troubleshooting Question

Trying to improve domain integrity

Avatar of Infinity Solutions
Infinity SolutionsFlag for United States of America asked on
Active DirectoryDHCPDNSWindows Server 2012
4 Comments1 Solution50 ViewsLast Modified:
We are trying to pinpoint some DNS / AD issues going on in one of our domain networks. We run a SQL application and have users getting kicked out of the program due to SQL authentication errors multiple times everyday. Errors vary but the most common one I am seeing has to do with the domain being "untrusted". Running DCDiag i get the following output:

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Server
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER
      Starting test: Connectivity
         The host 7b75d73e-c8a4-4fe5-ae3f-3c8a6884ad31._msdcs.boggscontracting.com could not be resolved to an IP
         address. Check the DNS server, DHCP, server name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
         ......................... SERVER failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER
      Skipping all tests, because server SERVER is not responding to directory service requests.


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : boggscontracting
      Starting test: CheckSDRefDom
         ......................... boggscontracting passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... boggscontracting passed test CrossRefValidation

   Running enterprise tests on : boggscontracting.com
      Starting test: LocatorCheck
         ......................... boggscontracting.com passed test LocatorCheck
      Starting test: Intersite
         ......................... boggscontracting.com passed test Intersite


We have done tons of needed clean up work in the DNS Server but still get the output above. I am trying to verify my SRV records at the DC and noticed another problem, I am missing a subfolder underneath my domain zone.

I am curious as to how I can recreate the _msdcs subfolder that resides beneath the domain name in the Forward lookup zones in DNS. Missing msdcs folder
This domain controller has been promoted from a 03 -> 08 -> now 2012 DC

-----------------------------

Also, if you have any leads or experience with SQL and can shed light on these hard to troubleshoot Untrusted Domain / SSPI Handshake errors please let me know.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 4 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros