Solved

DNS is missing _msdcs folder under the domain within Forward lookup zone on Server 2003 standard SP2

Posted on 2012-03-29
20
4,133 Views
Last Modified: 2016-09-08
Hello Experts!

I've inherited the following situation: Two domains with a trust between them, one DC for each domain, both DC are Windows Server 2003 Standard SP2. The previous sysadmin tried to migrate one of the DC's to Server 2008 R2 but had many issues after and none of the hosts could find the global catalog\name server\domain controller. I am very comfortable when it comes to adprep, dcpromo, transferring FSMO roles, etc and don't usually have issues with that. However that all went fine supposedly for the previous guy who tried this migration. Supposedly it was DNS that broke things.

All the DNS I've managed in the past has had a gray color "_msdcs" folder underneath the domain zone. However neither of these 2 DNS servers (1 in each domain) have this.

ABC.Domain1. has the "_msdcs.ABC.Domain1" folder under the forward lookup zone, and no _.msdcs folder under the domain zone.

XYZ.Domain2.local. has the "_msdcs" folder under the domain zone (but it's not gray) and does not have a "_msdcs.XYZ.Domain2.local" folder at all.

Please advise what they SHOULD look like, and how to correct them.
ABC.Domain1.png
XYZ.Domain2.local.png
0
Comment
Question by:EndTheFed
  • 9
  • 4
  • 3
  • +3
20 Comments
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 37783353
0
 

Author Comment

by:EndTheFed
ID: 37783478
I did read through that documentation. Thank you for the refresher. However I do understand how DNS works and integrates with AD. I've setup and customized DNS within Windows 2003 many times. My question is why these servers are not configured the way I've always seen them in the past in regards to the _msdcs folders and how to fix it. Here is a picture of a different site I manage which looks normal to me.
normal-example.png
0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 37783540
You're on target with your example of what a "healthy" AD DNS looks like...

Have you looked at this...?

http://www.bhcblog.com/2009/04/23/fixing-active-directory-dns-_msdcs-_sites-_tcp-_udp/
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 37783637
have you tried removing the DNS Server on one of the 2008 boxes and putting it back in as AD-intagrated?
0
 

Author Comment

by:EndTheFed
ID: 37783643
I tried following those directions (already had support tools installed), but unfortunately it did not change anything on either server. They still look identical to the screenshots. :(
0
 

Author Comment

by:EndTheFed
ID: 37783662
The one 2008 R2 box I have does not have AD or DNS on it. It was completely backed out by the previous sysadmin. It is not listed as a NS in any of the DNS. I need to get my DNS cleaned up before I attempt the previously failed migration to 2k8 again.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 37783668
Having _msdcs as a subfolder of your "domain.com" forward lookup zone (FLZ), or as a separate FLZ are both valid configurations.  If your domain was upgraded from Win2K you'll likely see it as a subfolder.  By default for a new domain created on Win2K3 or later, _msdcs will be created as a separate FLZ, with its replication set to "All DNS servers in this Forest", and there will be a delegation created under your "domain.com" FLZ (this is the grayed out icon).

I prefer having it as a separate zone.  To create it as such, you can delete the subfolder called _msdcs of your domain.com FLZ, then create a new FLZ named "_msdcs.<yourdomain.com>".  Select your domain.com FLZ, and create a new delegation, enter "_msdcs" and the IPs of your DNS servers.  Then restart the netlogon service and the records will auto-populate into the _msdcs zone.

Here's a link that provides some more background info.
http://support.microsoft.com/kb/817470
0
 

Author Comment

by:EndTheFed
ID: 37783734
footech

Hmmm.. I've never heard before that having the _msdcs in either of those 2 locations is a valid config. I'm accustomed to seeing it in both locations.

Although I admit between the two, the ABC.Domain1. looks much better since the _msdcs folder looks complete and is not missing any records (has a CNAME, NS, and SOA). The one that really scares me is the XYZ.Domain2.local. which as you can see in the _msdcs folder it only has a CNAME record and no SOA or NS records. That doesn't seem right at all.
0
 

Author Comment

by:EndTheFed
ID: 37783778
I did a dcdiag /test:DNS on both servers, see pics for results.
ABC.Domain1.dcdiag-DNS-test.png
XYZ.Domain2.local.dcdiag-DNS-tes.png
0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 37783791
So... what is the current error condition in your network?  Are we troubleshooting the way the DNS "looks" - or is something actually failing at present?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:EndTheFed
ID: 37783808
The error condition is that migrating the 2003 DC to a 2008 DC failed (not during the transition, that went smoothly), but none of the hosts could find the NS\DC. I don't want to attempt this migration until I know the DNS is ok. Just trying to rule out that my DNS isn't causing the issue. I will try as footech suggested and delete it and recreate it in the FLZ, at least that way the DNS between the domains will have a consistent setup.
0
 

Author Comment

by:EndTheFed
ID: 37783895
If one of my domains is SQ.SpeedyQuote.  that's not a single label domain right? It's not SQ.SpeedyQuote.local.  just SQ.SpeedyQuote.  Single label is a domain with no period?
0
 
LVL 39

Assisted Solution

by:footech
footech earned 500 total points
ID: 37784213
I don't have a DNS setup configured with _msdcs as a subfolder to look at, but I think what you're seeing in both cases is normal.  For the ABC domain, _msdcs is a zone, and so needs to be configured with NS and SOA records.  For the XYZ domain, _msdcs is a subfolder, and so uses the NS and SOA records of its parent.

I've never used single-label domains, but the way I understand it is that "SpeedyQuote" is a single-label, but "SQ.SpeedyQuote" is not.  Just has a very weird top-level domain name.  In this case I would assume that the NetBIOS domain name would be "SQ".

If the upgrade was attempted on the ABC network, it wouldn't surprise me if that one failed since it's missing the delegation.
0
 

Author Comment

by:EndTheFed
ID: 37784618
THANK YOU!!! This was exactly what I needed. And yes footech, the upgrade was attempted on the ABC network. I read many other peoples questions about this on EE and the rest of the web and nearly every answer had the steps to delete the _msdcs folder and recreate it under the FLZ, stop/start the netlogon, as well as ipconfig /flushdns ipconfig /registerdns, netdiag /fix, etc to let it regenerate the records. However I didn't read any that mentioned the "create new delegation" step, which is what I needed. (It also fixed the XYZ network, i just didnt include pics).
ABC.Domain1-Before.png
ABC.Domain1-After.png
0
 

Author Closing Comment

by:EndTheFed
ID: 37784621
I hope other people who have this issue find this question and answer!
0
 
LVL 39

Expert Comment

by:footech
ID: 37784709
Excellent!  Glad it's working for you now.
0
 

Expert Comment

by:jahatcher
ID: 39806811
I have a similiar issue but my issue is that

under "Mydomain"

the "domainsdnszones" and the "forestdnszones" folders are missing

I can create the deligation but they remain gray.

our domain was upgrade from 2000 to 2003 and now its all 2008 r2 controllers.

any insight would be greatly helpful..
0
 
LVL 39

Expert Comment

by:footech
ID: 39806990
Sounds like a different situation.
Please start a new question to get help.
0
 

Expert Comment

by:Fred Chafwa
ID: 41790651
under  DNS (dnsmgmt.msc) under Forward Lookup Zones I i can only see one  zones that is domain.local. Am missing the AD integrated DNS  listed below
_msdcs.domain.local

The zone is missing from all integrated dns

Please advise what they SHOULD look like, and how to correct them.
0
 

Expert Comment

by:Fred Chafwa
ID: 41790657
Am using windows server 2008 R2
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now