Solved

DNS - DCDiag Dynamic Update - Test Failure

Posted on 2010-09-02
16
5,017 Views
Last Modified: 2012-05-10
When running the test dcdiag.exe /test:DNS on my new Window 2008 R2 DNS/DC, it runs fairly well, but with a Warning on the Dynamic Update.  Can someone explain what this means and how to correct it?  

Thanks.


Doing primary tests

   Testing server: Default-First-Site-Name\APBRDC2

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... APBRDC2 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : apsu

   Running enterprise tests on : apsu.edu
      Starting test: DNS
         Test results for domain controllers:

            DC: apbrdc2.apsu.edu
            Domain: apsu.edu


               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record i
n zone apsu.edu

               apbrdc2                      PASS PASS PASS PASS WARN PASS n/a
         ......................... apsu.edu passed test DNS

C:\Users\exadmin2k>dcdiag.exe /test:dynamicupdate
0
Comment
Question by:apsutechteam
  • 8
  • 8
16 Comments
 
LVL 29

Accepted Solution

by:
Rich Weissler earned 500 total points
Comment Utility
It means the test wrote a DNS record to apbrdc2, and when it tried to subsequently remove the record, it was unable to do so.

Looking at the dcdiag information (http://technet.microsoft.com/en-us/library/cc731968%28WS.10%29.aspx), it was suppose to give you an error code to help track down.

I'd look through the event logs on apbrdc2, especially the DNS log, system log, and application log for more information...  (look especially around the time you ran the test.... although this might be part of a larger pattern, especially if that server is particularly busy.)
0
 

Author Comment

by:apsutechteam
Comment Utility
The other two errors I see in the log are: (below is suppose to be ignorable unless you're runnin rodc -- you get it if you didn't prepare domain for read-only domain)  - so I  thinks is okay. This isn't a RODC.

Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=apsu,DC=edu
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=apsu,DC=edu

An error event occurred.  EventID: 0xC0002719

            Time Generated: 09/02/2010   16:10:56

            Event String:

The second error is this -- noting the addresses of all 3 of our forwarders.  I found an article that suggested open firewall port (Inbound - DCOM + NetworkAccess (TCP)) - but that didn't help.  Yes, I can ping them.  Don't know if this relates to other problem or is separate entirely.

            DCOM was unable to communicate with the computer xxx.xxx.x.x using any of the configured protocols.  (get this in relation to IPs listed as my Forwarders).

Lastly when I run dcdiag /dnsdynamicupdates command -- no errors -- looks pretty good?
0
 
LVL 29

Expert Comment

by:Rich Weissler
Comment Utility
Okay, had to look those two up.  For linking completeness if anyone else stumbled across this -- http://support.microsoft.com/kb/967482/en-us
Confirmed, Microsoft says this is fine if you aren't planning to run an RODC -- and is easily fixed with an adprep.

So, yes, looks pretty good.  :-)  (I wish everyone had such clean diags.)
0
 

Author Comment

by:apsutechteam
Comment Utility
The two things I'm concerned about are the DCOM error against my forwards, and the failed Dynamic update.  Any idea on those?  I see forums post on the net on both -- but no solution

DCOM was unable to communicate with the computer xxx.xxx.x.x using any of the configured protocols.  (get this in relation to IPs listed as my Forwarders).

Thanks.
0
 
LVL 29

Expert Comment

by:Rich Weissler
Comment Utility
I'd started to write up last night -- I assume you don't have control over the forwarders.  In my environment, we have a bank of unix boxes which handle that functionality, and I'm not permitted any communication with them except over udp/53.  I assume that's also what is happening to you... I'm not certain why the test is even attempting that sort of communication with the upstream DNS servers.

