troubleshooting Question

Server 2008 AD best practice analyzer - A/AAA records - GC records

Avatar of looops
looops asked on
DatabasesWindows Server 2008
16 Comments1 Solution4538 ViewsLast Modified:

Hi experts.

I have two DCs on the domain.local  - AD1.domain.local and AD2.domain.local.

I should add that for redundancy AD1 and AD2 are physically in the same rack but connected to two different sites / subnets.  
IPs 10.195.25.50/255.255.255.0 and 10.195.24.51 /255.255.255.0  with routing between the subnets via their respective default gateways.  The routing works fine.

DCDIAG on both boxes reports no problems except a couple of dupe IPs somewhere on the network but should impact this particular issue.

Running the best practice analyzer on AD1 I had the errors below which I corrected using the info supplied and technet  http://technet.microsoft.com/en-us/library/dd378840%28WS.10%29.aspx

1st Issue:
The "LdapIpAddress" DNS (A/AAAA) resource records that advertise this domain controller as an available LDAP server in the domain and point to its IPv4 or IPv6 addresses are not registered. All writeable domain controllers in the domain (but not read-only domain controllers (RODCs)) must register these records.

~
Verify that the host (A/AAAA) resource records "domain.local", pointing to the local computer's IP addresses, are registered in DNS.

AND

2nd Issue:
The "GcIpAddress" DNS host (A/AAAA) resource records that advertise this domain controller as a global catalog server for the forest and point to its IPv4 or IPv6 addresses are not registered. All global catalogs (but not read-only global catalogs) in the forest must register these records.

~
Verify that the DNS service (SRV) resource record "gc._msdcs.apollo.local", pointing to the local domain controller "AD2.apollo.local", is registered in DNS.

I corrected these and further scans reveal all is OK.  
I then ran the BPA on AD2 and got the same errors but the records it's telling me to create are already there from the AD1 process above.   I've tried adding the A records anyway and nslookups give a round-robin random reply.   But re-running the BPA gives the same errors.
I should add that for redundancy AD1 and AD2 are physically in the same rack but connected to two different sites / subnets.  IPs 10.195.25.50 and 10.195.24.51 /255.255.255.0  with routing between the subnets via their respective default gateways.

I've updated the BPAs for 2008 R2 to the latest.
I used a MS hotfix for a DCDIAG error when AD2 couldn't see AD1 across the subnet,  The hotfix worked fine.

Thanks for any advice.
Paul.





Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 16 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 16 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros