DNS Error in Win 2008 R2

Posted on 2016-08-02
Last Modified: 2016-08-05
I am going through the roles enabled on my DCs. I am running the best practice analyzer and I am getting this failure for my DNS. Attached screenshot that says my " was not. When I look at my "Forward Lookup Zones" in DNS manager I see XXXX.ORG with _msdcs as a sub folder (also in the screenshot). All my servers and workstations are in the XXXX.ORG folder. Should I change this?
Question by:InSearchOf
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 41

Accepted Solution

Adam Brown earned 250 total points
ID: 41739441
It's best to maintain _msdsc as a separate zone than as a folder inside the root zone for your domain. The way to change this is to delete the folder, create a new Forward Lookup Zone called, then run the following commands on the DC:
ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon

Open in new window


Author Comment

ID: 41739458
I forgot to upload the screenshot. Here it is.
LVL 41

Expert Comment

by:Adam Brown
ID: 41739470
Yep. Delete the folder for _msdsc in your domain FLZ and create it again as a separate zone. Once you flush and re-register DNS, then restart netlogon, that error should go away.
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users


Author Comment

ID: 41739489
How about what is in there now?
LVL 41

Expert Comment

by:Adam Brown
ID: 41739502
Clear that out, recreate the folder as a zone, and the DC will repopulate the necessary data when it registers itself in DNS. You'll want to make sure you're running the commands I gave on all DCs in the environment, as well.

Author Comment

ID: 41739546
This is what I have in that folder.
LVL 41

Expert Comment

by:Adam Brown
ID: 41739633
That's normal. All of that is SRV records that allow clients to locate the DCs. Those will be repopulated automatically after registering DNS on the DCs.

Author Comment

ID: 41739718
Great. I will do this  after hours just to be on the safe side. I will post back tomorrow. Thanks for the help.
LVL 26

Assisted Solution

DrDave242 earned 250 total points
ID: 41742801
For what it's worth, this is simply a bug in the BPA that I've run across a number of times. Either configuration will work: you can have _msdcs as a separate zone or as a subfolder inside the domain forward lookup zone. Configuring it as a separate zone allows it to be stored in a different application directory partition so that it can be replicated separately from the domain zone, but in terms of query and response functionality, the two configurations are identical.

For some reason, the BPA only checks for _msdcs as a separate zone and returns that error if it doesn't find it.

Author Comment

ID: 41742920
- Thanks for the FYI on the BPA bug.

- I have not had a chance to recreate the folder.

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question