locked
PDC SRV record missing in DNS - Howto recreate RRS feed

  • Question

  • Hi

    We have a domain with 4 dc's. 3 are 08 and 1 is 03. a while ago i transferred all the fsmo roles from the 03 server to one of 08 servers without any errors. recently without cause several functions that depend on machines and servers being able to locate the pdc emulator stopped working. The dfs structure cant be edited, fsmo roles cant be transferred to a dr site etc...

    dcdiag with all the comprehensive checks came up with this error:

    Missing SRV record at DNS server [ip of dc]:
    _ldap._tcp.pdc._msdcs.local.test
    [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

    So, I checked on the current pdc and yes the pdc srv record is missing. later on i thought to check the old pdc emulator and for some reason it still has an srv registration, although its pointing to the new pdc emulator (the 08 server). Could this be the cause and if it is how do I sort this out. I tried dcdiag /fix without any luck. Also tried ipconfig /flushdns and ipconfig /registerdns. After that I restarted the netlogon service, which still did nothing. In the event viewer i did notice that the netlogon event id 5781.

    What could i do next?

    Karl


    Monday, November 12, 2012 3:03 PM

Answers

  • The FSMO roles has been transfered sucessfully to DC1.Since the srv record is missing ensure that Register this connection's addresses in DNS" checkbox is not cleared on the online NIC. Also disabled the unrequired NIC and run ipconfig/flushdns and ipconfig /registerdns and restart the netlogon service.See below link for dns setting on DC.

    Best practices for DNS client settings on DC and domain members.
    http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

    If still the issue persist post the ipconfig /all details of faulty DC.


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by Cicely Feng Wednesday, December 5, 2012 9:21 AM
    Friday, November 16, 2012 10:41 PM
  • FYI, info on Event ID 5781:
    http://eventid.net/display-eventid-5781-source-NETLOGON-eventno-167-phase-1.htm

    .

    The two netlogon.dns files look fine, from what I see. You can option to rename both the netlogon.dns and netlogon.dnb to *.old, then run

    • ipconfig /flushdns
    • ipconfig /renew
    • restart netlogon

    Then check the first DNS entry on the NIC.

    • I assume your DCs are single homed.
    • Please post an unedited ipconfig /all from the four DCs. This will allow us to evaluate the DCs configs and their DNS relationship to each other, as well as other info the results provide.
    • I assume any installed AV have been properly configured to exclude all AD folders and processes, and Windows firewall is disabled, as well as no ports are being blocked between DCs.

    .

    Let's also take a look at ADSI Edit to eliminate any possibility of duplicate zones:

    Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
    http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Cicely Feng Wednesday, December 5, 2012 9:22 AM
    Saturday, November 17, 2012 1:16 AM
  • If we were to retire serverm, which is the old fsmo role holder would that have an effect on this? I notice that serverm still has a pdc srv record (although its pointing to dc1). dc1's pdc srv record is pointing at itself, which is correct.

    Any thoughts on this?

    There won't be any issues as long as the DC which is going to be demoted doesn't have any other dependent services running on it. You can transfer all necessary services to other DC prior demoting the DC. You can delete the records & register is by restarting dns & netlogon service or simply rebooting the DC. All the DC register SRV records not just FSMO role holder DC.

    Remove References of a Failed DC/Domain Or Perform Metadata Cleanup http://awinish.wordpress.com/2011/05/08/metadata-cleanup-of-a-domain-controller/

    You can read more on Multihoming DC

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/a1583d7f-fa59-4497-89de-666d683e53a0/

    The Case of the Missing SRV Records

    http://blogs.technet.com/b/askpfeplat/archive/2012/07/09/the-case-of-the-missing-srv-records.aspx


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Marked as answer by Cicely Feng Wednesday, December 5, 2012 9:22 AM
    Monday, November 19, 2012 8:58 AM
  • Hi Guys

    Thanks for all the valuable help. Sandesh your a star! Although I did run ipconfig /flushdns and ipconfig /registerdns followed by restarting the netlogon service (a few times) I obviously needed to disable the second network card before I ran these commands, cause it worked first time round!

