none
the active directory integrated DNS zone _msdcs was not found RRS feed

  • Question

  • I just added my 1st w2k8r2 server DC to my 2003 domain.  Every thing seems to be working okay, replication , no events etc. Except when I run the Best Practices Analyzer in DNS I get the following error: the active directory integrated DNS zone _msdcs was not found.  Under the zone for my domain I have the _msdcs folder .  I read articles where it said to create a _msdcs zone so I did that and the error went away but then I kept getting the error 4010 in my event log every time I stopped and restarted DNS.  I followed this http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/3ada55e6-344f-430f-a2f2-394e3bb6b0bf but it did not resolve the issue.  I am not sure if I am getting the errors because I have only 1 w2k8r2 server and it will go away once I install the second one? I want to transfer the roles from my W2k3 server to the 2k8 server but don't want to do so till I get this resolved.  Any help would be appreciated.
    Monday, March 28, 2011 9:10 PM

All replies

  • Hello,

    follow case 2 in the following document to create it, applies also to Windows server 2008 and higher:

    http://support.microsoft.com/kb/817470/

    I did it some weeks ago on domain that hadn't the _msdcs.domain.com zone.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, March 28, 2011 9:23 PM
  • Thank you for the link I did read this article and  created a zone for _msdcs.domain .com

     

    the thing is before I did this I do have the _msdcs  zone listed under my domain . 

    Domain.com

    _mcdcs

     

    I created a _mcdcs.domain.com have it replicating at forest level  so now my zones are

    domain.com

    _mcdcs.domain.com

     

    the error is gone when run best practices analyzer...but that is the only place I see an error..

     

    I get the error 4010 now when I restart the service...I am kinda confused when the say _msdcs.forestzone was /is it supposed to be under my domain name or a totally separate zone and I remove the  _msdcs record under my domain

    • Proposed as answer by Schuetti3000 Friday, April 29, 2011 11:55 AM
    Tuesday, March 29, 2011 1:39 AM
  • I did the same and in my case it worked too.

    I rode in another article that its Best Practise to have the _msdcs.mydomain.com seperate and not an _msdcs under mydomain.com

    Then you have to create a delegation record (grey folder) under mydomain.com. In my case i just had to create the folder _msdcs.mydomain.com and everything else worked automaticaly.

    Friday, April 29, 2011 11:55 AM
  • I did the same and in my case it worked too.

    I rode in another article that its Best Practise to have the _msdcs.mydomain.com seperate and not an _msdcs under mydomain.com

    Then you have to create a delegation record (grey folder) under mydomain.com. In my case i just had to create the folder _msdcs.mydomain.com and everything else worked automaticaly.


    Did you step through Case 2 of Meinolf's replied support article? 

    http://support.microsoft.com/kb/817470/

    Or did you just create a a new zone _msdcs.mydomain.com? Did you create the delegation record...your reply is a little convoluted in what you did exactly. 

    I am asking as I created the new zone with the property of replicate to all DNS servers in this Forest and my records look like they are all there. So I'm wondering if it's safe to delete the _msdcs subzone under mydomain.com, or should I repoint all of my DNS server's DNS IP addresses to my root DNS server for a while to make sure (as suggested by the KB article 817470 listed), then delete the subzone.

    Thanks.

    Sunday, May 1, 2011 11:27 PM
  • Just an update... I forgot I had already set my primary DNS ip's on my DNS server's NIC's (say that 5 times fast), to my primary root DNS server (based on BPA suggestions for replication). So I went ahead and checked all my records. Had to manually add two of my DNS servers to the zone's properties, "Name Servers" tab... (the others were found automatically???) and then life was good. Forced replication, waited for about 30 minutes, and deleted the remnant _msdcs under the mydomain.com zone. Ran BPA again and it did not find that to complain about. Event viewer for all roles shows up clean.
    Tuesday, May 3, 2011 4:16 AM