Solved

DCDIAG Fails: Server 2008 R2

Posted on 2014-10-16
11
264 Views
Last Modified: 2014-11-03
My DCDIAG /test:dns fails: -

Performing initial setup:
   Trying to find home server...
   Home Server = MYDC
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site-Name\MYDC
      Starting test: Connectivity
        The host 85ed02bd-40b8-40b4-87e3-b317ae81f672._msdcs.MyDomain.com could
         not be resolved to an IP address. Check the DNS server, DHCP, server
         name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... MYDC failed test Connectivity

This is one of 2 DC's

Can anyone help?
0
Comment
Question by:HKFuey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 5

Expert Comment

by:Abdul Khadja Alaoudine
ID: 40384518
Verify SRV records for DCs are registered correctly in DNS

Open elevated or administrator command prompt:

Type nslookup
Type set q=all
Type _ldap._tcp.dc._msdcs.domainname

In above example replace domainname with your domain name. Make sure the results have both the DCs' hostname and IP address
0
 

Author Comment

by:HKFuey
ID: 40384576
Hi Abdul, I get:
Server: unknown
Address: <server ip>
0
 
LVL 5

Assisted Solution

by:Abdul Khadja Alaoudine
Abdul Khadja Alaoudine earned 50 total points
ID: 40384705
1. Make sure those two DCs have 127.0.0.1 as primary DNS server.

2. Run from DCs below command (always in elevated or administrator command prompt)

ipconfig /registerdns

3. Then restart netlogon service on DCs

4. Go to DNS -- Forward Lookup Zone -- domain -- ensure DCs SRV records are there
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:HKFuey
ID: 40384812
OK, in DNS Forward Zone I can see: -

Name                              Type                            Data
Same as parent             SOA                             [177etc] , MyDC.Domain
Same as parent             NS                               MyDC1
Same as parent             NS                               MyDC2
MyDCName1                 Host(A)                       IP4 address
MyDCName2                 Host(A)                       IP4 address

I am running out of addresses in DHCP, and it is not configured for IP6. Could that be a problem?
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 40385208
Do another nslookup query, but this time, type the following:

nslookup
set q=all
85ed02bd-40b8-40b4-87e3-b317ae81f672._msdcs.<domainname>


What results do you get?
0
 

Author Comment

by:HKFuey
ID: 40385468
Hi DrDave,
I get: -
Server:  localhost
Address:  127.0.0.1

DNS request timed out.
    timeout was 2 seconds.
*** Request to localhost timed-out
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 40385603
Did you run that on the DC itself? If so, I'm not sure why it's timing out. Is its DNS Server service running?
0
 
LVL 40

Assisted Solution

by:footech
footech earned 50 total points
ID: 40385716
Check to see if replication is happening between DCs.  Run
repadmin \showrepl
or you could also use the Active Directory Replication Status Tool.
http://www.microsoft.com/en-us/download/details.aspx?id=30005

I would try reconfiguring the NIC so that it uses your other DC/DNS as preferred and itself as alternate (assuming they're in the same site).
How are the DCDIAG tests on the other DC?
0
 

Author Comment

by:HKFuey
ID: 40386202
repadmin /showrepl shows a lot of info but no errors "Last attempt @ 2014-10-17 09:59:25 was successful."

I tried adding DNS to another (2012) DC and get this error:

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      500
Date:            17/10/2014
Time:            09:27:45
User:            N/A
Computer:      MyDC.Domain
Description:
The DNS server has detected that the zone _msdcs.Domain.com has invalid or corrupted registry data.  To correct the problem, you can delete the applicable zone subkey, located under DNS server parameters in the registry. You can then recreate the zone using the DNS console.  For more information, see "Tuning advanced server parameters" and "Add and Remove Zones" in the online Help.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 400 total points
ID: 40387002
This article recommends deleting the affected zone (_msdcs.domainname in your case), deleting its corresponding registry key, and recreating the zone from scratch. This might seem like a big deal, but since the _msdcs zone likely contains only dynamically registered records, it's really not. Just make sure to run the following commands on each of your domain controllers after recreating the zone:

ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon


Alternatively, if you're worried about losing the records in the zone, you can export the zone to a file using the dnscmd /zoneexport zonename filename command, delete the zone from the registry, and recreate it from the file. Note that only a standard (non-AD-integrated) zone can be created from a file, but you can convert it to an AD-integrated zone after creation.
0
 

Author Closing Comment

by:HKFuey
ID: 40418950
Thanks all for trying to help. DCDIAG still has errors but DNS is working fine with no errors.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question