For the failed dynamic update (delete), my first guess is that it might have been run during a busy time of the day?  Either the delete was attempted before the entry was propagated, or couldn't be processed fast enough for the test.  My two responses would therefore be:
   Run the test again? (and hopefully the Friday before a three day weekend will see less load on the servers)
   There is suppose to be an reason code in the error in the "Warning: Failed to delete the test record dcdiag-test-record in zone apsu.edu", which I don't see... :-(  Without the reason, answering the why is harder.  (That's why I was hoping something else useful would appear in the log.)
0
 

Author Comment

by:apsutechteam
Comment Utility
I'm unfortunately ran the test a number of times - over days.  For the DCOM errors, other forums suggest the firewall more than anything else.  I've enabled Windows Remote Management  and Inbound - DCOM + NetworkAccess (TCP) - the two things I've seen suggested -- no help.  I've then turned Firewall - off - for domain,private and public - that didn't help either -- so in my case it doesn't seem to be firewall issue.
0
 
LVL 29

Expert Comment

by:Rich Weissler
Comment Utility
Wait... do you control the machines defined as your forwarders, and those machines are windows?
0
 

Author Comment

by:apsutechteam
Comment Utility
I do not control them -- they belong to the state.  Our network admin does not know their OS -- but I certainly wouldn't be surprised if they were not windows.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 29

Expert Comment

by:Rich Weissler
Comment Utility
Those are the servers that are refusing the DCOM connection and/or have a firewall or router filter in place between your DNS servers and them... so I wouldn't worry about those...

Still leaves that Dynamic Update delete failure though.  In all the testing, it never provides more information?  (Now, of course, I'm worried that you have test DNS entries accumulating in your zone... I suppose the scavenging process would eventually remove them.. but still...)
0
 

Author Comment

by:apsutechteam
Comment Utility
Result of DNS dcdiag test.  I'm receive some desktop errors connecting to domain (perhaps need rejoin or something) and the DCOM errors -- these are noted in system.log section.

This is full result of dcdiag /testdns:

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = serverdc2

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\serverDC2

      Starting test: Connectivity

         ......................... serverDC2 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\serverDC2

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         ......................... serverDC2 passed test DNS

   
   Running partition tests on : ForestDnsZones

   
   Running partition tests on : DomainDnsZones

   
   Running partition tests on : Schema

   
   Running partition tests on : Configuration

   
   Running partition tests on : ABC

   
   Running enterprise tests on : ABC.edu

      Starting test: DNS

         Test results for domain controllers:

           
            DC: serverdc2.ABC.edu

            Domain: ABC.edu

           

                 
               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record in zone ABC.edu
         
               serverdc2                      PASS PASS PASS PASS WARN PASS n/a  
         ......................... ABC.edu passed test DNS



This is full result of dcdiag /dnsdynamicupdate:


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = serverdc2

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\serverDC2

      Starting test: Connectivity

         ......................... serverDC2 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\serverDC2

      Starting test: Advertising

         ......................... serverDC2 passed test Advertising

      Starting test: FrsEvent

         ......................... serverDC2 passed test FrsEvent

      Starting test: DFSREvent

         ......................... serverDC2 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... serverDC2 passed test SysVolCheck

      Starting test: KccEvent

         ......................... serverDC2 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... serverDC2 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... serverDC2 passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=abc,DC=edu
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=abc,DC=edu
         ......................... serverDC2 failed test NCSecDesc

      Starting test: NetLogons

         ......................... serverDC2 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... serverDC2 passed test ObjectsReplicated

      Starting test: Replications

         ......................... serverDC2 passed test Replications

      Starting test: RidManager

         ......................... serverDC2 passed test RidManager

      Starting test: Services

         ......................... serverDC2 passed test Services

      Starting test: SystemLog

         An error event occurred.  EventID: 0x0000165B

            Time Generated: 09/03/2010   11:12:49

            Event String:

            The session setup from computer 'IT401473L' failed because the security database does not contain a trust account 'IT401473L$' referenced by the specified computer.  


