Announcement

Collapse
No announcement yet.

DNS Issues - Old DC still appearing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS Issues - Old DC still appearing

    Hi All,

    Long time cruiser of the site, first time poster...

    I am currently running into an issue when trying to create any new AD Integrated DNS zones, weather it be forward or reverse lookups. If I create a standard primary zone it works without issue, but I am unable to convert them. The error I receive is:

    "The Zone cannot be created. There was a server failure"

    Doing a little a extra digging I noticed under my zone, say mycompany.org, in the DomainDnsZones and the ForestDnsZones that it does not list my current DC/DNS servers, but an older one that has been retired. I am not sure if this is the root cause of my issue, but is there any easy way to get this updated to point to the correct DC's?

    Currently reads like:

    Forward Lookup Zones --> <domainname> --> DomainDNSzones (there is an A record for the old DC, but no records for the new DC's)

    Forward Lookup Zones --> <domainname> --> DomainDNSzones --> _Sites --> Default-First-Site-Name --> _tcp (there is a SRV record for the old server, but not records for the new DC's)

    Forward Lookup Zones --> <domainname> --> DomainDNSzones --> _tcp (there is a SRV record for the old DC, but no records for the new DC's)


    Forward Lookup Zones --> <domainname> --> ForestDNSzones (there is an A record for the old DC, but no records for the new DC's)

    Forward Lookup Zones --> <domainname> --> ForestDNSzones --> _Sites --> Default-First-Site-Name --> _tcp (there is a SRV record for the old server, but no records for the new DC's))

    Forward Lookup Zones --> <domainname> --> ForestDNSzones --> _tcp (there is a SRV record for the old DC, but no records for the new DC's)


    TIA,

    -Jason
    Last edited by VWA4; 20th January 2009, 20:15.
    MCSA/MCSE 2K3,MCITP:ESA,MCTS x 4,VCP x 2

  • #2
    Re: DNS Issues - Old DC still appearing

    Hi,

    Do you get anything in the Event logs? Event Id 4521?
    Can also try DCdiag and post the results.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: DNS Issues - Old DC still appearing

      Originally posted by L4ndy View Post
      Hi,

      Do you get anything in the Event logs? Event Id 4521?
      Can also try DCdiag and post the results.
      L4ndy,

      Thank you for the reply. Nothing is being logged to the any of the event logs. Here is the output from dcdiag:

      Domain Controller Diagnosis

      Performing initial setup:
      Done gathering initial info.

      Doing initial required tests

      Testing server: Kent\DC01
      Starting test: Connectivity
      ......................... DC01 passed test Connectivity

      Doing primary tests

      Testing server: Kent\DC01
      Starting test: Replications
      ......................... DC01 passed test Replications
      Starting test: NCSecDesc
      ......................... DC01 passed test NCSecDesc
      Starting test: NetLogons
      ......................... DC01 passed test NetLogons
      Starting test: Advertising
      ......................... DC01 passed test Advertising
      Starting test: KnowsOfRoleHolders
      ......................... DC01 passed test KnowsOfRoleHolders
      Starting test: RidManager
      ......................... DC01 passed test RidManager
      Starting test: MachineAccount
      ......................... DC01 passed test MachineAccount
      Starting test: Services
      ......................... DC01 passed test Services
      Starting test: ObjectsReplicated
      ......................... DC01 passed test ObjectsReplicated
      Starting test: frssysvol
      ......................... DC01 passed test frssysvol
      Starting test: frsevent
      ......................... DC01 passed test frsevent
      Starting test: kccevent
      ......................... DC01 passed test kccevent
      Starting test: systemlog
      ......................... DC01 passed test systemlog
      Starting test: VerifyReferences
      ......................... DC01 passed test VerifyReferences

      Running partition tests on : Schema
      Starting test: CrossRefValidation
      ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
      ......................... Schema passed test CheckSDRefDom

      Running partition tests on : Configuration
      Starting test: CrossRefValidation
      ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
      ......................... Configuration passed test CheckSDRefDom

      Running partition tests on : admin
      Starting test: CrossRefValidation
      ......................... admin passed test CrossRefValidation
      Starting test: CheckSDRefDom
      ......................... admin passed test CheckSDRefDom

      Running enterprise tests on : admin.org
      Starting test: Intersite
      ......................... admin.org passed test Intersite
      Starting test: FsmoCheck
      ......................... admin.org passed test FsmoCheck



      One other thing I found yesterday afternoon is in the netlogon.dns file I don't think all of the entries are there. Below is a copy of the netlogon.dns:

      admin.org. 600 IN A 172.29.22.53
      _ldap._tcp.admin.org. 600 IN SRV 0 100 389 dc01.admin.org.
      _ldap._tcp.Kent._sites.admin.org. 600 IN SRV 0 100 389 dc01.admin.org.
      _ldap._tcp.pdc._msdcs.admin.org. 600 IN SRV 0 100 389 dc01.admin.org.
      _ldap._tcp.gc._msdcs.admin.org. 600 IN SRV 0 100 3268 dc01.admin.org.
      _ldap._tcp.Kent._sites.gc._msdcs.admin.org. 600 IN SRV 0 100 3268 dc01.admin.org.
      _ldap._tcp.bb719ccd-12a7-4065-b00f-29f0c42fca7a.domains._msdcs.admin.org. 600 IN SRV 0 100 389 dc01.admin.org.
      gc._msdcs.admin.org. 600 IN A 172.29.22.53
      7c788737-4d22-4227-b7cd-c9e124986695._msdcs.admin.org. 600 IN CNAME dc01.admin.org.
      _kerberos._tcp.dc._msdcs.admin.org. 600 IN SRV 0 100 88 dc01.admin.org.
      _kerberos._tcp.Kent._sites.dc._msdcs.admin.org. 600 IN SRV 0 100 88 dc01.admin.org.
      _ldap._tcp.dc._msdcs.admin.org. 600 IN SRV 0 100 389 dc01.admin.org.
      _ldap._tcp.Kent._sites.dc._msdcs.admin.org. 600 IN SRV 0 100 389 dc01.admin.org.
      _kerberos._tcp.admin.org. 600 IN SRV 0 100 88 dc01.admin.org.
      _kerberos._tcp.Kent._sites.admin.org. 600 IN SRV 0 100 88 dc01.admin.org.
      _gc._tcp.admin.org. 600 IN SRV 0 100 3268 dc01.admin.org.
      _gc._tcp.Kent._sites.admin.org. 600 IN SRV 0 100 3268 dc01.admin.org.
      _kerberos._udp.admin.org. 600 IN SRV 0 100 88 dc01.admin.org.
      _kpasswd._tcp.admin.org. 600 IN SRV 0 100 464 dc01.admin.org.
      _kpasswd._udp.admin.org. 600 IN SRV 0 100 464 dc01.admin.org.

      Shouldn't there be records in there for the ForestDNSzones and DomainDNSzones?

      TIA,

      -Jason
      MCSA/MCSE 2K3,MCITP:ESA,MCTS x 4,VCP x 2

      Comment


      • #4
        Re: DNS Issues - Old DC still appearing

        S'thing else to check,
        Can you try using an Enterprise Admin account.
        It shouldn't be anything in ForestDNSzones and DomainDNSzones unless you have saved any zones on those partitions.
        They get populated if you choose the Zone replication scope to "All DNS Servers in the Forest" and "All DNS Servers in the Domain " respectively.

        Ta
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: DNS Issues - Old DC still appearing

          Can you post the netdiag also?
          for me it's isn't quite clear what the problem exactly is so;

          Are the records for the new DC's being populated?
          Is the old DC demoted before removing if from the domain?
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: DNS Issues - Old DC still appearing

            L4ndy - The account that I have been using is a member of the Enterprise Admin Group, and the current zone, admin.org is AD integrated and set to replicate to all DC's in the domain. So I would assume the records should be in the netlogon.dns file???

            Dumber - The issue I am having is that I can not create new AD intergrated DNS zones, weather it be a forward of reverse lookup zones. Listed in the DomainDnsZones and the ForestDnsZones is an old DC that was retired via DCPROMO (and didn't throw any errors during the process) but the records for the two DC's that replaced it are not being populated. I am not sure if these two issues are related however.

