At least one CNAME record for an AD forest GUID was missing from a DNS

[Ceez]

Hello everyone.

I posted the following on the DNS section but that part of the board seems to be a little quiet compared to the server 2003 section.

I was wondering if anyone can help me out.

Here's the link to the original post:

http://www.tek-tips.com/viewthread.cfm?qid=1536834&page=1

Thank you everyone.

ceez

 

[PScottC]

Do not manually delete ANY records from the _msdcs zone or its children unless you are sure that the record refers to a server that does not exist.

SRV (Service) records specify servers in your AD that host Kerberos, Global Catalog, PDC, LDAP, and other services. AD clients use these records to find domain controllers and specific services needed for authentication.

Each DC registers its GUID directly in the _msdcs zone. The error seems to indicate that one of the DCs has not registered its GUID, or that the record has not replicated to all the other domain controllers.

If you have a multi-domain forest, also check the domains._msdcs zone in the forest root domain and verify that the GUIDs for all your domains are listed and that the child zones are populated with the DCs beloning to that domain.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[Ceez]

@PScottC, thanks for the reply.

Do not manually delete ANY records from the _msdcs zone or its children unless you are sure that the record refers to a server that does not exist.

Well the servers DO EXIST but each one has 2 entries in _msdcs. The one that is found by DNSLint and the other is for the same server but not listed in the report. The same goes for the 2nd repeated server. We have 7DC's yet there are 9DC's under _msdcs.

Each DC registers its GUID directly in the _msdcs zone. The error seems to indicate that one of the DCs has not registered its GUID, or that the record has not replicated to all the other domain controllers.

I dont seem to have any replication errors from any of my DCs, that's the strange part. These domains are not new either, I guess they should of replicated yeeears ago

If you have a multi-domain forest, also check the domains._msdcs zone in the forest root domain and verify that the GUIDs for all your domains are listed and that the child zones are populated with the DCs beloning to that domain.

If I drill down to:
domain -> _msdcs -> domains -> (4)GUID folder -> _tcp

Each one of these 4 GUIDs has an SRV listing of the DC's for it's own domain/child domain and they are called "_ldap"


So should I be able to delete those 2 entries and why arent the child domains registering the other DC's under child.domain.net -> _msdcs ??? There are 2 folder dc & pdc which I can continue to drill down but there are no Alias (CNAME) records within _msdcs.



On a side note, on one child domain whith 2 DC's an APIPA Host(a) record keeps on registering itself under child.domain.net -> domaindnszones. I delete this record but it continues to show up after a while.


Thanks again,

Ceez