Solved

Win2003 dns domain error dnsHostName not found

Posted on 2012-03-19
16
1,003 Views
Last Modified: 2012-04-13
Hi,
Following an unsuccessful  demotion of one of my AD I still have an error message.  Failed to get Default-First-Site-Name site information in teknor.com. Property "dnsHostName" not found.
0
Comment
Question by:SigSupport
  • 6
  • 4
  • 2
  • +3
16 Comments
 
LVL 3

Expert Comment

by:IT-Shrek
ID: 37739636
Hi,

- Do a Full System State Backup
- open adsiedit.msc and search for the name of the orphaned DC and delete all references
- Reboot and Retry.

Shrek
0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 37740525
Hi,

Step 1:
First make sure, you have done MDC - Meta data cleanup process.
Refer:
http://support.microsoft.com/kb/216498
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Step 2:
Run netdiag command and check for the errors.

Step 3:
run netdiag /fix.
It will rebuild the DNS architecture as per sites and services.

Any issue, let us know.

Regards,
Prem
0
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 37740883
Make sure your FSMO holder is up and running, you can verify by giving below command on any server on network

start>run>cmd>netdom /qury fsmo

check your replication status

start>run>cmd>repadmin /show repl


take your current active DC backup and do followings.

Open DNS Console and take properties> delete all old DC server records from dns..
Open AD>Go to DC ou, Check if old DC exist> delete old dc record.
restart any Dc is your network,,, wait for sometime till replication finish...
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37741390
erm...where do you get this error message?
0
 

Author Comment

by:SigSupport
ID: 37756856
Hi dvt-localboy,
I have installed a tool from Quest/ScriptLogic called Active Administration and in it's reports I get the error I have included it as a print screen

I need to clarify also one point, the DC that failed during the demotion is still a domain controller, it was not removed. I just remoted the DNS role and re install it so now it is a fully functional DC again, BUT I still see that error message. And my goal is still to demote it cleanly tonight.
tx!

Dns error message
Here's what I found on Quest's sites but the problem is that it applies when the DC is not a DC anymore which is not my case.
CAUSE:

When a domain controller in Active Directory is demoted or promoted and the process fails (the reasons for your failure are outside the scope of this article), you may be left with remains of the domain controller object and some of its attributes/metadata in Active Directory. One such remnant may be a member server, once demoted, remaining in AD Sites and Services as a Domain Controller. Examine your Server containers in all Sites to locate a computer account that is no longer a domain controller. Once this computer account is identified in AD Sites and Services, examine the computer Attribute dnsHostName and its value using ADSIEdit.msc. The Distinguish path for this object/attribute in Active Directory is as follows:

Sites and Services located in:

CN=Servers,CN=Site-Name,CN=Sites,CN=Configuration,DC=DomainName,DC=Suffix there is not dnsHostName Attribute value:

[image]

 

RESOLUTION:

Non domain controller computer accounts should not be in any server container within AD Sites and Services, and need to be removed. Consult Microsoft best practice guidelines to properly remove the Domain Controller metadata from Active Directory.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37756923
I'm not familiar with that tool, but it could just be that the AD database has an entry for a server that no longer has a DNS record.

I'd suggest you check out the links that premglitz posted.
It's a simple way of cleaning up failed/tombstoned/deleted Domain Controllers.

Then run your standard AD diagnostic tool, dcdiag on each server.
It should be able to tell if you have any errors.
Run it on each DC to check for errors and look for any tests that failed.
0
 

Author Comment

by:SigSupport
ID: 37757072
I tried a couple of test listed below and none found an error. But If I tweak the dcdiag test to included the /dns I have errors on Capri which I don't understand and roma the server that add a demotion remotion problem no errors?? Here they are
U:\>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SSCAPRI
      Starting test: Connectivity
         ......................... SSCAPRI passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SSCAPRI

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : teknor

   Running enterprise tests on : teknor.com
      Starting test: DNS
         Test results for domain controllers:

            DC: SSCAPRI.teknor.com
            Domain: teknor.com


               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 206.47.199.155 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 209.226.175.141 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 8.8.4.4 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 8.8.8.8 (<name unavailable>)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
                  Error: Root hints list has invalid root hint server: c.root-servers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-servers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-servers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-servers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server: m.root-servers.net. (202.12.27.33)

               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure teknor.com.

         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 8.8.8.8 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8

            DNS server: 8.8.4.4 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.4.4

            DNS server: 209.226.175.141 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 209.226.175.141

            DNS server: 206.47.199.155 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 206.47.199.155

            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33

            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4

            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12

            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129

            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30

            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241

            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17

            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12

            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10

            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4

            DNS server: 128.9.0.107 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: teknor.com
               SSCAPRI                      PASS PASS FAIL PASS WARN PASS n/a

         ......................... teknor.com failed test DNS


*****************************************
And heres for roma
U:\>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SSROMA
      Starting test: Connectivity
         ......................... SSROMA passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SSROMA

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : teknor

   Running enterprise tests on : teknor.com
      Starting test: DNS
         Test results for domain controllers:

            DC: ssroma.teknor.com
            Domain: teknor.com


               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure teknor.com.

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: teknor.com
               ssroma                       PASS PASS PASS PASS WARN PASS n/a

         ......................... teknor.com passed test DNS
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37757249
Just run the "DCDIAG /V" test.

Check the DNS Settings on the network card and specify the correct IP address for the DNS servers.
Don't use the 127.0.0.1 address while we're testing.
0
 

Author Comment

by:SigSupport
ID: 37758218
When I do that I don't see any errors. I have attached both results.
dcdiagrroma.txt
dcdiag.txt
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37760393
You didn't remove the failed DC yet, AD still has references to a 3rd DC.
Look at the top of yor DCDIAG results:
  * Found 3 DC(s). Testing 1 of them.

We cannot move further while the failed DC is still registered in AD.
Please follow the instructions for deleting a failed DC as posted earlier...

You can confirm the names of all the DC's registered in AD by running
nltest /dclist:teknor.com

Open in new window

0
 

Author Comment

by:SigSupport
ID: 37767903
There is no failed DC, that's my point.
I have 3 DC's and all 3 works!
I fixed all errors on the dc that failed the demotion, then I try to demote them again and it worked perfectly. I then re-dcpro it and it worked like a charm. It's AD is sound, it's DNS and it's NTP.
But I still have the problem.
0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 37776810
Hi,

Check any error occurs for below command

netdiag

If it occurs....
nest run

netdiag /fix

After replication, then try to run netdiag and look for the output...

Regards,
Prem
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 37796751
Run adsiedit.msc and connect to the Configuration naming context.  Then expand CN=Configuration,DC=domain,DC=suffix > CN=Sites > CN=Default-First-Site-Name.  Click on CN=Servers in the left pane, and the right pane should show you a list of folders corresponding to your DCs.  Right-click each of those folders and select Properties, then check the list of attributes in the properties window and make sure there is a dNSHostName attribute with the correct value (the DNS host name of the server in question).  If that attribute is not set on any of those objects, set it to the correct value and force replication, then run the Quest tool again.
0
 

Author Comment

by:SigSupport
ID: 37839294
DrDave242
Weird, when I did the adsiedit.msc procedure you said, I see 4 servers! and the 4th one is my exchange server?? I have 2 both only this one is showing there I don't know why. That by it-self raises questions.
And the only one in the 4 where dNSHostName was not set was that Exchange server!
So what should I do, find out why it is listed there and maybe remove it since it is not a DC or not even a DNS server, or add the dNSHostName values in there.
I want to make sure I do not impact anything, expecially our Exchange server.
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 37839532
Go ahead and add the dNSHostName attribute to the Exchange server's object; you won't be putting anything at risk by doing that, and if everything works at that point, you're good to go!  Does that Exchange server show up in AD Sites & Services?  That would explain why it's there in ADSIEdit too.
0
 

Author Closing Comment

by:SigSupport
ID: 37842827
It works!
Thanks
0

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now