Solved

test dcdiag fails delegation: missing (glue) record for removed host

Posted on 2009-04-13
3
11,376 Views
Last Modified: 2012-05-06
A small domain with primary and secondary DC, when I run dcdiag on each of the controllers, I get a delegation failure,

"Warning: DNS server: dc-01.domain.local. IP <Unavailable> Failure:Missing glue A record"

The problem is that this server "dc-01" no longer exists, and I can't find any reference to it in AD or DNS. dcdiag passes all other tests.
Domain Controller Diagnosis
 
Performing initial setup:
   Done gathering initial info.
 
Doing initial required tests
   
   Testing server: Default-First-Site-Name\EWS-DC-01
      Starting test: Connectivity
         ......................... EWS-DC-01 passed test Connectivity
 
Doing primary tests
   
   Testing server: Default-First-Site-Name\EWS-DC-01
 
DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : ews
   
   Running enterprise tests on : ews.local
      Starting test: DNS
         Test results for domain controllers:
            
            DC: ews-dc-01.ews.local
            Domain: ews.local
 
                  
               TEST: Delegations (Del)
                  Warning: DNS server: dc-01.ews.local. IP: <Unavailable> Failure:Missing glue A record
         
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: ews.local
               ews-dc-01                    PASS PASS PASS FAIL PASS PASS n/a  
         
         ......................... ews.local failed test DNS

Open in new window

0
Comment
Question by:aolong62
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:meugen
ID: 24135784
1. It looks like there is no host record for the domain controller in question.
I would also run DNSLINT in addition to dcdiag tests. Sometimes the
information is a bit clearer

2. I assume that dc-01.ews.local is a DC which was not properly demoted/promoted. So i think you should try to remove data associated to it in AD: http://support.microsoft.com/kb/216498
0
 

Author Comment

by:aolong62
ID: 24139407
I ran dnlslint and the report indicates no problems. The are two CNAME records, as there should be, one each for the two live DC's. No missing records.

I then ran ntdsutil (metadata cleanup) and found no dead servers in the domain, just the two live ones. Nothing to clean up. BTW - the dead server was properly demoted and removed with dcpropmo before it was decommissioned.

Then checked all local domains in DNS for any references to dead name servers: I found and deleted one, and deleted some entries for the dead server under _mcds and restarted DNS.

After this, dcdiag still fails the Delegation test, stating there is no glue record for dc-01.ews.local, the non-existant server. Is there some other means to find where this object is hiding so I can remove it?
0
 

Accepted Solution

by:
aolong62 earned 0 total points
ID: 24139552
Found it! There was an _mcds object under ews.local with a sole entry (dc-01.ews.local). Deleting this object fixed the issue. Human oversight again. Thank you for the tips.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question