Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DCDIAG test fails: Cannot resolve: _msdcs.mydomain.local could not be resolved to an IP address

Posted on 2011-03-31
57
Medium Priority
?
6,463 Views
Last Modified: 2012-05-11
I had a Server 2003 that was the single DC in my domain. I installed a new Server 2008 DC to REPLACE the old one. I basically followed the steps in this post:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_23582347.html?sfQueryTermInfo=1+10+2003+2008+30+domain+migrat+window

After copying all the data over, I shut down the old server (SERVER) and renamed the new server (DC) to SERVER using 'netdom' command.

I am having 'some' networking issues which brought me to run the DCDIAG tests.

Please note that I found 'some' references in DNS to the old-new server name (DC) which I removed.

Please advise!


PS C:\Users\Administrator.CARING> dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = server
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER
      Starting test: Connectivity
         The host 9252c75a-1acd-4fc8-96d3-3668fcf757c8._msdcs.caring.com could not be resolved to an IP address. Check
         the DNS server, DHCP, server name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
         ......................... SERVER failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER
      Skipping all tests, because server SERVER is not responding to directory service requests.


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : caring
      Starting test: CheckSDRefDom
         ......................... caring passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... caring passed test CrossRefValidation

   Running enterprise tests on : caring.com
      Starting test: LocatorCheck
         ......................... caring.com passed test LocatorCheck
      Starting test: Intersite
         ......................... caring.com passed test Intersite
PS C:\Users\Administrator.CARING>


0
Comment
Question by:clesin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 25
  • 25
  • 5
  • +1
57 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35284984
did you demote the old server gracefully before you renamed the new server to the same name as the old one?

You may find the easiest thing to do is to delete the forward lookup zone for your DNS and recreate it.

Check that the server is configured to use 127.0.0.1 for it's only DNS entry unless you have other internal Windows DNS servers, there should be no 3rd party DNS servers listed.
0
 

Author Comment

by:clesin
ID: 35285035
NO. once I finished transferring my data off the old one, I shut it, and 'seized' all the roles. (reason being: just in case something goes wrong, I should still have the option of putting back the old one)

How simple is that? and will I need to disjoin/rejoin all my pc's to the domain?

Its set to the server's IP (192.168.1.100)
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285042
OK, so you haven't performed a METADATA cleanup before you renamed the domain controller to the new name?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:clesin
ID: 35285062
Yes I did.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285068
OK, can you delete the forward lookup zone and recreate it, this will clear out any dross from the old domain controller.

All your clients will re-register themselves.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35285101
Run through a metadata cleanup delete any lingering objects from other DC.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix
0
 

Author Comment

by:clesin
ID: 35285106
Can you please detail the procedure??

And please reassure me that my network want come crashing down if I do this...
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285109
looks like that has already been done dariusg :)
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35285129
Well says Yes I did but in the post describes keeping the old DC in AD just in case which is most likely causing the problem because it was not demoted properly and\or roles were seized.
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 2000 total points
ID: 35285134
in the DNS console, goto Forward Lookup Zones and delete the zone for your internal domain name.

once done, right click and select new zone, select primary, and store in Active Directory, give it the domain name the same as the one you deleted.  Which according to the post above will be "caring.com"

Check th DC is only using 127.0.0.1 for the DNS servers and once you have recreated the zone, run IPCONFIG /REGISTERDNS and restart the NETLOGON service. Then just to make sure run DCDIAG /FIX

this will re-populate all the SRV records for your domain controller.
0
 

Author Comment

by:clesin
ID: 35285181
Question:

Can I name the new zone to be created 'caring.local' to reflect my domain name, or it HAS to be the same as the old one?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285190
you renamed the domain? In that case yes you NEED to have a DNS zone to match.

Sounds to me like you have made a lot of changes and lot's could have gone wrong in between.

Hopefully you are not using Exchange?
0
 

Author Comment

by:clesin
ID: 35285224
No. I did NOT rename the domain. The domain name and the DNS zone never matched..

No. I do not have Exchange running on it - thank g-d..
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285234
That's odd, because DCDIAG seems to indicate it's a .com domain, and you are saying that Windows is saying it's a .local domain?

What does Active Directory Users and Computers say?
0
 

Author Comment

by:clesin
ID: 35285268
Really odd. AD says .com but looking under computer properties it shows .local. and any workstation shows that its connected to .local as well..

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285276
can you post screenshots?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285452
And of Active Directory Users and Computers? And the properties of my computer?
0
 

Author Comment

by:clesin
ID: 35285454
0
 

Author Comment

by:clesin
ID: 35285471
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 2000 total points
ID: 35285503
OK, for a start you need to change the full computer name from caring.local to caring.com in the DNS suffix.

