This is a re-posted msg from win2KAD forum since no one has any advise yet.

I am running dnslint unitlity from my DC1 and received error such as
CNAME record for and AD forest GUID was missing from a DNS server. DC2
was used for redundancy.

Below is the DNSLink report:

*********************************************************************
Root of Active Directory Forest:

ABCdomain

Active Directory Forest Replication GUIDs Found:

DC: SERIAL-PDC
GUID: 3cd2ef74-4b24-46eb-a873-a35035fe8300

DC: SERIAL-BACKUP
GUID: dcfbcff5-31f6-49b2-bba2-858b859829c4

Total GUIDs found: 2
--------------------------------------------------------------------------------

The following 1 DNS servers were checked for records related to AD
forest replication:

**DNS server: serial-pdc.ABCdomain
IP Address: 192.168.8.4
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

**SOA record data from server:
Authoritative name server: serial-pdc.ABCdomain
Hostmaster: admin
Zone serial number: 58
Zone expires in: 1.00 day(s)
Refresh period: 600 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


**Additional authoritative (NS) records from server:
serial-pdc.ABCdomain Unknown

**Alias (CNAME) and glue (A) records for forest GUIDs from server:

**Total number of CNAME records found on this server: 0

**Total number of CNAME records missing on this server: 2

**Total number of glue (A) records this server could not find: 0

** CNAME records for forest GUIDs missing on server:
GUID: 3cd2ef74-4b24-46eb-a873-a35035fe8300._msdcs.ABCdomain
DC: SERIAL-PDC

GUID: dcfbcff5-31f6-49b2-bba2-858b859829c4._msdcs.ABCdomain
DC: SERIAL-BACKUP


Notes:
At least one CNAME record for an AD forest GUID was missing from a DNS
server
***********************************************************************

In this case, how should I add CNAME record to my DNS? Can anyone give
me specific advise as I am still learning how to manage a DNS server.

Thks.

"Jack" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> This is a re-posted msg from win2KAD forum since no one has any advise
yet.
>
> I am running dnslint unitlity from my DC1 and received error such as
> CNAME record for and AD forest GUID was missing from a DNS server. DC2
> was used for redundancy.
>
> Below is the DNSLink report:

<snip report>

> In this case, how should I add CNAME record to my DNS? Can anyone give
> me specific advise as I am still learning how to manage a DNS server.


Fix your DNS and re-register any missing records with the tools
or methods mentioned below, or by hand ONLY if those methods
don't work.

First thing to do is to double check the DNS server AND client
(on the DCs especially.)

Many people use the wrong, or multiple DNS servers (both external
and internal) on the DC NIC->IP properties.

Also note that you seem to have a single-label "DOMAINNAME"
which is a significant problem and requires specific steps which
you can find with the search at the end of the guide given here...


DNS for AD

1) Dynamic for the zone supporting AD

2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)

3) DCs and even DNS servers are DNS clients too -- see #2

4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


>
> Thks.

Hi Martin,

I have resolved the problem now. Thank you so much for your advise and
help. Appreciate that very much.

Just one little question here. Now that both DCs are operational, if say
the DC running PDC emulator is down one day for some reason, does that
mean that the 2nd DC has to be 'promoted' to Global catalog so that
users can log on successfully?

Herb Martin wrote:
> "Jack" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...

>
>>I am running dnslint unitlity from my DC1 and received error such as
>>CNAME record for and AD forest GUID was missing from a DNS server. DC2
>>was used for redundancy.
>>
>>Below is the DNSLink report:
>
>
> <snip report>
>
>>In this case, how should I add CNAME record to my DNS? Can anyone give
>>me specific advise as I am still learning how to manage a DNS server.
>
>
>
> Fix your DNS and re-register any missing records with the tools
> or methods mentioned below, or by hand ONLY if those methods
> don't work.
>
> First thing to do is to double check the DNS server AND client
> (on the DCs especially.)
>
> Many people use the wrong, or multiple DNS servers (both external
> and internal) on the DC NIC->IP properties.
>
> Also note that you seem to have a single-label "DOMAINNAME"
> which is a significant problem and requires specific steps which
> you can find with the search at the end of the guide given here...
>
>
> DNS for AD
>
> 1) Dynamic for the zone supporting AD
>
> 2) All internal DNS clients NIC\IP properties must specify SOLELY
> that internal, dynamic DNS server (set.)
>
> 3) DCs and even DNS servers are DNS clients too -- see #2
>
> 4) If you have more than one Domain, every DNS server must
> be able to resolve ALL domains (either directly or indirectly)
>
> netdiag /fix
>
> ...or maybe:
>
> dcdiag /fix
>
> (Win2003 can do this from Support tools):
> nltest /dsregdns /serverC-ServerNameGoesHere
> http://support.microsoft.com/kb/q260371/
>
> Ensure that DNS zones/domains are fully replicated to all DNS
> servers for that (internal) zone/domain.
>
> Also useful may be running DCDiag on each DC, sending the
> output to a text file, and searching for FAIL, ERROR, WARN.
>
> Single Label domain zone names are a problem Google:
> [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
>

"Jack" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Martin,
>
> I have resolved the problem now. Thank you so much for your advise and
> help. Appreciate that very much.
>
> Just one little question here. Now that both DCs are operational, if say
> the DC running PDC emulator is down one day for some reason, does that
> mean that the 2nd DC has to be 'promoted' to Global catalog so that
> users can log on successfully?


For single domain forests all DCs should generally be included
as DCs.



--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
> Herb Martin wrote:
> > "Jack" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
>
> >
> >>I am running dnslint unitlity from my DC1 and received error such as
> >>CNAME record for and AD forest GUID was missing from a DNS server. DC2
> >>was used for redundancy.
> >>
> >>Below is the DNSLink report:
> >
> >
> > <snip report>
> >
> >>In this case, how should I add CNAME record to my DNS? Can anyone give
> >>me specific advise as I am still learning how to manage a DNS server.
> >
> >
> >
> > Fix your DNS and re-register any missing records with the tools
> > or methods mentioned below, or by hand ONLY if those methods
> > don't work.
> >
> > First thing to do is to double check the DNS server AND client
> > (on the DCs especially.)
> >
> > Many people use the wrong, or multiple DNS servers (both external
> > and internal) on the DC NIC->IP properties.
> >
> > Also note that you seem to have a single-label "DOMAINNAME"
> > which is a significant problem and requires specific steps which
> > you can find with the search at the end of the guide given here...
> >
> >
> > DNS for AD
> >
> > 1) Dynamic for the zone supporting AD
> >
> > 2) All internal DNS clients NIC\IP properties must specify SOLELY
> > that internal, dynamic DNS server (set.)
> >
> > 3) DCs and even DNS servers are DNS clients too -- see #2
> >
> > 4) If you have more than one Domain, every DNS server must
> > be able to resolve ALL domains (either directly or
indirectly)
> >
> > netdiag /fix
> >
> > ...or maybe:
> >
> > dcdiag /fix
> >
> > (Win2003 can do this from Support tools):
> > nltest /dsregdns /serverC-ServerNameGoesHere
> > http://support.microsoft.com/kb/q260371/
> >
> > Ensure that DNS zones/domains are fully replicated to all DNS
> > servers for that (internal) zone/domain.
> >
> > Also useful may be running DCDiag on each DC, sending the
> > output to a text file, and searching for FAIL, ERROR, WARN.
> >
> > Single Label domain zone names are a problem Google:
> > [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
> >