SRV records missing

[Alexander V. Alexeev]

Hello,

I am experiencing an improperly configured DNS problem on my Domain
Controllers. The sympthoms:

- The replication between PDC and BDC doesn't work, because of a DSA
operation could not be complete due to DNS lookup failure.
- SRV records in DNS zone for our domain are missing
- dcdiag /a communication tests fail on both DCs

One day just happened that those SRV records (folders _msdcs, _sites, _tcp
and _udp) disappeared never to be seen again. I suspect this is because in
AD Sites and Servers the Dafaul-First-Site-Name was renamed to something
else, but not sure if this is 100% right.

Anyway, I have been trying to recreate those SRV records as recommended in
MS KNowldege Base by terminating the zone, recreating it, making updateable
and restarting NETLOGON service - no SRV records created. Tried the same
with NETDIAG /FIX - again, no luck.

I do not think that we have the Disjoined DNS namespace problem, as the
PDC's network ID's DNS name matches the AD domain name and the zonename.
Other than that, I see no other reason why the restoration of SRV records
would work. Certainly, our AD won't be properly functional without them. Is
there any way I could recreate the needed records? Perhaps, a more "manual"
way than netdiag /fix?

Thanks!
Alex A
_____________________________
Alexander V. Alexeev

 

[Herb Martin]

I am experiencing an improperly configured DNS problem on my Domain
Controllers. The sympthoms:

- The replication between PDC and BDC doesn't work, because of a DSA

First, there is no PDC or BDC in Win2000+ -- there is a "PDC Emulator",
and you may have NT4 BDC(s) but that changes the troubleshooting quite
a bit.

In Win2000 all DCs are equal (some are more equal than others for
special purposes.)

operation could not be complete due to DNS lookup failure.
- SRV records in DNS zone for our domain are missing
- dcdiag /a communication tests fail on both DCs

What failure?

One day just happened that those SRV records (folders _msdcs, _sites, _tcp
and _udp) disappeared never to be seen again. I suspect this is because in
AD Sites and Servers the Dafaul-First-Site-Name was renamed to something
else, but not sure if this is 100% right.

Shouldn't matter -- in fact many of use consider renaming the
"Default-First-Site-Name" to be a "best practice" and it should update
DNS automatically.

Anyway, I have been trying to recreate those SRV records as recommended in
MS KNowldege Base by terminating the zone, recreating it, making updateable
and restarting NETLOGON service - no SRV records created. Tried the same
with NETDIAG /FIX - again, no luck.

Ok, do you have ALL DCs pointing their OWN CLIENT settings at the
internal, DYNAMIC DNS that holds the dynamic zone that supports the
domain?

Not doing so is the most frequent reason for your symptoms.

Do you perhaps have both an Internal DNS for the zone AND SOME
OTHER DNS Server listed? Don't do that. Even if the DC has two
NICs, don't do that.

If you fix this or need to enable DYNAMIC updates then THAT IS
WHEN you cycle the NetLogon service to re-register those _domain
entries.

I do not think that we have the Disjoined DNS namespace problem, as the
PDC's network ID's DNS name matches the AD domain name and the zonename.

Ok, but I am still worried about your CLIENT settings.

Do you have more than one AD-Integrated DNS server? That is the
normal reason people end up with a disjoint (not "disjoined") internal
zone. (One server has some records, the other DC has other records
and they can no longer replicate since DNS is dependent on AD and
AD is dependent on DNS.)

For the latter case, point first one of them at the other, cycle NetLogon;
then reverse the procedure, cycle NetLogon on the other and force
replication.

By tricking each of them to register with the other you solve the disjoint
problem, allow AD to replicate, and DNS replicates with the AD.

You can now return them to point to themselves if you wish.

Other than that, I see no other reason why the restoration of SRV records
would work. Certainly, our AD won't be properly functional without them. Is
there any way I could recreate the needed records? Perhaps, a more "manual"
way than netdiag /fix?

Yes, but don't go there -- we can fix this the right way. Call me if you
feel the
need -- my phone number is on my website.

http://www.LearnQuick.Com

 

[Ace Fekay [MVP]]

In

Hello,

I am experiencing an improperly configured DNS problem on my Domain
Controllers. The sympthoms:

- The replication between PDC and BDC doesn't work, because of a DSA
operation could not be complete due to DNS lookup failure.
- SRV records in DNS zone for our domain are missing
- dcdiag /a communication tests fail on both DCs

One day just happened that those SRV records (folders _msdcs, _sites,
_tcp and _udp) disappeared never to be seen again. I suspect this is
because in AD Sites and Servers the Dafaul-First-Site-Name was
renamed to something else, but not sure if this is 100% right.

