Solved

Missing DNS Zone?

Posted on 2013-11-26
11
473 Views
Last Modified: 2013-11-27
I think my DNS / AD is screwed up.  My client has been reporting some weird behavior in their network.  Suddenly, mapped drives or network based apps are not accessible.  Some are reporting that they are not getting an IP address via DHCP.  In fact, they are getting nothing - not even the default machine address.

I saw some events in a workstations logs (didn't collect it for this report - I will if necessary).

I looked at the DNS on the domain controller and I saw this (see attached):  There is a forward zone for the domain but not one for the active directory (sorry, I don't understand this part very well so I might be using the wrong nomenclature).  So, there is no '_msdcs.domain.local' zone.

Not sure but something tells me this is a big deal.  Can you help me confirm this?  And, if so, what can I do about it?
Bad-DNS.png
0
Comment
Question by:crapshooter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 39679170
Hi,

You have a problem but not a grave one and the solution:

1. Backup the DNS zone as of current.
2. http://support.microsoft.com/kb/294328/en-gb

Still works for Windows 2008 :)

See if this thread leads you anywhere:
http://www.petri.co.il/forums/showthread.php?p=76140#post76140
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 39679181
What do you see if you expand that node, example from my lab

1
Thanks

Mike
0
 
LVL 8

Assisted Solution

by:J S
J S earned 125 total points
ID: 39679192
How many domain controllers are running in your enviroment?

Without specifics on the number of domain controllers, At the very least I'd run the following on from an elevated command prompt each domain controller


ipconfig /registerdns
dcdiag /fix
nltest /dsregdns
ipconfig /flushdns
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 40

Expert Comment

by:footech
ID: 39679236
It is valid to have either _msdcs as its own zone, or as a subdomain of your <domainname> zone.  The information as requested by mkline71 would show us which you have.  Typically when _msdcs is its own zone, you will have a delegation for it (which would appear as a grayed-out icon) under your <domainname> zone.
0
 

Author Comment

by:crapshooter
ID: 39679240
Mike, yes those entries are all there.

There is only one DC.  I will try all of the commands that you gave me (and KB articles) and report back.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39679246
If your zone looks like what I have they you should be ok,  do you see all the SRV records and host records in the zone?

Thanks

Mike
0
 
LVL 12

Assisted Solution

by:Imtiaz Hasham
Imtiaz Hasham earned 125 total points
ID: 39679273
I would actually run a DCDiag just to check where exactly the issue is before I carry on further
0
 
LVL 40

Expert Comment

by:footech
ID: 39679362
When you say that all the entries are there - does _msdcs appear as a grayed-out icon (delegation) or a subdomain?  If it is a delegation then you should have a separate _msdcs zone.  If it is a subdomain then what you showed in your screenshot with your original question isn't a problem.
dcdiag /test:dns /v should reveal if there is an issue.
0
 

Author Comment

by:crapshooter
ID: 39680859
I ran dcdiag /test:dns /v and all tests passed.

Attached is the expanded view of the DNS.

I ran
ipconfig /registerdns
dcdiag /fix
nltest /dsregdns
ipconfig /flushdns
and all came up "passed" or "successful"

I guess I am OK then, eh?
Bad-DNS-Expanded.png
0
 
LVL 40

Accepted Solution

by:
footech earned 125 total points
ID: 39681218
Yes, everything looks fine.
BTW, if you deleted your _msdcs subdomain, and created a separate _msdcs.<yourdomain.com> zone, then upon restart of the Netlogon service all the records in it should be automatically created.
Also, a little background - prior to Server 2003, _msdcs was created by default as a subdomain.  For any domains that were migrated to newer DCs this structure was not automatically changed, but when setting up a new domain with Server 2003+ by default _msdcs is created as a separate zone.
0
 

Author Closing Comment

by:crapshooter
ID: 39681275
Thanks for the help, all!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question