starting test: CheckSDRefDom
             ......................... contoso passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... contoso passed test CrossRefValidation

       Running enterprise tests on : contoso.com
          Starting test: LocatorCheck
             ......................... contoso.com passed test LocatorCheck
          Starting test: Intersite
             ......................... contoso.com passed test Intersite

    C:\Users\administrator.CONTOSO>

    Went through, made sure the zone was non-AD and set to update. created the _msdcs.contoso.com zone, as non-AD set to update. Went into greyed out _msdcs properties, and the name server did not have an IP address in it, so set it to its own IP address. renamed the netlogon.dns & netlogon.dnb, ran registerdns and then restarted the netlogon service.

    Here is the result for the;
    dnscmd dserver2 /EnlistDirectoryPartition ForestDnsZones.contoso.com
    dnscmd dserver2 /EnlistDirectoryPartition DomainDnsZones.contoso.com

    Microsoft Windows [Version 6.0.6001]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\administrator.CONTOSO>dnscmd dserver2 /enlistdirectorypartition firestd
    nszones.contoso.com

    Enlist directory partition failed: firestdnszones.contoso.com
        status = 1722 (0x000006BA)
    Command failed:  RPC_S_SERVER_UNAVAILABLE     1722


    C:\Users\administrator.CONTOSO>dnscmd dserver2 /enlistdirectorypartition domaind
    nszones.contoso.com

    Enlist directory partition failed: domaindnszones.contoso.com
        status = 1722 (0x000006BA)
    Command failed:  RPC_S_SERVER_UNAVAILABLE     1722

    C:\Users\administrator.CONTOSO>

    As I didn't get the error you mentioned, Im not sure whether I should go ahead and delete the partitions, Can see that they are there when I list them under ntdsutil > partition management.

    Also, If I delete them, it says to force replication afterwards, but Im not able to replicate with anything at the moment??


    Ezeddean Yousif Osman

    Thursday, March 29, 2012 10:24 AM
  • At this point, let's not delete the partitions until we determine what else is going on.

    The error you're seeing, "RPC_S_SERVER_UNAVAILABLE" is what's causing everything.

    That could be indicative of a number of things, such as missing DNS entries, such as your error also states (look near the top) it's not able to resolve the following to an IP address:
    2a8a5f4b-3e71-495e-83cf-430578c46727._msdcs.contoso.com

    .

    Also, other things that will cause it are firewall restrictions (whether in the Windows firewall or the perimeter firewall if you have multiple Sites), or from an antivirus application blocking necessary traffic, whcih many of them do these days, and are detrimental for AD communications.

    So at this time, disable the Windows firewall, and uninstall any antivirus apps on all your DCs until you resolve this.

    .

    Look in your _msdcs.contoso.com zone. Do you see a CNAME entry called 2a8a5f4b-3e71-495e-83cf-430578c46727 that is pointing to server02.contoso.com?

    If not, create one:

    • Right click _msdcs.contoso.com,
    • Choose New CNAME
    • Type in 2a8a5f4b-3e71-495e-83cf-430578c46727
    • Then for the pointer, type in server02.contoso.com
    • Then run ipconfig /registedns
    • Restart the netlogon service

    .

    At this point, as I said, let's not delete the partitions.

    Let'suse ADSI Edit to see if you can load and view the data in the partitions. Use the procedure in the following link to show you how to use ADSI Edit. It's to find dupe zones, but the basics on how to use it apply.

    Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
    http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Ezeddean Tuesday, April 10, 2012 4:01 PM
    Thursday, March 29, 2012 3:03 PM
  • OK, haven't touched the partition. As this is not a production server, I am just doing this for my own learning, there is no anti-virus. There are no perimeter firewalls, all servers are in the same site, going through the same router. I have also turned off windows firewall.

    There was no CNAME entry so I created one like you said, ran registerdns and restarted the netlogon service.

    There are no dupes under the DomainNC partition, just the default RootDNSServers folders. Nothing under the ForestDnsZones partition, just an empty CN=MicrosoftDNS folder!!!

    And as for the DomainDnsZones partition, I get an error when trying to connect to it through ADSI Edit?

    Here is an shot of my DNS.

    I must also thank you for your persistance in helping me with this, really really appreciate the help you get from these forums, truly think its amazing.

