Solved

DCDiag test DNS issue

Posted on 2014-11-16
41
557 Views
Last Modified: 2014-11-26
Hello,

I have the problem below reported when running dcdiag /test:dns.  I have done ipconfig /flushdns followed by ipconfig /registerdns but this doesnt resolve the issue.  I have tried everything on here:
http://msdn.microsoft.com/en-us/library/bb727055.aspx

Also dcdiag /test:registerindns says allowed to register records.

nltest /dsregdns also says ok but doesnt fix dcdiag but no joy

any ideas?

Errors:

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = Goole

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Goole\GOOLE

      Starting test: Connectivity

         ......................... GOOLE passed test Connectivity



Doing primary tests

   
   Testing server: Goole\GOOLE

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         ......................... GOOLE passed test DNS

   
   Running partition tests on : DomainDnsZones

   
   Running partition tests on : ForestDnsZones

   
   Running partition tests on : Schema

   
   Running partition tests on : Configuration

   
   Running partition tests on : colletts

   
   Running enterprise tests on : mydomain.local

      Starting test: DNS

         Test results for domain controllers:

           
            DC: Goole.mydomain.local

            Domain: mydomain.local

           

                 
               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found
                 
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000006] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client):

                 

                     Warning:
                     Missing AAAA record at DNS server 192.168.3.1:
                     Goole.mydomain.local
                     
                     Error:
                     Missing SRV record at DNS server 192.168.3.1:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._msdcs.mydomain.local
                     
                     Warning:
                     Missing AAAA record at DNS server 192.168.3.1:
                     gc._msdcs.mydomain.local
                     
                     Warning:
                     Missing AAAA record at DNS server 192.168.2.26:
                     Goole.mydomain.local
                     
                     Error:
                     Missing SRV record at DNS server 192.168.2.26:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._msdcs.mydomain.local
                     
                     Warning:
                     Missing AAAA record at DNS server 192.168.2.26:
                     gc._msdcs.mydomain.local
                     
                     Warning:
                     Missing AAAA record at DNS server 192.168.3.1:
                     Goole.mydomain.local
                     
                     Error:
                     Missing SRV record at DNS server 192.168.3.1:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._msdcs.mydomain.local
                     
                     Warning:
                     Missing AAAA record at DNS server 192.168.3.1:
                     gc._msdcs.mydomain.local
                     
                     Warning:
                     Missing AAAA record at DNS server ::1:
                     Goole.mydomain.local
                     
                     Error:
                     Missing SRV record at DNS server ::1:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._msdcs.mydomain.local
                     
                     Warning:
                     Missing AAAA record at DNS server ::1:
                     gc._msdcs.mydomain.local
                     
               Warning: Record Registrations not found in some network adapters

         
               Goole                        PASS WARN PASS PASS PASS WARN n/a  
         ......................... mydomain.local passed test DNS
0
Comment
Question by:cloughs
  • 20
  • 20
41 Comments
 
LVL 4

Expert Comment

by:Neeraj Kumar
Comment Utility
Missing AAAA record at DNS server" belongs to IPv6 on the server,

You need to Disable IPv6 then once you have disabled run these commands ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix which will fix the DNS records.
0
 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 500 total points
Comment Utility
I do not recommend disabling IPv6 on Domain Controllers.  It is not recommended by Microsoft because of how they tested the OS.  

Links:
1. https://social.technet.microsoft.com/Forums/windowsserver/en-US/18001bd9-e79f-4f80-973c-3ef0f0b3d2ff/disabling-ipv6-on-2008r2-domain-controllers-best-practice?forum=winservergen
2. http://technet.microsoft.com/en-us/magazine/2009.07.cableguy.aspx
3. http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_11270-DNS-Best-Practices-for-Domain-Controllers.html

I would go thru the article in link 3.

Myy suggestion is to adjust the bindings on the NICs.

1. Go to:  Control Panel > All Control Panel Items > Network and Sharing Center
  2. Click "Change adapter settings"
  3. hit the "ALT" key once, the file menu will appear
  4. click "Advanced" then select "Advanced Settings"
  5. On the tab "Adapters and Bindings > Connections area :: make sure you NIC(s) are in the order in which you want them used... Make sure the object "[Remote Access Connections]" is on the bottom.
  6. In the Bindings for "YourNicName" section, make sure TCP/IPv4 is above v6
  7. On the tab "Provider Order" > Network Providers area :: make sure "Microsoft Windows Network" is first.

 Click thru all OKs.  Then give it a test.

Your IPv6 configuration should be:
1. in the properties of IPv6
2. General Tab : all options on Obtain ... automatically.
3. all advanced options should be left default.

This assumes your network is not using IPv6 as an active protocol.

After this, I would run the following commands:

1. ipconfig /flushdns
2. ipconfig /registerdns
3. dcdiag again.

Dan
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Hi Neeraj,
Disabling IPv6 and running those commands hasnt resolved the issue.  So will re-enable IPV6 Again as I am sure your not supposed to disabled it permanently on a DC?