Click Change Settings, then Change and then More.

Make sure it's caring.com instead of .local
0
 

Author Comment

by:clesin
ID: 35285508
And to top things off, I didn't notice that there exists .com AND .local in the domain, so I went ahead and modified some entries in DNS to .local. (from .com.)..
0
 

Author Comment

by:clesin
ID: 35285522
Where should I do it, in DNS?? under which category?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285526
under the properties of My Computer
0
 

Author Comment

by:clesin
ID: 35285554
It wont mess me up, right?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285572
Let me lay it out for you.

Right now, your Domain is not configured correctly, your DC at the moment is looking for itself in servername.domain.local.domain.com (or similar) This is never going to work.

Now I can try and guide you in resolving these issues but you will need to follow only the steps provided.

What do you think? Alternatively give PSS a call and pay their fee to get this resolved.
0
 

Author Comment

by:clesin
ID: 35285595
demazter,

First off: I really appreciate your help!! and please don't let me paranoia in any way make you think that I am questioning you..

I just renamed it and restarting the server.

Whats next?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285603
from a command prompt type the following:

NETDOM QUERY FSMO
NETDOM QUERY DC

Please post the results.
0
 

Author Comment

by:clesin
ID: 35285714
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285726
Great.

Run DCDIAG /FIX > c:\DCDIAG.TXT

Upload the DCDIAG.TXT file please.
0
 

Author Comment

by:clesin
ID: 35285760
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285808
Did you delete and recreate the forward lookup zone as advised earlier? If not, can you do it now please.

Then restart the NETLOGON service, run IPCONFIG /FLUSHDNS

Clear the System event log (and save it when asked) then run the DCDIAG /FIX > C:\DCDIAG.TXT again and upload the text file.
0
 

Author Comment

by:clesin
ID: 35285838
Should I delete both the _msdcs 'and' the caring.com zones?

And what about the Reverse lookup zones?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285863
don't worry about the reverse lokup, but yes delete both the other ones.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35285905
don't recreate the "_msdcs" one though.
0
 

Author Comment

by:clesin
ID: 35285966
0
 

Author Comment

by:clesin
ID: 35286143
demazter,

Are we still on??
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35286159
Can you follow this guide: http://support.microsoft.com/kb/290762

Follow the section under "Authoritative FRS restore"
0
 

Author Comment

by:clesin
ID: 35286205
Is that how all my nodes will populate my DNS zone again?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35286215
they will do that after a reboot, or by running IPCONFIG /REGISTERDNS

What we are trying to do now is fix your SYSVOL.
0
 

Author Comment

by:clesin
ID: 35286315
Done with that and got all the event ID's indicating that it went thru.

What now?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35286366
do you still get the FRS error when you run DCDIAG?
Before you run it this time can you clear the system log, it's throwing a lot of errors that could be old errors.
Make sure you save it first.
0
 

Author Comment

by:clesin
ID: 35286428
There seems to be just one error now.

BTW: the network issues I was having earlier seems to be resolved now..
dcdiag3.txt
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35286527
clesin,

demazter is in a Time Zone which is sending him home/to be around now. :)

Those errors exist when you haven't prepped your schema for a RODC.  You can eliminate them by running:

Adprep /rodcprep

on your DC.

DrUltima
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35286541
...

They can also be safely ignored if you are not going to be using an RODC (read only domain controller).

DrUltima
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35286543
That error I believe is because you didn't run adprep with the /RODC switch

I'd say you were good to go.
0
 

Author Comment

by:clesin
ID: 35286563
Great!! one more question and you're off the hook..

What am I doing with my Reverse Lookup Zone?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35286582
You shouldn't need to do anything, it's based in your IP/subnet so it will get updated :)
0
 

Author Comment

by:clesin
ID: 35286592
Great!!

DEMAZTER: may you be blessed - you saved the day!!
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35286594
clesin,

If I am reading over this Question correctly, it looks like your current Reverse Lookup Zone is missing (having been deleted in the troubleshooting process).  Is this correct?

DrUltima
0
 

Author Comment

by:clesin
ID: 35286606
No. Never deleted it.

Were good now. TY
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35286609
We didn't touch the reverse lookup zone (IIRC?)
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35286654
I am sorry... When I read http:#a35285863 I thought you were advised to delete the reverse lookup zone.... Apparently I need sleep as much as Glen does.
0
 

Author Closing Comment

by:clesin
ID: 35286662
Demazter took a complex problem and had me fix it in a matter of a hour.

Well done!!
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35286665
;) no worries, it happens to the best of us ;)
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35286734
Demazter is a phenomenal technician.  You are in good hands when he is on the job.  Glad you are back up and running.

DrUltima
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35286751
Thanks Justin :)
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question