?
Solved

Missing DNS Zone?

Posted on 2013-11-26
11
Medium Priority
?
474 Views
Last Modified: 2013-11-27
I think my DNS / AD is screwed up.  My client has been reporting some weird behavior in their network.  Suddenly, mapped drives or network based apps are not accessible.  Some are reporting that they are not getting an IP address via DHCP.  In fact, they are getting nothing - not even the default machine address.

I saw some events in a workstations logs (didn't collect it for this report - I will if necessary).

I looked at the DNS on the domain controller and I saw this (see attached):  There is a forward zone for the domain but not one for the active directory (sorry, I don't understand this part very well so I might be using the wrong nomenclature).  So, there is no '_msdcs.domain.local' zone.

Not sure but something tells me this is a big deal.  Can you help me confirm this?  And, if so, what can I do about it?
Bad-DNS.png
0
Comment
Question by:crapshooter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 39679170
Hi,

You have a problem but not a grave one and the solution:

1. Backup the DNS zone as of current.
2. http://support.microsoft.com/kb/294328/en-gb

Still works for Windows 2008 :)

See if this thread leads you anywhere:
http://www.petri.co.il/forums/showthread.php?p=76140#post76140
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 39679181
What do you see if you expand that node, example from my lab

1
Thanks

Mike
0
 
LVL 8

Assisted Solution

by:J S
J S earned 500 total points
ID: 39679192
How many domain controllers are running in your enviroment?

Without specifics on the number of domain controllers, At the very least I'd run the following on from an elevated command prompt each domain controller


ipconfig /registerdns
dcdiag /fix
nltest /dsregdns
ipconfig /flushdns
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 40

Expert Comment

by:footech
ID: 39679236
It is valid to have either _msdcs as its own zone, or as a subdomain of your <domainname> zone.  The information as requested by mkline71 would show us which you have.  Typically when _msdcs is its own zone, you will have a delegation for it (which would appear as a grayed-out icon) under your <domainname> zone.
0
 

Author Comment

by:crapshooter
ID: 39679240
Mike, yes those entries are all there.

There is only one DC.  I will try all of the commands that you gave me (and KB articles) and report back.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39679246
If your zone looks like what I have they you should be ok,  do you see all the SRV records and host records in the zone?

Thanks

Mike
0
 
LVL 12

Assisted Solution

by:Imtiaz Hasham
Imtiaz Hasham earned 500 total points
ID: 39679273
I would actually run a DCDiag just to check where exactly the issue is before I carry on further
0
 
LVL 40

Expert Comment

by:footech
ID: 39679362
When you say that all the entries are there - does _msdcs appear as a grayed-out icon (delegation) or a subdomain?  If it is a delegation then you should have a separate _msdcs zone.  If it is a subdomain then what you showed in your screenshot with your original question isn't a problem.
dcdiag /test:dns /v should reveal if there is an issue.
0
 

Author Comment

by:crapshooter
ID: 39680859
I ran dcdiag /test:dns /v and all tests passed.

Attached is the expanded view of the DNS.

I ran
ipconfig /registerdns
dcdiag /fix
nltest /dsregdns
ipconfig /flushdns
and all came up "passed" or "successful"

I guess I am OK then, eh?
Bad-DNS-Expanded.png
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 39681218
Yes, everything looks fine.
BTW, if you deleted your _msdcs subdomain, and created a separate _msdcs.<yourdomain.com> zone, then upon restart of the Netlogon service all the records in it should be automatically created.
Also, a little background - prior to Server 2003, _msdcs was created by default as a subdomain.  For any domains that were migrated to newer DCs this structure was not automatically changed, but when setting up a new domain with Server 2003+ by default _msdcs is created as a separate zone.
0
 

Author Closing Comment

by:crapshooter
ID: 39681275
Thanks for the help, all!
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses
Course of the Month10 days, 21 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question