Solved

DCDIAG Fails: Server 2008 R2

Posted on 2014-10-16
11
253 Views
Last Modified: 2014-11-03
My DCDIAG /test:dns fails: -

Performing initial setup:
   Trying to find home server...
   Home Server = MYDC
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site-Name\MYDC
      Starting test: Connectivity
        The host 85ed02bd-40b8-40b4-87e3-b317ae81f672._msdcs.MyDomain.com could
         not be resolved to an IP address. Check the DNS server, DHCP, server
         name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... MYDC failed test Connectivity

This is one of 2 DC's

Can anyone help?
0
Comment
Question by:HKFuey
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 5

Expert Comment

by:Abdul Khadja Alaoudine
ID: 40384518
Verify SRV records for DCs are registered correctly in DNS

Open elevated or administrator command prompt:

Type nslookup
Type set q=all
Type _ldap._tcp.dc._msdcs.domainname

In above example replace domainname with your domain name. Make sure the results have both the DCs' hostname and IP address
0
 

Author Comment

by:HKFuey
ID: 40384576
Hi Abdul, I get:
Server: unknown
Address: <server ip>
0
 
LVL 5

Assisted Solution

by:Abdul Khadja Alaoudine
Abdul Khadja Alaoudine earned 50 total points
ID: 40384705
1. Make sure those two DCs have 127.0.0.1 as primary DNS server.

2. Run from DCs below command (always in elevated or administrator command prompt)

ipconfig /registerdns

3. Then restart netlogon service on DCs

4. Go to DNS -- Forward Lookup Zone -- domain -- ensure DCs SRV records are there
0
 

Author Comment

by:HKFuey
ID: 40384812
OK, in DNS Forward Zone I can see: -

Name                              Type                            Data
Same as parent             SOA                             [177etc] , MyDC.Domain
Same as parent             NS                               MyDC1
Same as parent             NS                               MyDC2
MyDCName1                 Host(A)                       IP4 address
MyDCName2                 Host(A)                       IP4 address

I am running out of addresses in DHCP, and it is not configured for IP6. Could that be a problem?
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 40385208
Do another nslookup query, but this time, type the following:

nslookup
set q=all
85ed02bd-40b8-40b4-87e3-b317ae81f672._msdcs.<domainname>


What results do you get?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:HKFuey
ID: 40385468
Hi DrDave,
I get: -
Server:  localhost
Address:  127.0.0.1

DNS request timed out.
    timeout was 2 seconds.
*** Request to localhost timed-out
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 40385603
Did you run that on the DC itself? If so, I'm not sure why it's timing out. Is its DNS Server service running?
0
 
LVL 39

Assisted Solution

by:footech
footech earned 50 total points
ID: 40385716
Check to see if replication is happening between DCs.  Run
repadmin \showrepl
or you could also use the Active Directory Replication Status Tool.
http://www.microsoft.com/en-us/download/details.aspx?id=30005

I would try reconfiguring the NIC so that it uses your other DC/DNS as preferred and itself as alternate (assuming they're in the same site).
How are the DCDIAG tests on the other DC?
0
 

Author Comment

by:HKFuey
ID: 40386202
repadmin /showrepl shows a lot of info but no errors "Last attempt @ 2014-10-17 09:59:25 was successful."

I tried adding DNS to another (2012) DC and get this error:

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      500
Date:            17/10/2014
Time:            09:27:45
User:            N/A
Computer:      MyDC.Domain
Description:
The DNS server has detected that the zone _msdcs.Domain.com has invalid or corrupted registry data.  To correct the problem, you can delete the applicable zone subkey, located under DNS server parameters in the registry. You can then recreate the zone using the DNS console.  For more information, see "Tuning advanced server parameters" and "Add and Remove Zones" in the online Help.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 400 total points
ID: 40387002
This article recommends deleting the affected zone (_msdcs.domainname in your case), deleting its corresponding registry key, and recreating the zone from scratch. This might seem like a big deal, but since the _msdcs zone likely contains only dynamically registered records, it's really not. Just make sure to run the following commands on each of your domain controllers after recreating the zone:

ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon


Alternatively, if you're worried about losing the records in the zone, you can export the zone to a file using the dnscmd /zoneexport zonename filename command, delete the zone from the registry, and recreate it from the file. Note that only a standard (non-AD-integrated) zone can be created from a file, but you can convert it to an AD-integrated zone after creation.
0
 

Author Closing Comment

by:HKFuey
ID: 40418950
Thanks all for trying to help. DCDIAG still has errors but DNS is working fine with no errors.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now