Link to home
Start Free TrialLog in
Avatar of Terbo45
Terbo45

asked on

How do I completely remove DNS from Win2003 Svr?

Ok, here's the deal. I went out to help someone with a Windows 2003 Server that they had someone else already setup. The DNS appears to be completely messed up, so I'm thinking the best solution is to just remove it  and reinstall it, but I want to make sure all prior config data doesn't get recreated when I do that.

For starters, I'll show some of the event & diag results. I'm getting this in the event log:

"The zone %1 is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates. Explanation
The host address (A) resource record associated with the start of authority (SOA) resource record for this zone is missing. Host (A) resource records are used in a zone to associate DNS domain names of computers (hosts) to their IP addresses.
The host (A) resource record could be missing because it was not registered, because it was accidentally deleted, or because the SOA is preventing any host address (A) resource records from being registered.
User Action
Manually create a host (A) resource record using the DNS console and then inspect the SOA record to ensure that it is correct"

"The DNS server did not detect any zones of either primary or secondary type during initialization. It will not be authoritative for any zones, and it will run as a caching-only server until a zone is loaded manually or by Active Directory replication."

"The zone_msdcs.domain.local is configured to accept updatea but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. if the address of the primary server for the zone cannot be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates"

Here's the result of DCDIAG:

"E:\Program Files\Support Tools>dcdiag /test:DNS
Domain Controller Diagnosis
Performing initial setup:
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site\DOMAIN-SERVER
      Starting test: Connectivity
            *** Warning: could not confirm the identity of this server in
               the directory versus the names returned by DNS servers.
               If there are problems accessing this directory server then
               you may need to check that this server is correctly registered
               with DNS
         ......................... DOMAIN-SERVER passed test Connectivity
Doing primary tests
   Testing server: Default-First-Site\DOMAIN-SERVER
DNS Tests are running and not hung. Please wait a few minutes...
   Running partition tests on : TAPI3Directory
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running partition tests on : DOMAIN
   Running enterprise tests on : DOMAIN.local
      Starting test: DNS
         Test results for domain controllers:
            DC: DOMAIN-SERVER.DOMAIN.com
            Domain: DOMAIN.local

               TEST: Basic (Basc)
                  Error: The A record for this DC was not found
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure
DOMAIN.local.
               TEST: Records registration (RReg)
                  Network Adapter [00000007] Broadcom BCM5708C NetXtreme II GigE
 (NDIS VBD Client):
                     Error: Missing A record at DNS server 192.168.2.10 :
                     DOMAIN-SERVER.DOMAIN.com
                     Warning: Missing DC SRV record at DNS server 192.168.2.10 :
                     _ldap._tcp.dc._msdcs.DOMAIN.local
                     Warning: Missing GC SRV record at DNS server 192.168.2.10 :
                     _ldap._tcp.gc._msdcs.DOMAIN.local
                     Warning: Missing PDC SRV record at DNS server 192.168.2.10
:
                     _ldap._tcp.pdc._msdcs.DOMAIN.local
               Error: Record registrations cannot be found for all the network a
dapters
         Summary of DNS test results:
                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: DOMAIN.local
               DOMAIN-SERVER                PASS FAIL PASS PASS WARN FAIL n/a
         ......................... DOMAIN.local failed test DNS
E:\Program Files\Support Tools>"

So as you can see, a lot of problems here. For instance, DNS shows to be configured for dynamic update, but it's just not working. Also, I have no idea why there's the "TAPI3Directory" directory. That's one of the things that I want to go away.

So, here's what I've got in regards to flushing out DNS and any vestiges of the old config:

"-convert dns to primary zone (uncheck integrate with active directory)
-remove dns in configure your server
-remove dns folder from system32
-in system32\config remove netlogon.dnb and netlogon.dns
reinstall dns (configure your server) with the correct zone name

then at the command prompt:

ipconfig /registerdns
net stop netlogon
net start netlogon"

Does my game-plan sound about right, or am I missing something here? It just seems to me that whatever the problem is here, removing DNS and starting from scratch seems to be the best way to go. Sorry for the long winded post, but I'm  trying to provide as much info as possible for anyone willing to help.

