Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1520
  • Last Modified:

DNS Issues after Domain Rename

We performed a domain rename a couple of months ago from;
olddomain.com.au   to
newdomain.lan

So the both the domain name and netbios name have changed. The process went relatively smoothly.

Windows Server 2003 R2 SP2
2 DC's: HG5 & HG6

I've noticed in the System Event Logs on both DC's at the same time in the early hours of the morning, it's generating ID:5774 errors "The dynamic registration of the DNS record, blah 600 IN SRV .... failed".
All the records that it generates (there are 13 everytime), reference the olddomain.com.au and it's all related to the DNS record found under the AD zone, eg _ldap._tcp.gc._msdcs.olddomain.com.au.

I've checked the DNS records and the old domain AD zone has definitely gone, and there are no records relating to the old domain in the new domain AD zone.

I can see that these error messages appear when the server reboots, and even narrowed it down to when you restart the netlogon service.

I've run NETDIAG /test:DNS and right at the top of the test I can see;

[WARNING] The DNS entries for this DC are not registered correctly on DNS server 10.x.x.x. Please wait for 30 minutes for DNS server replication.

And the same message repeats referencing the second DC. The rest of the log shows the same references to the old domain name in Event Viewer. Also, I can see references to the same entries in the c:\windows\system32\config\netlogon.dns file.

I've tried netdiag /fix

ipconfig /registerdns

Renaming the netlogon.dns and netlogon.dnb files and restarting the server. The same entries come back again. This error is driving me nuts and like to get it resolved. Thanks.
0
horwitz
Asked:
horwitz
  • 5
  • 3
1 Solution
 
brent_caskeyCommented:
Try this,

rename c:\windows\system32\config\netlogon.dns to netlogon.old

restart the netlogon service.

Did the 5774 errors come back after the service restart? when you look at the netlogon.dns file, do you see your old domain name?
0
 
brent_caskeyCommented:
Restarting the netlogon service will recreate the netlogon.dns file BTW.
0
 
brent_caskeyCommented:
Are there any errors in the DNS logs?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
horwitzAuthor Commented:
Hi Brent,

I found some of that info after posting my query. I tried renaming the netlogon.dns and netlogon.dnb then restarting the netlogon service.
The files get recreated, but the same entries referencing the old domain are still in there. I've done this on both our DC's.

No errors in the DNS logs. DNS as a whole does seem to be working. Clients are dynamically added to DNS, names are resolving etc.

I also tried ipconfig /flushdns and ipconfig/registerdns

I've tried a combination of everything, eg flush/register DNS, renaming those files and restarting the netlogon service. Not sure if there's a particular order this should be done in though.
0
 
brent_caskeyCommented:
I dont think that this means that there is a 'real" problem, but, i will check and see if there is another way to resolve it. I think that the forestdnszones and domaindnszones may still have the old domain information but cant remember how to resolve that off the top of my head - it doesnt come up too often. I will have to go through my notes from the last time I saw this and get back with you.
0
 
brent_caskeyCommented:
Ok, try this.... (make a system state backup of the DC first)

Open up ADSIEdit
connect to the configuration naming context
Go to CN=Partitions
In the CN=<Domain Name> look in msDS-DnsRootAlias and remove the old domain name if it exists.

0
 
sensored2008Commented:
Try unistalling DNS and reinstalling it and remove or rename DNS then remove any Record related the old naming.

if u have the host file adjusted to contain the old domain name for faster access between  servers  set  it to the new naming

also  rename  AD  requires to restart the  machine in order  for the effect to take place

0
 
horwitzAuthor Commented:
OK, it looks like I fixed it. After your suggestion of removing the old domain name in the msDS-DnsRootAlias key, I was looking at the implications of what that might do if something goes wrong.

It turns out that when you run rendom /clean at the end of a domain rename, this is what the command does anyway. And you know what, I probably didn't run that command. Something to do with waiting until you were sure all your machines that had to be joined to the new domain had been done. I think I waited then I forgot.

I ran that command on my machine that I used to do the domain rename in the first place. The command ran successfully. I checked the value of that key again. It was now "<not set>".

I renamed those netlogon files and restarted the netlogon service. No errors in Event Viewer this time.

Ran the netdiag tests again. All came back clean.

Thanks heaps for your help Brent. Much appreciated.
0
 
horwitzAuthor Commented:
Thanks Brent. Seeing as rendom /clean did what you suggested anyway, you get the points. Thanks for your help.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now