Solved

Windowws 2008 / 2012 DNS

Posted on 2016-09-21
6
31 Views
Last Modified: 2016-09-27
Hello,

We have a 2008 DC and were having problems with DNS replicating with our 2012 server.Ended up doing an authoritative restore, which did not help.  Long story short the advice was to remove the 2012 system from AD then we could re add it. Unfortunately it did not remove gracefully so we had a metadata cleanup to do.

The Dns on the 2008 server changed and I am missing my msdcs folder in DNS. I only have my.domain.local with no clients showing.
Do I do an authoritve restore and try to fix things again?
Here is the current info from DC Diag.

Any suggestions on what I should do? If I restore the system state again I will need to remove the old DC (2012) from the DNS / AD again. The 2012 is a member server now.

Here is a recent dcdiag info. Note the msdc resolves to an outside ip?

Directory Server Diagnosis

 

Performing initial setup:

   Trying to find home server...

   Home Server = SSDC2

   * Identified AD Forest.

   Done gathering initial info.

 

Doing initial required tests

 

   Testing server: Default-First-Site-Name\SSDC2

      Starting test: Connectivity

         Although the Guid DNS name (72fe5fdb-4e8e-441e-88f4-e7ba0d4c1057._msdcs.domain.com) resolved to the IP

         address (205.178.189.129), which could not be pinged, the server name (SSDC2.domain.comt) resolved to the

         IP address (::1) and could be pinged.  Check that the IP address is registered correctly with the DNS server.

         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.

         ......................... SSDC2 failed test Connectivity

 

Doing primary tests

 

   Testing server: Default-First-Site-Name\SSDC2

      Skipping all tests, because server SSDC2 is not responding to directory service requests.

 

 

   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test CrossRefValidation

 

   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test CrossRefValidation

 

   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

 

   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

 

   Running partition tests on : schulershook

      Starting test: CheckSDRefDom

         ......................... schulershook passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... schulershook passed test CrossRefValidation

 

   Running enterprise tests on : schulershook.net

      Starting test: LocatorCheck

         ......................... schulershook.net passed test LocatorCheck

      Starting test: Intersite

         ......................... schulershook.net passed test Intersite

PS C:\> dcdiag /c /v

 

Directory Server Diagnosis

 

Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine SSDC2, is a Directory Server.

   Home Server = SSDC2

   * Connecting to directory service on server SSDC2.

   * Identified AD Forest.

   Collecting AD specific global data

   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=sdomain,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory

=ntDSSiteSettings),.......

   The previous call succeeded

   Iterating through the sites

   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local

   Getting ISTG and options for the site

   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=nt

DSDsa),.......

   The previous call succeeded....

   The previous call succeeded

   Iterating through the list of servers

   Getting information for the server CN=NTDS Settings,CN=SSDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Config

uration,DC=domain,DC=local

   objectGuid obtained

   InvocationID obtained

   dnsHostname obtained

   site info obtained

   All the info for the server collected

   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.

 

Doing initial required tests

 

   Testing server: Default-First-Site-Name\SSDC2

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         Although the Guid DNS name (72fe5fdb-4e8e-441e-88f4-e7ba0d4c1057._msdcs.domain.local) resolved to the IP

         address (205.178.189.129), which could not be pinged, the server name (SSDC2.domain.local) resolved to the

         IP address (::1) and could be pinged.  Check that the IP address is registered correctly with the DNS server.

         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.

         ......................... SSDC2 failed test Connectivity

 

Doing primary tests

 

   Testing server: Default-First-Site-Name\SSDC2

      Skipping all tests, because server SSDC2 is not responding to directory service requests.

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas

 

      Starting test: DNS

 

         DNS Tests are running and not hung. Please wait a few minutes...

         See DNS test in enterprise tests section for results

         ......................... SSDC2 passed test DNS

 

   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test CrossRefValidation

 

   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test CrossRefValidation

 

   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

 

   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

 

   Running partition tests on : domain

      Starting test: CheckSDRefDom

         ......................... schulershook passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... schulershook passed test CrossRefValidation

 

   Running enterprise tests on : domain.local

      Starting test: DNS

         Test results for domain controllers:

 

            DC: SSDC2.sdomain.local

            Domain: sdomain.local

 

 

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

 

               TEST: Basic (Basc)

                  Error: No LDAP connectivity

                  The OS Microsoft Windows Server 2008 R2 Enterprise  (Service Pack level: 1.0) is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000015] QLogic BCM5716C Gigabit Ethernet (NDIS VBD Client):

                     MAC address is D4:AE:52:68:AC:5E

                     IP Address is static

                     IP address: 10.1.1.14

                     DNS servers:

                        Warning:

                        10.1.1.14 (SSDC2) [Invalid]

                        Warning: adapter [00000015] QLogic BCM5716C Gigabit Ethernet (NDIS VBD Client) has invalid DNS

                        server: 10.1.1.14 (SSDC2)

                  Error: all DNS servers are invalid

                  No host records (A or AAAA) were found for this DC

                  The SOA record for the Active Directory zone was found

                  Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration)

                  Root zone on this DC/DNS server was not found

 

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information:

                     66.28.0.45 (<name unavailable>) [Valid]

                     66.28.0.61 (<name unavailable>) [Valid]

                     8.8.8.8 (<name unavailable>) [Valid]

 

               TEST: Dynamic update (Dyn)

                  Warning: Failed to add the test record dcdiag-test-record in zone domain.local

                  [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period ex

pired.)]

                  Test record dcdiag-test-record deleted successfully in zone domain.local

 

            TEST: Records registration (RReg)

               Error: Record registrations cannot be found for all the network adapters

 

         Summary of test results for DNS servers used by the above domain controllers:

 

            DNS server: 10.1.1.14 (SSDC2)

               1 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.domain.local. failed on the DNS server 10.1.1.14

               [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
0
Comment
Question by:mark hale
  • 4
6 Comments
 

Accepted Solution

by:
mark hale earned 0 total points
ID: 41808541
I think i will do an authoritative restore on the system state, the remove the old server through meta cleanup again. Then maybe the msdc.domain will stay in dns.
0
 
LVL 4

Expert Comment

by:Felicia King
ID: 41808593
You do not need to do any restores to correct DNS for active directory.
If your DNS for AD is that jacked up, then just delete the zone, recreate it, then force the refresh of the DC and it will register all new DNS records. You need to then force the refresh of all DCs and when they are doing that, they will reregister their records.
However, you need to ensure that your primary and secondary DNS server settings in TCP/IP adapter on every DC are set correctly first or you will not have DNS convergence.
This is really rather an advanced procedure, so if you are not sure how to do it, then I suggest contacting an expert for their remote assistance.
0
 

Author Comment

by:mark hale
ID: 41811161
Turns out I had to do the restore. Created the new zone all is well.
0
 
LVL 9

Expert Comment

by:Zenvenky
ID: 41811347
That's a bad practice, I'm sure you'll get "connectivity fail" error again. You need to check DNS configuration on all the DCs and fix it. Specially on the DC where you got connectivity fail error. Use below mentioned link as reference to fix DNS.

DNS on DC
0
 

Author Comment

by:mark hale
ID: 41811361
THe DC (with DNS) is pointing to itself.
0
 

Author Closing Comment

by:mark hale
ID: 41817538
I needed (in my case) to do the authoritative restore and recreate the new zones.
0

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now