Thanks for your help
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Hi Dan,

Thanks for the detailed feedback, just running through it now.  The bindings had IPv6 above v4 so i have altered them.  Also ipv6 was set to obtain ip automatically but DNS was set as: ::1  for some reason.

Changed this so will now go through the article and report back shortly.  Thanks for your help
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
::1 is the IPv6 way of saying 127.0.0.1, aka Localhost.

Dan
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Ok it gave an IP V6 error when I re-ran the dcdiag /test:dns command, here are the results now:


Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Goole
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Goole\GOOLE
      Starting test: Connectivity
         ......................... GOOLE passed test Connectivity

Doing primary tests

   Testing server: Goole\GOOLE

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
 ERROR: NO DNS servers for IPV6 stack was found
         ......................... GOOLE passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : colletts

   Running enterprise tests on : mydomain.local
      Starting test: DNS
         Test results for domain controllers:

            DC: Goole.mydomain.local
            Domain: mydomain.local


               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t):

                     Warning:
                     Missing AAAA record at DNS server 192.168.3.1:
                     Goole.mydomain.local

                     Error:
                     Missing SRV record at DNS server 192.168.3.1:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._ms
dcs.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.3.1:
                     gc._msdcs.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.2.26:
                     Goole.mydomain.local

                     Error:
                     Missing SRV record at DNS server 192.168.2.26:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._ms
dcs.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.2.26:
                     gc._msdcs.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.3.1:
                     Goole.mydomain.local

                     Error:
                     Missing SRV record at DNS server 192.168.3.1:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._ms
dcs.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.3.1:
                     gc._msdcs.mydomain.local

               Warning: Record Registrations not found in some network adapters

               Goole                        PASS WARN PASS PASS PASS WARN n/a
         ......................... mydomain.local passed test DNS
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
The main (bigger issue) is the missing SRV records.

You are missing an SRV records for 192.168.3.1, as per the report.  in the path "._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._msdcs.mydomain.local" there should be an "_ldap" entry for each domain controller in you environment.

The missing AAAA records are just warnings.  I would address the SRV record first.

Also, the following dcdiag command will give more info:  dcdiag /test:dns /e /v

Dan
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Is it safe to manually recreate the missing SRV records or is there a command to get the DC to re-register these?
0
 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 500 total points
Comment Utility
Your NIC config should have:

## Properties on NIC
- Client for Microsoft Networks (ON)
- Microsoft Load Balancing/Failover Provider (ON is you are using MS teaming)
- QoS Packet Scheduler (ON)
- FIle and Printer Sharing (ON)
- Link-Layer Topology Discovery Mapper I/O Driver (ON)
- Link-Layer Topology Discovery Responder (ON)
- IPv6 (ON)
- IPv4 (ON)

## Properties on IPv6
- Obtain an IPv6 address automatically  (ON)
- Obtain DNS server address automatically (ON)
--- under Advanced - IP Settings:
- IP addresses, should say automatic config
- Default gateways, blank
- Automatic metric (ON)
--- under Advanced - DNS:
- DNS server addresses, in order of use, blank
- Append primary and connection specific DNS suffixes (ON)
DNS suffix for this connection = your domain name
- Register this connection's address in DNS (ON)

Dan
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
Yes.

1. ipconfig /flushdns
2. ipconfig /registerdns
3. net stop netlogon
4. net start netlogon

Before you do this I would verify your IPv4 configuration.  You should have your DC DNS config'ed like so:

DNS on 192.168.3.1:
1st DNS = 192.168.2.26
2nd DNS = 192.168.3.1

DNS on 192.168.2.26:
1st DNS = 192.168.3.1
2nd DNS = 192.168.2.26

Make sure the DNS server is specificly configured to run on the IPv4 address associated with the server.

In DNS manager:
1. select the server, right-click > properties
2. Under Listen On: select "Only the following IP addresses"
3. enable only the IPv4 address

Dan
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
Also, can you post an ipconfig /all of 192.168.3.1?

Do you have a public IPv6 address on that server?
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
I have done everything you mentioned above and have some updates.

IPConfig output here:

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\administrato>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Goole
   Primary Dns Suffix  . . . . . . . : mydomain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : mydomain.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client)
   Physical Address. . . . . . . . . : 00-23-7D-26-65-3A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::902:fd83:f8f7:2fd2%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.3.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.3.254
   DNS Servers . . . . . . . . . . . : 192.168.3.1
                                       192.168.2.26
                                       127.0.0.1
   Primary WINS Server . . . . . . . : 192.168.3.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{832FEE72-C780-4A85-9A82-D13A24EB0
4AB}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


DCDiag Output here:


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = Goole

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Goole\GOOLE

      Starting test: Connectivity

         ......................... GOOLE passed test Connectivity



Doing primary tests

   
   Testing server: Goole\GOOLE

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

 ERROR: NO DNS servers for IPV6 stack was found
         ......................... GOOLE passed test DNS

