Deregistration of DNS Record Failing

[Will]

A Windows 2000 domain controller in a lab is demoted to a server in a
workgroup then moved to a different forest and promoted to be a second
domain controller. Eventviewer starts to show messages similar to:

Deregistration of DNS record oldentity failed because server is not
authoritative for oldchild.old-domain.com.

Apparently there are records cached from the old role as a domain controller
in the old domain. And apparently the DNS server is not able to purge
itself of these records. How do I get rid of those DNS remnants from the
server's former role?

 

[Kevin D. Goodknecht Sr. [MVP]]

A Windows 2000 domain controller in a lab is demoted to a server in a
workgroup then moved to a different forest and promoted to be a second
domain controller. Eventviewer starts to show messages similar to:

Deregistration of DNS record oldentity failed because server is
not authoritative for oldchild.old-domain.com.

Apparently there are records cached from the old role as a domain
controller in the old domain. And apparently the DNS server is
not able to purge itself of these records. How do I get rid of
those DNS remnants from the server's former role?

Did you try deleting the Netlogon.dns and Netlogon.dnb from the
%systemroot%\system32\config directory?
Delete those files, run ipconfig /flushdns and restart the netlogon service.

 

[Will]

Kevin, I deleted the netlogon files and restrated Netlogon service.
DCDIAG /V started giving errors about duplicate filenames. NBTSTAT -N did
NOT show a conflict. I then disabled the network adapter and enabled it,
hoping to reset something. That forced an election and things started to
work.

Can you educate me why did these files need to be deleted? The sections
in the file that referred to the old domain name had been commented out
internally.

Any theory on why the duplicate name issue arose?

--
Will

Did you try deleting the Netlogon.dns and Netlogon.dnb from the
%systemroot%\system32\config directory?
Delete those files, run ipconfig /flushdns and restart the netlogon

service.

 

[Will]

Sorry, I meant DCDIAG was complaining about duplicate *network* names, NOT
filenames.

I apologize....too many fires going on at the same time.

 

[Ace Fekay [MVP]]

In

Kevin, I deleted the netlogon files and restrated Netlogon service.
DCDIAG /V started giving errors about duplicate filenames. NBTSTAT
-N did NOT show a conflict. I then disabled the network adapter
and enabled it, hoping to reset something. That forced an election
and things started to work.

Can you educate me why did these files need to be deleted? The
sections in the file that referred to the old domain name had been
commented out internally.

Any theory on why the duplicate name issue arose?

Assuming secure updates are set, when you demoted the server, it becamse
part of a workgroup and not the domain, therefore it couldn't couldn't
authenticate to
deregister the records.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[Ace Fekay [MVP]]

In

Sorry, I meant DCDIAG was complaining about duplicate *network*
names, NOT filenames.

I apologize....too many fires going on at the same time.

Dcdiag complaining? Is the DC multihomed? That can cause numerous errors.

Ace

 

[Kevin D. Goodknecht Sr. [MVP]]

Kevin, I deleted the netlogon files and restrated Netlogon service.
DCDIAG /V started giving errors about duplicate filenames. NBTSTAT
-N did NOT show a conflict. I then disabled the network adapter
and enabled it, hoping to reset something. That forced an election
and things started to work.

Can you educate me why did these files need to be deleted? The
sections in the file that referred to the old domain name had been
commented out internally.

These two files have the netlogon registrations in them, anything in those
files will be used in DNS registration. Deleting them made sure there was no
leftover registrations from the old domain.
The netlogon service re-creates these files.

Any theory on why the duplicate name issue arose?

Is this machine multi-homed with two NICs on the same subnet?

 

[Will]

The domain controller has two ethernet ports, but one of those is disabled
and nothing is plugged to it. The one active ethernet port is configured
for a single static IP address.

The message we got about duplicate names suggested it was a duplicate
NETBIOS name because it asked us to run NBTSTAT -N to see the duplicate
name. NBTSTAT -N showed no record with the Duplicate status.

 

[Ace Fekay [MVP]]

In

The domain controller has two ethernet ports, but one of those is
disabled and nothing is plugged to it. The one active ethernet port
is configured for a single static IP address.

The message we got about duplicate names suggested it was a duplicate
NETBIOS name because it asked us to run NBTSTAT -N to see the
duplicate name. NBTSTAT -N showed no record with the Duplicate
status.

As long as the extra NIC is disabled in the BIOS and in Windows, that
shouldn't be a problem. The duplicate name message usually occur in
multihomed machines due to NetBIOS being enabled on both NICs and both
trying to register the same name on the network with different IPs.

Since you moved the server from one forest to another, and you are using
WINS, maybe the duplicate is from the WINS database.

Can you run a netdiag /v /fix and post the results, please?

Ace

 

[Will]

Ace, the disabled adapter had NetBIOS enabled. I disabled it for safety
but I guess unless it was attached to the same network that should not cause
a problem?

WINS is disabled on this machine so that's not it.

 

[Ace Fekay [MVP]]

In

Ace, the disabled adapter had NetBIOS enabled. I disabled it for
safety but I guess unless it was attached to the same network that
should not cause a problem?

WINS is disabled on this machine so that's not it.

Is RRAS configured?

Ace