Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

test dcdiag fails delegation: missing (glue) record for removed host

Posted on 2009-04-13
3
Medium Priority
?
11,757 Views
Last Modified: 2012-05-06
A small domain with primary and secondary DC, when I run dcdiag on each of the controllers, I get a delegation failure,

"Warning: DNS server: dc-01.domain.local. IP <Unavailable> Failure:Missing glue A record"

The problem is that this server "dc-01" no longer exists, and I can't find any reference to it in AD or DNS. dcdiag passes all other tests.
Domain Controller Diagnosis
 
Performing initial setup:
   Done gathering initial info.
 
Doing initial required tests
   
   Testing server: Default-First-Site-Name\EWS-DC-01
      Starting test: Connectivity
         ......................... EWS-DC-01 passed test Connectivity
 
Doing primary tests
   
   Testing server: Default-First-Site-Name\EWS-DC-01
 
DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : ews
   
   Running enterprise tests on : ews.local
      Starting test: DNS
         Test results for domain controllers:
            
            DC: ews-dc-01.ews.local
            Domain: ews.local
 
                  
               TEST: Delegations (Del)
                  Warning: DNS server: dc-01.ews.local. IP: <Unavailable> Failure:Missing glue A record
         
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: ews.local
               ews-dc-01                    PASS PASS PASS FAIL PASS PASS n/a  
         
         ......................... ews.local failed test DNS

Open in new window

0
Comment
Question by:aolong62
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:meugen
ID: 24135784
1. It looks like there is no host record for the domain controller in question.
I would also run DNSLINT in addition to dcdiag tests. Sometimes the
information is a bit clearer

2. I assume that dc-01.ews.local is a DC which was not properly demoted/promoted. So i think you should try to remove data associated to it in AD: http://support.microsoft.com/kb/216498
0
 

Author Comment

by:aolong62
ID: 24139407
I ran dnlslint and the report indicates no problems. The are two CNAME records, as there should be, one each for the two live DC's. No missing records.

I then ran ntdsutil (metadata cleanup) and found no dead servers in the domain, just the two live ones. Nothing to clean up. BTW - the dead server was properly demoted and removed with dcpropmo before it was decommissioned.

Then checked all local domains in DNS for any references to dead name servers: I found and deleted one, and deleted some entries for the dead server under _mcds and restarted DNS.

After this, dcdiag still fails the Delegation test, stating there is no glue record for dc-01.ews.local, the non-existant server. Is there some other means to find where this object is hiding so I can remove it?
0
 

Accepted Solution

by:
aolong62 earned 0 total points
ID: 24139552
Found it! There was an _mcds object under ews.local with a sole entry (dc-01.ews.local). Deleting this object fixed the issue. Human oversight again. Thank you for the tips.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question