            Per your request listed below is the netdiag from DC01, one of the new DC's:

            Computer Name: dc01
            DNS Host Name: dc01.admin.org
            System info : Windows 2000 Server (Build 3790)
            Processor : x86 Family 6 Model 23 Stepping 6, GenuineIntel
            List of installed hotfixes :
            KB924667-v2
            KB925398_WMP64
            KB925902
            KB926122
            KB927891
            KB929123
            KB930178
            KB932168
            KB933729
            KB933854
            KB935839
            KB935840
            KB936021
            KB936357
            KB936782
            KB938127
            KB938464
            KB941569
            KB943055
            KB943460
            KB943485
            KB944338-v2
            KB944653
            KB945553
            KB946026
            KB948496
            KB948590
            KB950762
            KB950974
            KB951066
            KB951072-v2
            KB951698
            KB951748
            KB952954
            KB953838-IE7
            KB954211
            KB956390
            KB956390-IE7
            KB956391
            KB956803
            KB956841
            KB957095
            Q147222

            Netcard queries test . . . . . . . : Passed

            Per interface results:
            Adapter : Backup VLAN
            Netcard queries test . . . : Passed
            Host Name. . . . . . . . . : dc01
            IP Address . . . . . . . . : 192.168.100.6
            Subnet Mask. . . . . . . . : 255.255.255.0
            Default Gateway. . . . . . :
            Dns Servers. . . . . . . . :
            AutoConfiguration results. . . . . . : Passed
            Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.
            NetBT name test. . . . . . : Passed
            [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
            r Service', <20> 'WINS' names is missing.
            No remote names have been found.
            WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.
            Adapter : Production Network
            Netcard queries test . . . : Passed
            Host Name. . . . . . . . . : dc01
            IP Address . . . . . . . . : 172.29.22.53
            Subnet Mask. . . . . . . . : 255.255.255.0
            Default Gateway. . . . . . : 172.29.22.10
            Dns Servers. . . . . . . . : 172.29.22.53
            172.29.22.54

            AutoConfiguration results. . . . . . : Passed
            Default gateway test . . . : Passed
            NetBT name test. . . . . . : Passed
            [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
            r Service', <20> 'WINS' names is missing.
            WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

            Global results:

            Domain membership test . . . . . . : Passed

            NetBT transports test. . . . . . . : Passed
            List of NetBt transports currently configured:
            NetBT_Tcpip_{9A306925-F468-4098-B5AE-50140894CA45}
            NetBT_Tcpip_{AD48CB75-EA12-4B6D-A6E8-75A83BD4395B}
            2 NetBt transports currently configured.

            Autonet address test . . . . . . . : Passed

            IP loopback ping test. . . . . . . : Passed

            Default gateway test . . . . . . . : Passed

            NetBT name test. . . . . . . . . . : Passed
            [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
            ce', <03> 'Messenger Service', <20> 'WINS' names defined.

            Winsock test . . . . . . . . . . . : Passed

            DNS test . . . . . . . . . . . . . : Passed
            PASS - All the DNS entries for DC are registered on DNS server '172.29.22.53
            ' and other DCs also have some of the names registered.
            PASS - All the DNS entries for DC are registered on DNS server '172.29.22.54
            ' and other DCs also have some of the names registered.

            Redir and Browser test . . . . . . : Passed
            List of NetBt transports currently bound to the Redir
            NetBT_Tcpip_{9A306925-F468-4098-B5AE-50140894CA45}
            NetBT_Tcpip_{AD48CB75-EA12-4B6D-A6E8-75A83BD4395B}
            The redir is bound to 2 NetBt transports.
            List of NetBt transports currently bound to the browser
            NetBT_Tcpip_{AD48CB75-EA12-4B6D-A6E8-75A83BD4395B}
            NetBT_Tcpip_{9A306925-F468-4098-B5AE-50140894CA45}
            The browser is bound to 2 NetBt transports.

            DC discovery test. . . . . . . . . : Passed

            DC list test . . . . . . . . . . . : Passed

            Trust relationship test. . . . . . : Skipped

            Kerberos test. . . . . . . . . . . : Passed

            LDAP test. . . . . . . . . . . . . : Passed

            Bindings test. . . . . . . . . . . : Passed

            WAN configuration test . . . . . . : Skipped
            No active remote access connections.

            Modem diagnostics test . . . . . . : Passed
            IP Security test . . . . . . . . . : Skipped
            Note: run "netsh ipsec dynamic show /?" for more detailed information

            The command completed successfully

            Thanks for the assistance,

            -Jason
            MCSA/MCSE 2K3,MCITP:ESA,MCTS x 4,VCP x 2

            Comment

            Working...
            X