   
   Running partition tests on : DomainDnsZones

   
   Running partition tests on : ForestDnsZones

   
   Running partition tests on : Schema

   
   Running partition tests on : Configuration

   
   Running partition tests on : mydomain

   
   Running enterprise tests on : mydomain.local

      Starting test: DNS

         Test results for domain controllers:

           
            DC: Goole.mydomain.local

            Domain: mydomain.local

           

                 
               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found
                 
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000006] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client):

                 

                     Warning:
                     Missing AAAA record at DNS server 192.168.3.1:
                     Goole.mydomain.local
                     
                     Warning:
                     Missing SRV record at DNS server 192.168.3.1:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._msdcs.mydomain.local
                     
                     Warning:
                     Missing AAAA record at DNS server 192.168.3.1:
                     gc._msdcs.mydomain.local
                     
                     Warning:
                     Missing AAAA record at DNS server 192.168.2.26:
                     Goole.mydomain.local
                     
                     Warning:
                     Missing SRV record at DNS server 192.168.2.26:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._msdcs.mydomain.local
                     
                     Warning:
                     Missing AAAA record at DNS server 192.168.2.26:
                     gc._msdcs.mydomain.local
                     
                     Warning:
                     Missing AAAA record at DNS server 192.168.3.1:
                     Goole.mydomain.local
                     
                     Warning:
                     Missing SRV record at DNS server 192.168.3.1:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._msdcs.mydomain.local
                     
                     Warning:
                     Missing AAAA record at DNS server 192.168.3.1:
                     gc._msdcs.mydomain.local
                     
               Error: Record registrations cannot be found for all the network

               adapters

         
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: mydomain.local

               Goole                        PASS WARN PASS PASS PASS FAIL n/a  
         
         ......................... mydomain.local failed test DNS
dcdiag.txt
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
So, after reading thru the full text of your dcdiag.  You still have issues with the DNS configuration on ALL of your DCs.

I see 3 domain controllers:
1. Halifax\DC1
1a. IPv6 is disabled.
1b. Static IP address on MAC 00:1E:0B:C6:19:B2
1c. IP = 193.168.3.3
1d. DNS Servers (in order) are 127.0.0.1, 192.168.2.26
1e. DC is a DNS server

2. Goole\GOOLE
2a. IPv6 is on.
2b. Static IP on MAC 00:23:7D:26:65:3A
2c. 192.168.3.1, fe80::902:fd83:f8f7:2fd2
2d. DNS Servers (in order) are 192.168.3.1,192.168.2.26,127.0.0.1
2e. DC is a DNS server

3. Goole\GDC1
3a. IPv6 on ON
3b. Static IP on MAC 00:50:56:A6:E9:EB
3c. IP address: 192.168.2.26, fe80::a1bb:9c7c:1a63:4d60
3d. DNS Servers (in order) are 192.168.2.26
3e. DC is a DNS server

You have all DNS Servers configured to forward DNS queries to Google.

Here what I recommend.
*** 0. Make sure all actions described below are done with an account that has Domain Admin privileges!
1. Enable the DNS Server Service to use only the real IPv4 address to operate (see above post @ 11:14)
2. Enable IPv6 on all servers (see above post @ 11:07)
3. Clean up the IPv4 DNS configuration on all servers (see above post @ 11:07)
4. ipconfig /flushdns, ipconfig /registerdns & then restart netlogon on all servers

I would remove the DNS forwarding to Google.  Your DNS servers have, by default, the root hint servers configured and enabled, unless you have protected DNS servers in a DMZ that you control, doing this is potentially adding a few extra hops into your DNS resolution.

If the SRV records are not automatically recreated, I would try a reboot of each server.  If not still we can manually create them.

Also, are all of your DC's configured/enabled as global catalog servers?  They should be.

Link:  http://technet.microsoft.com/en-us/library/cc758330(v=ws.10).aspx

I know this appears to be painful, but its not.  It's about having a clean IP stack config as well as the DNS Service and all aspects of AD.

PS:  I highly recommend this be done on all servers.

Dan
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Hi Dan,

Thanks for your very detailed feedback.  I will get on with it now and let you know the feedback.

Thanks
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Hi Dan,

Ive been busy making changes as per your instructions, these are the latest results attached.

Are we getting better or worse?

All DC's are GC's and DC1 has all the FSMO roles
dc1-dcdiag-dns.txt
dc1-dcdiag-dns-advanced.txt
dc1-ipconfig.txt
gdc1-dcdiag-dns.txt
gdc1-dcdiag-dns-advanced.txt
gdc1-ipconfig.txt
goole-dcdiag-dns-advanced.txt
goole-dcdiag-testdns.txt
goole-ipconfig.txt
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
Looking better...

1. DC1 is missing a WINS server in its IPv4 config.
2. Make sure that the IPv6 config on GDC1 and DC1 is exactly the same as GOOLE is configured.
3. If you like, you can remove the IPv6 addresses from the DNS Service's Root Hints.

