Solved

DNS Issues after Domain Rename

Posted on 2008-10-30
9
1,409 Views
Last Modified: 2012-05-05
We performed a domain rename a couple of months ago from;
olddomain.com.au   to
newdomain.lan

So the both the domain name and netbios name have changed. The process went relatively smoothly.

Windows Server 2003 R2 SP2
2 DC's: HG5 & HG6

I've noticed in the System Event Logs on both DC's at the same time in the early hours of the morning, it's generating ID:5774 errors "The dynamic registration of the DNS record, blah 600 IN SRV .... failed".
All the records that it generates (there are 13 everytime), reference the olddomain.com.au and it's all related to the DNS record found under the AD zone, eg _ldap._tcp.gc._msdcs.olddomain.com.au.

I've checked the DNS records and the old domain AD zone has definitely gone, and there are no records relating to the old domain in the new domain AD zone.

I can see that these error messages appear when the server reboots, and even narrowed it down to when you restart the netlogon service.

I've run NETDIAG /test:DNS and right at the top of the test I can see;

[WARNING] The DNS entries for this DC are not registered correctly on DNS server 10.x.x.x. Please wait for 30 minutes for DNS server replication.

And the same message repeats referencing the second DC. The rest of the log shows the same references to the old domain name in Event Viewer. Also, I can see references to the same entries in the c:\windows\system32\config\netlogon.dns file.

I've tried netdiag /fix

ipconfig /registerdns

Renaming the netlogon.dns and netlogon.dnb files and restarting the server. The same entries come back again. This error is driving me nuts and like to get it resolved. Thanks.
0
Comment
Question by:horwitz
  • 5
  • 3
9 Comments
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22847090
Try this,

rename c:\windows\system32\config\netlogon.dns to netlogon.old

restart the netlogon service.

Did the 5774 errors come back after the service restart? when you look at the netlogon.dns file, do you see your old domain name?
0
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22847094
Restarting the netlogon service will recreate the netlogon.dns file BTW.
0
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22847102
Are there any errors in the DNS logs?
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Author Comment

by:horwitz
ID: 22847126
Hi Brent,

I found some of that info after posting my query. I tried renaming the netlogon.dns and netlogon.dnb then restarting the netlogon service.
The files get recreated, but the same entries referencing the old domain are still in there. I've done this on both our DC's.

No errors in the DNS logs. DNS as a whole does seem to be working. Clients are dynamically added to DNS, names are resolving etc.

I also tried ipconfig /flushdns and ipconfig/registerdns

I've tried a combination of everything, eg flush/register DNS, renaming those files and restarting the netlogon service. Not sure if there's a particular order this should be done in though.
0
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22847163
I dont think that this means that there is a 'real" problem, but, i will check and see if there is another way to resolve it. I think that the forestdnszones and domaindnszones may still have the old domain information but cant remember how to resolve that off the top of my head - it doesnt come up too often. I will have to go through my notes from the last time I saw this and get back with you.
0
 
LVL 13

Accepted Solution

by:
brent_caskey earned 500 total points
ID: 22848309
Ok, try this.... (make a system state backup of the DC first)

Open up ADSIEdit
connect to the configuration naming context
Go to CN=Partitions
In the CN=<Domain Name> look in msDS-DnsRootAlias and remove the old domain name if it exists.

0
 
LVL 5

Expert Comment

by:sensored2008
ID: 22860404
Try unistalling DNS and reinstalling it and remove or rename DNS then remove any Record related the old naming.

if u have the host file adjusted to contain the old domain name for faster access between  servers  set  it to the new naming

also  rename  AD  requires to restart the  machine in order  for the effect to take place

0
 

Author Comment

by:horwitz
ID: 22863470
OK, it looks like I fixed it. After your suggestion of removing the old domain name in the msDS-DnsRootAlias key, I was looking at the implications of what that might do if something goes wrong.

It turns out that when you run rendom /clean at the end of a domain rename, this is what the command does anyway. And you know what, I probably didn't run that command. Something to do with waiting until you were sure all your machines that had to be joined to the new domain had been done. I think I waited then I forgot.

I ran that command on my machine that I used to do the domain rename in the first place. The command ran successfully. I checked the value of that key again. It was now "<not set>".

I renamed those netlogon files and restarted the netlogon service. No errors in Event Viewer this time.

Ran the netdiag tests again. All came back clean.

Thanks heaps for your help Brent. Much appreciated.
0
 

Author Closing Comment

by:horwitz
ID: 31511851
Thanks Brent. Seeing as rendom /clean did what you suggested anyway, you get the points. Thanks for your help.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question