none
Duplicate SRV records for new Win 2016 DCs RRS feed

  • Question

  • Hello,

    I recently promoted new Windows 2016 DCs into my forest and I discovered that they created duplicate srv records. Each DC has two SRV records for each _ldap, _Kerberos, kpasswrd, etc. They appear to be identical, same priority, weight, and port number, but One is lowercase, the other is uppercase. Curiously, I deleted the duplicates and they returned after a restart.

    Is this normal? Something new in 2016? What is the purpose?

    -Troy

    Thursday, September 14, 2017 6:31 PM

Answers

  • Hi Troy,

    Before we go further, I would like to confirm the following questions:
    1.Has the server 2016 been a DC before it prototed into new DC?
    2.Was there a old DC with the same name as the server 2016 before?

    I would suggest you to first clean up server database and then re-promoted new windows 2016 DCs into your forest.

    Clean Up Server Metadata

    https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by olsonta Tuesday, September 26, 2017 1:16 PM
    Friday, September 15, 2017 3:07 AM

All replies

  • Hi Troy,

    Before we go further, I would like to confirm the following questions:
    1.Has the server 2016 been a DC before it prototed into new DC?
    2.Was there a old DC with the same name as the server 2016 before?

    I would suggest you to first clean up server database and then re-promoted new windows 2016 DCs into your forest.

    Clean Up Server Metadata

    https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by olsonta Tuesday, September 26, 2017 1:16 PM
    Friday, September 15, 2017 3:07 AM
  • Thanks Candy,

    These are new DCs, built from scratch. I did try fix this by demoting the DC, removing any trace of the SRV records, rebuilt a new DC with same name and promoted it.  The records returned as duplicates, one lowercase, the other uppercase.

    Can I assume this in not by design and that the records aren't duplicated in 2016? What does the uppercase vs lowercase mean??

    Troy

     
    Friday, September 15, 2017 1:04 PM
  • Hi Troy,

    Sorry for the delayed response. 

    I have test in my lab and there is no such error. Did you install any other server roles in this server 2016 DC?

    There seems to be a system problem, you might try to reinstall your system and then check if the error still occurs.

    In addition, you could remove the duplicate SRV records and then use process monitor to capture who is registering this record.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 21, 2017 7:50 AM
  • Hi Troy,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.                   

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 26, 2017 6:16 AM
  • I decided to call in a case with Microsoft. Deleting one of these records did not resolve the problem. We did this several times in a 2-hr session and couldn't explain the behavior or determine the cause.  Then we deleted all srv records, wiped out the bunch, and restarted services.  This did the trick.  Only the uppercase records were recreated. MS is still investigating how it could happen.

    Thanks for looking into this with me. Pointing out that this at least wasn't normal behavior helped me.

    Troy

    • Proposed as answer by worldwidewilli Tuesday, October 10, 2017 9:07 AM
    Tuesday, September 26, 2017 1:15 PM
  • Hi Troy,

    We got the same behavior on our systems.
    Could you please provide your MS case number?
    So we can reference to this.

    Thanks
    Andreas

    Tuesday, October 10, 2017 9:07 AM
  • Same issue here. opened case with microsoft and support propose to rename all dc in uppercase to lowercase because by design "Windows 2016" write record in lowercase che if you have hostname with uppercase you see 2 record duplicate.

    i'm in waiting for any technical document by microsoft...

    Friday, March 16, 2018 2:55 PM
  • Same issue here. opened case with microsoft and support propose to rename all dc in uppercase to lowercase because by design "Windows 2016" write record in lowercase che if you have hostname with uppercase you see 2 record duplicate.

    i'm in waiting for any technical document by microsoft...


    case id 118031217793151
    Friday, March 16, 2018 2:56 PM
  • Please let me know what Microsoft does to resolve this.  Just joined a new 2016 dc today and have same issue with upper and lower case entries for new server.
    Monday, March 19, 2018 5:39 PM
  • We have the same issue. If there is some information from Microsoft please let me know.
    Tuesday, March 27, 2018 11:13 AM
  • I have the same issue on a new Windows Server 2016 promoted to DC and GC on a little domain with an old Windows 2008R2 as DC.  Now on server DNS are present both records uppercase and lowercase.
    Saturday, May 5, 2018 7:19 AM
  • Hello,

    Same issue. I got 2 DC 2016. Here a screenshot :

    Question is : that makes sometrouble ?