Can you open DNS Manager and navigate to this location:

_tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._msdcs.mydomain.local

And post a screen capture of what is there.

According to the DCDIAGs, there are 2 SRV missing from this location.  Apparently only 192.168.3.1 has a valid SRV record there.

Dan
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Hi Dan,

1. DC1 now has WINS server added of itself (as it is the WINS server for that site)
2. IPV6 is setup the same on all three, ie obtain automatically for everything and the bindings are all in the order discussed in one of your previous posts.
3. I cant see any ipv6 addresses on my root hints tabs under dns server properties on any server?

With regards to the DNS Zone screenshot, I manually created the 4e6axxxx domain and the structure under it as this number didn't exist before only the other number 05bxxxxx.  In one of the posts above I asked if it was okay to manually create it and i think you replied yes which is why i made it.  There is only one domain so not sure why two of these exist?

Structure attached in the images, ive blanked domain name out since its public.

Thanks
Image1.gif
Image2.gif
Image3.gif
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
OK, I wouldn't have created that zone.  It looks like it may be an old object that wasn't correctly removed from AD.

I couldn't directly answer that because I didn't know if that was the correct domain identifier.  Here's what I would do.

1. Make a full backup, with System State on the DC that has all the FSMO roles. (DC1)
2. When that is complete, I would delete the zone you just created.
3. re-run DCDIAG

The error should be resolved.

Dan
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Hi Dan,

I have done as requested and now get the following results.

Goole:
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Goole
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Goole\GOOLE
      Starting test: Connectivity
         ......................... GOOLE passed test Connectivity

Doing primary tests

   Testing server: Goole\GOOLE

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
 ERROR: NO DNS servers for IPV6 stack was found
         ......................... GOOLE passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : colletts

   Running enterprise tests on : mydomain.local
      Starting test: DNS
         Test results for domain controllers:

            DC: Goole.mydomain.local
            Domain: mydomain.local


               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server:
                  a.root-servers.net. (2001:503:ba3e::2:30)
                  Error: Root hints list has invalid root hint server:
                  b.root-servers.net. (2001:500:84::b)

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t):

                     Warning:
                     Missing AAAA record at DNS server 192.168.2.26:
                     Goole.mydomain.local

                     Error:
                     Missing SRV record at DNS server 192.168.2.26:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._ms
dcs.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.2.26:
                     gc._msdcs.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.3.3:
                     Goole.mydomain.local

                     Error:
                     Missing SRV record at DNS server 192.168.3.3:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._ms
dcs.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.3.3:
                     gc._msdcs.mydomain.local

               Warning: Record Registrations not found in some network adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: mydomain.local
               Goole                        PASS WARN FAIL PASS PASS WARN n/a

         ......................... mydomain.local failed test DNS


GDC1

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = GDC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Goole\GDC1
      Starting test: Connectivity
         ......................... GDC1 passed test Connectivity

Doing primary tests

   Testing server: Goole\GDC1

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... GDC1 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : colletts

   Running enterprise tests on : mydomain.local
      Starting test: DNS
         Test results for domain controllers:

            DC: GDC1.mydomain.local
            Domain: mydomain.local


               TEST: Records registration (RReg)
                  Network Adapter
                  [00000014] Microsoft Network Adapter Multiplexor Driver:
                     Error:
                     Missing SRV record at DNS server 192.168.2.26:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._ms
dcs.mydomain.local

                     Error:
                     Missing SRV record at DNS server 192.168.3.3:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._ms
dcs.mydomain.local

               Warning: Record Registrations not found in some network adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235

            DNS server: 2001:500:2::c (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:3::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

               GDC1                         PASS PASS PASS PASS PASS WARN n/a
         ......................... mydomain.local passed test DNS



DC1
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Halifax\DC1
      Starting test: Connectivity
         ......................... DC1 passed test Connectivity

Doing primary tests

   Testing server: Halifax\DC1

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... DC1 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : colletts

   Running enterprise tests on : mydomain.local
      Starting test: DNS
         Test results for domain controllers:

            DC: DC1.mydomain.local
            Domain: mydomain.local


               TEST: Records registration (RReg)
                  Network Adapter
                  [00000007] Intel(R) PRO/1000 MT Network Connection:
                     Error:
                     Missing SRV record at DNS server 192.168.3.3:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._ms
dcs.mydomain.local

                     Error:
                     Missing SRV record at DNS server 192.168.2.26:
                     _ldap._tcp.4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.domains._ms
dcs.mydomain.local

               Warning: Record Registrations not found in some network adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235

            DNS server: 2001:500:2::c (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:3::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

               DC1                          PASS PASS PASS PASS PASS WARN n/a
         ......................... mydomain.local passed test DNS
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
Can you run the following at the command prompt?  You can run it on a DC and you must have domain admin privileges:

Get-ADDomain | select Name, NetBIOSName, DNSRoot, objectGUID

Open in new window


The output will be 4 columns, the last column is of interest.  The objectGUID will indicate what the correct/active subdomain under the "domains._msdcs.mydomain.local" is.

