locked
DCDiag DNS Delegation Errors RRS feed

  • Question

  • Hello,

    I ran some tests today on a client network in preparation of an upgrade from Windows 2003 domain controllers to Windows 2008 R2. I ran dcdiag and found a number of errors and was able to fortunately correct most of them except one. When runnign dcdiag /test:dns, it comes up with a failure on the Delegation piece. Essentially it is referencing old DNS servers that no longer exist, yet I cannot find them anywhere in DNS.

    TEST: Delegations (Del)
                      Warning: DNS server: server1.administration.company.com IP: <Unavailable> Failure:Missing glue A record
                      Warning: DNS server: server2.administration.company.com IP: <Unavailable> Failure:Missing glue A record

    I cannot find them anywhere. Where would this entry be coming from? Is it hidden somewhere deep in AD?

    Thanks,


             

    Tuesday, June 28, 2011 12:55 AM

Answers

  • Thanks for that info. I found the area that both servers were listed in. I guess when they did a migrtion from Windows NT to Windows 2000 Active Directory, DNS was a bit screwed up. Under the main Forward DNS zone was a "domain" that had those two servers listed. I just deleted them because those servers are long gone. Cleared up the DCDiag error immediately. I also found one reference to a server in CN=NetServices (dhcpClass), so I deleted that one too. Domain Controller errors always come down to DNS misconfigurations/errors or old objects left behind.
    • Marked as answer by Vegas588 Tuesday, June 28, 2011 1:21 PM
    Tuesday, June 28, 2011 1:20 PM

All replies

  • Is this DC is multihomed mean running with multiple Live IP NICs?

    The places required to be examined for a references of removed DC are below.

    -Each & every sub folder inside _msdcs folder in DNS

    -Name server tab in DNS

    -Host records in DNS

    -Server object under NTDS setting in AD sites & services.

    -Open ADSIEDIT.MSC, connect to configuration partition

    CN=Configuration, DC=domain, DC=com > CN=Sites > locate DC to be removed from the sites.

    Note: ADSIEDIT is a powerful tool to edit AD database objects & modification made is permanent, so if you are unsure what you are doing it, take System state backup & then modify from there as anything deleted from there will require system state backup to restore the deleted objects.

     

    Regards  


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, June 28, 2011 3:46 AM
  • Vegas,\

    In addition to Awinish's suggestions, which may be the solution, take a look at the Metadata Cleanup process just to see if the machine is being referenced in the AD database, possibly from a failed, old DC long forgotten.

    Complete Step by Step Guideline to Remove an Orphaned Domain controller
    Published by Ace Fekay, MCT, MVP DS on Oct 5, 2010 at 12:14 AM
    http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx

    Ace

     

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, June 28, 2011 4:52 AM
  • Thanks for that info. I found the area that both servers were listed in. I guess when they did a migrtion from Windows NT to Windows 2000 Active Directory, DNS was a bit screwed up. Under the main Forward DNS zone was a "domain" that had those two servers listed. I just deleted them because those servers are long gone. Cleared up the DCDiag error immediately. I also found one reference to a server in CN=NetServices (dhcpClass), so I deleted that one too. Domain Controller errors always come down to DNS misconfigurations/errors or old objects left behind.
    • Marked as answer by Vegas588 Tuesday, June 28, 2011 1:21 PM
    Tuesday, June 28, 2011 1:20 PM
  • I'm glad to hear you found the culprit. :-)

    Cheers!


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, June 28, 2011 5:50 PM
  • Is this DC is multihomed mean running with multiple Live IP NICs?

    The places required to be examined for a references of removed DC are below.

    -Each & every sub folder inside _msdcs folder in DNS

    -Name server tab in DNS

    -Host records in DNS

    -Server object under NTDS setting in AD sites & services.

    -Open ADSIEDIT.MSC, connect to configuration partition

    CN=Configuration, DC=domain, DC=com > CN=Sites > locate DC to be removed from the sites.

    Note: ADSIEDIT is a powerful tool to edit AD database objects & modification made is permanent, so if you are unsure what you are doing it, take System state backup & then modify from there as anything deleted from there will require system state backup to restore the deleted objects.

     

    Regards  


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    I had the same problem, for me this was the solution.

    What I heared afterwards was that a domaincontroller was crashed in the past and its records where still present everywhere


    Thursday, June 11, 2020 2:18 PM