[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Reverse  lookup zone replication in AD DNS 2003/2008

Posted on 2012-08-28
5
Medium Priority
?
2,034 Views
Last Modified: 2012-08-29
Ok I tried to follow the steps outlined in this MS KB article:
http://support.microsoft.com/kb/817470

I did this to a tea but when I got to the force replication section here is the output I've received:
repadmin /syncall
CALLBACK MESSAGE: Error contacting server 6f5451b9-e3e0-4234-89a1-9a80d67f22e2._msdcs.domain.com (network error): 1722 (0x6ba):
    The RPC server is unavailable.
CALLBACK MESSAGE: SyncAll Finished.

SyncAll reported the following errors:
Error contacting server 6f5451b9-e3e0-4234-89a1-9a80d67f22e2._msdcs.domain.com (network error): 1722 (0x6ba):
    The RPC server is unavailable.

On two of my DC's (A 2003 R2 server and a 2008 R2 server) I also have this message in the event log:
EVENT LOG      DNS Server
EVENT TYPE      Error
SOURCE      DNS
EVENT ID      4010
COMPUTERNAME        DC1
DATE / TIME        8/28/2012 10:10:54 AM
MESSAGE      The DNS server was unable to create a resource record for 93e2366d-d33e-44ea-8f70-d66019ab907c._msdcs.domain.com. in zone domain.com. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.
BINARY DATA        0000: 7B 00 00 00

EVENT LOG      DNS Server
EVENT TYPE      Error
OPCODE      Info
SOURCE      Microsoft-Windows-DNS-Server-Service
EVENT ID      4010
COMPUTERNAME        DC2
DATE / TIME        8/28/2012 10:10:54 AM
MESSAGE      The DNS server was unable to create a resource record for 93e2366d-d33e-44ea-8f70-d66019ab907c._msdcs.domain.com. in zone domain.com. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.
BINARY DATA        0000: 7B 00 00 00

My third 2008 R2 domain at a remote site also never populated it's info in the _msdcs.domain.com forward lookup zone, but my 2 in house DCs DID.

Seems like DNS lookups are still working ok... just a little alarmed at those messages.

Anything I need to look at further?  I have an uneasy feeling when I read those event logs.
0
Comment
Question by:ITdiamond
  • 4
5 Comments
 

Author Comment

by:ITdiamond
ID: 38341228
I would also like to add, though I deleted the _msdcs under the domain forward lookup zones (it was grey and nothing was in it) just like step 12 in the artcle mentions, but eventually my off site DC ended up registering the _msdcs folder under the domain.com forward lookup zones with its information!

The 3rd off site 2008 R2 DC still hasn't put in its information under the root _msdcs.domain.com forward lookup zone.

Also now when I force replication it looks ok between the 2 DC's at the main site.


C:\Documents and Settings\griffinb>repadmin /syncall
CALLBACK MESSAGE: The following replication is in progress:
    From: 6f5451b9-e3e0-4234-89a1-9a80d67f22e2._msdcs.domain.com
    To  : 4b6741d3-487c-4fe0-8d31-6e3720860b78._msdcs.domain.com
CALLBACK MESSAGE: The following replication completed successfully:
    From: 6f5451b9-e3e0-4234-89a1-9a80d67f22e2._msdcs.domain.com
    To  : 4b6741d3-487c-4fe0-8d31-6e3720860b78._msdcs.domain.com
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.
0
 

Author Comment

by:ITdiamond
ID: 38342190
Hmm, it seemed to fix itself after I removed ::1 from the DNS servers address under IPV6 on the local network adapter.

Then restarted the NETLOGON service.

IPCONFIG /flushdns
IPCONGIG /registerdns

Then back at my main site's DC, in Active Directory Users and Computers, force a replication to the DC at the remote site.

Seems like all the proper entries for the remote DC were created under _msdcs.domain.com root.  An hour later I deleted the original lower _msdcs out of the domain.com forward lookup zone heigarchy so it looks like this:
Forward Lookup Zones
  -  _msdcs.domain.com
       - dc
       - domains
       - gc
       - pdc
  -  domain.com
       - _domainkey
       - _sites
       - _tcp
       - _udp
       - DomainDnsZones
       - ForestDnsZones
0
 

Author Comment

by:ITdiamond
ID: 38342214
NEW QUESTION though...

Under REVERSE LOOKUP ZONES...  I have one for each subnet (we have 8 subnets currently)

For example 1.10.in-addr.arpa

For the first four subnets the properties for the REVERSE are AD Integrated but the Replication is "All DNS servers in this domain".  Shouldn't it be "All DNS servers running on domain controllers in this forest?"

Four of them are set to All domain controllers in this domain (for Windows 2000 compatibility).  We don't have any Win 2000 DC's or DNS servers anymore.  SHould I change all of these to "All DNS servers running on domain controllers in this forest" as well?
0
 
LVL 84

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 38344184
For the first four subnets the properties for the REVERSE are AD Integrated but the Replication is "All DNS servers in this domain".  Shouldn't it be "All DNS servers running on domain controllers in this forest?"

If you have more than 1 domain in your forest then you should change it.. otherwise it doesn't really make a difference.
0
 

Author Closing Comment

by:ITdiamond
ID: 38345062
Thanks thats all I needed to know!

I made sure ALL of the reverse zones were stored in Active Directory for the domain.  Any ones that were still stored on individual DC (Win 2000 compatibility) was switched over.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question