Solved

Missing DNS Zone?

Posted on 2013-11-26
11
472 Views
Last Modified: 2013-11-27
I think my DNS / AD is screwed up.  My client has been reporting some weird behavior in their network.  Suddenly, mapped drives or network based apps are not accessible.  Some are reporting that they are not getting an IP address via DHCP.  In fact, they are getting nothing - not even the default machine address.

I saw some events in a workstations logs (didn't collect it for this report - I will if necessary).

I looked at the DNS on the domain controller and I saw this (see attached):  There is a forward zone for the domain but not one for the active directory (sorry, I don't understand this part very well so I might be using the wrong nomenclature).  So, there is no '_msdcs.domain.local' zone.

Not sure but something tells me this is a big deal.  Can you help me confirm this?  And, if so, what can I do about it?
Bad-DNS.png
0
Comment
Question by:crapshooter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 39679170
Hi,

You have a problem but not a grave one and the solution:

1. Backup the DNS zone as of current.
2. http://support.microsoft.com/kb/294328/en-gb

Still works for Windows 2008 :)

See if this thread leads you anywhere:
http://www.petri.co.il/forums/showthread.php?p=76140#post76140
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 39679181
What do you see if you expand that node, example from my lab

1
Thanks

Mike
0
 
LVL 7

Assisted Solution

by:Jason Smith
Jason Smith earned 125 total points
ID: 39679192
How many domain controllers are running in your enviroment?

Without specifics on the number of domain controllers, At the very least I'd run the following on from an elevated command prompt each domain controller


ipconfig /registerdns
dcdiag /fix
nltest /dsregdns
ipconfig /flushdns
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 
LVL 40

Expert Comment

by:footech
ID: 39679236
It is valid to have either _msdcs as its own zone, or as a subdomain of your <domainname> zone.  The information as requested by mkline71 would show us which you have.  Typically when _msdcs is its own zone, you will have a delegation for it (which would appear as a grayed-out icon) under your <domainname> zone.
0
 

Author Comment

by:crapshooter
ID: 39679240
Mike, yes those entries are all there.

There is only one DC.  I will try all of the commands that you gave me (and KB articles) and report back.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39679246
If your zone looks like what I have they you should be ok,  do you see all the SRV records and host records in the zone?

Thanks

Mike
0
 
LVL 12

Assisted Solution

by:Imtiaz Hasham
Imtiaz Hasham earned 125 total points
ID: 39679273
I would actually run a DCDiag just to check where exactly the issue is before I carry on further
0
 
LVL 40

Expert Comment

by:footech
ID: 39679362
When you say that all the entries are there - does _msdcs appear as a grayed-out icon (delegation) or a subdomain?  If it is a delegation then you should have a separate _msdcs zone.  If it is a subdomain then what you showed in your screenshot with your original question isn't a problem.
dcdiag /test:dns /v should reveal if there is an issue.
0
 

Author Comment

by:crapshooter
ID: 39680859
I ran dcdiag /test:dns /v and all tests passed.

Attached is the expanded view of the DNS.

I ran
ipconfig /registerdns
dcdiag /fix
nltest /dsregdns
ipconfig /flushdns
and all came up "passed" or "successful"

I guess I am OK then, eh?
Bad-DNS-Expanded.png
0
 
LVL 40

Accepted Solution

by:
footech earned 125 total points
ID: 39681218
Yes, everything looks fine.
BTW, if you deleted your _msdcs subdomain, and created a separate _msdcs.<yourdomain.com> zone, then upon restart of the Netlogon service all the records in it should be automatically created.
Also, a little background - prior to Server 2003, _msdcs was created by default as a subdomain.  For any domains that were migrated to newer DCs this structure was not automatically changed, but when setting up a new domain with Server 2003+ by default _msdcs is created as a separate zone.
0
 

Author Closing Comment

by:crapshooter
ID: 39681275
Thanks for the help, all!
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question