Anyway, I have been trying to recreate those SRV records as
recommended in MS KNowldege Base by terminating the zone, recreating
it, making updateable and restarting NETLOGON service - no SRV
records created. Tried the same with NETDIAG /FIX - again, no luck.

I do not think that we have the Disjoined DNS namespace problem, as
the PDC's network ID's DNS name matches the AD domain name and the
zonename. Other than that, I see no other reason why the restoration
of SRV records would work. Certainly, our AD won't be properly
functional without them. Is there any way I could recreate the needed
records? Perhaps, a more "manual" way than netdiag /fix?

Thanks!
Alex A
_____________________________
Alexander V. Alexeev

In addition to Herb's suggestions, make sure you only point all machines to
your internal DNS servers only.

NOrmally, if the Primary DNS Suffix is the same as the AD name and the same
spelling as the zone in DNS, it should automatically update, provided the
above paragraph is true.

Is your domain name a single label DNS name?

What service pack? SP4 disabled registration of single label names.
But there's abandaid for it.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Alexander V. Alexeev]

Thanks for the suggestions!
DNS on the two DCs were set to themselves, always. So there shouldn't be a
problem with that. All have one NIC each and never really had any external
DNS there. Instead, my DNS servers forward queries to my ISPs DNS.

I have tried the netlogon restart again, with dynamic zone ready, but again
empty container, only with the A record for the server itself. Strange...

Oh and also, when I do netdiag /fix, one of the errors says:
Cannot find primary authoritative DNS for the name moscow.DZN - (my domain
is named DZN and moscow is the DCs name).

And the follow numerous lines with FATAL mark that indicate the failure to
create those exact SRV records .

Anything else worth trying? Thanks!
Alex A

 

[Alexander V. Alexeev]

Yep, all my PCs point to internal DNSes and no externals defined, except the
DNS servers forward to my ISPs DNS.

My domain name is DZN - is it single labeled? So my DC name is moscow.dzn
and the other is dfgszn.dzn - they are the ones that fail to replicate AD
because of DNS problems, apparently.

And yes, they both have SP4 installed. Any way I could bypass that
anti-single-labelled-name behaviour?

Thanks
Alex A

 

[Herb Martin]

Oh and also, when I do netdiag /fix, one of the errors says:

Cannot find primary authoritative DNS for the name moscow.DZN - (my domain
is named DZN and moscow is the DCs name).

And the follow numerous lines with FATAL mark that indicate the failure to
create those exact SRV records .

Oh foo. One tag domain name is BAD.

Ace always answers these questions because it never even
occurs to me that anyone will have a "one tag domain name."

Search through the posts here -- I think he has a fix but I know
it's bad when you have only one tag (.com) in your zone/domain
name (instead of Domain.Com)

If not, Ace will likely be around Tuesday (vacation in the States
on Monday) or someone else can help.

 

[Herb Martin]

Hey Ace, he tipped me in the other thread branch that he has
a SINGLE TAG DOMAIN NAME.

I know you have the info on that -- that's likely his problem.

 

[Ace Fekay [MVP]]

In

Yep, all my PCs point to internal DNSes and no externals defined,
except the DNS servers forward to my ISPs DNS.

My domain name is DZN - is it single labeled?

Is this your NEtBIOS name or AD's DNS name as it shows up in your ADUC?

So my DC name is
moscow.dzn and the other is dfgszn.dzn - they are the ones that fail
to replicate AD because of DNS problems, apparently.

I don't follow here. You have two trees in your forest or are they two trees
in different forests?
Do both of these zone names exist in DNS?
moscow.dzn
dfgszn.dzn
Are they on the same DNS server or different servers?

And yes, they both have SP4 installed. Any way I could bypass that
anti-single-labelled-name behaviour?

That depends on your above response.
If you could also post an unedited ipconfig /all from both DCs, it will
really help out:

Thanks

Thanks
Alex A

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

Hey Ace, he tipped me in the other thread branch that he has
a SINGLE TAG DOMAIN NAME.

I know you have the info on that -- that's likely his problem.

Here's the info on that, but it's more of a bandaid until a resolve is
formulated since W2k and newer clients will not register and may cause other
problems as time goes by and the infrastructure grows.

300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names [needs the domain.com name and cannot be
just --domain--]:
http://support.microsoft.com/?id=300684



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory