SigSupport
asked on
Win2003 dns domain error dnsHostName not found
Hi,
Following an unsuccessful demotion of one of my AD I still have an error message. Failed to get Default-First-Site-Name site information in teknor.com. Property "dnsHostName" not found.
Following an unsuccessful demotion of one of my AD I still have an error message. Failed to get Default-First-Site-Name site information in teknor.com. Property "dnsHostName" not found.
Hi,
Step 1:
First make sure, you have done MDC - Meta data cleanup process.
Refer:
http://support.microsoft.com/kb/216498
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Step 2:
Run netdiag command and check for the errors.
Step 3:
run netdiag /fix.
It will rebuild the DNS architecture as per sites and services.
Any issue, let us know.
Regards,
Prem
Step 1:
First make sure, you have done MDC - Meta data cleanup process.
Refer:
http://support.microsoft.com/kb/216498
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Step 2:
Run netdiag command and check for the errors.
Step 3:
run netdiag /fix.
It will rebuild the DNS architecture as per sites and services.
Any issue, let us know.
Regards,
Prem
Make sure your FSMO holder is up and running, you can verify by giving below command on any server on network
start>run>cmd>netdom /qury fsmo
check your replication status
start>run>cmd>repadmin /show repl
take your current active DC backup and do followings.
Open DNS Console and take properties> delete all old DC server records from dns..
Open AD>Go to DC ou, Check if old DC exist> delete old dc record.
restart any Dc is your network,,, wait for sometime till replication finish...
start>run>cmd>netdom /qury fsmo
check your replication status
start>run>cmd>repadmin /show repl
take your current active DC backup and do followings.
Open DNS Console and take properties> delete all old DC server records from dns..
Open AD>Go to DC ou, Check if old DC exist> delete old dc record.
restart any Dc is your network,,, wait for sometime till replication finish...
erm...where do you get this error message?
ASKER
Hi dvt-localboy,
I have installed a tool from Quest/ScriptLogic called Active Administration and in it's reports I get the error I have included it as a print screen
I need to clarify also one point, the DC that failed during the demotion is still a domain controller, it was not removed. I just remoted the DNS role and re install it so now it is a fully functional DC again, BUT I still see that error message. And my goal is still to demote it cleanly tonight.
tx!
Here's what I found on Quest's sites but the problem is that it applies when the DC is not a DC anymore which is not my case.
CAUSE:
When a domain controller in Active Directory is demoted or promoted and the process fails (the reasons for your failure are outside the scope of this article), you may be left with remains of the domain controller object and some of its attributes/metadata in Active Directory. One such remnant may be a member server, once demoted, remaining in AD Sites and Services as a Domain Controller. Examine your Server containers in all Sites to locate a computer account that is no longer a domain controller. Once this computer account is identified in AD Sites and Services, examine the computer Attribute dnsHostName and its value using ADSIEdit.msc. The Distinguish path for this object/attribute in Active Directory is as follows:
Sites and Services located in:
CN=Servers,CN=Site-Name,CN
[image]
RESOLUTION:
Non domain controller computer accounts should not be in any server container within AD Sites and Services, and need to be removed. Consult Microsoft best practice guidelines to properly remove the Domain Controller metadata from Active Directory.
I have installed a tool from Quest/ScriptLogic called Active Administration and in it's reports I get the error I have included it as a print screen
I need to clarify also one point, the DC that failed during the demotion is still a domain controller, it was not removed. I just remoted the DNS role and re install it so now it is a fully functional DC again, BUT I still see that error message. And my goal is still to demote it cleanly tonight.
tx!
Here's what I found on Quest's sites but the problem is that it applies when the DC is not a DC anymore which is not my case.
CAUSE:
When a domain controller in Active Directory is demoted or promoted and the process fails (the reasons for your failure are outside the scope of this article), you may be left with remains of the domain controller object and some of its attributes/metadata in Active Directory. One such remnant may be a member server, once demoted, remaining in AD Sites and Services as a Domain Controller. Examine your Server containers in all Sites to locate a computer account that is no longer a domain controller. Once this computer account is identified in AD Sites and Services, examine the computer Attribute dnsHostName and its value using ADSIEdit.msc. The Distinguish path for this object/attribute in Active Directory is as follows:
Sites and Services located in:
CN=Servers,CN=Site-Name,CN
[image]
RESOLUTION:
Non domain controller computer accounts should not be in any server container within AD Sites and Services, and need to be removed. Consult Microsoft best practice guidelines to properly remove the Domain Controller metadata from Active Directory.
I'm not familiar with that tool, but it could just be that the AD database has an entry for a server that no longer has a DNS record.
I'd suggest you check out the links that premglitz posted.
It's a simple way of cleaning up failed/tombstoned/deleted Domain Controllers.
Then run your standard AD diagnostic tool, dcdiag on each server.
It should be able to tell if you have any errors.
Run it on each DC to check for errors and look for any tests that failed.
I'd suggest you check out the links that premglitz posted.
It's a simple way of cleaning up failed/tombstoned/deleted Domain Controllers.
Then run your standard AD diagnostic tool, dcdiag on each server.
It should be able to tell if you have any errors.
Run it on each DC to check for errors and look for any tests that failed.
ASKER
I tried a couple of test listed below and none found an error. But If I tweak the dcdiag test to included the /dns I have errors on Capri which I don't understand and roma the server that add a demotion remotion problem no errors?? Here they are
U:\>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SS
Starting test: Connectivity
......................... SSCAPRI passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SS
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : teknor
Running enterprise tests on : teknor.com
Starting test: DNS
Test results for domain controllers:
DC: SSCAPRI.teknor.com
Domain: teknor.com
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 206.47.199.155 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 209.226.175.141 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 8.8.4.4 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 8.8.8.8 (<name unavailable>)
Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server: c.root-servers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server: d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server: e.root-servers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server: f.root-servers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server: j.root-servers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server: k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server: m.root-servers.net. (202.12.27.33)
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure teknor.com.
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 8.8.8.8 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8
DNS server: 8.8.4.4 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.4.4
DNS server: 209.226.175.141 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 209.226.175.141
DNS server: 206.47.199.155 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 206.47.199.155
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: teknor.com
SSCAPRI PASS PASS FAIL PASS WARN PASS n/a
......................... teknor.com failed test DNS
**************************
And heres for roma
U:\>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SS
Starting test: Connectivity
......................... SSROMA passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SS
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : teknor
Running enterprise tests on : teknor.com
Starting test: DNS
Test results for domain controllers:
DC: ssroma.teknor.com
Domain: teknor.com
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure teknor.com.
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: teknor.com
ssroma PASS PASS PASS PASS WARN PASS n/a
......................... teknor.com passed test DNS
U:\>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SS
Starting test: Connectivity
......................... SSCAPRI passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SS
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : teknor
Running enterprise tests on : teknor.com
Starting test: DNS
Test results for domain controllers:
DC: SSCAPRI.teknor.com
Domain: teknor.com
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 206.47.199.155 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 209.226.175.141 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 8.8.4.4 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 8.8.8.8 (<name unavailable>)
Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server: c.root-servers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server: d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server: e.root-servers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server: f.root-servers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server: j.root-servers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server: k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server: m.root-servers.net. (202.12.27.33)
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure teknor.com.
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 8.8.8.8 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8
DNS server: 8.8.4.4 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.4.4
DNS server: 209.226.175.141 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 209.226.175.141
DNS server: 206.47.199.155 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 206.47.199.155
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: teknor.com
SSCAPRI PASS PASS FAIL PASS WARN PASS n/a
......................... teknor.com failed test DNS
**************************
And heres for roma
U:\>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SS
Starting test: Connectivity
......................... SSROMA passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SS
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : teknor
Running enterprise tests on : teknor.com
Starting test: DNS
Test results for domain controllers:
DC: ssroma.teknor.com
Domain: teknor.com
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure teknor.com.
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: teknor.com
ssroma PASS PASS PASS PASS WARN PASS n/a
......................... teknor.com passed test DNS
Just run the "DCDIAG /V" test.
Check the DNS Settings on the network card and specify the correct IP address for the DNS servers.
Don't use the 127.0.0.1 address while we're testing.
Check the DNS Settings on the network card and specify the correct IP address for the DNS servers.
Don't use the 127.0.0.1 address while we're testing.
ASKER
You didn't remove the failed DC yet, AD still has references to a 3rd DC.
Look at the top of yor DCDIAG results:
We cannot move further while the failed DC is still registered in AD.
Please follow the instructions for deleting a failed DC as posted earlier...
You can confirm the names of all the DC's registered in AD by running
Look at the top of yor DCDIAG results:
* Found 3 DC(s). Testing 1 of them.
We cannot move further while the failed DC is still registered in AD.
Please follow the instructions for deleting a failed DC as posted earlier...
You can confirm the names of all the DC's registered in AD by running
nltest /dclist:teknor.comASKER
There is no failed DC, that's my point.
I have 3 DC's and all 3 works!
I fixed all errors on the dc that failed the demotion, then I try to demote them again and it worked perfectly. I then re-dcpro it and it worked like a charm. It's AD is sound, it's DNS and it's NTP.
But I still have the problem.
I have 3 DC's and all 3 works!
I fixed all errors on the dc that failed the demotion, then I try to demote them again and it worked perfectly. I then re-dcpro it and it worked like a charm. It's AD is sound, it's DNS and it's NTP.
But I still have the problem.
Hi,
Check any error occurs for below command
netdiag
If it occurs....
nest run
netdiag /fix
After replication, then try to run netdiag and look for the output...
Regards,
Prem
Check any error occurs for below command
netdiag
If it occurs....
nest run
netdiag /fix
After replication, then try to run netdiag and look for the output...
Regards,
Prem
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
DrDave242
Weird, when I did the adsiedit.msc procedure you said, I see 4 servers! and the 4th one is my exchange server?? I have 2 both only this one is showing there I don't know why. That by it-self raises questions.
And the only one in the 4 where dNSHostName was not set was that Exchange server!
So what should I do, find out why it is listed there and maybe remove it since it is not a DC or not even a DNS server, or add the dNSHostName values in there.
I want to make sure I do not impact anything, expecially our Exchange server.
Weird, when I did the adsiedit.msc procedure you said, I see 4 servers! and the 4th one is my exchange server?? I have 2 both only this one is showing there I don't know why. That by it-self raises questions.
And the only one in the 4 where dNSHostName was not set was that Exchange server!
So what should I do, find out why it is listed there and maybe remove it since it is not a DC or not even a DNS server, or add the dNSHostName values in there.
I want to make sure I do not impact anything, expecially our Exchange server.
Go ahead and add the dNSHostName attribute to the Exchange server's object; you won't be putting anything at risk by doing that, and if everything works at that point, you're good to go! Does that Exchange server show up in AD Sites & Services? That would explain why it's there in ADSIEdit too.
ASKER
It works!
Thanks
Thanks
- Do a Full System State Backup
- open adsiedit.msc and search for the name of the orphaned DC and delete all references
- Reboot and Retry.
Shrek