There can be more than domain subdomains here, when there is a root domain and other child domains.  In my environment, I have 2.  One for my root domain (there are only DCs and a CA in it) and one for my main domain.

Dan
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
Can you also look at the root hints on all your DCs to see if there are IPv6 addresses configured?

1. DNS Manager
2. Right-click on a DNS service, select "properties"
3. Click the "Root Hints" tab
4. Look for IPv6 addresses

Based on your DCDiag, I think there IPv6 addresses because you may have been running DNS on ALL Interfaces.
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Hi Dan,

Apologies for the delay replying I was out of the office today.  
I have just run the command above and the objectGUID returned is 4e6a284b-a7d9-4a52-9a06-c4...

There are no ipV6 addresses in the Root Hints on any of the three DNS servers.  ipV6 was configured to run as one of the interfaces originally before we started making changes as they were all set to Listen on All Addresses.

Thanks
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
So what that means is that your _msdcs subdomain is/was missing.

You'll need to create a subdomain under domains._msdcs... called 4e6a284b-a7d9-4a52-9a06-c4f4da5d3b55.  Then under that you need a subdomain called "._tcp"

You then need to create the "_ldap" SRV records.

It should look exactly like the structure under the other subdomain called "05b5292b-34b8-4fb7-85a3-8beef5fd2069"

In the first screen cap you posted, there are subdomains under the "_tcp" the are not needed.  The SRV records go directly into the "_tcp" subdomain.

I would review this thread before going further.

Link:  https://social.technet.microsoft.com/Forums/windowsserver/en-us/3573db98-7da4-493d-9406-924e2f942e82/how-to-fix-missing-cname-record-guidmsdcsmydomain?forum=winserverDS

Dan
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Hi Dan,

I have manually created the subdomain and added all three DC's under it so it now matches the domain that is already there.  All _LDAP_TCP records now exist.

The strange thing is that dcdiag is now reporting a number of IPv6 issues but all three DNS servers are setup exactly the same all only listening on IPv4 address.  All ipV6 configs on three servers set to obtain automatically.  All network card bindings and advanced options match what you said before so the IP4 is above ip6 in the list.  Really cant see why we are getting the other warning.  Root hints tab on all three DNS servers contains no ipv6 addresses.  I have IPconfig/flushdns'd all three servers, cleared all DNS cache and cant understand why it still shows up.  Also tried the thing mentioned in the link above that says stop netlogon, delete netlogon.dns and another file, then start netlogon again.  Still didnt make a difference.

I have re run dcdiag /test:dns and have now got this:

C:\Windows\System32\config>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Goole
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Goole\GOOLE
      Starting test: Connectivity
         ......................... GOOLE passed test Connectivity

Doing primary tests

   Testing server: Goole\GOOLE

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
 ERROR: NO DNS servers for IPV6 stack was found
         ......................... GOOLE passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : mydomain

   Running enterprise tests on : mydomain.local
      Starting test: DNS
         Test results for domain controllers:

            DC: Goole.mydomain.local
            Domain: mydomain.local


               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server:
                  a.root-servers.net. (2001:503:ba3e::2:30)
                  Error: Root hints list has invalid root hint server:
                  b.root-servers.net. (2001:500:84::b)

               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record _dcdiag_test_record
in zone mydomain.local

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t):

                     Warning:
                     Missing AAAA record at DNS server 192.168.2.26:
                     Goole.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.2.26:
                     gc._msdcs.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.3.3:
                     Goole.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.3.3:
                     gc._msdcs.mydomain.local

               Warning: Record Registrations not found in some network adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: mydomain.local
               Goole                        PASS WARN FAIL PASS WARN WARN n/a

         ......................... mydomain.local failed test DNS

C:\Windows\System32\config>

Thanks for your help Dan
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
Can you verify which servers are running WINS?

In the ipconfig's, I see:
1. 192.168.3.1 is configured for WINS at 192.168.3.1.
2. 192.168.3.3 is configured for WINS at 192.168.3.1.
3. don't see any WINS server config'ed for 192.168.2.26

If each DC is also running WINS, they must be pointed only to themselves in the tcp/ip config.

Sorry for appearing to go in circles, but the config cleanup process often like this.  Especially without being able to directly look at the servers.

Dan
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Hi,

DC1 has the network card WINS address to its own IP.
Goole has the network card WINS address to its own IP
GDC1 has the network card WINS address to Goole IP

I have reset the GDC1 WINS IP to itself and rerun ipconfig /flushdns, dcdiag/test:dns and the results are the same.

No problem going round in circles just grateful for the help.

