?
Solved

Active directory locatorcheck failed

Posted on 2012-09-12
4
Medium Priority
?
2,002 Views
Last Modified: 2013-04-03
Hi,

I have a client with Active Directory and 5 sites. The primary site has two DC's. Once dc is the PDC and also holds all other fsmo roles. If we run dcdiag on the PDC or the other DC in the primary site it passes all tests.
If we run dcdiag on any DC in the other sites they pass all tests except for locatorcheck.
Replication occurs between sites so I am hoping somebody can give me some steps to troubleshoot this. I have read that this test is very important as it means the DCs cannot find the FSMO role holders which seems strange considering the DCs pass the roleholders test.
So how important is it?
Any help would be greatly appreciated.
0
Comment
Question by:workingtechnology
  • 2
4 Comments
 
LVL 9

Assisted Solution

by:djsharma
djsharma earned 249 total points
ID: 38393420
Check the DNS settings on your new domain controller, in 2003 and later, you should always point to 127.0.0.1, and then secondary to another domain controller or any other DNS server with that internal DNS zone available. You should then add a "forwarder" to the DNS service itself under the DNS MMC snap-in.
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 501 total points
ID: 38393480
Do not use 127.0.0.1 as primary DNS check below link
http://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx

Check the ports and make sure the DC is GC and KDC is running
0
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 501 total points
ID: 38400415
See below recommendation for DNS Config in env


How we should Configuere DNS on our DC :-->

Every DNS server should Point to its own IP as a primary DNS and DNS located in remote site as a secondary DNS in TCP/IP properties
All the unused NIC's to be disabled
Valid DNS Ip from ISP to be configuered in DNS forwarders Do not configuere local DNS in forwarders
Public DNS IP's Should not be used at any NIC Card except Forwarders
Domain Controllers should not be multi-homed
Running VPN server and RRas server makes the DC multihomed refer http://support.microsoft.com/default.aspx?scid=kb;en-us;272294


If anything above is incorrect please correct it and run "ipconfig /flushdns & ipconfig /registerdns " and restart DNS service using "net stop dns & net start dns"

DNS best practices
http://technet.microsoft.com/en-us/library/cc778439(v=WS.10).aspx

Checklist: Deploying DNS for Active Directory
http://technet.microsoft.com/en-us/library/cc757116(v=ws.10)
0
 
LVL 1

Author Closing Comment

by:workingtechnology
ID: 39046255
We ended up demoting all the branch domain controllers and re doing dc promo. It seems as though the DNS servers were installed after or before dcpromo and it failed to integrate correctly with AD. I will try and assign the point to all as you all attempted something.
Thanks.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question