My DNS thinks it should register my servers with another domain

Last April I started managing a network that had not been taken care of. I first noticed 5774 Netlogon errors on my DC where it was trying to dynamically register a server with a "graphics.com" (one of my internal domains is "graphics.local") domain controller. Of course this registration fails, like it should. I have gone through my DNS and AD with a fine tooth comb and I cannot find any reference to a 'graphics.com' anywhere. I'm sure it was a mis-configuration from the previous admin (left over 10 years ago). How can I fix this mess up?

Enabling the DNS debug trace I find the following:

1/26/2018 8:32:18 AM 0FC8 PACKET  0000000BF43621B0 UDP Rcv ::1             847f   Q [0001   D   NOERROR] SOA    (8)graphics(3)com(0)

1/26/2018 8:32:18 AM 0FC8 PACKET  0000000BF68461D0 UDP Snd 208.67.222.222  6533   Q [0001   D   NOERROR] SOA    (8)graphics(3)com(0)

1/26/2018 8:32:18 AM 0FC8 PACKET  0000000BF3E3A1B0 UDP Rcv 208.67.222.222  6533 R Q [8081   DR  NOERROR] SOA    (8)graphics(3)com(0)

1/26/2018 8:32:18 AM 0FC8 PACKET  0000000BF68461D0 UDP Snd 208.67.222.222  e1dd   Q [0001   D   NOERROR] A      (3)ns1(6)mbhllc(3)com(0)

1/26/2018 8:32:18 AM 0FC8 PACKET  0000000BF68EE0F0 UDP Rcv 208.67.222.222  e1dd R Q [8081   DR  NOERROR] A      (3)ns1(6)mbhllc(3)com(0)

Below is the relevent info from the Netlogon 5774
The dynamic registration of the DNS record '_ldap._tcp.5f865ed3-9e54-434e-8f36-6a49e6679afb.domains._msdcs.graphics.com. 600 IN SRV 0 100 389 commdc2.communications.local.' failed on the following DNS server:  

DNS server IP address: 54.172.57.17
Returned Response Code (RCODE): 5
Returned Status Code: 9017
LVL 2
Phillip MonkIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Peter HutchisonSenior Network Systems SpecialistCommented:
To be host you should not be using .local names for your AD domain. Its an old outdated naming scheme. You really should changed them to proper domain name schemes.

See this article: http://www.mdmarra.com/2012/11/why-you-shouldnt-use-local-in-your.html
0
Phillip MonkIT ManagerAuthor Commented:
Thanks for the info Peter. I'm planning on migrating and merging my two domains, but that is a project for another day.
0
DrDave242Commented:
That's weird; it's definitely trying to register an SRV record in _msdcs.graphics.com. I wonder if that's a relic from a domain rename performed in the past. On that server, open this file:

C:\Windows\system32\config\netlogon.dns

Search that file for graphics.com and let me know if you find anything.
1
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Phillip MonkIT ManagerAuthor Commented:
Nice catch DrDave!

I've verified that these entries are in netlogon.dns on both my PDC and BDC (Forrest level 2000)
Here's the pertient information from netlogon.dns:

graphics.com. 1800 IN A 192.168.1.2
_ldap._tcp.graphics.com. 1800 IN SRV 0 100 389 Logic.graphics.local.
_ldap._tcp.communications._sites.graphics.com. 1800 IN SRV 0 100 389 Logic.graphics.local.
_ldap._tcp.graphics._sites.graphics.com. 1800 IN SRV 0 100 389 Logic.graphics.local.
_ldap._tcp.pdc._msdcs.graphics.com. 1800 IN SRV 0 100 389 Logic.graphics.local.
_ldap._tcp.gc._msdcs.graphics.com. 1800 IN SRV 0 100 3268 Logic.graphics.local.
_ldap._tcp.graphics._sites.gc._msdcs.graphics.com. 1800 IN SRV 0 100 3268 Logic.graphics.local.
_ldap._tcp.b5ed43ba-00f9-4e6c-b3bf-7ac368faee39.domains._msdcs.graphics.com. 1800 IN SRV 0 100 389 Logic.graphics.local.
gc._msdcs.graphics.com. 1800 IN A 192.168.1.2
70586341-26d9-49b0-a0fb-0748732457ee._msdcs.graphics.com. 1800 IN CNAME Logic.graphics.local.
_kerberos._tcp.dc._msdcs.graphics.com. 1800 IN SRV 0 100 88 Logic.graphics.local.
_kerberos._tcp.communications._sites.dc._msdcs.graphics.com. 1800 IN SRV 0 100 88 Logic.graphics.local.
_kerberos._tcp.graphics._sites.dc._msdcs.graphics.com. 1800 IN SRV 0 100 88 Logic.graphics.local.
_ldap._tcp.dc._msdcs.graphics.com. 1800 IN SRV 0 100 389 Logic.graphics.local.
_ldap._tcp.communications._sites.dc._msdcs.graphics.com. 1800 IN SRV 0 100 389 Logic.graphics.local.
_ldap._tcp.graphics._sites.dc._msdcs.graphics.com. 1800 IN SRV 0 100 389 Logic.graphics.local.
_kerberos._tcp.graphics.com. 1800 IN SRV 0 100 88 Logic.graphics.local.
_kerberos._tcp.communications._sites.graphics.com. 1800 IN SRV 0 100 88 Logic.graphics.local.
_kerberos._tcp.graphics._sites.graphics.com. 1800 IN SRV 0 100 88 Logic.graphics.local.
_gc._tcp.graphics.com. 1800 IN SRV 0 100 3268 Logic.graphics.local.
_gc._tcp.graphics._sites.graphics.com. 1800 IN SRV 0 100 3268 Logic.graphics.local.
_kerberos._udp.graphics.com. 1800 IN SRV 0 100 88 Logic.graphics.local.
_kpasswd._tcp.graphics.com. 1800 IN SRV 0 100 464 Logic.graphics.local.
_kpasswd._udp.graphics.com. 1800 IN SRV 0 100 464 Logic.graphics.local.