    If we were to retire serverm, which is the old fsmo role holder would that have an effect on this? I notice that serverm still has a pdc srv record (although its pointing to dc1). dc1's pdc srv record is pointing at itself, which is correct.

    Any thoughts on this?

    Hi,

    Since you are planning to retire 'serverm' you can delete the faulty record from dns and again restart the netlogon and dns service this will register the correct srv record and other records.

    Also before you proceed with removal of old DC ensure that the health of new dc is good run dcdiag /q,repadmin /replsum & check event logs.If the health is good you can proceed with transfer of FSMO role and dont forget to configure authorative time server role on PDC role holder server.Also point the dns setting  of clients and member server to point to new DC this may be in DHCP options or the TCP/IP settings.

    Configuring the time service on the PDC Emulator FSMO role holder
    http://msmvps.com/blogs/acefekay/archive/2009/09/18/configuring-the-windows-time-service-for-windows-server.aspx

    If DC cannot be demoted gracefully then you can forcefully remove the DC followed by metdata cleanup.See below link for the same.

    Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)
    http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx

    For demoting DC below links will be helpful.
    http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx (how to demote a DC)
    http://technet.microsoft.com/en-us/library/cc755937(WS.10).aspx (how to decommisioning a DC)
    http://technet.microsoft.com/en-us/library/cc771844(WS.10).aspx (how to removing a DC from a Domain)

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by Cicely Feng Wednesday, December 5, 2012 9:22 AM
    Monday, November 19, 2012 8:30 PM

All replies

  • post the output of

    netdom query fsmo
    DCdiag /test:Knowsofroleholders /v

    from the current and previous PDC emulator.

    In addition, post the content of netlogon.dns from %windir%\system32\config from both DCs

    hth
    Marcin

    Monday, November 12, 2012 3:29 PM
  • Hi

    I have provided the required information (anonymized). It is as follows:

    netdom query fsmo on current PDC emulator (server 2008 ent w/SP2):

    Schema master               dc1.test.local
    Domain naming master         dc1.test.local
    PDC                         dc1.test.local
    RID pool manager             dc1.test.local
    Infrastructure master       dc1.test.local
    The command completed successfully.

    netdom query fsmo on previous PDC emulator (server 2003 ent w/SP2):

    Schema owner                 dc1.test.local
    Domain role owner         dc1.test.local
    PDC role                     dc1.test.local
    RID pool manager             dc1.test.local
    Infrastructure owner         dc1.test.local
    The command completed successfully.

    output of dcdiag /test:knowsofroleholders /v for current PDC emulator:

                           

    Directory Server Diagnosis
    Performing initial setup:

       Trying to find home server...

       * Verifying that the local machine dc1, is a Directory Server. 
       Home Server = dc1

       * Connecting to directory service on server dc1.

       * Identified AD Forest. 
       Collecting AD specific global data 
       * Collecting site info.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=test,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
       The previous call succeeded 
       Iterating through the sites 
       Looking at base site object: CN=NTDS Site Settings,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local
       Getting ISTG and options for the site
       * Identifying all servers.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=test,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers 
       Getting information for the server CN=NTDS Settings,CN=serverm,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local 
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local 
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local 
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       Getting information for the server CN=NTDS Settings,CN=DC3,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local 
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       * Identifying all NC cross-refs.
       * Found 4 DC(s). Testing 1 of them.
       Done gathering initial info.

