• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1539
  • Last Modified:

DNS Issues after Domain Rename

We performed a domain rename a couple of months ago from;
olddomain.com.au   to

So the both the domain name and netbios name have changed. The process went relatively smoothly.

Windows Server 2003 R2 SP2
2 DC's: HG5 & HG6

I've noticed in the System Event Logs on both DC's at the same time in the early hours of the morning, it's generating ID:5774 errors "The dynamic registration of the DNS record, blah 600 IN SRV .... failed".
All the records that it generates (there are 13 everytime), reference the olddomain.com.au and it's all related to the DNS record found under the AD zone, eg _ldap._tcp.gc._msdcs.olddomain.com.au.

I've checked the DNS records and the old domain AD zone has definitely gone, and there are no records relating to the old domain in the new domain AD zone.

I can see that these error messages appear when the server reboots, and even narrowed it down to when you restart the netlogon service.

I've run NETDIAG /test:DNS and right at the top of the test I can see;

[WARNING] The DNS entries for this DC are not registered correctly on DNS server 10.x.x.x. Please wait for 30 minutes for DNS server replication.

And the same message repeats referencing the second DC. The rest of the log shows the same references to the old domain name in Event Viewer. Also, I can see references to the same entries in the c:\windows\system32\config\netlogon.dns file.

I've tried netdiag /fix

ipconfig /registerdns

Renaming the netlogon.dns and netlogon.dnb files and restarting the server. The same entries come back again. This error is driving me nuts and like to get it resolved. Thanks.
  • 5
  • 3
1 Solution
Try this,

rename c:\windows\system32\config\netlogon.dns to netlogon.old

restart the netlogon service.

Did the 5774 errors come back after the service restart? when you look at the netlogon.dns file, do you see your old domain name?
Restarting the netlogon service will recreate the netlogon.dns file BTW.
Are there any errors in the DNS logs?
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

horwitzAuthor Commented:
Hi Brent,

I found some of that info after posting my query. I tried renaming the netlogon.dns and netlogon.dnb then restarting the netlogon service.
The files get recreated, but the same entries referencing the old domain are still in there. I've done this on both our DC's.

No errors in the DNS logs. DNS as a whole does seem to be working. Clients are dynamically added to DNS, names are resolving etc.

I also tried ipconfig /flushdns and ipconfig/registerdns

I've tried a combination of everything, eg flush/register DNS, renaming those files and restarting the netlogon service. Not sure if there's a particular order this should be done in though.
I dont think that this means that there is a 'real" problem, but, i will check and see if there is another way to resolve it. I think that the forestdnszones and domaindnszones may still have the old domain information but cant remember how to resolve that off the top of my head - it doesnt come up too often. I will have to go through my notes from the last time I saw this and get back with you.
Ok, try this.... (make a system state backup of the DC first)

Open up ADSIEdit
connect to the configuration naming context
Go to CN=Partitions
In the CN=<Domain Name> look in msDS-DnsRootAlias and remove the old domain name if it exists.

Try unistalling DNS and reinstalling it and remove or rename DNS then remove any Record related the old naming.

if u have the host file adjusted to contain the old domain name for faster access between  servers  set  it to the new naming

also  rename  AD  requires to restart the  machine in order  for the effect to take place

horwitzAuthor Commented:
OK, it looks like I fixed it. After your suggestion of removing the old domain name in the msDS-DnsRootAlias key, I was looking at the implications of what that might do if something goes wrong.

It turns out that when you run rendom /clean at the end of a domain rename, this is what the command does anyway. And you know what, I probably didn't run that command. Something to do with waiting until you were sure all your machines that had to be joined to the new domain had been done. I think I waited then I forgot.

I ran that command on my machine that I used to do the domain rename in the first place. The command ran successfully. I checked the value of that key again. It was now "<not set>".

I renamed those netlogon files and restarted the netlogon service. No errors in Event Viewer this time.

Ran the netdiag tests again. All came back clean.

Thanks heaps for your help Brent. Much appreciated.
horwitzAuthor Commented:
Thanks Brent. Seeing as rendom /clean did what you suggested anyway, you get the points. Thanks for your help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now