         An error event occurred.  EventID: 0x000016AD

            Time Generated: 09/03/2010   11:16:31

            Event String:

            The session setup from the computer IT401473L failed to authenticate. The following error occurred:


         An error event occurred.  EventID: 0xC0002719

            Time Generated: 09/03/2010   12:07:34

            Event String:

            DCOM was unable to communicate with the computer 141.225.215.120 using any of the configured protocols.

         An error event occurred.  EventID: 0xC0002719

            Time Generated: 09/03/2010   12:07:55

            Event String:

            DCOM was unable to communicate with the computer 198.146.12.10 using any of the configured protocols.

         An error event occurred.  EventID: 0xC0002719

            Time Generated: 09/03/2010   12:08:16

            Event String:

            DCOM was unable to communicate with the computer 198.146.3.1 using any of the configured protocols.

         ......................... serverDC2 failed test SystemLog

      Starting test: VerifyReferences

         ......................... serverDC2 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : abc

      Starting test: CheckSDRefDom

         ......................... abc passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... abc passed test CrossRefValidation

   
   Running enterprise tests on : abc.edu

      Starting test: LocatorCheck

         ......................... abc.edu passed test LocatorCheck

      Starting test: Intersite

         ......................... abc.edu passed test Intersite

Thanks.

0
 
LVL 29

Expert Comment

by:Rich Weissler
Comment Utility
Okay, i'm still coming up with nothing.  Except for the desktop related errors you mentioned, everything else looks the same.
Try a
dnslint /d [domain] /s [dns_server]
and a
dnslint /ad [dc]
0
 

Author Comment

by:apsutechteam
Comment Utility
Here are full results of two commands.  Thanks for taking a look.  I only mass replaced our 'domain' with domain and servername beginning with server.


DNSLint Report

System Date: Fri Sep 03 15:05:21 2010

Command run:

dnslint /d domain.edu /s 10.2.100.152

Domain name tested:

    domain.edu

The following 5 DNS servers were identified as authoritative for the domain:

DNS server: serverdc2.domain.edu
IP Address: 10.2.100.152
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: serverdc2.domain.edu
Hostmaster: administrator
Zone serial number: 2001763775
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
serverip3.domain.edu Unknown
serverdc2.domain.edu Unknown
serverdc1.domain.edu Unknown
odysseus.domain.edu Unknown
serverip1.domain.edu Unknown

Host (A) records for domain from server:
10.2.100.64
10.2.100.112
10.2.100.111
10.2.100.152
10.2.100.36
10.2.100.33



Mail Exchange (MX) records from server (preference/name/IP address):
10 owa.domain.edu 10.2.100.126



--------------------------------------------------------------------------------

DNS server: serverip3.domain.edu
IP Address: 10.2.100.112
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: serverip3.domain.edu
Hostmaster: administrator
Zone serial number: 2001763760
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
serverdc1.domain.edu Unknown
odysseus.domain.edu Unknown
serverip1.domain.edu Unknown
serverip3.domain.edu Unknown
serverdc2.domain.edu Unknown

Host (A) records for domain from server:
10.2.100.111
10.2.100.152
10.2.100.36
10.2.100.33
10.2.100.64
10.2.100.112



Mail Exchange (MX) records from server (preference/name/IP address):
10 owa.domain.edu 10.2.100.126



--------------------------------------------------------------------------------

DNS server: serverdc1.domain.edu
IP Address: 10.2.100.111
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: serverdc1.domain.edu
Hostmaster: administrator
Zone serial number: 2001763775
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
odysseus.domain.edu Unknown
serverip1.domain.edu Unknown
serverip3.domain.edu Unknown
serverdc2.domain.edu Unknown
serverdc1.domain.edu Unknown

Host (A) records for domain from server:
10.2.100.64
10.2.100.112
10.2.100.111
10.2.100.152
10.2.100.36
10.2.100.33



Mail Exchange (MX) records from server (preference/name/IP address):
10 owa.domain.edu 10.2.100.126



