Avatar of SigSupport
SigSupport asked on

Win2003 dns domain error dnsHostName not found

Hi,
Following an unsuccessful  demotion of one of my AD I still have an error message.  Failed to get Default-First-Site-Name site information in teknor.com. Property "dnsHostName" not found.
Windows Server 2003Active DirectoryDNS

Avatar of undefined
Last Comment
SigSupport

8/22/2022 - Mon
IT-Shrek

Hi,

- Do a Full System State Backup
- open adsiedit.msc and search for the name of the orphaned DC and delete all references
- Reboot and Retry.

Shrek
Premkumar Yogeswaran

Hi,

Step 1:
First make sure, you have done MDC - Meta data cleanup process.
Refer:
http://support.microsoft.com/kb/216498
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Step 2:
Run netdiag command and check for the errors.

Step 3:
run netdiag /fix.
It will rebuild the DNS architecture as per sites and services.

Any issue, let us know.

Regards,
Prem
Syed_M_Usman

Make sure your FSMO holder is up and running, you can verify by giving below command on any server on network

start>run>cmd>netdom /qury fsmo

check your replication status

start>run>cmd>repadmin /show repl


take your current active DC backup and do followings.

Open DNS Console and take properties> delete all old DC server records from dns..
Open AD>Go to DC ou, Check if old DC exist> delete old dc record.
restart any Dc is your network,,, wait for sometime till replication finish...
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Leon Fester

erm...where do you get this error message?
ASKER
SigSupport

Hi dvt-localboy,
I have installed a tool from Quest/ScriptLogic called Active Administration and in it's reports I get the error I have included it as a print screen

I need to clarify also one point, the DC that failed during the demotion is still a domain controller, it was not removed. I just remoted the DNS role and re install it so now it is a fully functional DC again, BUT I still see that error message. And my goal is still to demote it cleanly tonight.
tx!

Dns error message
Here's what I found on Quest's sites but the problem is that it applies when the DC is not a DC anymore which is not my case.
CAUSE:

When a domain controller in Active Directory is demoted or promoted and the process fails (the reasons for your failure are outside the scope of this article), you may be left with remains of the domain controller object and some of its attributes/metadata in Active Directory. One such remnant may be a member server, once demoted, remaining in AD Sites and Services as a Domain Controller. Examine your Server containers in all Sites to locate a computer account that is no longer a domain controller. Once this computer account is identified in AD Sites and Services, examine the computer Attribute dnsHostName and its value using ADSIEdit.msc. The Distinguish path for this object/attribute in Active Directory is as follows:

Sites and Services located in:

CN=Servers,CN=Site-Name,CN=Sites,CN=Configuration,DC=DomainName,DC=Suffix there is not dnsHostName Attribute value:

[image]

 

RESOLUTION:

Non domain controller computer accounts should not be in any server container within AD Sites and Services, and need to be removed. Consult Microsoft best practice guidelines to properly remove the Domain Controller metadata from Active Directory.
Leon Fester

I'm not familiar with that tool, but it could just be that the AD database has an entry for a server that no longer has a DNS record.

I'd suggest you check out the links that premglitz posted.
It's a simple way of cleaning up failed/tombstoned/deleted Domain Controllers.

Then run your standard AD diagnostic tool, dcdiag on each server.
It should be able to tell if you have any errors.
Run it on each DC to check for errors and look for any tests that failed.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
SigSupport

I tried a couple of test listed below and none found an error. But If I tweak the dcdiag test to included the /dns I have errors on Capri which I don't understand and roma the server that add a demotion remotion problem no errors?? Here they are
U:\>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SSCAPRI
      Starting test: Connectivity
         ......................... SSCAPRI passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SSCAPRI

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : teknor

   Running enterprise tests on : teknor.com
      Starting test: DNS
         Test results for domain controllers:

            DC: SSCAPRI.teknor.com
            Domain: teknor.com


               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 206.47.199.155 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 209.226.175.141 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 8.8.4.4 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 8.8.8.8 (<name unavailable>)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
                  Error: Root hints list has invalid root hint server: c.root-servers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-servers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-servers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-servers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server: m.root-servers.net. (202.12.27.33)

               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure teknor.com.

         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 8.8.8.8 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8

            DNS server: 8.8.4.4 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.4.4

            DNS server: 209.226.175.141 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 209.226.175.141

            DNS server: 206.47.199.155 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 206.47.199.155

            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33

            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4

            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12

            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129

            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30

            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241

            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17

            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12

            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10

            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4

            DNS server: 128.9.0.107 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: teknor.com
               SSCAPRI                      PASS PASS FAIL PASS WARN PASS n/a

         ......................... teknor.com failed test DNS


*****************************************
And heres for roma
U:\>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SSROMA
      Starting test: Connectivity
         ......................... SSROMA passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SSROMA

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : teknor

   Running enterprise tests on : teknor.com
      Starting test: DNS
         Test results for domain controllers:

            DC: ssroma.teknor.com
            Domain: teknor.com


               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure teknor.com.

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: teknor.com
               ssroma                       PASS PASS PASS PASS WARN PASS n/a

         ......................... teknor.com passed test DNS
Leon Fester

Just run the "DCDIAG /V" test.

Check the DNS Settings on the network card and specify the correct IP address for the DNS servers.
Don't use the 127.0.0.1 address while we're testing.
ASKER
SigSupport

When I do that I don't see any errors. I have attached both results.
dcdiagrroma.txt
dcdiag.txt
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Leon Fester

You didn't remove the failed DC yet, AD still has references to a 3rd DC.
Look at the top of yor DCDIAG results:
  * Found 3 DC(s). Testing 1 of them.

We cannot move further while the failed DC is still registered in AD.
Please follow the instructions for deleting a failed DC as posted earlier...

You can confirm the names of all the DC's registered in AD by running
nltest /dclist:teknor.com

Open in new window

ASKER
SigSupport

There is no failed DC, that's my point.
I have 3 DC's and all 3 works!
I fixed all errors on the dc that failed the demotion, then I try to demote them again and it worked perfectly. I then re-dcpro it and it worked like a charm. It's AD is sound, it's DNS and it's NTP.
But I still have the problem.
Premkumar Yogeswaran

Hi,

Check any error occurs for below command

netdiag

If it occurs....
nest run

netdiag /fix

After replication, then try to run netdiag and look for the output...

Regards,
Prem
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
DrDave242

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
SigSupport

DrDave242
Weird, when I did the adsiedit.msc procedure you said, I see 4 servers! and the 4th one is my exchange server?? I have 2 both only this one is showing there I don't know why. That by it-self raises questions.
And the only one in the 4 where dNSHostName was not set was that Exchange server!
So what should I do, find out why it is listed there and maybe remove it since it is not a DC or not even a DNS server, or add the dNSHostName values in there.
I want to make sure I do not impact anything, expecially our Exchange server.
DrDave242

Go ahead and add the dNSHostName attribute to the Exchange server's object; you won't be putting anything at risk by doing that, and if everything works at that point, you're good to go!  Does that Exchange server show up in AD Sites & Services?  That would explain why it's there in ADSIEdit too.
ASKER
SigSupport

It works!
Thanks
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck