Solved

DNS Issues after Domain Rename

Posted on 2008-10-30
9
1,435 Views
Last Modified: 2012-05-05
We performed a domain rename a couple of months ago from;
olddomain.com.au   to
newdomain.lan

So the both the domain name and netbios name have changed. The process went relatively smoothly.

Windows Server 2003 R2 SP2
2 DC's: HG5 & HG6

I've noticed in the System Event Logs on both DC's at the same time in the early hours of the morning, it's generating ID:5774 errors "The dynamic registration of the DNS record, blah 600 IN SRV .... failed".
All the records that it generates (there are 13 everytime), reference the olddomain.com.au and it's all related to the DNS record found under the AD zone, eg _ldap._tcp.gc._msdcs.olddomain.com.au.

I've checked the DNS records and the old domain AD zone has definitely gone, and there are no records relating to the old domain in the new domain AD zone.

I can see that these error messages appear when the server reboots, and even narrowed it down to when you restart the netlogon service.

I've run NETDIAG /test:DNS and right at the top of the test I can see;

[WARNING] The DNS entries for this DC are not registered correctly on DNS server 10.x.x.x. Please wait for 30 minutes for DNS server replication.

And the same message repeats referencing the second DC. The rest of the log shows the same references to the old domain name in Event Viewer. Also, I can see references to the same entries in the c:\windows\system32\config\netlogon.dns file.

I've tried netdiag /fix

ipconfig /registerdns

Renaming the netlogon.dns and netlogon.dnb files and restarting the server. The same entries come back again. This error is driving me nuts and like to get it resolved. Thanks.
0
Comment
Question by:horwitz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22847090
Try this,

rename c:\windows\system32\config\netlogon.dns to netlogon.old

restart the netlogon service.

Did the 5774 errors come back after the service restart? when you look at the netlogon.dns file, do you see your old domain name?
0
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22847094
Restarting the netlogon service will recreate the netlogon.dns file BTW.
0
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22847102
Are there any errors in the DNS logs?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:horwitz
ID: 22847126
Hi Brent,

I found some of that info after posting my query. I tried renaming the netlogon.dns and netlogon.dnb then restarting the netlogon service.
The files get recreated, but the same entries referencing the old domain are still in there. I've done this on both our DC's.

No errors in the DNS logs. DNS as a whole does seem to be working. Clients are dynamically added to DNS, names are resolving etc.

I also tried ipconfig /flushdns and ipconfig/registerdns

I've tried a combination of everything, eg flush/register DNS, renaming those files and restarting the netlogon service. Not sure if there's a particular order this should be done in though.
0
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22847163
I dont think that this means that there is a 'real" problem, but, i will check and see if there is another way to resolve it. I think that the forestdnszones and domaindnszones may still have the old domain information but cant remember how to resolve that off the top of my head - it doesnt come up too often. I will have to go through my notes from the last time I saw this and get back with you.
0
 
LVL 13

Accepted Solution

by:
brent_caskey earned 500 total points
ID: 22848309
Ok, try this.... (make a system state backup of the DC first)

Open up ADSIEdit
connect to the configuration naming context
Go to CN=Partitions
In the CN=<Domain Name> look in msDS-DnsRootAlias and remove the old domain name if it exists.

0
 
LVL 5

Expert Comment

by:sensored2008
ID: 22860404
Try unistalling DNS and reinstalling it and remove or rename DNS then remove any Record related the old naming.

if u have the host file adjusted to contain the old domain name for faster access between  servers  set  it to the new naming

also  rename  AD  requires to restart the  machine in order  for the effect to take place

0
 

Author Comment

by:horwitz
ID: 22863470
OK, it looks like I fixed it. After your suggestion of removing the old domain name in the msDS-DnsRootAlias key, I was looking at the implications of what that might do if something goes wrong.

It turns out that when you run rendom /clean at the end of a domain rename, this is what the command does anyway. And you know what, I probably didn't run that command. Something to do with waiting until you were sure all your machines that had to be joined to the new domain had been done. I think I waited then I forgot.

I ran that command on my machine that I used to do the domain rename in the first place. The command ran successfully. I checked the value of that key again. It was now "<not set>".

I renamed those netlogon files and restarted the netlogon service. No errors in Event Viewer this time.

Ran the netdiag tests again. All came back clean.

Thanks heaps for your help Brent. Much appreciated.
0
 

Author Closing Comment

by:horwitz
ID: 31511851
Thanks Brent. Seeing as rendom /clean did what you suggested anyway, you get the points. Thanks for your help.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question