none
DNS/AD Behaviour after DNS Issue RRS feed

  • Question

  • Morning folks, after a big issue we had on last week where someone deleted the .msdcs zone from our forest root, and them therefore it was missing from all the other domains, we were able to recreate it (by the usual method of stopping DNS and Netlogon) and solve the problem as the zone started to replicate itself to other domains.

    However, I did notice that one of the domains in this forest has its .msdcs zones set not to replicate from the parent domain with the setting: "Replication: All DNS Servers in this domain" (Type AD Integrated).

    During the problem we noticed that this domain didn't run into any authentication (Kerberos/LDAP) problems and was working normally, because its zone was not deleted, since did not replicated the missing DNS structure.

    After everything went fine, we noticed that this domain, although has its own .msdcs zone, does not have the sub-zones (dc, gc, pdc, domains) that was expected from the default structure, only the CNAME references of all DCs in forest. This domain still works normally, I was able to add more machines into the domain as a test with no issues.

    My question is, is those settings/behaviour to be expected from this kind of zone? Does those missing sub-zones might cause or is already causing problems in my AD infrastructure?

    I did find some SystemLog errors that I didn't notice before in a dcdiag on this domain: 

    This DC passed on all other tests.

          Starting test: SystemLog
             An error event occurred.  EventID: 0x0000165B
                Time Generated: 09/12/2019   06:23:00
                Event String:
                The session setup from computer 'TB24613S' failed because the security database does not contain a trust acc
    ount 'TB24613S$' referenced by the specified computer.
             An error event occurred.  EventID: 0x000016AD
                Time Generated: 09/12/2019   06:25:29
                Event String:
                The session setup from the computer TB24613S failed to authenticate. The following error occurred:
             An error event occurred.  EventID: 0x0000165B
                Time Generated: 09/12/2019   06:33:40
                Event String:
                The session setup from computer 'PC15733S' failed because the security database does not contain a trust acc
    ount 'PC15733S$' referenced by the specified computer.
             An error event occurred.  EventID: 0x000016AD
                Time Generated: 09/12/2019   06:36:08
                Event String:
                The session setup from the computer PC15733S failed to authenticate. The following error occurred:
             An error event occurred.  EventID: 0x0000165B
                Time Generated: 09/12/2019   06:44:56
                Event String:
                The session setup from computer 'PC03259S' failed because the security database does not contain a trust acc
    ount 'PC03259S$' referenced by the specified computer.
             An error event occurred.  EventID: 0x000016AD
                Time Generated: 09/12/2019   06:47:01
                Event String:
                The session setup from the computer PC03259S failed to authenticate. The following error occurred:
             An error event occurred.  EventID: 0x0000165B
                Time Generated: 09/12/2019   06:49:28
                Event String:
                The session setup from computer 'PC447857' failed because the security database does not contain a trust acc
    ount 'PC447857$' referenced by the specified computer.
             An error event occurred.  EventID: 0x000016AD
                Time Generated: 09/12/2019   06:51:32
                Event String:
                The session setup from the computer PC447857 failed to authenticate. The following error occurred:
             ......................... DC07 failed test SystemLog
    
    Thanks in advance.

    • Edited by GuessWhoops Thursday, September 12, 2019 10:26 AM
    Thursday, September 12, 2019 10:24 AM

All replies