--------------------------------------------------------------------------------

DNS server: odysseus.domain.edu
IP Address: 10.2.100.64
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: odysseus.domain.edu
Hostmaster: administrator
Zone serial number: 2001763764
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
odysseus.domain.edu Unknown
serverip1.domain.edu Unknown
serverip3.domain.edu Unknown
serverdc2.domain.edu Unknown
serverdc1.domain.edu Unknown

Host (A) records for domain from server:
10.2.100.36
10.2.100.112
10.2.100.111
10.2.100.152
10.2.100.64
10.2.100.33



Mail Exchange (MX) records from server (preference/name/IP address):
10 owa.domain.edu 10.2.100.126



--------------------------------------------------------------------------------

DNS server: serverip1.domain.edu
IP Address: 10.2.100.33
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: serverip1.domain.edu
Hostmaster: administrator
Zone serial number: 2001763777
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
serverip3.domain.edu Unknown
serverdc2.domain.edu Unknown
serverdc1.domain.edu Unknown
odysseus.domain.edu Unknown
serverip1.domain.edu Unknown

Host (A) records for domain from server:
10.2.100.112
10.2.100.33
10.2.100.64
10.2.100.36
10.2.100.111
10.2.100.152



Mail Exchange (MX) records from server (preference/name/IP address):
10 owa.domain.edu 10.2.100.126



--------------------------------------------------------------------------------

Notes:
Zone serial numbers were not identical on every DNS server




--------------------------------------------------------------------------------

Legend: warning, error

DNSLint developed by Tim Rains

********************************
*********************************DNSLint Report

System Date: Fri Sep 03 16:10:46 2010

Command run:

dnslint /ad 10.2.100.152 /s 10.2.100.152

Root of Active Directory Forest:

    domain.com

Active Directory Forest Replication GUIDs Found:

DC: serverDC1
GUID: 46800295-05e5-46f4-aec8-608ab17fbdc9

DC: TONY
GUID: 41e643eb-f068-42f7-87ca-75ded01b08f1

DC: GARFIELD
GUID: 6b9f72fc-0604-45f8-8f2b-a35befe822e9

DC: serverSM2
GUID: 9c90b0ba-4863-44d9-abb7-71289c696159

DC: ODYSSEUS
GUID: ccc12bbf-11e5-4245-8792-3750233a7bc1

DC: serverIP1
GUID: f0d25ce2-52c2-4b6f-a228-155dc18234af

DC: serverIP3
GUID: 73272b0b-97e3-4fd2-a554-ba403434372e

DC: serverSD1
GUID: 60cc7fbc-0647-4873-832c-bd9691747de8

DC: serverDC2
GUID: 1acce041-f8b2-493b-ae41-ebb9690b450d

DC: serverSD2
GUID: bd229cd5-391b-438d-b77c-5d9215cc9d27


Total GUIDs found: 10

--------------------------------------------------------------------------------

The following 5 DNS servers were checked for records related to AD forest replication:

DNS server: serverdc2.domain.com
IP Address: 10.2.100.152
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: serverdc2.domain.com
Hostmaster: administrator
Zone serial number: 2001764103
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
serverip3.domain.com Unknown
serverdc2.domain.com Unknown
serverdc1.domain.com Unknown
odysseus.domain.com Unknown
serverip1.domain.com Unknown




Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 46800295-05e5-46f4-aec8-608ab17fbdc9._msdcs.domain.com
Alias: serverdc1.domain.com
Glue: 10.2.100.111

CNAME: 41e643eb-f068-42f7-87ca-75ded01b08f1._msdcs.domain.com
Alias: tony.lib.domain.com
Glue: 10.16.100.2

CNAME: 6b9f72fc-0604-45f8-8f2b-a35befe822e9._msdcs.domain.com
Alias: garfield.lib.domain.com
Glue: 10.16.100.1

