Global Catalogue will not register itself in DNS

Howdy Experts!

I'm running a two-node, Server 2003 Active Directory environment.  One of the Servers is past its prime, the other was a test box we were using to try integrating eDirectory.

I was able to purchase two new Servers to host my AD so last week I set myself to the task of accomplishing this.

I put the new Servers in the rack.  I promoted the first one to Domain Controller, so now I have three DC's in the environment.  I turned on WINS and DNS and let that 'dust' settle for a day.

The next day I went to demote the older of the two original DC's.  I was presented with a warning that the Global Catalogue was still hosted by this Server.  Silly me, I thought.  I had remembered to transfer the FSMO roles off that box but forgot about the GC.  So, I enabled Global Catalogue on the new DC and let that sit for the day.

The next day I turned off GC on the old Server, waited about 90 minutes then proceded to demote.  Almost immediately people started calling our Help Desk stating they couldn't log in - bummer...

In futzing around on Google MSKB and here, as well as reading what I could find on TechNet and my trusty W2K3 Server Admin guide, I figured out the why of it - there is no entry in DNS for the Global Catalogue.  What I haven't been able to find is anything informative enough to show me how to either manually create the entry or somehow force it to automatically occur.

Oh, and I can't just look at the old Server because I brought the second new one online and gave it the same name and IP addy as the old box.  So, I still have three DC's but I don't want to demote the "test" box until I get the login problem resolved.

Thanks for any detailed, step-by-step hints you can provide!

Daniel M. Hoyt
UW Oshkosh
dmhoytAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CoccoBillCommented:
The global catalog SRV records are under the _msdcs zone:

http://technet2.microsoft.com/WindowsServer/en/Library/c411a2e2-0748-4bad-af0b-5172e3261c361033.mspx

However, they shouldn't have to be created manually. Try running "net stop netlogon" and net start netlogon" on the new DC, and check if the gc records are updated correctly.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dmhoytAuthor Commented:
Stopping and restarting the Netlogon service did nothing.

The TechNet article is one of those I had come across.  It describes the "where" but doesn't answer the "how".  The SVR record is not being created automatically so I need to create one manually.  I'm looking for a step-by-step on what to type in and, to a lesser degree, where to type it ( and I already know the 'on my keyboard' answer ).

Thanks,

Dan
oBdACommented:
Well, what did you do with your DNS servers? Do you have an AD integrated DNS, or a primary/secondary zone setup? If the latter, do you still have a primary server for the zone?
Most important: are dynamic updates enabled on your domain's zones?
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

dmhoytAuthor Commented:
AD Integrated on the DC's - Dynamic updates are enabled.  I only have DNS enabled on those Servers because of Active Directory.  Our Campus DNS / DHCP Servers run on Debian Linux boxes managed by a coworker.
CoccoBillCommented:
Is the new DC using the old DC as it's primary DNS?

The msdcs zone can be created manually but you shouldn't ever have to in your scenario:
http://support.microsoft.com/?id=817470
dmhoytAuthor Commented:
New DC points to itself as primary then the campus DNS server as secondary.

The other two DC's point to the new DC as their primary.

Support article doesn't provide the details I'm looking for to create this.

I know I shouldn't have to do it manually but the gc or _gc entry is not there so I have to do something.

The original Primary DNS and GC was the older hardware and that is now powered off, FYI.
CoccoBillCommented:
Does your DNS have the _msdcs zone? Which records are wrong/missing (http://www.petri.co.il/active_directory_srv_records.htm)? What does dcdiag say (http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dcdiag-o.asp)?

If the zones aren't created/updated automatically after promoting the new DC, it means you have problems with DDNS. You can manually recreate the records but I don't recommend it, since you have to first get the dynamic updates to work.

http://support.microsoft.com/?kbid=287156
http://support.microsoft.com/?kbid=321045
dmhoytAuthor Commented:
DCDIAG:
C:\Program Files\Resource Kit>dcdiag /s:winad1

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: UWOshkosh\WINAD1
      Starting test: Connectivity
         ......................... WINAD1 passed test Connectivity

Doing primary tests

   Testing server: UWOshkosh\WINAD1
      Starting test: Replications
         ......................... WINAD1 passed test Replications
      Starting test: NCSecDesc
         ......................... WINAD1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... WINAD1 passed test NetLogons
      Starting test: Advertising
         ......................... WINAD1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... WINAD1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... WINAD1 passed test RidManager
      Starting test: MachineAccount
         ......................... WINAD1 passed test MachineAccount
      Starting test: Services
         ......................... WINAD1 passed test Services
      Starting test: ObjectsReplicated
         ......................... WINAD1 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... WINAD1 passed test frssysvol
      Starting test: frsevent
         ......................... WINAD1 passed test frsevent
      Starting test: kccevent
         ......................... WINAD1 passed test kccevent
      Starting test: systemlog
         ......................... WINAD1 passed test systemlog
      Starting test: VerifyReferences
         ......................... WINAD1 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : winad
      Starting test: CrossRefValidation
         ......................... winad passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... winad passed test CheckSDRefDom

   Running enterprise tests on : winad.it.uwosh.edu
      Starting test: Intersite
         ......................... winad.it.uwosh.edu passed test Intersite
      Starting test: FsmoCheck
         ......................... winad.it.uwosh.edu passed test FsmoCheck

C:\Program Files\Resource Kit>

_msdcs currently has two sub-domains:
dc
domains

Dynamic updates seem to be working just fine.  I manually created a _gc SVR Record in the _tcp Zone and within a couple minutes it had replicated to the other two DC's.

Also, I've tried turning off DNS then "re-installing" it to see if it would auto create.  All that happened was a replication of the data in the other DNS Servers.

So, whether or not I should have to and whether or not it's recommended, I need to have a gc sub-Domain created in the _msdcs Zone.  So far nothing I've searched out has provided the "how-to" to do this correctly.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.