2008 R2 Domain/ DNS Issues

I have a 2K8R2 domain with two domain controllers.  This domain is trusted with a 2K3 domain with 3 domain controllers.  Each domain has a forward lookup for ther other.  For instance, Domain A has a forward lookup for Domain B, and Domain B has a forward lookup for Domain A.  

One of my 2K8 domain controllers' A record keeps getting dropped out of DNS.  The error I get is below:

Log Name:      System
Source:        NETLOGON
Date:          9/21/2012 12:54:25 PM
Event ID:      5774
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CCA-SCH-AD01
The dynamic registration of the DNS record '_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.CCA.local. 600 IN SRV 0 100 389 CCA-SCH-AD01.CCA.local.' failed on the following DNS server:  

DNS server IP address: ::
Returned Response Code (RCODE): 0
Returned Status Code: 0  

For computers and users to locate this domain controller, this record must be registered in DNS.  

Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
  Or, you can manually add this record to DNS, but it is not recommended.  

Error Value: DNS name does not exist.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="NETLOGON" />
    <EventID Qualifiers="0">5774</EventID>
    <TimeCreated SystemTime="2012-09-21T17:54:25.000000000Z" />
    <Security />
    <Data>_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.CCA.local. 600 IN SRV 0 100 389 CCA-SCH-AD01.CCA.local.</Data>

Also, when I run DCDiag I on the DC I get the following:

Doing initial required tests

   Testing server: Default-First-Site-Name\SCH-AD01
      Starting test: Connectivity
         The host 6661ce89-18d4-4f9e-bb95-b03a6cc3c91a._msdcs.CCA.local could
         not be resolved to an IP address. Check the DNS server, DHCP, server
         name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... SCH-AD01 failed test Connectivity

Any ideas how to fix this?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Justin YeungSenior Systems EngineerCommented:
do you have an A record of the DNS server itself? it looks like it can't resolve your DNS by name.
Earl28Author Commented:
Thats the issue, I put the A record for the server in, and a few hours later it gets taken back out, and these errors show up.  Currently, there is no A record for the server because it was just taken out.  (Taken out by the system, not a person.)
Justin YeungSenior Systems EngineerCommented:
do you have the correct ip/dns on the server itself, what if you do ipconfig /registerdns on the server, does it appear on the DNS with correct A record?

and if you nslookup the server name itself, does it return with correct value?
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Seems DNS misconfig on culprit server
Make sure its pointing to self IP in Preferred DNS server list on NIC card
Earl28Author Commented:
No, i ran:  dcdiag /test:registerindns /dnsdomain:FQDN /v  
and got the following back:

C:\Users\itsdadmin>dcdiag /test:registerindns /dnsdomain:FQDN /v
   Starting test: RegisterInDNS
      This domain controller cannot register domain controller Locator DNS
      records. This is because it cannot locate a DNS server authoritative for
      the zone FQDN. This is due to one of the following:

      1. One or more DNS servers involved in the name resolution of the FQDN
      name are not responding or contain incorrect delegation of the DNS zones;

      2. The DNS server that this computer is configured with contains
      incorrect root hints.

      The list of such DNS servers might include the DNS servers with which
      this computer is configured for name resolution and the DNS servers
      responsible for the following zones: FQDN

      Verify the correctness of the specified domain name and contact your
      network/DNS administrator to fix the problem.

      You can also manually add the records specified in the
      %systemroot%\system32\config\netlogon.dns file.

      SCH-AD01 failed test RegisterInDNS
Earl28Author Commented:
Also, an NSLOOKUP from the server correctly resolves to itself.

The results were:
server: localhost
Earl28Author Commented:
NIC is configured for itself first, then the secondary DNS server second.
Justin YeungSenior Systems EngineerCommented:
put in the ip address in dns under your network adapter on the server, instead of a loop back address
Can you rename netlogon.dns and netlogon.dnb files from c:\windows\system32\config
and restart DNS and netlogon service the check running  netdiag /test:dns for any errors
Earl28Author Commented:
I changed the IP from loopback to actual.  Ran DCDiag and everything checked out... for about 3 minutes.  Still couldnt register with DNS.  Checked DCDiag again and it again had errors.

I rebooted and all is working now.  But I dont think thats going to hold.
Justin YeungSenior Systems EngineerCommented:
are you able to registerdns after reboot?
Earl28Author Commented:
yes, after reboot everything works as normal.  DCdiag is clean and it registers in DNS.
Justin YeungSenior Systems EngineerCommented:
issue resolved. =P
Thats Great :-)
Earl28Author Commented:
Any idea why that would happen?  Im thinking it may happen again since I didnt reconfigure anything.
in my case it was due to curruption of netlogon.dns and netlogon.dnb files and in other case it was due to using 32 bit version of netdiag /dcdiag  to check on x64 system
Earl28Author Commented:
Thanks for the info and help.

A reboot fixed it, the issue has not happened again.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Earl28Author Commented:
Reboot fixed it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.