none
DNS / AD error RRS feed

  • Question

  • Hello,

    we originally had two dc /DNS servers. 2008 and 2012. The 2012 became corrupted some how and eventually it was better to just remove dns and AD (dns would not replicate). So we removed the weird ad / DNS role from the 2012 server. It did not retire gracfully but the metadata clean up went ok.  I then noticed about an hour later that the msdcs was missing from DNS.

    Any suggestions on what I should do? If I restore the system state again I will need to remove the old DC (2012) from the DNS / AD again. The 2012 is a member server now.

    Here is a recent dcdiag info. Note the msdc resolves to an outside ip?

    Directory Server Diagnosis

     

    Performing initial setup:

       Trying to find home server...

       Home Server = SSDC2

       * Identified AD Forest.

       Done gathering initial info.

     

    Doing initial required tests

     

       Testing server: Default-First-Site-Name\SSDC2

          Starting test: Connectivity

             Although the Guid DNS name (72fe5fdb-4e8e-441e-88f4-e7ba0d4c1057._msdcs.domain.com) resolved to the IP

             address (205.178.189.129), which could not be pinged, the server name (SSDC2.domain.comt) resolved to the

             IP address (::1) and could be pinged.  Check that the IP address is registered correctly with the DNS server.

             Got error while checking LDAP and RPC connectivity. Please check your firewall settings.

             ......................... SSDC2 failed test Connectivity

     

    Doing primary tests

     

       Testing server: Default-First-Site-Name\SSDC2

          Skipping all tests, because server SSDC2 is not responding to directory service requests.

     

     

       Running partition tests on : ForestDnsZones

          Starting test: CheckSDRefDom

             ......................... ForestDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... ForestDnsZones passed test CrossRefValidation

     

       Running partition tests on : DomainDnsZones

          Starting test: CheckSDRefDom

             ......................... DomainDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... DomainDnsZones passed test CrossRefValidation

     

       Running partition tests on : Schema

          Starting test: CheckSDRefDom

             ......................... Schema passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Schema passed test CrossRefValidation

     

       Running partition tests on : Configuration

          Starting test: CheckSDRefDom

             ......................... Configuration passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Configuration passed test CrossRefValidation

     

       Running partition tests on : schulershook

          Starting test: CheckSDRefDom

             ......................... schulershook passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... schulershook passed test CrossRefValidation

     

       Running enterprise tests on : schulershook.net

          Starting test: LocatorCheck

             ......................... schulershook.net passed test LocatorCheck

          Starting test: Intersite

             ......................... schulershook.net passed test Intersite

    PS C:\> dcdiag /c /v

     

    Directory Server Diagnosis

     

    Performing initial setup:

       Trying to find home server...

       * Verifying that the local machine SSDC2, is a Directory Server.

       Home Server = SSDC2

       * Connecting to directory service on server SSDC2.

       * Identified AD Forest.

       Collecting AD specific global data

       * Collecting site info.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=sdomain,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory

    =ntDSSiteSettings),.......

       The previous call succeeded

       Iterating through the sites

       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local

       Getting ISTG and options for the site

       * Identifying all servers.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=nt

    DSDsa),.......

       The previous call succeeded....

       The previous call succeeded

       Iterating through the list of servers

       Getting information for the server CN=NTDS Settings,CN=SSDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Config

    uration,DC=domain,DC=local

       objectGuid obtained

       InvocationID obtained

       dnsHostname obtained

       site info obtained

       All the info for the server collected

       * Identifying all NC cross-refs.

       * Found 1 DC(s). Testing 1 of them.

       Done gathering initial info.

     

    Doing initial required tests

     

       Testing server: Default-First-Site-Name\SSDC2

          Starting test: Connectivity

             * Active Directory LDAP Services Check

             Although the Guid DNS name (72fe5fdb-4e8e-441e-88f4-e7ba0d4c1057._msdcs.domain.local) resolved to the IP

             address (205.178.189.129), which could not be pinged, the server name (SSDC2.domain.local) resolved to the

             IP address (::1) and could be pinged.  Check that the IP address is registered correctly with the DNS server.

             Got error while checking LDAP and RPC connectivity. Please check your firewall settings.

             ......................... SSDC2 failed test Connectivity

     

    Doing primary tests

     

       Testing server: Default-First-Site-Name\SSDC2

          Skipping all tests, because server SSDC2 is not responding to directory service requests.

          Test omitted by user request: Advertising

          Test omitted by user request: CheckSecurityError

          Test omitted by user request: CutoffServers

          Test omitted by user request: FrsEvent

          Test omitted by user request: DFSREvent

          Test omitted by user request: SysVolCheck

          Test omitted by user request: KccEvent

          Test omitted by user request: KnowsOfRoleHolders

          Test omitted by user request: MachineAccount

          Test omitted by user request: NCSecDesc

          Test omitted by user request: NetLogons

          Test omitted by user request: ObjectsReplicated

          Test omitted by user request: OutboundSecureChannels

          Test omitted by user request: Replications

          Test omitted by user request: RidManager

          Test omitted by user request: Services

          Test omitted by user request: SystemLog

          Test omitted by user request: Topology

          Test omitted by user request: VerifyEnterpriseReferences

          Test omitted by user request: VerifyReferences

          Test omitted by user request: VerifyReplicas

     

          Starting test: DNS

     

             DNS Tests are running and not hung. Please wait a few minutes...

             See DNS test in enterprise tests section for results

             ......................... SSDC2 passed test DNS

     

       Running partition tests on : ForestDnsZones

          Starting test: CheckSDRefDom

             ......................... ForestDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... ForestDnsZones passed test CrossRefValidation

     

       Running partition tests on : DomainDnsZones

          Starting test: CheckSDRefDom

             ......................... DomainDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... DomainDnsZones passed test CrossRefValidation

     

       Running partition tests on : Schema

          Starting test: CheckSDRefDom

             ......................... Schema passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Schema passed test CrossRefValidation

     

       Running partition tests on : Configuration

          Starting test: CheckSDRefDom

             ......................... Configuration passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Configuration passed test CrossRefValidation

     

       Running partition tests on : domain

          Starting test: CheckSDRefDom

             ......................... schulershook passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... schulershook passed test CrossRefValidation

     

       Running enterprise tests on : domain.local

          Starting test: DNS

             Test results for domain controllers:

     

                DC: SSDC2.sdomain.local

                Domain: sdomain.local

     

     

                   TEST: Authentication (Auth)

                      Authentication test: Successfully completed

     

                   TEST: Basic (Basc)

                      Error: No LDAP connectivity

                      The OS Microsoft Windows Server 2008 R2 Enterprise  (Service Pack level: 1.0) is supported.

                      NETLOGON service is running

                      kdc service is running

                      DNSCACHE service is running

                      DNS service is running

                      DC is a DNS server

                      Network adapters information:

                      Adapter [00000015] QLogic BCM5716C Gigabit Ethernet (NDIS VBD Client):

                         MAC address is D4:AE:52:68:AC:5E

                         IP Address is static

                         IP address: 10.1.1.14

                         DNS servers:

                            Warning:

                            10.1.1.14 (SSDC2) [Invalid]

                            Warning: adapter [00000015] QLogic BCM5716C Gigabit Ethernet (NDIS VBD Client) has invalid DNS

                            server: 10.1.1.14 (SSDC2)

                      Error: all DNS servers are invalid

                      No host records (A or AAAA) were found for this DC

                      The SOA record for the Active Directory zone was found

                      Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration)

                      Root zone on this DC/DNS server was not found

     

                   TEST: Forwarders/Root hints (Forw)

                      Recursion is enabled

                      Forwarders Information:

                         66.28.0.45 (<name unavailable>) [Valid]

                         66.28.0.61 (<name unavailable>) [Valid]

                         8.8.8.8 (<name unavailable>) [Valid]

     

                   TEST: Dynamic update (Dyn)

                      Warning: Failed to add the test record dcdiag-test-record in zone domain.local

                      [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period ex

    pired.)]

                      Test record dcdiag-test-record deleted successfully in zone domain.local

     

                TEST: Records registration (RReg)

                   Error: Record registrations cannot be found for all the network adapters

     

             Summary of test results for DNS servers used by the above domain controllers:

     

                DNS server: 10.1.1.14 (SSDC2)

                   1 test failure on this DNS server

                   Name resolution is not functional. _ldap._tcp.domain.local. failed on the DNS server 10.1.1.14

                   [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]

     


    Wednesday, September 21, 2016 4:06 AM

Answers

  • Hi BlackBear,

    >I then noticed about an hour later that the msdcs was missing from DNS.

    Could you provide a screenshot your DNS tree?

    Do you mean loss _msdcs.test.com zone and related SRV records, if yes, you may use net stop netlogon & net start netlogon to re-register SRV records in _msdcs.test.com zone;

    If you mean the _msdcs delegation under "test.com", then we may manually create the delegation.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 21, 2016 9:45 AM
    Moderator

All replies

  • Hi

     Please paste UNEDITED "ipconfig /all" result on OneDrive.(also make sure you don't have multiholmed NIC on this problematic DC.)


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Wednesday, September 21, 2016 7:17 AM
  • Hi BlackBear,

    >I then noticed about an hour later that the msdcs was missing from DNS.

    Could you provide a screenshot your DNS tree?

    Do you mean loss _msdcs.test.com zone and related SRV records, if yes, you may use net stop netlogon & net start netlogon to re-register SRV records in _msdcs.test.com zone;

    If you mean the _msdcs delegation under "test.com", then we may manually create the delegation.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 21, 2016 9:45 AM
    Moderator
  • Hi BlackBear,

    Could the above replies be of help? If yes, you may mark it as answer, if not, feel free to feed back.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 29, 2016 2:53 AM
    Moderator