Solved

2012 dcdiag connectivity test failed

Posted on 2014-04-06
11
3,725 Views
Last Modified: 2014-04-08
Hello,

I am trying to fix a 2012 Server Essentials system.  

When I run dcdiag the connectivity test fails.

I have verified the ip setting and the dns settgings, have disabled the secondary nic, but cannot figure out why the AD records are NOT in the dns.
0
Comment
Question by:tucktech
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 7

Expert Comment

by:Delete
ID: 39982134
Do you have the box checked for "Register this connection's addresses in DNS"?

On the active NIC right click and go to properties -> then go into the IPv4 properties -> Click on the Avdanced button under the General tab -> go to the DNS tab and look at the bottom to see if the checkbox is checked.

Could you also possibly post your DCdiag results?
0
 

Author Comment

by:tucktech
ID: 39982183
I verified that, "Register this connection's addresses in DNS" is checked.  Below is the results, I did not post all because the rest did pass, the error is in front.



Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = LServer

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\LSERVER
      Starting test: Connectivity
         The host 55018570-a627-4d32-a49d-b399d577958d._msdcs.Lxxx.local
         could not be resolved to an IP address. Check the DNS server, DHCP,
         server name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... LSERVER failed test Connectivity

Doing primary tests
   Testing server: Default-First-Site-Name\LSERVER

      Skipping all tests, because server LSERVER is not responding to
      directory service requests.
   
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
0
 
LVL 7

Expert Comment

by:Delete
ID: 39982196
Go into DNS, expand your "Forward Lookup Zones" then click on "_msdcs.Lxxx.local".  You should see some CNAME records in this zone, can you see if the one it is complaining about is in there and validate that the data field shows a Domain Controller that is operational?

If it does point to a healthy Domain Controller, can you then click on your "Lxxx.local" forward DNS zone and validate that an A record exists for that Domain Controller and that the record has the correct IP address.
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 400 total points
ID: 39982343
Try below

1st check if Host(A) record for DC is intact in DNS
Also check NS record is resolving to correct IP address
Go to AD sites and services\site\servers\your server name\ntds settings properties, on general tab copy DNS CNAME and try to ping it and check if it resolves to correct IP
Now under _msdcs.domain.com zone delete existing CNAME record and create new CNAME record from above copied CNMAE record and check if you are able to ping it.

Now rename %systemroot%\system32\netlogon.dns to netlogon.dnsold and restart netlogon service and dns service on DC
Now again check dcdiag test \ nslookup tests

Mahesh
0
 

Author Comment

by:tucktech
ID: 39982872
The problem is that I don't have any "_msdcs.Lxxx.local" entries in the forward lookup zone.

Is there a way for me to have this recreated?
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 400 total points
ID: 39982934
You mean to say you don't have _msdcs.domain.local AD integrated Zone in DNS ?

Has some body deleted that zone ?

If some body has deleted that zone, there is workaround for that

Just check your domain. Local zone, expand it and find one delegation called _msdcs

You need to simply delete this delegation entry and restart netlogon service on DC

This will create _msdcs folder under domain.local zone which is as good as _msdcs.domain.local

Now check if CNAME for DC is auto populated under _msdcs folder or not

if you don't find one, you can simply create one as per my earlier comment..

Mahesh.
0
 

Author Comment

by:tucktech
ID: 39982941
Yes, I don't have the _msdcs.domain.local AD integrated zone in the DNS.

I am not sure how it was removed, I am new to this server/customer.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39982947
OK please check my earlier comment to recreate it and then force AD replication, it will resolve your problem hopefully
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 39985309
You can force the Domain controller to re-register all the required DNS records by running
nltest /dsregdns
Refreshes the registration of all domain controller-specific DNS records
http://technet.microsoft.com/en-us/library/cc786478(v=ws.10).aspx

If the nltest /dsregdns did not re-create the _msdcs zone then check the permissions on the DNS zone.

As to why it is gone...it was most likely deleted.
Or the zone was imported from another non-Microsoft DNS Server and the permissions are not setup correctly for the DC's to manage the zone.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39985679
No, above command will not create _msdcs.domain.com

@Tucktech:

Please check \ expand your domain.local zone and find out do you have _msdcs delegation or _msdcs folder there..
If folder is there you will also find DC, Domain, GC, PDC and CNAME record for DCs as well with _msdcs folder
if you don't find CNAME record for DC, you need to create one as mentioned in my earlier comment.

However if you have _msdcs delegation there, you need to simply delete that and restart netlogon service on DC which will create brand new _msdcs folder with all sub folders and CNAME record under domain.local zone.
This is equal to previous _msdcs.domain.local zone

Check below example screen shots:
_msdcs delegation to be deleted from domain.local zone if exists_msdcs folder will get created with all records and sub folders after restarting Netlogon service
Mahesh.
0
 

Author Closing Comment

by:tucktech
ID: 39985703
Mahesh, your answers worked yesterday. I thought I had closed this question but I did not assign the correct points when I hit submit.  Thank you!

I tried nltest /dsregdns before and this did not work.
0

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now