    Doing initial required tests

         Testing server: building1\DC1

          Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity 
             Determining IP6 connectivity 
             * Active Directory RPC Services Check
             ......................... DC1 passed test Connectivity

    Doing primary tests

       Testing server: building1\DC1
          Test omitted by user request: Advertising
          Test omitted by user request: CheckSecurityError
          Test omitted by user request: CutoffServers
          Test omitted by user request: FrsEvent
          Test omitted by user request: DFSREvent
          Test omitted by user request: SysVolCheck
          Test omitted by user request: KccEvent

          Starting test: KnowsOfRoleHolders
             Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local
             Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local
             Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local
             Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local
             ......................... DC1 passed test KnowsOfRoleHolders

          Test omitted by user request: MachineAccount
          Test omitted by user request: NCSecDesc
          Test omitted by user request: NetLogons
          Test omitted by user request: ObjectsReplicated
          Test omitted by user request: OutboundSecureChannels
          Test omitted by user request: Replications
          Test omitted by user request: RidManager
          Test omitted by user request: Services
          Test omitted by user request: SystemLog
          Test omitted by user request: Topology
          Test omitted by user request: VerifyEnterpriseReferences
          Test omitted by user request: VerifyReferences
          Test omitted by user request: VerifyReplicas


          Test omitted by user request: DNS
          Test omitted by user request: DNS


       Running partition tests on : DomainDnsZones
          Test omitted by user request: CheckSDRefDom
          Test omitted by user request: CrossRefValidation


       Running partition tests on : ForestDnsZones
          Test omitted by user request: CheckSDRefDom
          Test omitted by user request: CrossRefValidation

       Running partition tests on : Schema
          Test omitted by user request: CheckSDRefDom
          Test omitted by user request: CrossRefValidation

       Running partition tests on : Configuration
          Test omitted by user request: CheckSDRefDom
          Test omitted by user request: CrossRefValidation

       Running partition tests on : test
          Test omitted by user request: CheckSDRefDom
          Test omitted by user request: CrossRefValidation

       Running enterprise tests on : test.local
          Test omitted by user request: DNS
          Test omitted by user request: DNS
          Test omitted by user request: LocatorCheck
          Test omitted by user request: Intersite

    output of dcdiag /test:knowsofroleholders /v for previous PDC emulator:

                            

    Domain Controller Diagnosis

    Performing initial setup:
       * Verifying that the local machine serverm, is a DC. 
       * Connecting to directory service on server serverm.
       * Collecting site info.
       * Identifying all servers.
       * Identifying all NC cross-refs.
       * Found 4 DC(s). Testing 1 of them.
       Done gathering initial info.

    Doing initial required tests

       Testing server: building1\serverm
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             * Active Directory RPC Services Check
             ......................... serverm passed test Connectivity

    Doing primary tests

       Testing server: building1\serverm
          Test omitted by user request: Replications
          Test omitted by user request: Topology
          Test omitted by user request: CutoffServers
          Test omitted by user request: NCSecDesc
          Test omitted by user request: NetLogons
          Test omitted by user request: Advertising
          Starting test: KnowsOfRoleHolders
             Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local
             Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local
             Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local
             Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=building1,CN=Sites,CN=Configuration,DC=test,DC=local
             ......................... serverm passed test KnowsOfRoleHolders
          Test omitted by user request: RidManager
          Test omitted by user request: MachineAccount
          Test omitted by user request: Services
          Test omitted by user request: OutboundSecureChannels
          Test omitted by user request: ObjectsReplicated
          Test omitted by user request: frssysvol
          Test omitted by user request: frsevent
          Test omitted by user request: kccevent
          Test omitted by user request: systemlog
          Test omitted by user request: VerifyReplicas
          Test omitted by user request: VerifyReferences
          Test omitted by user request: VerifyEnterpriseReferences
          Test omitted by user request: CheckSecurityError

       Running partition tests on : ForestDnsZones
          Test omitted by user request: CrossRefValidation
          Test omitted by user request: CheckSDRefDom

       Running partition tests on : DomainDnsZones
          Test omitted by user request: CrossRefValidation
          Test omitted by user request: CheckSDRefDom

       Running partition tests on : Schema
          Test omitted by user request: CrossRefValidation
          Test omitted by user request: CheckSDRefDom

       Running partition tests on : Configuration
          Test omitted by user request: CrossRefValidation
          Test omitted by user request: CheckSDRefDom

