Remove From My Forums

DCDiag DNS Delegation Errors

Question
1

Sign in to vote

Hello,

I ran some tests today on a client network in preparation of an upgrade from Windows 2003 domain controllers to Windows 2008 R2. I ran dcdiag and found a number of errors and was able to fortunately correct most of them except one. When runnign dcdiag /test:dns, it comes up with a failure on the Delegation piece. Essentially it is referencing old DNS servers that no longer exist, yet I cannot find them anywhere in DNS.

TEST: Delegations (Del)
                  Warning: DNS server: server1.administration.company.com IP: <Unavailable> Failure:Missing glue A record
                  Warning: DNS server: server2.administration.company.com IP: <Unavailable> Failure:Missing glue A record

I cannot find them anywhere. Where would this entry be coming from? Is it hidden somewhere deep in AD?

Thanks,



Tuesday, June 28, 2011 12:55 AM

Answers

1

Sign in to vote
Thanks for that info. I found the area that both servers were listed in. I guess when they did a migrtion from Windows NT to Windows 2000 Active Directory, DNS was a bit screwed up. Under the main Forward DNS zone was a "domain" that had those two servers listed. I just deleted them because those servers are long gone. Cleared up the DCDiag error immediately. I also found one reference to a server in CN=NetServices (dhcpClass), so I deleted that one too. Domain Controller errors always come down to DNS misconfigurations/errors or old objects left behind.
- Marked as answer by Vegas588 Tuesday, June 28, 2011 1:21 PM
Tuesday, June 28, 2011 1:20 PM

All replies

3

Sign in to vote
Is this DC is multihomed mean running with multiple Live IP NICs?

The places required to be examined for a references of removed DC are below.

-Each & every sub folder inside _msdcs folder in DNS

-Name server tab in DNS

-Host records in DNS

-Server object under NTDS setting in AD sites & services.

-Open ADSIEDIT.MSC, connect to configuration partition

CN=Configuration, DC=domain, DC=com > CN=Sites > locate DC to be removed from the sites.

Note: ADSIEDIT is a powerful tool to edit AD database objects & modification made is permanent, so if you are unsure what you are doing it, take System state backup & then modify from there as anything deleted from there will require system state backup to restore the deleted objects.

Regards

Awinish Vishwakarma| CHECK MY BLOG

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
- Proposed as answer by Ace Fekay [MCT] Tuesday, June 28, 2011 4:53 AM
Tuesday, June 28, 2011 3:46 AM
0

Sign in to vote

Vegas,\

In addition to Awinish's suggestions, which may be the solution, take a look at the Metadata Cleanup process just to see if the machine is being referenced in the AD database, possibly from a failed, old DC long forgotten.

Complete Step by Step Guideline to Remove an Orphaned Domain controller
Published by Ace Fekay, MCT, MVP DS on Oct 5, 2010 at 12:14 AM
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx

Ace

Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Tuesday, June 28, 2011 4:52 AM
1

Sign in to vote
Thanks for that info. I found the area that both servers were listed in. I guess when they did a migrtion from Windows NT to Windows 2000 Active Directory, DNS was a bit screwed up. Under the main Forward DNS zone was a "domain" that had those two servers listed. I just deleted them because those servers are long gone. Cleared up the DCDiag error immediately. I also found one reference to a server in CN=NetServices (dhcpClass), so I deleted that one too. Domain Controller errors always come down to DNS misconfigurations/errors or old objects left behind.
- Marked as answer by Vegas588 Tuesday, June 28, 2011 1:21 PM
Tuesday, June 28, 2011 1:20 PM
0

Sign in to vote

I'm glad to hear you found the culprit. :-)

Cheers!
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Tuesday, June 28, 2011 5:50 PM
0

Sign in to vote

Is this DC is multihomed mean running with multiple Live IP NICs?

The places required to be examined for a references of removed DC are below.

-Each & every sub folder inside _msdcs folder in DNS

-Name server tab in DNS

-Host records in DNS

-Server object under NTDS setting in AD sites & services.

-Open ADSIEDIT.MSC, connect to configuration partition

CN=Configuration, DC=domain, DC=com > CN=Sites > locate DC to be removed from the sites.

Note: ADSIEDIT is a powerful tool to edit AD database objects & modification made is permanent, so if you are unsure what you are doing it, take System state backup & then modify from there as anything deleted from there will require system state backup to restore the deleted objects.

Regards

Awinish Vishwakarma| CHECK MY BLOG

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

I had the same problem, for me this was the solution.

What I heared afterwards was that a domaincontroller was crashed in the past and its records where still present everywhere

Thursday, June 11, 2020 2:18 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

DCDiag DNS Delegation Errors

Question

Answers

All replies