Missing GC SRV record for DNS server
On my DC server "BranchDC1" (Server 2008 R2 Core), I am getting the following error:
\>dcdiag /test:dns /e
TEST: Records registration (RReg)
Network Adapter [00000000] Microsoft Virtual Machine Bus Network Adapter:
Warning:
Missing SRV record at DNS server 10.2.100.121:
_ldap._tcp.gc._msdcs.mydom
Error: Record registrations cannot be found for all the network adapters
My other branch office DCs do not throw this error. The IP address shown above is for BranchDC's replication partner in the data center, "HQDC1."
BranchDC1 was just re-added to the domain and re-promoted, after being demoted and removed for a few weeks while the branch office was being relocated.
I've been checking a lot of things. And the only thing I can find wrong is that HQDC1 is missing the _ldap SRV record for BranchDC1 under Forward Lookup Zones/mydomain.com/_msdcs/
How can I get it to auto-generate this record?
I tried nltest /dsregdns.
I have tried registerdns, stop/start netlogon. I swapped order of DNS servers on BranchDC1's NIC (pointing to itself and HQDC1), and performed those steps again.
I checked netlogon.dns on BranchDC1 and it looks right (compared it to others). No other SRV records appear to be missing from anywhere else that I've found thus far.
Replication looks good.
The BranchDC1 server is checked as a GC in AD Sites and Services.
Doing dcdiag /fix passes all tests, except NCSecDesc, which all of our DCs fail, but I think this can be ignored.
Thanks in advance for your help.
\>dcdiag /test:dns /e
TEST: Records registration (RReg)
Network Adapter [00000000] Microsoft Virtual Machine Bus Network Adapter:
Warning:
Missing SRV record at DNS server 10.2.100.121:
_ldap._tcp.gc._msdcs.mydom
Error: Record registrations cannot be found for all the network adapters
My other branch office DCs do not throw this error. The IP address shown above is for BranchDC's replication partner in the data center, "HQDC1."
BranchDC1 was just re-added to the domain and re-promoted, after being demoted and removed for a few weeks while the branch office was being relocated.
I've been checking a lot of things. And the only thing I can find wrong is that HQDC1 is missing the _ldap SRV record for BranchDC1 under Forward Lookup Zones/mydomain.com/_msdcs/
How can I get it to auto-generate this record?
I tried nltest /dsregdns.
I have tried registerdns, stop/start netlogon. I swapped order of DNS servers on BranchDC1's NIC (pointing to itself and HQDC1), and performed those steps again.
I checked netlogon.dns on BranchDC1 and it looks right (compared it to others). No other SRV records appear to be missing from anywhere else that I've found thus far.
Replication looks good.
The BranchDC1 server is checked as a GC in AD Sites and Services.
Doing dcdiag /fix passes all tests, except NCSecDesc, which all of our DCs fail, but I think this can be ignored.
Thanks in advance for your help.
ASKER
I removed it because it was going to be offline for at least 3 weeks, maybe longer.
Under NTDS Settings Properties for the BranchDC1 server in AD Sites and Services, Global Catalog is checked.
In the event log, there isn't much. There is an event ID 5781, but that's from yesterday when I was first bringing the system back. And there were a couple recent event ID 1014, for mydomain.com.
Thanks
Under NTDS Settings Properties for the BranchDC1 server in AD Sites and Services, Global Catalog is checked.
In the event log, there isn't much. There is an event ID 5781, but that's from yesterday when I was first bringing the system back. And there were a couple recent event ID 1014, for mydomain.com.
Thanks
Often, you can extend the tombstone if that is the concern.
Are there errors related to sysvol? is sysvol shared on this branch?
check replication status. does the local branch
It might have replication issues preventing the GC from coming online.
check netdiag, repladm..
Are there errors related to sysvol? is sysvol shared on this branch?
check replication status. does the local branch
It might have replication issues preventing the GC from coming online.
check netdiag, repladm..
ASKER
Yes sysvol is on this branch. No errors related that I can find. There are Information notices that it is successfully initialized and ready to share sysvol.
dcdiag /test:replications /e shows no errors.
repadmin /showrepl hqdc1.mydomain.com shows no errors.
repadmin /replsum shows no fails.
netdiag doesn't exist on server 2008 r2.
What if I were to uncheck this as a GC, then re-check it?
Thanks
dcdiag /test:replications /e shows no errors.
repadmin /showrepl hqdc1.mydomain.com shows no errors.
repadmin /replsum shows no fails.
netdiag doesn't exist on server 2008 r2.
What if I were to uncheck this as a GC, then re-check it?
Thanks
is the local DNS a replication of the branch,
The GC needs only be reflected in the local site and not through out.
i.e. you do not expect to have requests from HQ to flow to the branch.
Your setup is fine.
The GC needs only be reflected in the local site and not through out.
i.e. you do not expect to have requests from HQ to flow to the branch.
Your setup is fine.
ASKER
is the local DNS a replication of the branchSorry, I'm not sure I understand what you're asking.
Your setup is fine.I am getting that error message, though, and none of the other branch DCs have this issue. Every branch DC shows up in Forward Lookup Zones/mydomain.com/_msdcs/
Thank you
ASKER
I removed BranchDC1 as a GC in Sites and Services. I deleted the _ldap SRV for BranchDC1 from under BranchDC1/Forward Lookup Zones/mydomain.com/_msdcs/
Ran the AD Replication Status too. No errors with replication. Branch DC1 is recognized as a GC.
