How do I completely remove DNS from Win2003 Svr?

Posted on 2008-11-19
Last Modified: 2012-05-05
Ok, here's the deal. I went out to help someone with a Windows 2003 Server that they had someone else already setup. The DNS appears to be completely messed up, so I'm thinking the best solution is to just remove it  and reinstall it, but I want to make sure all prior config data doesn't get recreated when I do that.

For starters, I'll show some of the event & diag results. I'm getting this in the event log:

"The zone %1 is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates. Explanation
The host address (A) resource record associated with the start of authority (SOA) resource record for this zone is missing. Host (A) resource records are used in a zone to associate DNS domain names of computers (hosts) to their IP addresses.
The host (A) resource record could be missing because it was not registered, because it was accidentally deleted, or because the SOA is preventing any host address (A) resource records from being registered.
User Action
Manually create a host (A) resource record using the DNS console and then inspect the SOA record to ensure that it is correct"

"The DNS server did not detect any zones of either primary or secondary type during initialization. It will not be authoritative for any zones, and it will run as a caching-only server until a zone is loaded manually or by Active Directory replication."

"The zone_msdcs.domain.local is configured to accept updatea but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. if the address of the primary server for the zone cannot be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates"

Here's the result of DCDIAG:

"E:\Program Files\Support Tools>dcdiag /test:DNS
Domain Controller Diagnosis
Performing initial setup:
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site\DOMAIN-SERVER
      Starting test: Connectivity
            *** Warning: could not confirm the identity of this server in
               the directory versus the names returned by DNS servers.
               If there are problems accessing this directory server then
               you may need to check that this server is correctly registered
               with DNS
         ......................... DOMAIN-SERVER passed test Connectivity
Doing primary tests
   Testing server: Default-First-Site\DOMAIN-SERVER
DNS Tests are running and not hung. Please wait a few minutes...
   Running partition tests on : TAPI3Directory
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running partition tests on : DOMAIN
   Running enterprise tests on : DOMAIN.local
      Starting test: DNS
         Test results for domain controllers:
            Domain: DOMAIN.local

               TEST: Basic (Basc)
                  Error: The A record for this DC was not found
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure
               TEST: Records registration (RReg)
                  Network Adapter [00000007] Broadcom BCM5708C NetXtreme II GigE
 (NDIS VBD Client):
                     Error: Missing A record at DNS server :
                     Warning: Missing DC SRV record at DNS server :
                     Warning: Missing GC SRV record at DNS server :
                     Warning: Missing PDC SRV record at DNS server
               Error: Record registrations cannot be found for all the network a
         Summary of DNS test results:
                                            Auth Basc Forw Del  Dyn  RReg Ext
            Domain: DOMAIN.local
               DOMAIN-SERVER                PASS FAIL PASS PASS WARN FAIL n/a
         ......................... DOMAIN.local failed test DNS
E:\Program Files\Support Tools>"

So as you can see, a lot of problems here. For instance, DNS shows to be configured for dynamic update, but it's just not working. Also, I have no idea why there's the "TAPI3Directory" directory. That's one of the things that I want to go away.

So, here's what I've got in regards to flushing out DNS and any vestiges of the old config:

"-convert dns to primary zone (uncheck integrate with active directory)
-remove dns in configure your server
-remove dns folder from system32
-in system32\config remove netlogon.dnb and netlogon.dns
reinstall dns (configure your server) with the correct zone name

then at the command prompt:

ipconfig /registerdns
net stop netlogon
net start netlogon"

Does my game-plan sound about right, or am I missing something here? It just seems to me that whatever the problem is here, removing DNS and starting from scratch seems to be the best way to go. Sorry for the long winded post, but I'm  trying to provide as much info as possible for anyone willing to help.

