Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DNS Issues after Domain Rename

Posted on 2008-10-30
9
Medium Priority
?
1,483 Views
Last Modified: 2012-05-05
We performed a domain rename a couple of months ago from;
olddomain.com.au   to
newdomain.lan

So the both the domain name and netbios name have changed. The process went relatively smoothly.

Windows Server 2003 R2 SP2
2 DC's: HG5 & HG6

I've noticed in the System Event Logs on both DC's at the same time in the early hours of the morning, it's generating ID:5774 errors "The dynamic registration of the DNS record, blah 600 IN SRV .... failed".
All the records that it generates (there are 13 everytime), reference the olddomain.com.au and it's all related to the DNS record found under the AD zone, eg _ldap._tcp.gc._msdcs.olddomain.com.au.

I've checked the DNS records and the old domain AD zone has definitely gone, and there are no records relating to the old domain in the new domain AD zone.

I can see that these error messages appear when the server reboots, and even narrowed it down to when you restart the netlogon service.

I've run NETDIAG /test:DNS and right at the top of the test I can see;

[WARNING] The DNS entries for this DC are not registered correctly on DNS server 10.x.x.x. Please wait for 30 minutes for DNS server replication.

And the same message repeats referencing the second DC. The rest of the log shows the same references to the old domain name in Event Viewer. Also, I can see references to the same entries in the c:\windows\system32\config\netlogon.dns file.

I've tried netdiag /fix

ipconfig /registerdns

Renaming the netlogon.dns and netlogon.dnb files and restarting the server. The same entries come back again. This error is driving me nuts and like to get it resolved. Thanks.
0
Comment
Question by:horwitz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22847090
Try this,

rename c:\windows\system32\config\netlogon.dns to netlogon.old

restart the netlogon service.

Did the 5774 errors come back after the service restart? when you look at the netlogon.dns file, do you see your old domain name?
0
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22847094
Restarting the netlogon service will recreate the netlogon.dns file BTW.
0
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22847102
Are there any errors in the DNS logs?
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 

Author Comment

by:horwitz
ID: 22847126
Hi Brent,

I found some of that info after posting my query. I tried renaming the netlogon.dns and netlogon.dnb then restarting the netlogon service.
The files get recreated, but the same entries referencing the old domain are still in there. I've done this on both our DC's.

No errors in the DNS logs. DNS as a whole does seem to be working. Clients are dynamically added to DNS, names are resolving etc.

I also tried ipconfig /flushdns and ipconfig/registerdns

I've tried a combination of everything, eg flush/register DNS, renaming those files and restarting the netlogon service. Not sure if there's a particular order this should be done in though.
0
 
LVL 13

Expert Comment

by:brent_caskey
ID: 22847163
I dont think that this means that there is a 'real" problem, but, i will check and see if there is another way to resolve it. I think that the forestdnszones and domaindnszones may still have the old domain information but cant remember how to resolve that off the top of my head - it doesnt come up too often. I will have to go through my notes from the last time I saw this and get back with you.
0
 
LVL 13

Accepted Solution

by:
brent_caskey earned 2000 total points
ID: 22848309
Ok, try this.... (make a system state backup of the DC first)

Open up ADSIEdit
connect to the configuration naming context
Go to CN=Partitions
In the CN=<Domain Name> look in msDS-DnsRootAlias and remove the old domain name if it exists.

0
 
LVL 5

Expert Comment

by:sensored2008
ID: 22860404
Try unistalling DNS and reinstalling it and remove or rename DNS then remove any Record related the old naming.

if u have the host file adjusted to contain the old domain name for faster access between  servers  set  it to the new naming

also  rename  AD  requires to restart the  machine in order  for the effect to take place

0
 

Author Comment

by:horwitz
ID: 22863470
OK, it looks like I fixed it. After your suggestion of removing the old domain name in the msDS-DnsRootAlias key, I was looking at the implications of what that might do if something goes wrong.

It turns out that when you run rendom /clean at the end of a domain rename, this is what the command does anyway. And you know what, I probably didn't run that command. Something to do with waiting until you were sure all your machines that had to be joined to the new domain had been done. I think I waited then I forgot.

I ran that command on my machine that I used to do the domain rename in the first place. The command ran successfully. I checked the value of that key again. It was now "<not set>".

I renamed those netlogon files and restarted the netlogon service. No errors in Event Viewer this time.

Ran the netdiag tests again. All came back clean.

Thanks heaps for your help Brent. Much appreciated.
0
 

Author Closing Comment

by:horwitz
ID: 31511851
Thanks Brent. Seeing as rendom /clean did what you suggested anyway, you get the points. Thanks for your help.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question