Still getting the same error when I run \>dcdiag /test:dns
I've about run out of ideas for things to try.
Ran the AD Replication Status too. No errors with replication. Branch DC1 is recognized as a GC.
Still getting the same error when I run \>dcdiag /test:dns
I've about run out of ideas for things to try.
What is the output from nslookup 10.2.100.121?
The error might deal with the reverse.
You are using the /e option, it is not clear that the error is reflective of this branch or one if the other locations.
The error might deal with the reverse.
You are using the /e option, it is not clear that the error is reflective of this branch or one if the other locations.
ASKER
What is the output from nslookup 10.2.100.121?nslookup looks normal. Same results from any DC.
C:\>nslookup 10.2.100.121
Server: UnKnown
Address: ::1
Name: HQDC1.mydomain.com
Address: 10.2.100.121You are using the /e option, it is not clear that the error is reflective of this branch or one if the other locations.It's definitely referring to BranchDC1, and the error appears regardless of where I do the test from.
DC: BRANCHDC1.mydomain.com
Domain: mydomain.com
TEST: Records registration (RReg)
Network Adapter [00000000] Microsoft Virtual Machine Bus Network Adapter:
Warning:
Missing SRV record at DNS server 10.2.100.121:
_ldap._tcp.gc._msdcs.mydomain.com
Error: Record registrations cannot be found for all the network adapters
It points to hqdc's DNS that is missing the record.
TEST: Records registration (RReg)
Network Adapter [00000000] Microsoft Virtual Machine Bus Network Adapter:
Warning:
Missing SRV record at DNS server 10.2.100.121:
_ldap._tcp.gc._msdcs.mydomain.com
Error: Record registrations cannot be found for all the network adapters
ASKER
Yes, that is what I wrote in my original post. I'm trying to figure out why it won't create that record there.
I can see it missing from the other DCs as well, but it is only throwing the error for HQDC1, which replicates with BranchDC1 and all other DCs.
Thank you
I can see it missing from the other DCs as well, but it is only throwing the error for HQDC1, which replicates with BranchDC1 and all other DCs.
Thank you
You are on the wrong system. You have a multi-site design, querying from the branch including every test. your branch would not be service HQ
do you run dcdiag /test:dns /e on every branch, do all branches have similar setups.
Your Site setup is a Hub and spoke i.e. each branch reps back to all DCs in HQ?
Have to reread your question to make sure I am not mixing multiple things into one.
Is the branch DC reflected in the correct site? Compare the other Branch DCs location to this one.
do you run dcdiag /test:dns /e on every branch, do all branches have similar setups.
Your Site setup is a Hub and spoke i.e. each branch reps back to all DCs in HQ?
Have to reread your question to make sure I am not mixing multiple things into one.
Is the branch DC reflected in the correct site? Compare the other Branch DCs location to this one.
ASKER
When I run \>dcdiag /test:dns /e I get the same results regardless of what DC I run it from. BranchDC1 is the only one that fails the RReg test.
I have run it from two different DCs at my data center, including HQDC1, and I have run it from 3 different branch DCs, including BranchDC1.
All branch DCs replicate back to HQDC1.
BranchDC1 is showing under the correct site in Sites and Services. It is the only server for that site.
Thank you
I have run it from two different DCs at my data center, including HQDC1, and I have run it from 3 different branch DCs, including BranchDC1.
All branch DCs replicate back to HQDC1.
BranchDC1 is showing under the correct site in Sites and Services. It is the only server for that site.
Thank you
Not sure which error it means, the resolution of the branchdc1 on the hqdc1 system.
ASKER
I just remembered, initially BranchDC1 was added to the wrong site when re-promoted, but I quickly moved it. Might have something to do with it...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Is it reported on the branch side SRC revord lookup _tcp._ldap.msdcs.domain.loOn BranchDC1, there is a SRV record in Forward Lookup Zones/mydomain.com/_msdcs/cal SRV record as preferred?
Thanks
This is a BranchDC1 site.
Do other branches show up
Zones/mydomain.com/_msdcs/
?
Is this Branch site delegated configured/differnetly than the others?
Do other branches show up
Zones/mydomain.com/_msdcs/
?
Is this Branch site delegated configured/differnetly than the others?
ASKER
I found the SRV record for BranchDC1 was missing from Forward Lookup Zones/mydomain.com/_msdcs/
No other branch DC is missing any record from anywhere that I can see.
If there is a configuration difference, I'm not aware of it.
Edit: Above I said the record was missing from Forward Lookup Zones/mydomain.com/_msdcs/
No other branch DC is missing any record from anywhere that I can see.
If there is a configuration difference, I'm not aware of it.
Edit: Above I said the record was missing from Forward Lookup Zones/mydomain.com/_msdcs/
ASKER
Is demoting and then re-promoting this DC a good idea?
No, if you have an option to add a new server in the DC role and see if it works, then retire the branchdc1 including cleaning out metadata.
ASKER
Found a connectivity problem between BranchDC1 and a couple other branches. It does not have a partnership with the DCs in those branches, but fixing that connectivity issue resolved the replication problem with BranchDC1 and HQDC1.
Usually, when moving, there is no need to remove the system from the AD, but simply move and then it will reestablish a connection. ....