Announcement

Collapse
No announcement yet.

DNS Issues with Child Domain DC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS Issues with Child Domain DC

    All,

    I came into work over a long vacation week to find that on my child DC, the forward lookup zone was gone and i'm having a myriad of AD issues but I'm attacking DNS first.

    Envrionment Windows 2003 R2 FFL

    single root domain

    single child of root domain


    I've done the following

    • I can't seem to create a new AD-int zone since AD appears broken. So i created a standard primary FLZ.
    • Pointed DNS on the child domains server to point to itself.



    ran a netdiag /fix and i keep getting this:

    DNS test . . . . . . . . . . . . . : Failed
    [FATAL] Failed to fix: DC DNS entry jacwf.phippsny.org. re-registeration on
    DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.jacwf.phippsny.org. re-regist
    eration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.jacwf._sites.jacwf.phippsny.o
    rg. re-registeration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.jacwf.phippsny.org.
    re-registeration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.jacwf._sites.dc._msdcs.jacwf.
    phippsny.org. re-registeration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry DomainDnsZones.jacwf.phippsny.org. re-re
    gisteration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.jacwf.phippsny
    .org. re-registeration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.jacwf._sites.DomainDnsZones.j
    acwf.phippsny.org. re-registeration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.jacwf.phippsny.org
    . re-registeration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.jacwf.phippsny.
    org. re-registeration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.jacwf._sites.dc._msdcs.ja
    cwf.phippsny.org. re-registeration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.jacwf.phippsny.org. re-re
    gisteration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.jacwf._sites.jacwf.phipps
    ny.org. re-registeration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.jacwf.phippsny.org. re-re
    gisteration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.jacwf.phippsny.org. re-reg
    isteration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.jacwf.phippsny.org. re-reg
    isteration on DNS server '192.168.31.3' failed.
    DNS Error code: DNS_ERROR_RCODE_NOT_IMPLEMENTED
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
    is DC on DNS server '192.168.31.3'.
    [FATAL] No DNS servers have the DNS records for this DC registered.

    i'm stumped.

  • #2
    Re: DNS Issues with Child Domain DC

    Hi hboogz,

    Is DNS AD intergrated or Standalone

    Do you see _mstsc, _site, _udp, _tcp, DomainDNS zones under Forward Lookup Zone

    In case if it's not

    Then do this first deleted the Standard Lookup zone that you have created

    Create an empty primary lookup zone and make sure replication scope is set to it's own domain

    Go to NIC properties Give Primary DNS as Server's IP itself alternate would be other DNS server

    Now do this

    IPconfig /flushdns

    restart dns client service locally

    restart netlogon service

    ipconfig /registerdns

    and then check if the record comes or not

    Let me know ok
    Thanks & Regards
    v-2nas

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect
    Blog: http://www.exchadtech.blogspot.com

    Show your appreciation for my help by giving reputation points

    Comment


    • #3
      Re: DNS Issues with Child Domain DC

      NAVDEEP

      Thanks for the reply.

      I can't create an AD-INT zone since AD seems to be broken on this child domain, that it is why i created a standard primary zone.

      I don't see any the zones you've listed

      _mstsc, _site, _udp, _tcp, DomainDNS zones under Forward Lookup Zone

      I can't change the replication scope for the zone because of bigger issues with AD.

      Comment


      • #4
        Re: DNS Issues with Child Domain DC

        That's fine if you can't create AD integrated.

        Follow the Troubleshooting steps provided with standard primary zone. Make sure the name must match the child domain for example. ForestRoot microsoft.com child IT.microsoft.com then standard Primary would be IT.microsoft.com
        Thanks & Regards
        v-2nas

        MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
        Sr. Wintel Eng. (Investment Bank)
        Independent IT Consultant and Architect
        Blog: http://www.exchadtech.blogspot.com

        Show your appreciation for my help by giving reputation points

        Comment


        • #5
          Re: DNS Issues with Child Domain DC

          This issue was directly related to the fact that i didn't have Dynamic Updates enabled on the ZONE.

          once i enabled dynamic updates, the zone populated with the right folders.

          however, when i try to change the replication scope to all AD DC's for the domain, i get a "null" where it should read the domain.

          i know this is an issue and was hoping where i could look ?

          Comment


          • #6
            Re: DNS Issues with Child Domain DC

            Hey,

            Good to know your issue got resolved

            Dynamic updates means that workstation or member server will be able to register them themselves without a need to add a record manually

            The second question, The child domain can't force replication to parent domain so that's why you are not able to get that going. You can leave the Replication scope as All Domain Controller in Domain child.parent.com or All DNS server in Domain child.microsoft.com

            Even though it won't make a much difference since you only have single parent and single child.

            That's it.
            Thanks & Regards
            v-2nas

            MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
            Sr. Wintel Eng. (Investment Bank)
            Independent IT Consultant and Architect
            Blog: http://www.exchadtech.blogspot.com

            Show your appreciation for my help by giving reputation points

            Comment


            • #7
              Re: DNS Issues with Child Domain DC

              v-nas

              the problem is that AD appears to be broken in the sense when i try to update the replication scope, i get a "null" for domain.