Thanks
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
OK, a few more commands to run and post:

1. from command prompt
2. type nslookup and hit enter
3. at the nslookup prompt, type set type=SOA and hit enter
4. type the name of your domain and hit enter
5. at the nslookup prompt, type set type=NS and hit enter
6. type the name of your domain and hit enter

You should get something like this:

C:\>nslookup
Default Server:  dc-11.abcdef.com
Address:  10.1.1.11
> set type=SOA
> abcdef.com
Server:  dc-11.abcdef.com
Address:  10.1.1.11
abcdef.com
        primary name server = dc-11.abcdef.com
        responsible mail addr = hostmaster.abcdef.com
        serial  = 593983
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)
      dc-11.abcdef.com       internet address = 10.1.1.11
> set type=NS
> abcdef.com
Server:  dc-11.abcdef.com
Address:  10.1.1.11
abcdef.com nameserver = dc-11.abcdef.com
abcdef.com nameserver = dc-12.abcdef.com
abcdef.com nameserver = dc-13.abcdef.com
abcdef.com nameserver = dc-14.abcdef.com
dc-11.abcdef.com       internet address = 10.1.1.11
dc-12.abcdef.com       internet address = 10.1.2.11
dc-13.abcdef.com       internet address = 10.1.3.11
dc-14.abcdef.com       internet address = 10.1.4.11
>

Dan
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Running these from Goole server I get:


C:\>nslookup
Default Server:  dc1.mydomain.local
Address:  192.168.2.26

> set type=soa
> mydomain.local
Server:  dc1.mydomain.local
Address:  192.168.2.26

mydomain.local
        primary name server = dc1.mydomain.local
        responsible mail addr = hostmaster
        serial  = 55863
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)
dc1.mydomain.local      internet address = 192.168.2.26
> set type=ns
> mydomain.local
Server:  dc1.mydomain.local
Address:  192.168.2.26

mydomain.local  nameserver = goole.mydomain.local
mydomain.local  nameserver = gdc1.mydomain.local
mydomain.local  nameserver = dc1.mydomain.local
goole.mydomain.local    internet address = 192.168.3.1
gdc1.mydomain.local     internet address = 192.168.3.3
dc1.mydomain.local      internet address = 192.168.2.26
>

From DC1 running the same i get:

C:\>nslookup
Default Server:  gdc1.mydomain.local
Address:  192.168.3.3

> set type=soa
> mydomain.local
Server:  gdc1.mydomain.local
Address:  192.168.3.3

mydomain.local
        primary name server = gdc1.mydomain.local
        responsible mail addr = hostmaster
        serial  = 55863
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)
gdc1.mydomain.local     internet address = 192.168.3.3
> set type=ns
> mydomain.local
Server:  gdc1.mydomain.local
Address:  192.168.3.3

mydomain.local  nameserver = goole.mydomain.local
mydomain.local  nameserver = gdc1.mydomain.local
mydomain.local  nameserver = dc1.mydomain.local
goole.mydomain.local    internet address = 192.168.3.1
gdc1.mydomain.local     internet address = 192.168.3.3
dc1.mydomain.local      internet address = 192.168.2.26
>

From GDC1 is shows:

C:\Users\administrator.mydomain>cd\

C:\>nslookup
Default Server:  dc1.mydomain.local
Address:  192.168.2.26

> set type=soa
> mydomain.local
Server:  dc1.mydomain.local
Address:  192.168.2.26

mydomain.local
        primary name server = dc1.mydomain.local
        responsible mail addr = hostmaster
        serial  = 55863
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)
dc1.mydomain.local      internet address = 192.168.2.26
> set type=ns
> mydomain.local
Server:  dc1.mydomain.local
Address:  192.168.2.26

mydomain.local  nameserver = goole.mydomain.local
mydomain.local  nameserver = gdc1.mydomain.local
mydomain.local  nameserver = dc1.mydomain.local
goole.mydomain.local    internet address = 192.168.3.1
gdc1.mydomain.local     internet address = 192.168.3.3
dc1.mydomain.local      internet address = 192.168.2.26
>
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
Can you run this command:

1. Dnscmd  <DC-FQDN-HERE>  /enumrecords  /roothints  @

Run #1, 3 times, each time replacing "<DC-FQDN-HERE>" with the fully qualified domain name of each DC.

2. dnscmd <DC-FQDN-HERE>  /enumrecords  <DomainName.extension> @ /type AAAA
3. Can you also post the contents of the "gc" subdomain?  it is under _msdcs.yourdomain.extension

Dan
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Hi Dan,

C:\Users\administrator.mydomain>dnscmd goole.mydomain.local /enumrecords /roothi
nts @
Returned records:
@ 0 NS  a.root-servers.net.
                 0 NS   c.root-servers.net.
                 0 NS   e.root-servers.net.
                 0 NS   f.root-servers.net.
                 0 NS   g.root-servers.net.
                 0 NS   h.root-servers.net.
                 0 NS   i.root-servers.net.
                 0 NS   j.root-servers.net.
                 0 NS   k.root-servers.net.
                 0 NS   m.root-servers.net.
                 85246 SOA      a.root-servers.net. nstld.verisign-grs.com. 2014
112100 1800 900 604800 86400
localhost 1476381344 A  127.0.0.1

Command completed successfully.


