Solved

test dcdiag fails delegation: missing (glue) record for removed host

Posted on 2009-04-13
3
9,928 Views
Last Modified: 2012-05-06
A small domain with primary and secondary DC, when I run dcdiag on each of the controllers, I get a delegation failure,

"Warning: DNS server: dc-01.domain.local. IP <Unavailable> Failure:Missing glue A record"

The problem is that this server "dc-01" no longer exists, and I can't find any reference to it in AD or DNS. dcdiag passes all other tests.
Domain Controller Diagnosis

 

Performing initial setup:

   Done gathering initial info.

 

Doing initial required tests

   

   Testing server: Default-First-Site-Name\EWS-DC-01

      Starting test: Connectivity

         ......................... EWS-DC-01 passed test Connectivity

 

Doing primary tests

   

   Testing server: Default-First-Site-Name\EWS-DC-01

 

DNS Tests are running and not hung. Please wait a few minutes...

   

   Running partition tests on : ForestDnsZones

   

   Running partition tests on : DomainDnsZones

   

   Running partition tests on : Schema

   

   Running partition tests on : Configuration

   

   Running partition tests on : ews

   

   Running enterprise tests on : ews.local

      Starting test: DNS

         Test results for domain controllers:

            

            DC: ews-dc-01.ews.local

            Domain: ews.local

 

                  

               TEST: Delegations (Del)

                  Warning: DNS server: dc-01.ews.local. IP: <Unavailable> Failure:Missing glue A record

         

         Summary of DNS test results:

         

                                            Auth Basc Forw Del  Dyn  RReg Ext  

               ________________________________________________________________

            Domain: ews.local

               ews-dc-01                    PASS PASS PASS FAIL PASS PASS n/a  

         

         ......................... ews.local failed test DNS

Open in new window

0
Comment
Question by:aolong62
  • 2
3 Comments
 
LVL 6

Expert Comment

by:meugen
ID: 24135784
1. It looks like there is no host record for the domain controller in question.
I would also run DNSLINT in addition to dcdiag tests. Sometimes the
information is a bit clearer

2. I assume that dc-01.ews.local is a DC which was not properly demoted/promoted. So i think you should try to remove data associated to it in AD: http://support.microsoft.com/kb/216498
0
 

Author Comment

by:aolong62
ID: 24139407
I ran dnlslint and the report indicates no problems. The are two CNAME records, as there should be, one each for the two live DC's. No missing records.

I then ran ntdsutil (metadata cleanup) and found no dead servers in the domain, just the two live ones. Nothing to clean up. BTW - the dead server was properly demoted and removed with dcpropmo before it was decommissioned.

Then checked all local domains in DNS for any references to dead name servers: I found and deleted one, and deleted some entries for the dead server under _mcds and restarted DNS.

After this, dcdiag still fails the Delegation test, stating there is no glue record for dc-01.ews.local, the non-existant server. Is there some other means to find where this object is hiding so I can remove it?
0
 

Accepted Solution

by:
aolong62 earned 0 total points
ID: 24139552
Found it! There was an _mcds object under ews.local with a sole entry (dc-01.ews.local). Deleting this object fixed the issue. Human oversight again. Thank you for the tips.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now