    Regards,

    Friday, May 11, 2018 3:33 PM
  • Hello,

    Issue seems solved without any operation by myself..

    Tuesday, May 15, 2018 9:54 AM
  • +1 for this issue.  I don't have anything to add to understanding it, I don't think, except to say that I'm not sure I should care about this behavior?  So long as both records are up to date and accurate clients will be able to successfully resolve their DC services......can anybody think of a downside here?

    I mean, I definitely hate the untidy....but do I care from an functional standpoint?

    Wednesday, May 16, 2018 6:22 PM
  • Known issue. A bug has been filed with Microsoft but it will be some time (fall release best case) before it gets fixed. After that, backport fixes can be requested.

    One way to prevent the problem is to ensure that WS 2016 DCs are configured with all lower-case computer names.

    Those with small AD databases, long holidays or fast networks can demote DCs, delete the NETLOGON.DNS and DNB files + SRV records, then re-promote 2016 DCs with all lower-case names. 
    Friday, July 6, 2018 3:45 PM
  • The downside is an possible uneven distribution between DCs.

    Example:

    1 DC not 2016 -> one entry
    1 DC 2016 -> two entries
    makes a total of three entries

    so each entry has a chance of 33 % to get selected. The duplicate leads to a 66% <-> 33% distribution.

    This is only the DNS view, I don't know if ther is some inteligence to prevent this in an upper layer.

    I don't think this is a realy big issue

    Thursday, August 2, 2018 8:42 AM
  • Same issue here. opened case with microsoft and support propose to rename all dc in uppercase to lowercase because by design "Windows 2016" write record in lowercase che if you have hostname with uppercase you see 2 record duplicate.

    i'm in waiting for any technical document by microsoft...


    Did you get a supported method to rename to lowercase? is just a netdom command sufficient? Do we have to demote / promote?
    Monday, October 8, 2018 6:58 AM
  • We had the same issue and the following procedure fixes the problem:

    • Rename DC.domain.com to dcnew.domain.com
    • Reboot
    • Rename dcnew.domain.com to dc.domain.com
    • Reboot
    • Login to server dc.domain.com
    • Net Stop netlogon
    • Remove all SRV records related to above domain controller
    • Remove C:\Windows\System32\config\netlogon.dnb
    • Remove C:\Windows\System32\config\netlogon.dns
    • Net Start netlogon

    If you go check DNS now you'll see no more double entries and the only entry you see will be in lowercase.

    • Proposed as answer by Roel Janssens Monday, October 15, 2018 8:30 AM
    Monday, October 15, 2018 8:30 AM
  • Known issue. A bug has been filed with Microsoft but it will be some time (fall release best case) before it gets fixed. After that, backport fixes can be requested.

    One way to prevent the problem is to ensure that WS 2016 DCs are configured with all lower-case computer names.

    Those with small AD databases, long holidays or fast networks can demote DCs, delete the NETLOGON.DNS and DNB files + SRV records, then re-promote 2016 DCs with all lower-case names. 

    I am also facing this same issue since our 2016 DC hostname is all uppercase.  By chance do you have any new information as whether or not a fix will be made available soon or is renaming to lowercase the only option?  All our our Server 2016 servers have uppercase hostnames so it would be nice if a fix was made available so they can remain consistent.
    Friday, December 7, 2018 10:55 PM
  • Known issue. A bug has been filed with Microsoft but it will be some time (fall release best case) before it gets fixed. After that, backport fixes can be requested.

    One way to prevent the problem is to ensure that WS 2016 DCs are configured with all lower-case computer names.

    Those with small AD databases, long holidays or fast networks can demote DCs, delete the NETLOGON.DNS and DNB files + SRV records, then re-promote 2016 DCs with all lower-case names. 


    I am also facing this same issue since our 2016 DC hostname is all uppercase.  By chance do you have any new information as whether or not a fix will be made available soon or is renaming to lowercase the only option?  All our our Server 2016 servers have uppercase hostnames so it would be nice if a fix was made available so they can remain consistent.

    Hi jas D

    Please open new threadh for your problem. To help visitor to know the correct answer for each problem.