C:\Users\administrator.mydomain>dnscmd dc1.mydomain.local /enumrecords /roothint
s @
Returned records:
@ 460268 NS     f.root-servers.net.
                 460268 NS      m.root-servers.net.
                 460268 NS      a.root-servers.net.
                 460268 NS      g.root-servers.net.
                 460268 NS      b.root-servers.net.
                 460268 NS      k.root-servers.net.
                 460268 NS      c.root-servers.net.
                 460268 NS      d.root-servers.net.
                 460268 NS      i.root-servers.net.
                 460268 NS      e.root-servers.net.
                 460268 NS      j.root-servers.net.
                 460268 NS      l.root-servers.net.
                 460268 NS      h.root-servers.net.
                 0 NS   a.root-servers.net.
                 0 NS   c.root-servers.net.
                 0 NS   e.root-servers.net.
                 0 NS   f.root-servers.net.
                 0 NS   g.root-servers.net.
                 0 NS   h.root-servers.net.
                 0 NS   i.root-servers.net.
                 0 NS   j.root-servers.net.
                 0 NS   k.root-servers.net.
                 0 NS   m.root-servers.net.
                 28268 SOA      a.root-servers.net. nstld.verisign-grs.com. 2014
112001 1800 900 604800 86400
                 28268 RRSIG    SOA 8 0 86400 20141127170000 20141120160000 2260
3 @ K9cRRnzFN14B3jb2LWQ2EgPPDoyLsC5Ih26JQZ9ueW8SRimyKY9U8bEVwyN2h/APi2pnybjlC5cA
MWTAwNEbD5IBt9u627ouNER9lGsOdQ/YvxZ/Aq6fjZNPeEYFUI0wyfCqXgU8kLyUPMC2jhIexNh0QCjA
ncLlcM8nB7H4iZk=
                 28268 RRSIG    NS 8 0 518400 20141127170000 20141120160000 2260
3 @ NuiOwzVnTku7NUR+Z58fr/TIpL8AWoXH97rB+bUxP3w0Jqn1AOkjYw/fKMYTNXt04bE/JvqcgrLC
HLBGUpmL8awKbCQN+QrH2XY5Qff5cU+yEgHMtcqHS7CSHj2ZkEDQIi8jx8P+bhog28UaQJdqHFG/wckc
0cdS9xZJtEDJVfs=
localhost 1476381026 A  127.0.0.1

Command completed successfully.



C:\Users\administrator.mydomain>dnscmd gdc1.mydomain.local /enumrecords /roothin
ts @
Returned records:
@ 460242 NS     a.root-servers.net.
                 460242 NS      b.root-servers.net.
                 460242 NS      c.root-servers.net.
                 460242 NS      d.root-servers.net.
                 460242 NS      e.root-servers.net.
                 460242 NS      f.root-servers.net.
                 460242 NS      g.root-servers.net.
                 460242 NS      h.root-servers.net.
                 460242 NS      i.root-servers.net.
                 460242 NS      j.root-servers.net.
                 460242 NS      k.root-servers.net.
                 460242 NS      l.root-servers.net.
                 460242 NS      m.root-servers.net.
                 0 NS   m.root-servers.net.
                 0 NS   k.root-servers.net.
                 0 NS   j.root-servers.net.
                 0 NS   i.root-servers.net.
                 0 NS   h.root-servers.net.
                 0 NS   g.root-servers.net.
                 0 NS   f.root-servers.net.
                 0 NS   e.root-servers.net.
                 0 NS   c.root-servers.net.
                 0 NS   a.root-servers.net.
                 28242 SOA      a.root-servers.net. nstld.verisign-grs.com. 2014
112001 1800 900 604800 86400
                 28242 RRSIG    SOA 8 0 86400 20141127170000 20141120160000 2260
3 @ K9cRRnzFN14B3jb2LWQ2EgPPDoyLsC5Ih26JQZ9ueW8SRimyKY9U8bEVwyN2h/APi2pnybjlC5cA
MWTAwNEbD5IBt9u627ouNER9lGsOdQ/YvxZ/Aq6fjZNPeEYFUI0wyfCqXgU8kLyUPMC2jhIexNh0QCjA
ncLlcM8nB7H4iZk=
                 28242 RRSIG    NS 8 0 518400 20141127170000 20141120160000 2260
3 @ NuiOwzVnTku7NUR+Z58fr/TIpL8AWoXH97rB+bUxP3w0Jqn1AOkjYw/fKMYTNXt04bE/JvqcgrLC
HLBGUpmL8awKbCQN+QrH2XY5Qff5cU+yEgHMtcqHS7CSHj2ZkEDQIi8jx8P+bhog28UaQJdqHFG/wckc
0cdS9xZJtEDJVfs=
localhost 1476381054 A  127.0.0.1

Command completed successfully.

C:\Users\administrator.mydomain>dnscmd goole.mydomain.local /enumrecords collett
s.local @ /type AAAA
Returned records:

Command completed successfully.