    Regards


    Ezeddean Yousif Osman

    Friday, March 30, 2012 11:54 AM

  • Ezeddean Yousif Osman

    Friday, March 30, 2012 11:56 AM
  • It appears that DomainDnsZones is corrupted. 

    Let's delete the Cross-Reference, then we'll recreate the partition. There are two ways to do this. I like the ADSI Edit method:

    Are Your DNS Application Partitions Corrupt?
    http://cbfive.com/blog/post/Are-Your-DNS-Application-Partitions-Corrupt.aspx


    Using ADSI Edit
     1.Navigate to the CrossRef object for the application partition on a specific DC (CN=Partitions,CN=Configuration,DC=Domain,DC=Com)
     2.Delete the CrossRef object, essentially skipping to step 7 above.
     3.Force replication, validate that the partition is gone.
     4.Restart DNS, the service will re-add the partition.

    Using NTDSUtil:
     1.Open the CMD prompt
     2.NTDSUtil
     3.Domain Management (In 2008 it changes to "partition management")
     4.Connections => connect to server ERICSDC01
     5.Quit
     6.List <--- to see zones
     7.Delete NC DC=DomainDNSZones,DC=Domain DC=Com (This Deletes the CrossRef Object)
     8.Force replication, validate that the partition is gone.
     9.Restart DNS, the service will re-add the partition.

    .

    Then wait a few minutes, and if you used ADSI Edit, refresh the console using the F5 button. You should see the cross reference show back up. Then run:
    dnscmd /Enumdirectorypartitions

    You should see something like this, which is what we're looking for:

    DomainDnsZones.contoso.com.lan                    Enlisted Deleted Auto Domain

    .

    Now recreate DomainDnsZones:

    Right click DNS Server Name
    Configure Default Application Directory Partitions.

    Click YES for Domain partition
    On Second Prompt, Click NO for Forest partition

    .

    Now try to add DomainDnsZones in ADSI Edit.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Ezeddean Tuesday, April 10, 2012 4:00 PM
    Friday, March 30, 2012 2:31 PM
  • Done all that, wouldn't let me create another partition as it had already done so upon restarting the DNS server.

    dnscmd /Enumdirectorypartitions gave me the following result

    DomainDnsZones.contoso.com                    Enlisted Auto Domain
    ForestDnsZones.contoso.com                    Enlisted Auto Forest

    However, when connecting into domaindnszones through ADSI Edit, there is no CN=MicrosoftDNS folder?


    Ezeddean Yousif Osman

    Friday, March 30, 2012 2:56 PM
  • What is the cross reference that I should be seeing in ADSI Edit also? There is no (CN=Partitions,CN=Configuration,DC=Domain,DC=Com), perhaps this is contributing to the issue.

    Ezeddean Yousif Osman

    Friday, March 30, 2012 2:58 PM
  • Just being impatient, CN=MicrosoftDNS folder has just appeared.

    Ezeddean Yousif Osman

    Friday, March 30, 2012 2:58 PM
  • Patience is the key working with DNS,AD, Exchange, and many other apps and services.

    Here's where the cross reference is in ADSI Edit:


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Friday, March 30, 2012 3:07 PM
  • OK, but I still don't have the subfolders under _msdcs? Should I just wait for this? have tried restarting netlogon service, etc.


    Ezeddean Yousif Osman

    Friday, March 30, 2012 3:37 PM
  • Are you talking about the _msdc folder under contoso.com, or the _msdcs.contoso.com zone?


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Friday, March 30, 2012 3:40 PM
  • the _msdcs.contoso.comzone as this is the one thats mentioned when I am trying to add server01 back into the domain.

    Ezeddean Yousif Osman

    Friday, March 30, 2012 3:47 PM
  • the _msdcs.contoso.comzone as this is the one thats mentioned when I am trying to add server01 back into the domain.