       Running partition tests on : test
          Test omitted by user request: CrossRefValidation
          Test omitted by user request: CheckSDRefDom

       Running enterprise tests on : test.local
          Test omitted by user request: Intersite
          Test omitted by user request: FsmoCheck
          Test omitted by user request: DNS
          Test omitted by user request: DNS

    the content of the netlogon.dns of current pdc emulator:

    _ldap._tcp.test.local. 600 IN SRV 0 100 389 dc1.test.local.
    _ldap._tcp.building1._sites.test.local. 600 IN SRV 0 100 389 dc1.test.local.
    _ldap._tcp.gc._msdcs.test.local. 600 IN SRV 0 100 3268 dc1.test.local.
    _ldap._tcp.building1._sites.gc._msdcs.test.local. 600 IN SRV 0 100 3268 dc1.test.local.
    _ldap._tcp.5c081411-f989-4a06-8bd8-08ffe850ee03.domains._msdcs.test.local. 600 IN SRV 0 100 389 dc1.test.local.
    fa31fa42-cf60-4380-902c-8ed6b917d067._msdcs.test.local. 600 IN CNAME dc1.test.local.
    _kerberos._tcp.dc._msdcs.test.local. 600 IN SRV 0 100 88 dc1.test.local.
    _kerberos._tcp.building1._sites.dc._msdcs.test.local. 600 IN SRV 0 100 88 dc1.test.local.
    _ldap._tcp.dc._msdcs.test.local. 600 IN SRV 0 100 389 dc1.test.local.
    _ldap._tcp.building1._sites.dc._msdcs.test.local. 600 IN SRV 0 100 389 dc1.test.local.
    _kerberos._tcp.test.local. 600 IN SRV 0 100 88 dc1.test.local.
    _kerberos._tcp.building1._sites.test.local. 600 IN SRV 0 100 88 dc1.test.local.
    _gc._tcp.test.local. 600 IN SRV 0 100 3268 dc1.test.local.
    _gc._tcp.building1._sites.test.local. 600 IN SRV 0 100 3268 dc1.test.local.
    _kerberos._udp.test.local. 600 IN SRV 0 100 88 dc1.test.local.
    _kpasswd._tcp.test.local. 600 IN SRV 0 100 464 dc1.test.local.
    _kpasswd._udp.test.local. 600 IN SRV 0 100 464 dc1.test.local.
    _ldap._tcp.DomainDnsZones.test.local. 600 IN SRV 0 100 389 dc1.test.local.
    _ldap._tcp.building1._sites.DomainDnsZones.test.local. 600 IN SRV 0 100 389 dc1.test.local.
    _ldap._tcp.ForestDnsZones.test.local. 600 IN SRV 0 100 389 dc1.test.local.
    _ldap._tcp.building1._sites.ForestDnsZones.test.local. 600 IN SRV 0 100 389 dc1.test.local.
    test.local. 600 IN AAAA [ipv6 address]
    test.local. 600 IN A 192.168.1.20
    _ldap._tcp.pdc._msdcs.test.local. 600 IN SRV 0 100 389 dc1.test.local.
    gc._msdcs.test.local. 600 IN AAAA [ipv6 address]
    gc._msdcs.test.local. 600 IN A 192.168.1.20
    DomainDnsZones.test.local. 600 IN AAAA [ipv6 address]
    DomainDnsZones.test.local. 600 IN A 192.168.1.20
    ForestDnsZones.test.local. 600 IN AAAA [ipv6 address]
    ForestDnsZones.test.local. 600 IN A 192.168.1.20

    finally the content of the netlogon.dns of the previous pdc emulator:

