Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

test dcdiag fails delegation: missing (glue) record for removed host

Posted on 2009-04-13
3
Medium Priority
?
12,149 Views
Last Modified: 2012-05-06
A small domain with primary and secondary DC, when I run dcdiag on each of the controllers, I get a delegation failure,

"Warning: DNS server: dc-01.domain.local. IP <Unavailable> Failure:Missing glue A record"

The problem is that this server "dc-01" no longer exists, and I can't find any reference to it in AD or DNS. dcdiag passes all other tests.
Domain Controller Diagnosis
 
Performing initial setup:
   Done gathering initial info.
 
Doing initial required tests
   
   Testing server: Default-First-Site-Name\EWS-DC-01
      Starting test: Connectivity
         ......................... EWS-DC-01 passed test Connectivity
 
Doing primary tests
   
   Testing server: Default-First-Site-Name\EWS-DC-01
 
DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : ews
   
   Running enterprise tests on : ews.local
      Starting test: DNS
         Test results for domain controllers:
            
            DC: ews-dc-01.ews.local
            Domain: ews.local
 
                  
               TEST: Delegations (Del)
                  Warning: DNS server: dc-01.ews.local. IP: <Unavailable> Failure:Missing glue A record
         
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: ews.local
               ews-dc-01                    PASS PASS PASS FAIL PASS PASS n/a  
         
         ......................... ews.local failed test DNS

Open in new window

0
Comment
Question by:aolong62
  • 2
3 Comments
 
LVL 6

Expert Comment

by:meugen
ID: 24135784
1. It looks like there is no host record for the domain controller in question.
I would also run DNSLINT in addition to dcdiag tests. Sometimes the
information is a bit clearer

2. I assume that dc-01.ews.local is a DC which was not properly demoted/promoted. So i think you should try to remove data associated to it in AD: http://support.microsoft.com/kb/216498
0
 

Author Comment

by:aolong62
ID: 24139407
I ran dnlslint and the report indicates no problems. The are two CNAME records, as there should be, one each for the two live DC's. No missing records.

I then ran ntdsutil (metadata cleanup) and found no dead servers in the domain, just the two live ones. Nothing to clean up. BTW - the dead server was properly demoted and removed with dcpropmo before it was decommissioned.

Then checked all local domains in DNS for any references to dead name servers: I found and deleted one, and deleted some entries for the dead server under _mcds and restarted DNS.

After this, dcdiag still fails the Delegation test, stating there is no glue record for dc-01.ews.local, the non-existant server. Is there some other means to find where this object is hiding so I can remove it?
0
 

Accepted Solution

by:
aolong62 earned 0 total points
ID: 24139552
Found it! There was an _mcds object under ews.local with a sole entry (dc-01.ews.local). Deleting this object fixed the issue. Human oversight again. Thank you for the tips.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question