We help IT Professionals succeed at work.

DNS Error LDAP?

491 Views
Last Modified: 2014-11-24
Hi
I am getting this error in my best practive anazlyzer. I was checking here since i was having a sysvol replication issue. What record is this looking for dns? My 2 DCs each have their local ip in the forward zones?

Issue:
The "LdapIpAddress" DNS (A/AAAA) resource records that advertise this domain controller as an available LDAP server in the domain and point to its IPv4 or IPv6 addresses are not registered. All writeable domain controllers in the domain (but not read-only domain controllers (RODCs)) must register these records.
Comment
Watch Question

Dan McFaddenTechnical Lead - Active Directory
CERTIFIED EXPERT

Commented:
This initially appears to be an Active Directory issue.  I would run the following command:

with an account that has Admin privileges = dcdiag /test:DNS /e /v > dcdiag.txt

and attach the output so it can be looked over.

Dan
JamesSenior Cloud Infrastructure Engineer
CERTIFIED EXPERT

Commented:
Check that replication is functioning. Run the following commands from the command prompt > repadmin /syncall /AdeP and also > repadmin /showreps

Check to see can you access the sysvol share from each domain controller and vice a versa.

Regards,

JBond2010

Author

Commented:
Mostly i am seeing it is missing my AAAA records but i dont use IP V6. Ill have it posted in a few.

Author

Commented:
My sys vol share is not replicating to my second DC. I usually edit Group policy on my main server and it is not replicating over is the reason i started looking around.  

I got nothing from that command about repadmin...
JamesSenior Cloud Infrastructure Engineer
CERTIFIED EXPERT

Commented:
You did not get any errors from repadmin? The command is - repadmin /AdeP

Please be aware the AP in /AdeP are capitals.


Regards,

JBond2010

Author

Commented:
No errors at all with that command
Dan McFaddenTechnical Lead - Active Directory
CERTIFIED EXPERT

Commented:
There should be a file called dcdiag.txt in the location that you ran the command prompt from.

If you just opened a command prompt and ran the command, the text file is probably in your user directory.

Author

Commented:
Dan i ran your command and the only errors on all 9 pages were the server not listed it V6 AAAA record, other than that it came out clean. Im not sure what this ldapipaddress setting is supposed to be the best practice thing is complaining about?
Dan McFaddenTechnical Lead - Active Directory
CERTIFIED EXPERT

Commented:

Author

Commented:
it is talking about ldap in the error but is it simply stating it is mad i disabled ip v6 on my nic and once i turn it on and that record hits dns it will be happy?
Dan McFaddenTechnical Lead - Active Directory
CERTIFIED EXPERT

Commented:
You should not disable IPv6 on domain controllers.  It is not recommended by Microsoft.  IPv6 should be enabled and for all options configured as automatic.

Dan
Technical Lead - Active Directory
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
is this ok to do during the day since i am not messing with my ip v4 address?
Dan McFaddenTechnical Lead - Active Directory
CERTIFIED EXPERT

Commented:
This can be done without disrupting operations.

Author

Commented:
i added ip v6 back in but the analyzer is still not happy.
Is this supposed to be in DNS somewhere i do not see it?
LdapIpAddress ??
Dan McFaddenTechnical Lead - Active Directory
CERTIFIED EXPERT

Commented:
The "LdapIpAddress" item is described in my post from yesterday at 16:38.  Please read thru the article from Microsoft as it describes what you need to do to address the issue,

Dan
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.