C:\Users\administrator.mydomain>
Image1.gif
Image2.gif
Image3.gif
Image4.gif
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
OK, your "gc" entries look ok.

But.... you have DNSSEC turned on, on dc1 and gdc1.  I think this also part of the issue.  Why have you enabled DNSSEC?  Was this done for a specific reason?

Can you screen cap the following:

1. in DNS Manager
2. right-click a server and select Properties
3. click the "Trust Anchors" tab
4. screen cap this tab from all 3 DCs please.

Dan
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
No reason for DNSSEC

Trust Anchors dab only appears on DC1 and is blank.  Advanced tabs from all 3 are attached which shows something to do with DNSSEC...
Imagea1.gif
Imagea2.gif
Imagea3.gif
0
 
LVL 26

Accepted Solution

by:
Dan McFadden earned 500 total points
Comment Utility
Please disable DNSSEC on the Advanced tab on GDC1.  And make sure savaging is set the same on all DCs, on DC1 its turned off.
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
I have done this and have the following dcdiag /test:dns results:

Server Goole:
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Goole
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Goole\GOOLE
      Starting test: Connectivity
         ......................... GOOLE passed test Connectivity

Doing primary tests

   Testing server: Goole\GOOLE

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
 ERROR: NO DNS servers for IPV6 stack was found
         ......................... GOOLE passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : mydomain

   Running enterprise tests on : mydomain.local
      Starting test: DNS
         Test results for domain controllers:

            DC: Goole.mydomain.local
            Domain: mydomain.local


               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server:
                  a.root-servers.net. (2001:503:ba3e::2:30)
                  Error: Root hints list has invalid root hint server:
                  b.root-servers.net. (2001:500:84::b)

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t):

                     Warning:
                     Missing AAAA record at DNS server 192.168.2.26:
                     Goole.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.2.26:
                     gc._msdcs.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.3.3:
                     Goole.mydomain.local

                     Warning:
                     Missing AAAA record at DNS server 192.168.3.3:
                     gc._msdcs.mydomain.local

               Warning: Record Registrations not found in some network adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: mydomain.local
               Goole                        PASS WARN FAIL PASS PASS WARN n/a

         ......................... mydomain.local failed test DNS

C:\>


Server GDC1:
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = GDC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Goole\GDC1
      Starting test: Connectivity
         ......................... GDC1 passed test Connectivity

Doing primary tests

   Testing server: Goole\GDC1

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... GDC1 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : mydomain

   Running enterprise tests on : mydomain.local
      Starting test: DNS
         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235

            DNS server: 2001:500:2::c (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:3::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

         ......................... mydomain.local passed test DNS

C:\>


Server DC1:
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Halifax\DC1
      Starting test: Connectivity
         ......................... DC1 passed test Connectivity

Doing primary tests

   Testing server: Halifax\DC1

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... DC1 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : mydomain

   Running enterprise tests on : mydomain.local
      Starting test: DNS
         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235

            DNS server: 2001:500:2::c (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:3::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

         ......................... mydomain.local passed test DNS
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
OK, I would run these commands on all servers, from an account that has Admin privileges:

1. from command prompt
2. netsh interface ipv6 6to4 set state disabled
3. netsh interface teredo set state disabled

Also, adding forwarders may be helpful to clear up the last of the issues.

Dan
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Hi Dan,

I have done as requested but still get the IPv6 errors on one server (Goole).  Everything else appears to be working normally and all other servers dont report the IPV6 error.  Very odd.  Forwarders added got rid of some but not all errors/warnings.

thanks
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
I'd recommend a reboot on GOOLE.  After the reboot, I would run 1 more dcdiag on GOOLE and check the summary results at the bottom.  As long as there are no FAIL, I believe the IPv6 DNS issue can be safely ignored.

Also, I would run repadmin to make sure the replication is looking good:

*** from a command prompt with Admin privileges
repadmin /replsummary

for more details, try:

repadmin /showrepl * > repadmin.txt

the second command throws a ton of info, so best to drop into a file.

Dan
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Looks okay to me

C:\>repadmin /replsummary
Replication Summary Start Time: 2014-11-26 15:42:30

Beginning data collection for replication summary, this may take awhile:
  ......


Source DSA          largest delta    fails/total %%   error
 DC1                       03m:15s    0 /   5    0
 GDC1                      08m:28s    0 /  10    0
 GOOLE                     06m:14s    0 /   5    0


Destination DSA     largest delta    fails/total %%   error
 DC1                       08m:29s    0 /   5    0
 GDC1                      06m:15s    0 /   5    0
 GOOLE                     03m:16s    0 /  10    0
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
Yup. No replication errors.  Looks nice.
0
 
LVL 1

Author Comment

by:cloughs
Comment Utility
Okay thats great news, fantastic level of support from you Dan, really appreciate it.
0
 
LVL 1

Author Closing Comment

by:cloughs
Comment Utility
Absolutely fantastic support from Dan, highly recommend his support for other users, Thanks!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now