    Please don't forget to mark the correct answer, to help others who have the same issue. Thameur BOURBITA MCSE | MCSA My Blog : http://bourbitathameur.blogspot.fr/

    Wednesday, December 12, 2018 3:09 PM
  • If you cared to read, the person has the SAME issue as reported in this thread, and is asking for an UPDATE on Microsoft's progress in fixing this SAME bug. It is not a new issue requiring a new thread.

    We are also having the same issue in our environment, which is a large one, and demoting/repromoting DCs is not a realistic option. While I know how to delete uppercase DNS records once they've been created - since this is a very old problem in MS DNS, although historically only manually-created entries typed in uppercase would be an issue, not auto-registered ones  - I too would like an UPDATE on when this bug is likely to be fixed for DCs auto-registering their SRV records in uppercase.

    If there is a public link to a bug report, that would be handy. 

    Monday, January 21, 2019 5:25 AM
  • [...]

    If there is a public link to a bug report, that would be handy. 

    Yes, I'd also be very interested in that.
    Thursday, February 14, 2019 8:52 AM
  • Bumping this thread for more visibility. Problem is still there to this day.
    Thursday, April 25, 2019 3:17 PM
  • seeing same issue in two domains where server 2016 dc's were recently introduced for the first time with existing 2012 dc's but I can't say whether the duplicates began at that point.  nslookup for dc or gc srv records times out even though they're present in the dns console but duplicated.  nslookup does successfuly resolve the pdc srv record which is not duplicated in the dns console.  Example:

    nslookup
    Default Server:  mydomaindc01.mydomain.com
    Address:  192.168.0.99
    
    > set type=ALL
    
    > _ldap._tcp.pdc._msdcs.mydomain.com
    Server:  mydomaindc01.mydomain.com
    Address:  192.168.0.99
    
    _ldap._tcp.pdc._msdcs.mydomain.com       SRV service location:
              priority       = 0
              weight         = 100
              port           = 389
              svr hostname   = mydomaindc01.mydomain.com
    mydomaindc01.mydomain.com     internet address = 192.168.0.98
    mydomaindc01.mydomain.com     internet address = 192.168.0.99
    
    
    > _ldap._tcp.dc._msdcs.mydomain.com
    Server:  mydomaindc01.mydomain.com
    Address:  192.168.0.99
    
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to mydomaindc01.mydomain.com timed-out
    
    
    > _ldap._tcp.gc._msdcs.mydomain.com
    Server:  mydomaindc01.mydomain.com
    Address:  192.168.0.99
    
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to mydomaindc01.mydomain.com timed-out

    • Edited by tektotket Monday, May 20, 2019 10:23 PM
    Friday, May 10, 2019 7:41 AM
  • Seeing the same issue in 1 domain with multiple DC's where in place upgrade from 2012 to 2016 introduced this problem. Symptoms same as others with uppercase DC's mixed with lower case duplicates. Another twist in this case is that the domain DC's that have this issue, also now have SRV records showing as static whereas were and should be dynamic. Not sure if this is related to the same case/bug.
    Thursday, August 29, 2019 5:27 AM
  • Microsoft initially tried to fix this issue in DNS Server but found that doing so caused a case sensitivity conflict with another important scenario. 

    The Windows Development took another approach to see if NETLOGON - the service that registers DNS SRV records in DNS - could conditionally register all lower-case SRV records for DCs containing one or more upper-case characters in their computer names. 

    Internal testing shows the private works on the release of Windows after Windows Server 2019. A group policy setting controls whether DCs with upper-characters in their hostnames register all lower case character SRV records  OR mixed / all upper case characters  as they do today. A one-time manual deletion of SRV records containing upper-case characters registered by a given DC may be required in some cases where NETLOGON can't de-register an existing record. 

    Backports of the v-next fix are needed to address the issue in Windows Server 2016 and Windows Server 2019 DCs

    MSFT can't fix in-market bugs unless a customer requests a backport then tests and approves the private. 

    I like it when the smart guys in these forums share their case #'s enabling future case owners can say "I have the same issues as <case # XXXXX>". Let's see if we can do the same thing for a Windows update. 

    Open a support case with Microsoft commercial support and tell case owner in the Directory Services pod that you want a backport of v-next fix in internal KB 4051923 on Windows Server 2016, 2019 or both. 


    • Edited by eventtrac Monday, September 16, 2019 9:46 PM
    Monday, September 16, 2019 9:39 PM