CNAME: 9c90b0ba-4863-44d9-abb7-71289c696159._msdcs.domain.com
Alias: serversm2.student.domain.com
Glue: 10.2.100.77

CNAME: ccc12bbf-11e5-4245-8792-3750233a7bc1._msdcs.domain.com
Alias: odysseus.domain.com
Glue: 10.2.100.64

CNAME: f0d25ce2-52c2-4b6f-a228-155dc18234af._msdcs.domain.com
Alias: serverip1.domain.com
Glue: 10.2.100.33

CNAME: 73272b0b-97e3-4fd2-a554-ba403434372e._msdcs.domain.com
Alias: serverip3.domain.com
Glue: 10.2.100.112

CNAME: 60cc7fbc-0647-4873-832c-bd9691747de8._msdcs.domain.com
Alias: serversd1.student.domain.com
Glue: 10.2.100.20

CNAME: 1acce041-f8b2-493b-ae41-ebb9690b450d._msdcs.domain.com
Alias: serverdc2.domain.com
Glue: 10.2.100.152

CNAME: bd229cd5-391b-438d-b77c-5d9215cc9d27._msdcs.domain.com
Alias: serversd2.student.domain.com
Glue: 10.2.192.16


Total number of CNAME records found on this server: 10

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0



--------------------------------------------------------------------------------

DNS server: serverip3.domain.com
IP Address: 10.2.100.112
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: serverip3.domain.com
Hostmaster: administrator
Zone serial number: 2001764102
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
serverip1.domain.com Unknown
serverip3.domain.com Unknown
serverdc2.domain.com Unknown
serverdc1.domain.com Unknown
odysseus.domain.com Unknown




Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 46800295-05e5-46f4-aec8-608ab17fbdc9._msdcs.domain.com
Alias: serverdc1.domain.com
Glue: 10.2.100.111

CNAME: 41e643eb-f068-42f7-87ca-75ded01b08f1._msdcs.domain.com
Alias: tony.lib.domain.com
Glue: 10.16.100.2

CNAME: 6b9f72fc-0604-45f8-8f2b-a35befe822e9._msdcs.domain.com
Alias: garfield.lib.domain.com
Glue: 10.16.100.1

CNAME: 9c90b0ba-4863-44d9-abb7-71289c696159._msdcs.domain.com
Alias: serversm2.student.domain.com
Glue: 10.2.100.77

CNAME: ccc12bbf-11e5-4245-8792-3750233a7bc1._msdcs.domain.com
Alias: odysseus.domain.com
Glue: 10.2.100.64

CNAME: f0d25ce2-52c2-4b6f-a228-155dc18234af._msdcs.domain.com
Alias: serverip1.domain.com
Glue: 10.2.100.33

CNAME: 73272b0b-97e3-4fd2-a554-ba403434372e._msdcs.domain.com
Alias: serverip3.domain.com
Glue: 10.2.100.112

CNAME: 60cc7fbc-0647-4873-832c-bd9691747de8._msdcs.domain.com
Alias: serversd1.student.domain.com
Glue: 10.2.100.20

CNAME: 1acce041-f8b2-493b-ae41-ebb9690b450d._msdcs.domain.com
Alias: serverdc2.domain.com
Glue: 10.2.100.152

CNAME: bd229cd5-391b-438d-b77c-5d9215cc9d27._msdcs.domain.com
Alias: serversd2.student.domain.com
Glue: 10.2.192.16


Total number of CNAME records found on this server: 10

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0



--------------------------------------------------------------------------------

DNS server: serverdc1.domain.com
IP Address: 10.2.100.111
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: serverdc1.domain.com
Hostmaster: administrator
Zone serial number: 2001764102
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
serverip3.domain.com Unknown
serverdc2.domain.com Unknown
serverdc1.domain.com Unknown
odysseus.domain.com Unknown
serverip1.domain.com Unknown




Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 46800295-05e5-46f4-aec8-608ab17fbdc9._msdcs.domain.com
Alias: serverdc1.domain.com
Glue: 10.2.100.111

