Announcement

Collapse
No announcement yet.

DNS & Replication Issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS & Replication Issues

    Hi

    Currently i am having dns problems and replication problems.
    few errors i get is unable to locate DC via CNAME as per below dcdiag output.
    already tried netdiag /fix and restarted netlogon service.
    also cname and other records are missing in primary zone.
    i cannot find cname record for this above DC.
    we have two other servers in domain as DC of which second is not able to sync with remaining two DC's.
    some events in event viewer include unable to query global catalog- 1126 event id, 1925, event id 2088, event id 7062.

    C:\Documents and Settings\hemang>dcdiag /sdcsr05
    Domain Controller Diagnosis
    Performing initial setup:
    Done gathering initial info.
    Doing initial required tests
    Testing server: Default-First-Site-Name\PDCSR05
    Starting test: Connectivity
    The host f1aab8d0-44c3-406c-a99c-4d46cd842ab6._msdcs.inddom05.com could
    not be resolved to an
    IP address. Check the DNS server, DHCP, server name, etc
    Although the Guid DNS name
    (f1aab8d0-44c3-406c-a99c-4d46cd842ab6._msdcs.inddom05.com) couldn't be
    resolved, the server name (pdcsr05.inddom05.com) resolved to the IP
    address (172.17.65.5) and was pingable. Check that the IP address is
    registered correctly with the DNS server.
    ......................... PDCSR05 failed test Connectivity
    Doing primary tests
    Testing server: Default-First-Site-Name\PDCSR05
    Skipping all tests, because server PDCSR05 is
    not responding to directory service requests
    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom
    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom
    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom
    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom
    Running partition tests on : inddom05
    Starting test: CrossRefValidation
    ......................... inddom05 passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... inddom05 passed test CheckSDRefDom
    Running enterprise tests on : inddom05.com
    Starting test: Intersite
    ......................... inddom05.com passed test Intersite
    Starting test: FsmoCheck
    ......................... inddom05.com passed test FsmoCheck


    below is netlogon.dns output.

    _ldap._tcp.inddom05.com. 600 IN SRV 0 100 389 pdcsr05.inddom05.com.
    _ldap._tcp.Default-First-Site-Name._sites.inddom05.com. 600 IN SRV 0 100 389 pdcsr05.inddom05.com.
    _ldap._tcp.gc._msdcs.inddom05.com. 600 IN SRV 0 100 3268 pdcsr05.inddom05.com.
    _ldap._tcp.3381baaa-07ef-467e-84a9-ce7548a4aa00.domains._msdcs.inddom05.com. 600 IN SRV 0 100 389 pdcsr05.inddom05.com.
    f1aab8d0-44c3-406c-a99c-4d46cd842ab6._msdcs.inddom05.com. 600 IN CNAME pdcsr05.inddom05.com.
    _kerberos._tcp.dc._msdcs.inddom05.com. 600 IN SRV 0 100 88 pdcsr05.inddom05.com.
    _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.inddom05.com. 600 IN SRV 0 100 88 pdcsr05.inddom05.com.
    _ldap._tcp.dc._msdcs.inddom05.com. 600 IN SRV 0 100 389 pdcsr05.inddom05.com.
    _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.inddom05.com. 600 IN SRV 0 100 389 pdcsr05.inddom05.com.
    _kerberos._tcp.inddom05.com. 600 IN SRV 0 100 88 pdcsr05.inddom05.com.
    _kerberos._tcp.Default-First-Site-Name._sites.inddom05.com. 600 IN SRV 0 100 88 pdcsr05.inddom05.com.
    _kerberos._udp.inddom05.com. 600 IN SRV 0 100 88 pdcsr05.inddom05.com.
    _kpasswd._tcp.inddom05.com. 600 IN SRV 0 100 464 pdcsr05.inddom05.com.
    _kpasswd._udp.inddom05.com. 600 IN SRV 0 100 464 pdcsr05.inddom05.com.
    _ldap._tcp.DomainDnsZones.inddom05.com. 600 IN SRV 0 100 389 pdcsr05.inddom05.com.
    _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.inddom05.com. 600 IN SRV 0 100 389 pdcsr05.inddom05.com.
    _ldap._tcp.ForestDnsZones.inddom05.com. 600 IN SRV 0 100 389 pdcsr05.inddom05.com.
    _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.inddom05.com. 600 IN SRV 0 100 389 pdcsr05.inddom05.com.
    inddom05.com. 600 IN A 172.17.65.5
    ForestDnsZones.inddom05.com. 600 IN A 172.17.65.5
    DomainDnsZones.inddom05.com. 600 IN A 172.17.65.5
    _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.inddom05.com. 600 IN SRV 0 100 3268 pdcsr05.inddom05.com.
    gc._msdcs.inddom05.com. 600 IN A 172.17.65.5
    _gc._tcp.inddom05.com. 600 IN SRV 0 100 3268 pdcsr05.inddom05.com.
    _gc._tcp.Default-First-Site-Name._sites.inddom05.com. 600 IN SRV 0 100 3268 pdcsr05.inddom05.com.