Thanks, Brett

Question by:Terbo45
    LVL 59

    Expert Comment

    by:Darius Ghassem
    Everything seems in order. The only thing is why did this problem occur. If you just delete the zone then this problem most likely will re-occur if you don't figure out what the problem was. A couple of things to check. Make sure the server points to itself for DNS and there aren't any external DNS servers listed in the TCP\IP properties. Make sure the actual IP addresss of the server is in the primary DNS server not the loop back address Can you expand the zone then do a screenshot and post. It seems that you might be missing the msdcs folder.

    Author Comment

    I think the person who was working on this server\network seems to be completely clueless, which is why it's all messed up. For instance, when I looked at the server for the first time, it did not even have a static IP assigned; it was getting it's address via DHCP, if you can believe that. There was also a linux firewall (IP Cop) that was plugged into a dumb switch, instead of between the ISP's router and the network. I also looked at the "configure your server" log, and for some unknown reason he tried to remove active directory month after the inital rollout. So, you can see why I just want to removce all of the garbage he did and start over.

    To answer your questions, fes, the server is pointing to itself, and no external DNS servers are there, it's not using a loopback, and the msdcs folder is there. The A records are there too.
    LVL 59

    Expert Comment

    by:Darius Ghassem
    He didn't have anything right. What you have step by step is the correct way to do it. If you feel comfortable the issue was a setup problem and you have all the correct info entered in the server now then I would go for it. Is the msdcs listed under the zone?

    Author Comment

    Here's the screenshots of the _msdcs folder and the local. I blacked out the domain info to retain privacy.

    LVL 59

    Expert Comment

    by:Darius Ghassem
    There is your issue the _msdcs should be under the zone not a top level zone. If you look the _msdcs folder under your zone is greyed out which means you need to remove the zone then re-add it to get this fixed but this is where the problem that you are having now exist.

    Author Comment

    When you say "remove", do you mean just simply right-clicking and selecting delete? Or can I just drag it to where it needs to be? I guess what I mean to ask is how do I recreate it?

    Btw, thanks for your help.
    LVL 59

    Expert Comment

    by:Darius Ghassem
    See if you can pull the _msdcs folder back under the zone but usually you have to delete the _msdcs folder and the zone by right-clicking and deleting.

    Author Comment

    Ok, thanks. I'll try that shortly and let you know how it turns out.

    Author Comment

    Ok, this is strange. Now all of the prior event in my DNS log have gone away, but I'm still having an issue with DNS. The reason the problem was found in the first place was because I couldn't assign domain account permissions to the workstation's local admin group. When I try to do that, it just lists the local computer name, and not the AD domain. I can however see those accounts if I want to add them to the "Remote Desktop Users" group.

    Here's what I do think is the crux of my problem. When I look at the server's computer name, I'm seeing under the "fulll computer name" the following: "", but the domain is listed as "domain.local". Now on the server I can ping both "" and "domain-server.domain.local", but on the workstation I can only ping "domain-server.domain.local" but NOT "". It gives me the "could not find host" error.

    Author Comment

    Ok, now I'm making progress. I just entered a record in the local machine's HOST file for "", and I was able to ping it now, and lo & behold, I can now add domain accounts to the local admin group on the workstation. So, I guess that's somewhat of a workaround, but I still don't think the workstations are able to to perform dynamic updates, but I guess I could just manually create the records, which is definitely not the correct way to do things. I'm thinking that if I just renamed the domain controller (it's the only server they have) to "domain-server.domain.local" that might solve my problem, or open the door to a whole bunch of new problems, which is what I don't want right now.

    Any advice anyone?

    Author Comment

    I think it's fixed finally!! All I had to do is add a new forward lookup zone for "" and I removed the entry from the host file and now I can resolve the server's "com" address and I can add domain accounts to the local workstation groups. The only issue that I can see that's still left is that there's still no dynamic dns updates propagating. Any ideas?
    LVL 59

    Accepted Solution

    Do you have dynamic updates setup?

    Author Comment

    I just checked, and the one machine I joined to the domain is dynamically updated, so now it's just a matter of going back and joining the remaining workstations to the domain. Thanks so much for your help.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
    One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now