    _ldap._tcp.test.local. 600 IN SRV 0 100 389 serverm.test.local.
    _ldap._tcp.building1._sites.test.local. 600 IN SRV 0 100 389 serverm.test.local.
    _ldap._tcp.gc._msdcs.test.local. 600 IN SRV 0 100 3268 serverm.test.local.
    _ldap._tcp.building1._sites.gc._msdcs.test.local. 600 IN SRV 0 100 3268 serverm.test.local.
    _ldap._tcp.5c081411-f989-4a06-8bd8-08ffe850ee03.domains._msdcs.test.local. 600 IN SRV 0 100 389 serverm.test.local.
    fe74cf3c-0996-443d-9fe2-8fb97da8fe02._msdcs.test.local. 600 IN CNAME serverm.test.local.
    _kerberos._tcp.dc._msdcs.test.local. 600 IN SRV 0 100 88 serverm.test.local.
    _kerberos._tcp.building1._sites.dc._msdcs.test.local. 600 IN SRV 0 100 88 serverm.test.local.
    _ldap._tcp.dc._msdcs.test.local. 600 IN SRV 0 100 389 serverm.test.local.
    _ldap._tcp.building1._sites.dc._msdcs.test.local. 600 IN SRV 0 100 389 serverm.test.local.
    _kerberos._tcp.test.local. 600 IN SRV 0 100 88 serverm.test.local.
    _kerberos._tcp.building1._sites.test.local. 600 IN SRV 0 100 88 serverm.test.local.
    _gc._tcp.test.local. 600 IN SRV 0 100 3268 serverm.test.local.
    _gc._tcp.building1._sites.test.local. 600 IN SRV 0 100 3268 serverm.test.local.
    _kerberos._udp.test.local. 600 IN SRV 0 100 88 serverm.test.local.
    _kpasswd._tcp.test.local. 600 IN SRV 0 100 464 serverm.test.local.
    _kpasswd._udp.test.local. 600 IN SRV 0 100 464 serverm.test.local.
    _ldap._tcp.DomainDnsZones.test.local. 600 IN SRV 0 100 389 serverm.test.local.
    _ldap._tcp.building1._sites.DomainDnsZones.test.local. 600 IN SRV 0 100 389 serverm.test.local.
    _ldap._tcp.ForestDnsZones.test.local. 600 IN SRV 0 100 389 serverm.test.local.
    _ldap._tcp.building1._sites.ForestDnsZones.test.local. 600 IN SRV 0 100 389 serverm.test.local.
    gc._msdcs.test.local. 600 IN A 192.168.1.21
    DomainDnsZones.test.local. 600 IN A 192.168.1.21
    ForestDnsZones.test.local. 600 IN A 192.168.1.21
    test.local. 600 IN A 192.168.1.21

    Thanks

    K

    Tuesday, November 13, 2012 5:50 AM
  • Hi

    Any ideas out there as to what is happening? i really need some advice on this one.

    Thursday, November 15, 2012 5:04 AM
  • What is your Domain and forest function level? LDP.EXE can give you this information.

    Have you tried IPCONFIG /FlushDNS followed by /Registerdns?

    Restart the netlogon service?

    NLTEST /SC_Query:<Domain FQDN>?

    Friday, November 16, 2012 9:07 PM
  • The FSMO roles has been transfered sucessfully to DC1.Since the srv record is missing ensure that Register this connection's addresses in DNS" checkbox is not cleared on the online NIC. Also disabled the unrequired NIC and run ipconfig/flushdns and ipconfig /registerdns and restart the netlogon service.See below link for dns setting on DC.

    Best practices for DNS client settings on DC and domain members.
    http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

    If still the issue persist post the ipconfig /all details of faulty DC.


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by Cicely Feng Wednesday, December 5, 2012 9:21 AM
    Friday, November 16, 2012 10:41 PM
  • FYI, info on Event ID 5781:
    http://eventid.net/display-eventid-5781-source-NETLOGON-eventno-167-phase-1.htm

    .

    The two netlogon.dns files look fine, from what I see. You can option to rename both the netlogon.dns and netlogon.dnb to *.old, then run

    • ipconfig /flushdns
    • ipconfig /renew
    • restart netlogon

    Then check the first DNS entry on the NIC.

