Active Directory, DNS, Sites and Serivces. Etc.  SYNC failures - AD Replication, DNS issues.

Posted on 2007-08-12
Last Modified: 2009-07-29
Here is the situation:

I had smallbusiness.local and warriorking.local - i was testing multiple domain replications (partition replication between doamin controllers). I determine that the warriorking.local domain was hosed and was causing all kinds of replication  and other DNS issues all day long.

I Decided to remove the domain controller (from the forest root dc that housed smallbusiness and corp.smallbusiness) - i had a parent child domain and then added the new tree in an existing forest of:
warriorking.local.   (This is the background).

I tried to remove ad from the warrior king domain but ntdsutil would not remove the domain neither would dcpromo so i had to use dcpromo /force removal. then i removed the 2-way trust by using the netdom /trust /force etc command.

Then i removed the the _msdcs (underscore??? zone) but not the other ad zone with all of my dc records in it? why are there 2 zone files with the same records?

Now i cant join new machines to the domain:

Here is the:

C:\>repadmin /syncall
CALLBACK MESSAGE: Error contacting server dbe30800-5661-4d6e-a397-8baf568401a7._
msdcs.smallbusiness.local (network error): 1722 (0x6ba):
    The RPC server is unavailable.

SyncAll exited with fatal Win32 error: 8440 (0x20f8):
    The naming context specified for this replication operation is invalid.


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER4
      Starting test: Connectivity
         The host dbe30800-5661-4d6e-a397-8baf568401a7._msdcs.smallbusiness.loca
l could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         couldn't be resolved, the server name (server4.smallbusiness.local)
         resolved to the IP address ( and was pingable.  Check
         that the IP address is registered correctly with the DNS server.
         ......................... SERVER4 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER4
      Skipping all tests, because server SERVER4 is
      not responding to directory service requests

I know it would much easier to reinstall but then i might as well just use a mac - so any advice here would be greately appreciated. - I dont expect someone to just fix this for me but it would be nice if i could get pointed int he right direction...

Thank You,

Question by:rbollinger1212
    LVL 51

    Expert Comment

    Of course you can't - you deleted all the Service Records.....

    To begin with, in a multi-domain forest, you MUST move the Infrastructure Master role to a NON-Global Catalog DC.

    Now, recreate the _msdcs zone as a Standard Primary zone that is AD Integrated.  Make the replication scope "All DNS servers in the Forest"

    Reboot or restart the Netlogon service on each DC once the zone propogates.


    Author Comment

    Then i removed the the _msdcs (underscore??? zone) but not the other ad zone with all of my dc records in it? why are there 2 zone files with the same records?

    I had 2 zones: one with an _msdcs (smallbusiness.local etc).

    then i had the full zone:

    smallbusiness.local with all of my srv records in it.

    I deleted the _zone (the zone that was not in my (smallbusiness.local) zone).

    That i believe was a delegation? I am not sure.

    I ended up getting to work by removing the zone entirely cleaning up the netlogon.dns file then removing it restarting it in dsrm and then (i didnt actually need to restart in dsrm) replacing the netlogon.dns file.

    and now everything works...

    Any more input?

    LVL 51

    Expert Comment

    If this was upgraded from 2000, then I would expect to see the msdcs folder inside the main domain zone.  However, when it was upgraded, it should have created the top level zone _msdcs.smallbusiness.local and populated it from the sub folder msdcs.  Once done, the msdcs subfolder would be replaced with a delegate record pointing to the server so it picks up the info from the top-level zone.

    Now, with respect to your child domain issues...make sure the Infrastructure Master role is on another root domain DC that is not a GC.


    Author Comment

    Ok.... So heres what i have understood: << first domain in the AD forest << << second tree in the AD forest << second tree, third domain (child domain of
    everything above shares one schema master and infrastructure master?

    each tree and each child domain both do there own RID, PDC, and domain naming?

    Is this right or am i off the wall?

    Please advise...


    LVL 51

    Accepted Solution


    Schema Master and Domain Naming Master are Forest-level roles.

    PDC, RID and Infrastructure Master are Domain-based roles.

    The IM role can be located on a GC only in the two following cases:
    1)  You have only one domain in your Forest.
    2)  Your domain (in a multi-domain forest) has every DC running as a Global Catalog.


    Author Comment

    Thanks for all your help.. I am almost ready to take my 70-290 exam...

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now