Solved

2012 dcdiag connectivity test failed

Posted on 2014-04-06
11
4,490 Views
Last Modified: 2014-04-08
Hello,

I am trying to fix a 2012 Server Essentials system.  

When I run dcdiag the connectivity test fails.

I have verified the ip setting and the dns settgings, have disabled the secondary nic, but cannot figure out why the AD records are NOT in the dns.
0
Comment
Question by:tucktech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 7

Expert Comment

by:Delete
ID: 39982134
Do you have the box checked for "Register this connection's addresses in DNS"?

On the active NIC right click and go to properties -> then go into the IPv4 properties -> Click on the Avdanced button under the General tab -> go to the DNS tab and look at the bottom to see if the checkbox is checked.

Could you also possibly post your DCdiag results?
0
 

Author Comment

by:tucktech
ID: 39982183
I verified that, "Register this connection's addresses in DNS" is checked.  Below is the results, I did not post all because the rest did pass, the error is in front.



Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = LServer

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\LSERVER
      Starting test: Connectivity
         The host 55018570-a627-4d32-a49d-b399d577958d._msdcs.Lxxx.local
         could not be resolved to an IP address. Check the DNS server, DHCP,
         server name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... LSERVER failed test Connectivity

Doing primary tests
   Testing server: Default-First-Site-Name\LSERVER

      Skipping all tests, because server LSERVER is not responding to
      directory service requests.
   
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
0
 
LVL 7

Expert Comment

by:Delete
ID: 39982196
Go into DNS, expand your "Forward Lookup Zones" then click on "_msdcs.Lxxx.local".  You should see some CNAME records in this zone, can you see if the one it is complaining about is in there and validate that the data field shows a Domain Controller that is operational?

If it does point to a healthy Domain Controller, can you then click on your "Lxxx.local" forward DNS zone and validate that an A record exists for that Domain Controller and that the record has the correct IP address.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 37

Accepted Solution

by:
Mahesh earned 400 total points
ID: 39982343
Try below

1st check if Host(A) record for DC is intact in DNS
Also check NS record is resolving to correct IP address
Go to AD sites and services\site\servers\your server name\ntds settings properties, on general tab copy DNS CNAME and try to ping it and check if it resolves to correct IP
Now under _msdcs.domain.com zone delete existing CNAME record and create new CNAME record from above copied CNMAE record and check if you are able to ping it.

Now rename %systemroot%\system32\netlogon.dns to netlogon.dnsold and restart netlogon service and dns service on DC
Now again check dcdiag test \ nslookup tests

Mahesh
0
 

Author Comment

by:tucktech
ID: 39982872
The problem is that I don't have any "_msdcs.Lxxx.local" entries in the forward lookup zone.

Is there a way for me to have this recreated?
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 400 total points
ID: 39982934
You mean to say you don't have _msdcs.domain.local AD integrated Zone in DNS ?

Has some body deleted that zone ?

If some body has deleted that zone, there is workaround for that

Just check your domain. Local zone, expand it and find one delegation called _msdcs

You need to simply delete this delegation entry and restart netlogon service on DC

This will create _msdcs folder under domain.local zone which is as good as _msdcs.domain.local

Now check if CNAME for DC is auto populated under _msdcs folder or not

if you don't find one, you can simply create one as per my earlier comment..

Mahesh.
0
 

Author Comment

by:tucktech
ID: 39982941
Yes, I don't have the _msdcs.domain.local AD integrated zone in the DNS.

I am not sure how it was removed, I am new to this server/customer.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39982947
OK please check my earlier comment to recreate it and then force AD replication, it will resolve your problem hopefully
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 39985309
You can force the Domain controller to re-register all the required DNS records by running
nltest /dsregdns
Refreshes the registration of all domain controller-specific DNS records
http://technet.microsoft.com/en-us/library/cc786478(v=ws.10).aspx

If the nltest /dsregdns did not re-create the _msdcs zone then check the permissions on the DNS zone.

As to why it is gone...it was most likely deleted.
Or the zone was imported from another non-Microsoft DNS Server and the permissions are not setup correctly for the DC's to manage the zone.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39985679
No, above command will not create _msdcs.domain.com

@Tucktech:

Please check \ expand your domain.local zone and find out do you have _msdcs delegation or _msdcs folder there..
If folder is there you will also find DC, Domain, GC, PDC and CNAME record for DCs as well with _msdcs folder
if you don't find CNAME record for DC, you need to create one as mentioned in my earlier comment.

However if you have _msdcs delegation there, you need to simply delete that and restart netlogon service on DC which will create brand new _msdcs folder with all sub folders and CNAME record under domain.local zone.
This is equal to previous _msdcs.domain.local zone

Check below example screen shots:
_msdcs delegation to be deleted from domain.local zone if exists_msdcs folder will get created with all records and sub folders after restarting Netlogon service
Mahesh.
0
 

Author Closing Comment

by:tucktech
ID: 39985703
Mahesh, your answers worked yesterday. I thought I had closed this question but I did not assign the correct points when I hit submit.  Thank you!

I tried nltest /dsregdns before and this did not work.
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question