CNAME: 41e643eb-f068-42f7-87ca-75ded01b08f1._msdcs.domain.com
Alias: tony.lib.domain.com
Glue: 10.16.100.2

CNAME: 6b9f72fc-0604-45f8-8f2b-a35befe822e9._msdcs.domain.com
Alias: garfield.lib.domain.com
Glue: 10.16.100.1

CNAME: 9c90b0ba-4863-44d9-abb7-71289c696159._msdcs.domain.com
Alias: serversm2.student.domain.com
Glue: 10.2.100.77

CNAME: ccc12bbf-11e5-4245-8792-3750233a7bc1._msdcs.domain.com
Alias: odysseus.domain.com
Glue: 10.2.100.64

CNAME: f0d25ce2-52c2-4b6f-a228-155dc18234af._msdcs.domain.com
Alias: serverip1.domain.com
Glue: 10.2.100.33

CNAME: 73272b0b-97e3-4fd2-a554-ba403434372e._msdcs.domain.com
Alias: serverip3.domain.com
Glue: 10.2.100.112

CNAME: 60cc7fbc-0647-4873-832c-bd9691747de8._msdcs.domain.com
Alias: serversd1.student.domain.com
Glue: 10.2.100.20

CNAME: 1acce041-f8b2-493b-ae41-ebb9690b450d._msdcs.domain.com
Alias: serverdc2.domain.com
Glue: 10.2.100.152

CNAME: bd229cd5-391b-438d-b77c-5d9215cc9d27._msdcs.domain.com
Alias: serversd2.student.domain.com
Glue: 10.2.192.16


Total number of CNAME records found on this server: 10

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0



--------------------------------------------------------------------------------

DNS server: odysseus.domain.com
IP Address: 10.2.100.64
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: odysseus.domain.com
Hostmaster: administrator
Zone serial number: 2001764103
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
odysseus.domain.com Unknown
serverip1.domain.com Unknown
serverip3.domain.com Unknown
serverdc2.domain.com Unknown
serverdc1.domain.com Unknown




Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 46800295-05e5-46f4-aec8-608ab17fbdc9._msdcs.domain.com
Alias: serverdc1.domain.com
Glue: 10.2.100.111

CNAME: 41e643eb-f068-42f7-87ca-75ded01b08f1._msdcs.domain.com
Alias: tony.lib.domain.com
Glue: 10.16.100.2

CNAME: 6b9f72fc-0604-45f8-8f2b-a35befe822e9._msdcs.domain.com
Alias: garfield.lib.domain.com
Glue: 10.16.100.1

CNAME: 9c90b0ba-4863-44d9-abb7-71289c696159._msdcs.domain.com
Alias: serversm2.student.domain.com
Glue: 10.2.100.77

CNAME: ccc12bbf-11e5-4245-8792-3750233a7bc1._msdcs.domain.com
Alias: odysseus.domain.com
Glue: 10.2.100.64

CNAME: f0d25ce2-52c2-4b6f-a228-155dc18234af._msdcs.domain.com
Alias: serverip1.domain.com
Glue: 10.2.100.33

CNAME: 73272b0b-97e3-4fd2-a554-ba403434372e._msdcs.domain.com
Alias: serverip3.domain.com
Glue: 10.2.100.112

CNAME: 60cc7fbc-0647-4873-832c-bd9691747de8._msdcs.domain.com
Alias: serversd1.student.domain.com
Glue: 10.2.100.20

CNAME: 1acce041-f8b2-493b-ae41-ebb9690b450d._msdcs.domain.com
Alias: serverdc2.domain.com
Glue: 10.2.100.152

CNAME: bd229cd5-391b-438d-b77c-5d9215cc9d27._msdcs.domain.com
Alias: serversd2.student.domain.com
Glue: 10.2.192.16