I also found the following entries in NETLOGON.DNS my second domain (communications.local)

_ldap._tcp.5f865ed3-9e54-434e-8f36-6a49e6679afb.domains._msdcs.graphics.com. 600 IN SRV 0 100 389 commdc2.communications.local.
bfd10ef6-7673-4632-9e55-88458002699d._msdcs.graphics.com. 600 IN CNAME commdc2.communications.local.
_ldap._tcp.gc._msdcs.graphics.com. 600 IN SRV 0 100 3268 commdc2.communications.local.
_ldap._tcp.communications._sites.gc._msdcs.graphics.com. 600 IN SRV 0 100 3268 commdc2.communications.local.
gc._msdcs.graphics.com. 600 IN A 192.168.0.250
_gc._tcp.graphics.com. 600 IN SRV 0 100 3268 commdc2.communications.local.
_gc._tcp.communications._sites.graphics.com. 600 IN SRV 0 100 3268 commdc2.communications.local.
0
DrDave242Commented:
Wow, that's a lot more than I expected to see in there! On that first DC, are there corresponding graphics.local records listed, or are the graphics.com records the only ones in the file?
1
Phillip MonkIT ManagerAuthor Commented:
Yes DrDave,

There are similar listings for graphics.local (a sample is excerpted below):

graphics.local. 1800 IN A 192.168.1.2
_ldap._tcp.graphics.local. 1800 IN SRV 0 100 389 Logic.graphics.local.
_ldap._tcp.communications._sites.graphics.local. 1800 IN SRV 0 100 389 Logic.graphics.local.
_ldap._tcp.graphics._sites.graphics.local. 1800 IN SRV 0 100 389 Logic.graphics.local.
_ldap._tcp.gc._msdcs.graphics.local. 1800 IN SRV 0 100 3268 Logic.graphics.local.
_ldap._tcp.graphics._sites.gc._msdcs.graphics.local. 1800 IN SRV 0 100 3268 Logic.graphics.local.
_ldap._tcp.b5ed43ba-00f9-4e6c-b3bf-7ac368faee39.domains._msdcs.graphics.local. 1800 IN SRV 0 100 389 Logic.graphics.local.

I have records for kerberos, ldap and records for DomainDnsZones and ForestDnsZones.
0
DrDave242Commented:
OK, cool. If I had to guess, I'd say that the AD domain was renamed sometime in the past, and that process may not have been completed properly. This should tell us whether that's really the case:

Launch ADSIEdit on the DC that holds the Domain Naming Master FSMO role. Connect to the Configuration partition and drill down to the following object:

CN=<domain name>, CN=Partitions, CN=Configuration, DC=<domain>, DC=<suffix>

Right-click that object and select Properties. In the Attribute Editor tab, look for an attribute named msDS-DnsRootAlias. Let me know if that object exists, and if so, what its value is. (Assuming it does exist, its value is most likely going to be the name of a DC in the old domain.)
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Phillip MonkIT ManagerAuthor Commented:
Again Hat Tip to you DrDave!

Hidden in exactly where indicated, msDS-DNSRootAlias  is set to graphics.com! Even though in the 'nCName' is DC=Graphics,DC=local
0
DrDave242Commented:
I'd say this confirms that a domain rename wasn't completed.  (This may have happened long before you were ever involved.) Before proceeding further, it would be a good idea to make a system state backup of at least one DC, just in case something goes wrong. I don't believe it will, though.

There's a command that sometimes gets overlooked at the end of a domain rename operation: rendom /clean. This command removes the value from that msDS-DNSRootAlias attribute. Once you're satisfied that you've got a good backup of AD, run that command on the DC.

I've read in some places that you'll need to restart the Netlogon service after running this command, and you may even have to stop the service, rename the netlogon.dns and netlogon.dnb files, and then start it. I don't think this is always the case, but if it looks like nothing changes after running the command (especially if the DC keeps trying to register records with the wrong domain name), go ahead and do that.
1
Phillip MonkIT ManagerAuthor Commented:
Thanks DrDave,
I would have never found those keys without your assistance.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.