GC DC domain DNS zone failed to load

[tlindsay42]

Right after a disaster recovery test where we isolated our hotsite global catalog domain controller (the only DC in the Hotsite Site), HOTDC.company.local, for a few days, the domain DNS zone [company.local] for this domain controller would no longer load. All other Active Directory integrated zones will load and update on HOTDC.company.local. The zone [company.local] will load on all other DCs w/ DNS in all other sites. All other AD info will load, replicate, and update. All queries against the company.local zone on HOTDC fail, but queries against other zones succeed. Primary DNS server set on HOTDC to loopback 127.0.0.1.

DNS error message on HOTDC:

"Zone not loaded by server"

Application Event Log error message on HOTDC:

Source: Userenv
Category: None
Event ID: 1097
Description: Windows cannot find the machine account, The Local Security Authority cannot be contacted.

Troubleshooting:

**********************************************************
dcdiag - only error was event ID 1097 above

**********************************************************
netdiag -
-DNS test . . . . . . . . . . . . . : Failed
---[WARNING] Cannot find a primary authoritative DNS server
---for the name 'hotdc.COMPANY.LOCAL.'.
---[RCODE_SERVER_FAILURE] The name 'hotdc.COMPANY.LOCAL.'
---may not be registered in DNS.
---[WARNING] The DNS entries for this DC cannot be verified
---right now on DNS server 127.0.0.1, ERROR_TIMEOUT.
---[FATAL] No DNS servers have the DNS records for this DC
---registered.
-Trust relationship test. . . . . . : Failed
---[FATAL] Secure channel to domain 'COMPANY' is broken.
---[ERROR_NO_LOGON_SERVERS]
-LDAP test. . . . . . . . . . . . . : Passed
---[WARNING] Failed to query SPN registration on
---DC 'dc2.COMPANY.LOCAL'.
---[WARNING] Failed to query SPN registration on
---DC 'dc1.COMPANY.LOCAL'.

**********************************************************
nltest -
-Flags: 0
---Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
---The command completed successfully

**********************************************************
Any ideas on where should I go from here?


Thanks,
-Big T

 

[theravager]

change dns to another server. Taking a guess this dc was never promoted properly originally

 

[Roadki11]

Try setting the dns ip to its network address and not the loopback, ive seen dns act flacky when set to the loopback.



RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[Roadki11]

umm... flaky even


RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[58sniper]

I'm with Roadki11 - never set the DNS to the loopback address.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[tlindsay42]

Done, though the domain controller and DNS was working without errors for the last year and a half with those settings and my other DCs are still working fine. After I made the changes, the zone did not come back up, so I rebooted and still no, though I am getting new 4011 errors in the DNS log stating that all zones alphabetically after company.local cannot update after the boot, but no error for all AD-integrated zones alphabetically before company.local.

As this DC is only used for DR, I am free to do whatever I need to do to get this fixed. ???

Thanks,
-Big T