              When i run DCDIAG, i get the following failure only.

              when i run a dcdiag on this machine, the only test failing is this:

              Starting test: NCSecDesc
              [PHJACDC1] LDAP bind failed with error 8341,
              A directory service error has occurred..
              ......................... PHJACDC1 failed test NCSecDesc

              Comment


              • #8
                Re: DNS Issues with Child Domain DC

                Can you post screen shots and do this dcdiag /v > c:\dcdiagChild.txt and netdiag /v > c:\netdiagChild.txt and upload both the things on the forum. I will have a look and update you shortly.
                Thanks & Regards
                v-2nas

                MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                Sr. Wintel Eng. (Investment Bank)
                Independent IT Consultant and Architect
                Blog: http://www.exchadtech.blogspot.com

                Show your appreciation for my help by giving reputation points

                Comment


                • #9
                  Re: DNS Issues with Child Domain DC

                  see attachments.
                  Attached Files

                  Comment


                  • #10
                    Re: DNS Issues with Child Domain DC

                    The the PDC emulator happen to restart itself during the time you were gone?
                    I'm guessing you restarted the child DC?
                    GoogleFu is strong with this one ^

                    Comment


                    • #11
                      Re: DNS Issues with Child Domain DC

                      Hi hboogz,

                      You got 4 dc
                      Found 4 DC(s). Testing 1 of them.

                      Starting test: kccevent
                      * The KCC Event log test
                      An Warning Event occured. EventID: 0x8000051B
                      Time Generated: 11/19/2008 12:48:35
                      Event String: The Knowledge Consistency Checker (KCC) has
                      detected that attempts to establish a replication link with the following domain controller has
                      consistently failed.
                      Attempts:
                      8
                      Domain controller:
                      CN=NTDS Settings,CN=PHDC1,CN=Servers,CN=MainOffice,CN=Site s,CN=Configuration,DC=phippsny,DC=org

                      The Record is different on DNS server '192.168.31.3'.
                      DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
                      Your DC entry is one of them on DNS server '192.168.31.3
                      Can you verify this ??

                      Is this your parent DC PHDC1

                      which is this server PHPRINT1

                      which is the DNS
                      DNS server IP address: 64.94.123.4
                      Internal or External

                      Please provide me with a basic AD topology Diagram to understand you network

                      If you want me to remote into your server PM me the pass and id using www.Teamviewer.com use customer module.
                      Thanks & Regards
                      v-2nas

                      MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                      Sr. Wintel Eng. (Investment Bank)
                      Independent IT Consultant and Architect
                      Blog: http://www.exchadtech.blogspot.com

                      Show your appreciation for my help by giving reputation points

                      Comment


                      • #12
                        Re: DNS Issues with Child Domain DC

                        Something defintely happened and i can't seem to figure out the root.

                        In the event log i'm getting all types of access denied issuues as well.

                        I'm wondering if i should netdom resetpwd on this computer..

                        Comment


                        • #13
                          Re: DNS Issues with Child Domain DC

                          Why would you like to do that ?

                          see if you are able to xs share using unc \\ip \\fqdn \\netbios
                          you wil come to know if xs to shares are allowed or not.
                          Thanks & Regards
                          v-2nas

                          MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                          Sr. Wintel Eng. (Investment Bank)
                          Independent IT Consultant and Architect
                          Blog: http://www.exchadtech.blogspot.com

                          Show your appreciation for my help by giving reputation points

                          Comment


                          • #14
                            Re: DNS Issues with Child Domain DC

                            v-2nas

                            I do have 4 DC's.

                            root domain consists of 3 DC's.

                            PHDC1 -- main DC
                            phprint1 - Schemea and Domain naming master for forest

                            above are in same site.

                            PHDRDC1 - Domain controller found at another SITE used for DR purposes.
                            holding no FSMO roles.

                            PHJACDC1 - Child domain in separate site.

                            I have no idea where that DNS server IP came from, since the forwarder listed on DNS are for OpenDNS and the actual IP of the NIC is set to point to itself.

                            FYI -

                            I reset the child domain controller's password with netdom resetpwd and it removed the DCDIAG errors. See attachment.

                            However, Now i need to attack the replication issue i was orginally having.
                            Attached Files

                            Comment


                            • #15
                              Re: DNS Issues with Child Domain DC

                              Hi,

                              run this command repadmin /syncall

                              followed by

                              repadmin /replsum

                              share the output
                              Thanks & Regards
                              v-2nas

                              MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                              Sr. Wintel Eng. (Investment Bank)
                              Independent IT Consultant and Architect
                              Blog: http://www.exchadtech.blogspot.com

                              Show your appreciation for my help by giving reputation points

                              Comment

                              Working...
                              X