test dcdiag fails delegation: missing (glue) record for removed host
A small domain with primary and secondary DC, when I run dcdiag on each of the controllers, I get a delegation failure,
"Warning: DNS server: dc-01.domain.local. IP <Unavailable> Failure:Missing glue A record"
The problem is that this server "dc-01" no longer exists, and I can't find any reference to it in AD or DNS. dcdiag passes all other tests.
"Warning: DNS server: dc-01.domain.local. IP <Unavailable> Failure:Missing glue A record"
The problem is that this server "dc-01" no longer exists, and I can't find any reference to it in AD or DNS. dcdiag passes all other tests.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\EWS-DC-01
Starting test: Connectivity
......................... EWS-DC-01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\EWS-DC-01
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : ews
Running enterprise tests on : ews.local
Starting test: DNS
Test results for domain controllers:
DC: ews-dc-01.ews.local
Domain: ews.local
TEST: Delegations (Del)
Warning: DNS server: dc-01.ews.local. IP: <Unavailable> Failure:Missing glue A record
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: ews.local
ews-dc-01 PASS PASS PASS FAIL PASS PASS n/a
......................... ews.local failed test DNSASKER
I ran dnlslint and the report indicates no problems. The are two CNAME records, as there should be, one each for the two live DC's. No missing records.
I then ran ntdsutil (metadata cleanup) and found no dead servers in the domain, just the two live ones. Nothing to clean up. BTW - the dead server was properly demoted and removed with dcpropmo before it was decommissioned.
Then checked all local domains in DNS for any references to dead name servers: I found and deleted one, and deleted some entries for the dead server under _mcds and restarted DNS.
After this, dcdiag still fails the Delegation test, stating there is no glue record for dc-01.ews.local, the non-existant server. Is there some other means to find where this object is hiding so I can remove it?
I then ran ntdsutil (metadata cleanup) and found no dead servers in the domain, just the two live ones. Nothing to clean up. BTW - the dead server was properly demoted and removed with dcpropmo before it was decommissioned.
Then checked all local domains in DNS for any references to dead name servers: I found and deleted one, and deleted some entries for the dead server under _mcds and restarted DNS.
After this, dcdiag still fails the Delegation test, stating there is no glue record for dc-01.ews.local, the non-existant server. Is there some other means to find where this object is hiding so I can remove it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would also run DNSLINT in addition to dcdiag tests. Sometimes the
information is a bit clearer
2. I assume that dc-01.ews.local is a DC which was not properly demoted/promoted. So i think you should try to remove data associated to it in AD: http://support.microsoft.com/kb/216498