Total number of CNAME records found on this server: 10

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0



--------------------------------------------------------------------------------

DNS server: serverip1.domain.com
IP Address: 10.2.100.33
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: serverip1.domain.com
Hostmaster: administrator
Zone serial number: 2001764105
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
serverdc1.domain.com Unknown
odysseus.domain.com Unknown
serverip1.domain.com Unknown
serverip3.domain.com Unknown
serverdc2.domain.com Unknown




Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 46800295-05e5-46f4-aec8-608ab17fbdc9._msdcs.domain.com
Alias: serverdc1.domain.com
Glue: 10.2.100.111

CNAME: 41e643eb-f068-42f7-87ca-75ded01b08f1._msdcs.domain.com
Alias: tony.lib.domain.com
Glue: 10.16.100.2

CNAME: 6b9f72fc-0604-45f8-8f2b-a35befe822e9._msdcs.domain.com
Alias: garfield.lib.domain.com
Glue: 10.16.100.1

CNAME: 9c90b0ba-4863-44d9-abb7-71289c696159._msdcs.domain.com
Alias: serversm2.student.domain.com
Glue: 10.2.100.77

CNAME: ccc12bbf-11e5-4245-8792-3750233a7bc1._msdcs.domain.com
Alias: odysseus.domain.com
Glue: 10.2.100.64

CNAME: f0d25ce2-52c2-4b6f-a228-155dc18234af._msdcs.domain.com
Alias: serverip1.domain.com
Glue: 10.2.100.33

CNAME: 73272b0b-97e3-4fd2-a554-ba403434372e._msdcs.domain.com
Alias: serverip3.domain.com
Glue: 10.2.100.112

CNAME: 60cc7fbc-0647-4873-832c-bd9691747de8._msdcs.domain.com
Alias: serversd1.student.domain.com
Glue: 10.2.100.20

CNAME: 1acce041-f8b2-493b-ae41-ebb9690b450d._msdcs.domain.com
Alias: serverdc2.domain.com
Glue: 10.2.100.152

CNAME: bd229cd5-391b-438d-b77c-5d9215cc9d27._msdcs.domain.com
Alias: serversd2.student.domain.com
Glue: 10.2.192.16


Total number of CNAME records found on this server: 10

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0



--------------------------------------------------------------------------------

Notes:
Zone serial numbers were not identical on every DNS server




--------------------------------------------------------------------------------

Legend: warning, error

DNSLint developed by Tim Rains


 

0
 
LVL 29

Expert Comment

by:Rich Weissler
Comment Utility
Zone serial numbers not being identical just tells me you are in a dynamic environment.  
I suspect if you look at the serial numbers on each of your domain controllers, there will be a spread of one or two numbers across them, as they try to keep up with the changes.  I mean, you are already up to Zone serial number: 2001764102.  :-)   And I'm starting to suspect that's it might be related to the Dynamic DNS not being able to delete records fast enough... The test may be timing out before the delete can take effect, 'cause everything other indication we have here is that everything is healthy.  If that is right, I don't think you have much to worry about.  Your DCs might be taxed, but I suspect the deletes are eventually propagating.

Outside of DNS, do you have many messages in the logs about Active Directory not being able to update a record in a timely manner because the server is busy doing other things?
0
 

Author Comment

by:apsutechteam
Comment Utility
No I don't really see any AD or DNS issues of this type in the event logs -- I only see these DNS errors when I run the dcdiag test:dns specifically.  I'm preparing to move roles and proceed with domain update, and I'm trying to go slow and sure -- so I was running tests.  So you seem to think that I'm okay to switch to new DNS server and transfer roles over to this DC?

0
 
LVL 29

Expert Comment

by:Rich Weissler
Comment Utility
Yes, I think you're okay.  I'll be curious to hear if the dynamic delete issue goes away after you upgrade.
0
 

Author Closing Comment

by:apsutechteam
Comment Utility
Thanks.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Suggested Solutions

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now