none
BPA Error: DNS zone _msdcs.domain.com is missing RRS feed

  • Question

  • I'm about to decommission the last two Windows 2003 DC's in our domain. All other DC's are Windows 2012 R2 and everything is working properly. Before I decommission those two older DC's, I ran the BPA from one of the new 2102 DC's to see if there are any issues I should be aware of and fix before I proceed. The BPA error:  "The zone _msdcs.domain.com is an Active Directory intergrated DNS Zone and must be available" came up...but we aren't having any DNS issues. I did find the steps to correct this (I think), but I wanted to verify is this a required fix? 

    FYI....Our Domain was migrated from Windows NT to Windows 2000, then to 2003 over time.  Mite this be some legacy issue from Windows 2000?   In addition, we've removed WINS from our domain entirely so we are strictly DNS.  Any insight is greatly appreciated.

    Wednesday, April 13, 2016 10:54 PM

Answers

All replies

  • You just need to make sure that _msdcs.domain.com DNS zone is available. Mainly use NSlookup to try DNS resolution against it: http://social.technet.microsoft.com/wiki/contents/articles/29184.nslookup-for-beginners.aspx

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Thursday, April 14, 2016 12:46 AM
  • Hi Gina L Martinez,

    According to your description, I think this post is helpful:

    Active Directory Integrated DNS zone Error in DNS BPA:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/175b2a01-1c3f-4c9e-a295-490cbcceb41e/active-directory-integrated-dns-zone-error-in-dns-bpa?forum=winserverDS

    I would recommend the method provided by Ace:

    **IF this is your scenario, to overcome that, simply:

    • Create a zone called "_msdcs.domain.com" 
    • Make it AD integrated
    • Allow secure only updates
    • Click Finish
    • Go back into the zone properties, and change the replication scope to "All DCs in the Forest"
    • Delete the _msdcs folder under domain.com
    • Run an ipconfig /registerdns
    • stop netlogon
    • start netlogon
    • The SRVs should populate shortly, if they already haven't

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, April 14, 2016 2:24 AM
    Moderator
  • Thank you for the response. I've already used NSLOOKUP and found no issues or errors. Which is why I posted this inquiry. Thanks again for the feedback.
    Thursday, April 14, 2016 4:24 PM
  • Hi, thanks for the feedback. I found that same TechNet posting but I wanted to double check to make sure that this is an actual requirement before making this change. I used NSLOOKUP query and it didn't return any errors and I also used dcdiag to verify no issues there as well. So I wondered, if there are no issues do I NEED to do this at all. In any case, I'll do the above changes later today and hope it doesn't break anything. LOL

    Have a great day.

    Thursday, April 14, 2016 4:28 PM
  • Hi Gina L Martinez,

    Zone _msdcs.domain.com stores SRV records which might be used to locate services and related servers. The method I mentioned above is used to re-registry SRV records.

    I have even tested that delete _msdcs.domain.com manually, then use that method, then the records will come back, and everything works well.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Proposed as answer by Hbestregards Tuesday, April 26, 2016 8:57 AM
    Friday, April 15, 2016 2:16 AM
    Moderator
  • Great.  Thanks.  I haven't had a chance to do this yet as I was out of the office.  I plan to do this after hours per my management in early may.  Thanks again for the feedback.

    Gina Martinez

    Wednesday, April 27, 2016 4:15 PM
  • Hi Gina,

    You are welcome, if you have other issues, feel free to feed back.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, April 28, 2016 4:57 AM
    Moderator