Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windowws 2008 / 2012 DNS

Posted on 2016-09-21
6
Medium Priority
?
72 Views
Last Modified: 2016-09-27
Hello,

We have a 2008 DC and were having problems with DNS replicating with our 2012 server.Ended up doing an authoritative restore, which did not help.  Long story short the advice was to remove the 2012 system from AD then we could re add it. Unfortunately it did not remove gracefully so we had a metadata cleanup to do.

The Dns on the 2008 server changed and I am missing my msdcs folder in DNS. I only have my.domain.local with no clients showing.
Do I do an authoritve restore and try to fix things again?
Here is the current info from DC Diag.

Any suggestions on what I should do? If I restore the system state again I will need to remove the old DC (2012) from the DNS / AD again. The 2012 is a member server now.

Here is a recent dcdiag info. Note the msdc resolves to an outside ip?

Directory Server Diagnosis

 

Performing initial setup:

   Trying to find home server...

   Home Server = SSDC2

   * Identified AD Forest.

   Done gathering initial info.

 

Doing initial required tests

 

   Testing server: Default-First-Site-Name\SSDC2

      Starting test: Connectivity

         Although the Guid DNS name (72fe5fdb-4e8e-441e-88f4-e7ba0d4c1057._msdcs.domain.com) resolved to the IP

         address (205.178.189.129), which could not be pinged, the server name (SSDC2.domain.comt) resolved to the

         IP address (::1) and could be pinged.  Check that the IP address is registered correctly with the DNS server.

         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.

         ......................... SSDC2 failed test Connectivity

 

Doing primary tests

 

   Testing server: Default-First-Site-Name\SSDC2

      Skipping all tests, because server SSDC2 is not responding to directory service requests.

 

 

   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test CrossRefValidation

 

   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test CrossRefValidation

 

   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

 

   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

 

   Running partition tests on : schulershook

      Starting test: CheckSDRefDom

         ......................... schulershook passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... schulershook passed test CrossRefValidation

 

   Running enterprise tests on : schulershook.net

      Starting test: LocatorCheck

         ......................... schulershook.net passed test LocatorCheck

      Starting test: Intersite

         ......................... schulershook.net passed test Intersite

PS C:\> dcdiag /c /v

 

Directory Server Diagnosis

 

Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine SSDC2, is a Directory Server.

   Home Server = SSDC2

   * Connecting to directory service on server SSDC2.

   * Identified AD Forest.

   Collecting AD specific global data

   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=sdomain,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory

=ntDSSiteSettings),.......

   The previous call succeeded

   Iterating through the sites

   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local

   Getting ISTG and options for the site

   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=nt

DSDsa),.......

   The previous call succeeded....

   The previous call succeeded

   Iterating through the list of servers

   Getting information for the server CN=NTDS Settings,CN=SSDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Config

uration,DC=domain,DC=local

   objectGuid obtained

   InvocationID obtained

   dnsHostname obtained

   site info obtained

   All the info for the server collected

   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.

 

Doing initial required tests

 

   Testing server: Default-First-Site-Name\SSDC2

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         Although the Guid DNS name (72fe5fdb-4e8e-441e-88f4-e7ba0d4c1057._msdcs.domain.local) resolved to the IP

         address (205.178.189.129), which could not be pinged, the server name (SSDC2.domain.local) resolved to the

         IP address (::1) and could be pinged.  Check that the IP address is registered correctly with the DNS server.

         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.

         ......................... SSDC2 failed test Connectivity

 

Doing primary tests

 

   Testing server: Default-First-Site-Name\SSDC2

      Skipping all tests, because server SSDC2 is not responding to directory service requests.

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas

 

      Starting test: DNS

 

         DNS Tests are running and not hung. Please wait a few minutes...

         See DNS test in enterprise tests section for results

         ......................... SSDC2 passed test DNS

 

   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test CrossRefValidation

 

   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test CrossRefValidation

 

   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

 

   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

 

   Running partition tests on : domain

      Starting test: CheckSDRefDom

         ......................... schulershook passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... schulershook passed test CrossRefValidation

 

   Running enterprise tests on : domain.local

      Starting test: DNS

         Test results for domain controllers:

 

            DC: SSDC2.sdomain.local

            Domain: sdomain.local

 

 

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

 

               TEST: Basic (Basc)

                  Error: No LDAP connectivity

                  The OS Microsoft Windows Server 2008 R2 Enterprise  (Service Pack level: 1.0) is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000015] QLogic BCM5716C Gigabit Ethernet (NDIS VBD Client):

                     MAC address is D4:AE:52:68:AC:5E

                     IP Address is static

                     IP address: 10.1.1.14

                     DNS servers:

                        Warning:

                        10.1.1.14 (SSDC2) [Invalid]

                        Warning: adapter [00000015] QLogic BCM5716C Gigabit Ethernet (NDIS VBD Client) has invalid DNS

                        server: 10.1.1.14 (SSDC2)

                  Error: all DNS servers are invalid

                  No host records (A or AAAA) were found for this DC

                  The SOA record for the Active Directory zone was found

                  Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration)

                  Root zone on this DC/DNS server was not found

 

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information:

                     66.28.0.45 (<name unavailable>) [Valid]

                     66.28.0.61 (<name unavailable>) [Valid]

                     8.8.8.8 (<name unavailable>) [Valid]

 

               TEST: Dynamic update (Dyn)

                  Warning: Failed to add the test record dcdiag-test-record in zone domain.local

                  [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period ex

pired.)]

                  Test record dcdiag-test-record deleted successfully in zone domain.local

 

            TEST: Records registration (RReg)

               Error: Record registrations cannot be found for all the network adapters

 

         Summary of test results for DNS servers used by the above domain controllers:

 

            DNS server: 10.1.1.14 (SSDC2)

               1 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.domain.local. failed on the DNS server 10.1.1.14

               [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
0
Comment
Question by:mark hale
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 

Accepted Solution

by:
mark hale earned 0 total points
ID: 41808541
I think i will do an authoritative restore on the system state, the remove the old server through meta cleanup again. Then maybe the msdc.domain will stay in dns.
0
 
LVL 4

Expert Comment

by:Felicia King
ID: 41808593
You do not need to do any restores to correct DNS for active directory.
If your DNS for AD is that jacked up, then just delete the zone, recreate it, then force the refresh of the DC and it will register all new DNS records. You need to then force the refresh of all DCs and when they are doing that, they will reregister their records.
However, you need to ensure that your primary and secondary DNS server settings in TCP/IP adapter on every DC are set correctly first or you will not have DNS convergence.
This is really rather an advanced procedure, so if you are not sure how to do it, then I suggest contacting an expert for their remote assistance.
0
 

Author Comment

by:mark hale
ID: 41811161
Turns out I had to do the restore. Created the new zone all is well.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 10

Expert Comment

by:Zenvenky
ID: 41811347
That's a bad practice, I'm sure you'll get "connectivity fail" error again. You need to check DNS configuration on all the DCs and fix it. Specially on the DC where you got connectivity fail error. Use below mentioned link as reference to fix DNS.

DNS on DC
0
 

Author Comment

by:mark hale
ID: 41811361
THe DC (with DNS) is pointing to itself.
0
 

Author Closing Comment

by:mark hale
ID: 41817538
I needed (in my case) to do the authoritative restore and recreate the new zones.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question