Thanks, Brett






Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image

Everything seems in order. The only thing is why did this problem occur. If you just delete the zone then this problem most likely will re-occur if you don't figure out what the problem was. A couple of things to check. Make sure the server points to itself for DNS and there aren't any external DNS servers listed in the TCP\IP properties. Make sure the actual IP addresss of the server is in the primary DNS server not the loop back address 127.0.0.1. Can you expand the zone then do a screenshot and post. It seems that you might be missing the msdcs folder.
Avatar of Terbo45
Terbo45

ASKER

I think the person who was working on this server\network seems to be completely clueless, which is why it's all messed up. For instance, when I looked at the server for the first time, it did not even have a static IP assigned; it was getting it's address via DHCP, if you can believe that. There was also a linux firewall (IP Cop) that was plugged into a dumb switch, instead of between the ISP's router and the network. I also looked at the "configure your server" log, and for some unknown reason he tried to remove active directory month after the inital rollout. So, you can see why I just want to removce all of the garbage he did and start over.

To answer your questions, fes, the server is pointing to itself, and no external DNS servers are there, it's not using a loopback, and the msdcs folder is there. The A records are there too.
He didn't have anything right. What you have step by step is the correct way to do it. If you feel comfortable the issue was a setup problem and you have all the correct info entered in the server now then I would go for it. Is the msdcs listed under the domain.com zone?
Avatar of Terbo45

ASKER

Here's the screenshots of the _msdcs folder and the local. I blacked out the domain info to retain privacy.

http://i66.photobucket.com/albums/h277/TheDrake40/msdcs.jpg
http://i66.photobucket.com/albums/h277/TheDrake40/LOCAL.jpg

There is your issue the _msdcs should be under the zone not a top level zone. If you look the _msdcs folder under your zone is greyed out which means you need to remove the zone then re-add it to get this fixed but this is where the problem that you are having now exist.
Avatar of Terbo45

ASKER

When you say "remove", do you mean just simply right-clicking and selecting delete? Or can I just drag it to where it needs to be? I guess what I mean to ask is how do I recreate it?

Btw, thanks for your help.
See if you can pull the _msdcs folder back under the zone but usually you have to delete the _msdcs folder and the zone by right-clicking and deleting.
Avatar of Terbo45

ASKER

Ok, thanks. I'll try that shortly and let you know how it turns out.
Avatar of Terbo45

ASKER

Ok, this is strange. Now all of the prior event in my DNS log have gone away, but I'm still having an issue with DNS. The reason the problem was found in the first place was because I couldn't assign domain account permissions to the workstation's local admin group. When I try to do that, it just lists the local computer name, and not the AD domain. I can however see those accounts if I want to add them to the "Remote Desktop Users" group.

Here's what I do think is the crux of my problem. When I look at the server's computer name, I'm seeing under the "fulll computer name" the following: "domain-server.domain.com", but the domain is listed as "domain.local". Now on the server I can ping both "domain-server.domain.com" and "domain-server.domain.local", but on the workstation I can only ping "domain-server.domain.local" but NOT "domain-server.domain.com". It gives me the "could not find host domain-server.domain.com" error.
'
Avatar of Terbo45

ASKER

Ok, now I'm making progress. I just entered a record in the local machine's HOST file for "domain-server.domain.com", and I was able to ping it now, and lo & behold, I can now add domain accounts to the local admin group on the workstation. So, I guess that's somewhat of a workaround, but I still don't think the workstations are able to to perform dynamic updates, but I guess I could just manually create the records, which is definitely not the correct way to do things. I'm thinking that if I just renamed the domain controller (it's the only server they have) to "domain-server.domain.local" that might solve my problem, or open the door to a whole bunch of new problems, which is what I don't want right now.

Any advice anyone?
Avatar of Terbo45

ASKER

I think it's fixed finally!! All I had to do is add a new forward lookup zone for "domain.com" and I removed the entry from the host file and now I can resolve the server's "com" address and I can add domain accounts to the local workstation groups. The only issue that I can see that's still left is that there's still no dynamic dns updates propagating. Any ideas?
ASKER CERTIFIED SOLUTION
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Terbo45

ASKER

I just checked, and the one machine I joined to the domain is dynamically updated, so now it's just a matter of going back and joining the remaining workstations to the domain. Thanks so much for your help.