Solved

DNS Issue on Domain Controller

Posted on 2013-01-17
7
643 Views
Last Modified: 2013-01-24
I have an AD Integrated Windows Server 2003 Domain Controller with SP2. The Domain Controller hung and was rebooted. The DNS Console will no longer show the records although the DNS Service is running. This server runs secondary zones.  I have ran the dcdiag and repadmin which report no errors. The only event log errors I am seeing is 4010 due to records not being abot to be created on the DC. Any help is appreciated.
0
Comment
Question by:Darrell Kirby
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 18

Expert Comment

by:Netflo
ID: 38789654
Hi,

I would try the following in that order:

1. Perform CHKDSK to correct any integrity problems
2. Perform SFC /SCANNOW with the Windows CD present in the drive
3. Perform Windows OS repair
4. Restore system from recent backup

Best of luck and hope you get your system working correctly.
0
 
LVL 5

Expert Comment

by:Coffinated
ID: 38790336
You may set up additional DC controller (can be virtual), set up DNS on it, remove DNS service form the original DC. Set it up again on the original DC.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38791921
If this server runs secondary zones then I'm assuming you have a DC running the zones as primary.

Does your DNS console still show the zone names but no records or is it completely empty?

If it still shows the Zone name, then right-click the zone and select "Transfer new copy of zone from master"

If there is no zone names, they the .dns files could be corrupt/missing.
Double check if the folder C:\WINDOWS\system32\dns is populated with .dns files.
These files store your zones and can be viewed in notepad.
In this case I'd suggest re-creating your secondary zones from scratch.

But, since you are running DNS on a Domain Controller I would consider setting your zones as AD-integrated zones instead. Have a read through the following post to see if your secondary zones are the best solution for your site.
http://technet.microsoft.com/en-us/library/cc780884(v=ws.10).aspx
0
Office 365 Training for Admins

Learn how to provision tenants, synchronize on-premise Active Directory, and implement Single Sign-On with these master level course.  Only from Platform Scholar

 

Author Comment

by:Darrell Kirby
ID: 38794844
The Zones are AD integrated. When I right click the DNS it does not show options to reload. It onle shows the error: "Can not Contact DNS Server." Never seen situation before. You usually can just right click and reload, refresh, etc. Maybe DNS has to be scrapped and reinstalled on this DC.
0
 
LVL 18

Expert Comment

by:Netflo
ID: 38795435
Try my suggestions, then let me know how you get along.
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
ID: 38800254
I have to say that Netflo's suggestion is a little too extreme in this case.

Re-installation of DNS by removing and then re-adding the role on the "broken" server would be a better recommendation.

Althought the "Can not Contact DNS Server" error suggests that something on your DNS configuration may be incorrect.

Did you run diagnostics on your DC's yet?

Start by running:
DCDIAG /fix
- makes safe repairs
NETDIAG /fix
- fixes trivial issues

Then run DCDIAG /e /c /v /f:dcdiag.txt and check the results for any errors or failed tests.
/f:dcdiag.txt will output all the results to a .txt file for easy upload if further analysis is needed.

Otherwise remove the role and add it again.
0
 

Author Comment

by:Darrell Kirby
ID: 38816212
I will try running the Dcdiag /fix and see what happens. If not than I will have to uninstall and reinstall. Thanks!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question