    • I assume your DCs are single homed.
    • Please post an unedited ipconfig /all from the four DCs. This will allow us to evaluate the DCs configs and their DNS relationship to each other, as well as other info the results provide.
    • I assume any installed AV have been properly configured to exclude all AD folders and processes, and Windows firewall is disabled, as well as no ports are being blocked between DCs.

    .

    Let's also take a look at ADSI Edit to eliminate any possibility of duplicate zones:

    Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
    http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by Cicely Feng Wednesday, December 5, 2012 9:22 AM
    Saturday, November 17, 2012 1:16 AM
  • Hi Guys

    Thanks for all the valuable help. Sandesh your a star! Although I did run ipconfig /flushdns and ipconfig /registerdns followed by restarting the netlogon service (a few times) I obviously needed to disable the second network card before I ran these commands, cause it worked first time round!

    If we were to retire serverm, which is the old fsmo role holder would that have an effect on this? I notice that serverm still has a pdc srv record (although its pointing to dc1). dc1's pdc srv record is pointing at itself, which is correct.

    Any thoughts on this?

    Monday, November 19, 2012 5:02 AM
  • If we were to retire serverm, which is the old fsmo role holder would that have an effect on this? I notice that serverm still has a pdc srv record (although its pointing to dc1). dc1's pdc srv record is pointing at itself, which is correct.

    Any thoughts on this?

    There won't be any issues as long as the DC which is going to be demoted doesn't have any other dependent services running on it. You can transfer all necessary services to other DC prior demoting the DC. You can delete the records & register is by restarting dns & netlogon service or simply rebooting the DC. All the DC register SRV records not just FSMO role holder DC.

    Remove References of a Failed DC/Domain Or Perform Metadata Cleanup http://awinish.wordpress.com/2011/05/08/metadata-cleanup-of-a-domain-controller/

    You can read more on Multihoming DC

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/a1583d7f-fa59-4497-89de-666d683e53a0/

    The Case of the Missing SRV Records

    http://blogs.technet.com/b/askpfeplat/archive/2012/07/09/the-case-of-the-missing-srv-records.aspx


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Marked as answer by Cicely Feng Wednesday, December 5, 2012 9:22 AM
    Monday, November 19, 2012 8:58 AM
  • Hi Guys

    Thanks for all the valuable help. Sandesh your a star! Although I did run ipconfig /flushdns and ipconfig /registerdns followed by restarting the netlogon service (a few times) I obviously needed to disable the second network card before I ran these commands, cause it worked first time round!

    If we were to retire serverm, which is the old fsmo role holder would that have an effect on this? I notice that serverm still has a pdc srv record (although its pointing to dc1). dc1's pdc srv record is pointing at itself, which is correct.

    Any thoughts on this?

    Hi,

    Since you are planning to retire 'serverm' you can delete the faulty record from dns and again restart the netlogon and dns service this will register the correct srv record and other records.

    Also before you proceed with removal of old DC ensure that the health of new dc is good run dcdiag /q,repadmin /replsum & check event logs.If the health is good you can proceed with transfer of FSMO role and dont forget to configure authorative time server role on PDC role holder server.Also point the dns setting  of clients and member server to point to new DC this may be in DHCP options or the TCP/IP settings.

    Configuring the time service on the PDC Emulator FSMO role holder
    http://msmvps.com/blogs/acefekay/archive/2009/09/18/configuring-the-windows-time-service-for-windows-server.aspx

    If DC cannot be demoted gracefully then you can forcefully remove the DC followed by metdata cleanup.See below link for the same.

    Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)
    http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx

    For demoting DC below links will be helpful.
    http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx (how to demote a DC)
    http://technet.microsoft.com/en-us/library/cc755937(WS.10).aspx (how to decommisioning a DC)
    http://technet.microsoft.com/en-us/library/cc771844(WS.10).aspx (how to removing a DC from a Domain)

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by Cicely Feng Wednesday, December 5, 2012 9:22 AM
    Monday, November 19, 2012 8:30 PM