    Ezeddean Yousif Osman

    You may have missed that part in my earlier post. I suggested to manually create the missing record. For your convenience, the steps are reposted below:

    • Right click _msdcs.contoso.com,
    • Choose New CNAME
    • Type in 2a8a5f4b-3e71-495e-83cf-430578c46727
    • Then for the pointer, type in server02.contoso.com
    • Then run ipconfig /registedns
    • Restart the netlogon service
    • The resulsting record will be 2a8a5f4b-3e71-495e-83cf-430578c46727._msdcs.contoso.com

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Saturday, March 31, 2012 6:44 AM
  • No, I had already done that. But its all the subfolders that are missing such as GC, DC, etc. And when I try to add server01 it requires a SRV record within one of these subfolders.

    Also, even though the CNAME record is present, when running dcdiag I am still getting;

    The host 2a8a5f4b-3e71-495e-83cf-430578c46727._msdcs.contoso.com could
             not be resolved to an IP address. Check the DNS server, DHCP, server
             name, etc.


    Ezeddean Yousif Osman

    Saturday, March 31, 2012 7:58 AM
  • Looking at your DNS records, there are still no SRV records. The SRVs are still totally empty. Let's do the following:

    Since these are HyperV, there are two things to take care of with time and network settings:

    1. You have to make sure they are both on the same HyperV "Network" that you created.
    2. I usually recommend to partially disable the time service on the HyperV host, but with this issue, let's fully disable it. You can go into both DC's settings, under Integration Services, and uncheck TIme Sync. This will allow the DCs follow the domain/forest time hierarchy. Read more on it (scroll down to Time Services):

    Virtualizing Domain Controllers and the Windows Time Service
    http://msmvps.com/blogs/acefekay/archive/2011/08/23/virtualizing-domain-controllers-and-the-windows-time-service.aspx

    .

    After that, on both DCs, rename the system32\config\netlogon.dns and netlogon.dnb files by adding ".old" to the end of them. Then:

    • Run ipconfig /registerdns
    • Restart the netlogon service
    • Wait about 5-10 min.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Saturday, March 31, 2012 2:02 PM
  • Morning Ace,

    Sorry haven't replied for a few days, been really busy with work. Just to give you an update, turned of time sychronization and did all of the above and still not havin gany luck. I'm thinking of just starting to build both DC's from scratch again and just take this as a good lesson to learn from, lol.

    Thanks.


    Ezeddean Yousif Osman

    Thursday, April 05, 2012 8:50 AM
  • Did you turn it off in the Guest's Settings, Integration services?

    And since these are virtual guests, did you clone or copy the images, or install each one from scratch? Note: cloning or copying is not supported without using a base image that's been Sysprepped or you'll have machines with duplicate SIDs, and that won't work.

    .

    Maybe at this time it's easier to start the whole thing from scratch, that is as long as it's not a production system.


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, April 05, 2012 3:49 PM
  • I did. I installed each one from scratch. I think it will be easier, as it is not a production environment, its just set up for my own learning, going through the MCITP self-training kit.

    Think it will be could practise for me to do it all again anyway, and a good learning curve for me. I think you always learn best from experiencing these sort of problems, could of read it in a book that you shouldn't dmote a DC hosting DNS before migrating the DNS onto another DC, but it would never have stuck in my head as it has now after doing it myself! lol.

    Again, thanks trememndiously for your TIME, PATIENCE & KNOWLEDGE. Really have appreciated everyones help and especially Aces's. Top man, and have a great day!


    Ezeddean Yousif Osman

    Tuesday, April 10, 2012 1:42 PM
  • I did. I installed each one from scratch. I think it will be easier, as it is not a production environment, its just set up for my own learning, going through the MCITP self-training kit.

    Think it will be could practise for me to do it all again anyway, and a good learning curve for me. I think you always learn best from experiencing these sort of problems, could of read it in a book that you shouldn't dmote a DC hosting DNS before migrating the DNS onto another DC, but it would never have stuck in my head as it has now after doing it myself! lol.

    Again, thanks trememndiously for your TIME, PATIENCE & KNOWLEDGE. Really have appreciated everyones help and especially Aces's. Top man, and have a great day!


    Ezeddean Yousif Osman

    Sometimes it does stick if you experience the issues yourself with testing than reading it in a book.

    And thank you for the wonderful feedback!

    .

    If you can, please review the previous responses from everyone responding, and pick out the ones you felt answered your questions, and mark them as such! This will help and benefit others who have similar issues when they are searching the forums looking for solutions.

    Cheers!

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Tuesday, April 10, 2012 3:44 PM