    why dns isnt able to register the records.
    pls assist.

  • #2
    Re: DNS & Replication Issues

    CNAME record is not needed for name resolution of Domain controller. Check the following ----

    1. You should have a valid Host (A) record of the domain controller(s) and also the reverse lookup zone should have all the IPs of the DC(s).

    2. You DNS is either misconfigured or has missing information about the other DCs in your domain. Ensure all the DCs are pointing to the correct DNS server.

    3. Is your Domain contains AD integrated DNS ? Are all the DCs configured as DNS servers. Also, please check the zone transfer settings.

    Comment


    • #3
      Re: DNS & Replication Issues

      Dear Jainal

      1. valid host record exist for all the DC's and also in reverse lookup zone.

      2. All the DC's are pointing to 1 DNS Server only.

      3. Not all DC's are configured as DNS Servers. All are AD integrated DNS.

      As per dcdiag report Test connectivity is failing.

      Comment


      • #4
        Re: DNS & Replication Issues


        Hello Hames,

        3. Not all DC's are configured as DNS Servers. All are AD integrated DNS.


        I am not very clear on this point. If all the DCs are AD integrated then each DC should point to itself in the network settings primary DNS server option.

        If you do nslookup on all the DCs with against the other DCs does it return valid DC names ?


        Just add a Host(A) record for "f1aab8d0-44c3-406c-a99c-4d46cd842ab6"
        in the DNS server.

        I think someone has manually created the KCC in the default site link. Try the above and let me know...Also if possible try to run "dcdiag /v " on the DCs and check out what the result states.

        Comment


        • #5
          Re: DNS & Replication Issues
          1. If the destination domain controller is not able to resolve the necessary DNS records, then the problem is most likely with DNS configuration.
          2. Verify network configuration to ensure that the preferred and alternate DNS server settings specified in the IP configuration of the destination domain controller are correct. For more information about correct DNS server settings for Active Directory, see the Active Directory link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources/. Search under "Planning & Deployment Guides" and download Best Practice Active Directory Design for Managing Windows Networks and Best Practice Active Directory Deployment for Managing Windows Networks.
          3. If the settings for the destination domain controller are incorrect, change the configuration, flush the DNS cache, and retry the operation that failed.
            or
            If the client settings for the destination domain controller are configured correctly, verify that the primary zone that is authoritative for the CNAME resource record for <DSAGuid>._msdcs.<ForestName> allows dynamic updates. (DSAGuid is a value of the objectDSA attribute of the NTDS Settings container for the Server object corresponding to the source domain controller.)
            At a command prompt on the source domain controller, type the following command and press ENTER:
            dcdiag /test:registerindns /dnsdomain If the primary zone that is authoritative for the CNAME resource record does not allow dynamic updates, enable secure dynamic updates on this zone.
            Repeat this step for the A resource record of the source domain controller.
          4. Verify network configuration to ensure that the preferred and alternate DNS server settings specified in the IP configuration of the source domain controller are correct. For more information about correct DNS server settings for Active Directory, see the Active Directory link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources/ Search under "Planning & Deployment Guides" and download Best Practice Active Directory Design for Managing Windows Networks and Best Practice Active Directory Deployment for Managing Windows Networks.
          5. If the settings for the source domain controller are incorrect, change the configuration, flush the DNS cache, and stop and start the Net Logon service.
          6. Verify that the required DNS resource records are registered on the destination domain controller. At a command prompt, type the following command and press ENTER:
            dcdiag /test:connectivity
          7. Flush the DNS cache and retry replication.
          Ref: http://technet.microsoft.com/en-us/l.../bb727055.aspx
          Caesar's cipher - 3

          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

          SFX JNRS FC U6 MNGR

          Comment

          Working...
          X