AD Integrated zone deleted, can't recreate secondary zones

[C Hall]

We have three DCs--DC1, DC2, and DC3. We had an AD Integrated zone for our
forward lookup zone. On DC3, the zone showed as a secondary zone, so I tried
to change the type to an AD integrated zone (right-click, properties,
etc...), but it wouldn't allow it. I didn't write down the actual message,
but I was given two options: use the current zone or use the AD zone.
Neither option would work. I decided to delete the zone, thinking that since
the zone was a secondary zone that it would just die and I would be able to
create an AD zone or that the AD zone would replicate over. That didn't
work. In fact, the AD zone disappeared on both DC1 and DC2.

Next, I panicked and posted my previous thread ("Urgent!!!").

I have just tried creating a Primary zone on DC1 and created secondary zones
on DC2 & DC3. Then I ran Netdiag /fix. I wish I could say that I saved the
results to a text file, but I didn't. I did get it printed, though. The DNS
test shows it failed (surprise) with several FATAL errors trying to recreate
dns entries. I had set the zone to allow dynamic updates, accept updates
from all servers and had manually entered NS, A and PTR records for all DCs.
At this point, all zones have once again disappeared--the primary on the
master and the two secondary zones.

Any suggestions would be most gratefully received!

 

[Kevin D. Goodknecht Sr. [MVP]]

We have three DCs--DC1, DC2, and DC3. We had an AD Integrated zone
for our forward lookup zone. On DC3, the zone showed as a secondary
zone, so I tried to change the type to an AD integrated zone
(right-click, properties, etc...), but it wouldn't allow it. I didn't
write down the actual message, but I was given two options: use the
current zone or use the AD zone. Neither option would work. I decided
to delete the zone, thinking that since the zone was a secondary zone
that it would just die and I would be able to create an AD zone or
that the AD zone would replicate over. That didn't work. In fact, the
AD zone disappeared on both DC1 and DC2.

Next, I panicked and posted my previous thread ("Urgent!!!").

I have just tried creating a Primary zone on DC1 and created
secondary zones on DC2 & DC3. Then I ran Netdiag /fix. I wish I could
say that I saved the results to a text file, but I didn't. I did get
it printed, though. The DNS test shows it failed (surprise) with
several FATAL errors trying to recreate dns entries. I had set the
zone to allow dynamic updates, accept updates from all servers and
had manually entered NS, A and PTR records for all DCs. At this
point, all zones have once again disappeared--the primary on the
master and the two secondary zones.

Any suggestions would be most gratefully received!

Point all DCs to one DC only and follow this:

Using ADU&C Computers, View> Advanced, expand System, open the MicrosoftDNS
container, Delete the zone objects, Connect to all DCs to do this. This
should bring the primary and secondary zones back after it replicates. If
the zone does appear on the DC all are using create the primary zone on it.
Restart the DNS service, Delete any secondary zone on any DNS, set the
primary to allow dynamic updates, run ipconfig /flushdns & ipconfig
/registerdns & net stop netlogon & net start netlogon & netdiag /test:dns /v
Convert the zone back into Active Directory, let it replicate to the other
DNS servers.

 

[C Hall]

Thanks Kevin. I'll give this a shot and post back any results.
Chris

 

[C Hall]

Kevin,

I went into ADU&C on two of the three DCs. On the first dc (holds all FSMO
roles), there wasn't anything in there. On the second dc, I deleted all zone
objects. When I went into the third DC and couldn't open the MMC. I get the
following message: Microsoft Management Console: The Disk is full.

Please advise.

 

[C Hall]

Kevin,

I was able to connect to all three DCs and delete the zone objects
through ADU&C. Created primary zone, ipconfig, stop/start netlogon
etc... as requested. The zone I had just created disappeared again. I
didn't include this info, but the forward zone (and w2k domain name) is
a currently registered internet domain name. I thought that behind a f/w
and private ip addesses that it wouldn't be a problem, but when I ran
into this problem on Friday and tried recreating a primary zone, the an
external dns server assumed the role of authoritative dns for my zone.
Will I need to blow away my entire AD structure?

 

[Kevin D. Goodknecht Sr. [MVP]]

Kevin,

I was able to connect to all three DCs and delete the zone objects
through ADU&C. Created primary zone, ipconfig, stop/start netlogon
etc... as requested. The zone I had just created disappeared again. I
didn't include this info, but the forward zone (and w2k domain name)
is a currently registered internet domain name. I thought that behind
a f/w and private ip addesses that it wouldn't be a problem, but when
I ran into this problem on Friday and tried recreating a primary
zone, the an external dns server assumed the role of authoritative
dns for my zone. Will I need to blow away my entire AD structure?

No! Leave AD in place, make sure all zones for the domain are deleted from
all DNS servers. Resart the DNS service to make sure the zones stay gone.
Then with all DCs pointing to the same DNS server, create a new zone on that
server with dynamic updates allowed. Run ipconfig /flushdns & ipconfig
/registerdns & net stop netlogon & net start netlogon. Chack the zone make
sure all the records are created with netdiag /test:dns /v then change the
zone to AD integrated and wait for it to replicate.

 

[C Hall]

I will give this a shot again. When I previously ran the netdiag command, it
coughed up errors. I'll post the results. Thanks again, Kevin.

 

[C Hall]

I have been told to wait to do anything on the domain to correct this
problem (my boss). I hate for this to sit out there...but that's how it
goes. He's afraid it's going to effect one of our apps that runs on a member
server. At the moment, users are just logging in to the member servers as
local users and accessing what they need through mapped drives. <sigh>.

 

[Roger Abell]

At the moment, users are just logging in to the member servers as

local users and accessing what they need through mapped drives.

and does the boss recognize that usability of this application is
already happening in the worst case scenario then, and that any
impacts due to DNS changes have already happened (so things
can only get better from here) ??

 

[C Hall]

Kevin,

I was finally given the go ahead today and everything is humming along now.
Thanks!
Chris