Fixing Disjointed DNS Namespace

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hello,

We are having a problem with a Active Directory domain. When installed,
they used the DNS name "domain." rather than "domain.local" or what
have you. During a recent upgrade, the administrators deleted the
"domain." forward zone from DNS. No backups exist and this zone was a
Standard Primary, not AD-integrated.

We have recreated the DNS zone and attempted to repair it following KB
260371.

Troubleshooting Common Active Directory Setup Issues
http://support.microsoft.com/kb/q260371/

Netdiag /Fix does not work. I suspect that the DNS settings were
incorrect when AD was installed, and that what we have here is a
disjointed DNS namespace.

Any recommendations on how to fix this, short of removing and
rebuilding Active Directory? Thanks in advance.

J Wolfgang Goerlich

Environment: Win2000 S SP4, Active Directory Mixed, one DC with one
member server, 60+ WinXP clients.

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

> Troubleshooting Common Active Directory Setup Issues
> http://support.microsoft.com/kb/q260371/
>
> Netdiag /Fix does not work. I suspect that the DNS settings were
> incorrect when AD was installed, and that what we have here is a
> disjointed DNS namespace.
>
> Any recommendations on how to fix this, short of removing and
> rebuilding Active Directory? Thanks in advance.

Well, definitely do NOT do that.

Before trying to fix the DC records make sure you DNS is properly configued:

DNS
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC.

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.


THEN try these on each DC:

Net stop netlogon
net start netlogon
dcdiag /fix

NetDiag /fix is not designed to do all of the DC things.
(Neither is DCDiag but it comes closer.)

Also send the output of DCDiag to a text file and search for
FAIL, WARN, ERROR -- fix those or try reporting them here.

--
Herb Martin


<jwgoerlich@beogroup.com> wrote in message
news:1102685375.629653.167410@f14g2000cwb.googlegroups.com...
> Hello,
>
> We are having a problem with a Active Directory domain. When installed,
> they used the DNS name "domain." rather than "domain.local" or what
> have you. During a recent upgrade, the administrators deleted the
> "domain." forward zone from DNS. No backups exist and this zone was a
> Standard Primary, not AD-integrated.
>
> We have recreated the DNS zone and attempted to repair it following KB
> 260371.
>
> Troubleshooting Common Active Directory Setup Issues
> http://support.microsoft.com/kb/q260371/
>
> Netdiag /Fix does not work. I suspect that the DNS settings were
> incorrect when AD was installed, and that what we have here is a
> disjointed DNS namespace.
>
> Any recommendations on how to fix this, short of removing and
> rebuilding Active Directory? Thanks in advance.
>
> J Wolfgang Goerlich
>
> Environment: Win2000 S SP4, Active Directory Mixed, one DC with one
> member server, 60+ WinXP clients.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hello Herb,

Appreciate the quick reply. Here is an update:

> 1) Dynamic for the zone supporting AD

Done. Active Directory-integrated, dynamic yes (unsecure at the moment)

> 2) All internal DNS clients NIC\IP properties must specify SOLELY
> that internal, dynamic DNS server (set.)

Check.

> 3) DCs and even DNS servers are DNS clients too -- see #2

The single domain controller hosts DNS. The DC points to itself for
DNS.

> THEN try these on each DC ... dcdiag /fix

Done on the one and only DC. First error is DNS, which we know about
because populating the DNS is what we are trying to do. Second error is
about the GC, which we have checked. The GC is active on the DC and,
thus, I am reasonably certain that this is a DNS-related problem, too.

(5e97a6d4-ed58-4d3b-92f1-f8bec097e738._msdcs.domain) couldn't be
resolved, the server name (server.domain) resolved to the IP address
(192.168.10.2) and was pingable.

Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Next step?

J Wolfgang Goerlich

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Yes, rebooted the computer.

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Did you restart the Net Logon service?
(Rebooting the DC should be equivalent).


--
Herb Martin


<jwgoerlich@beogroup.com> wrote in message
news:1102695930.746190.8250@z14g2000cwz.googlegroups.com...
> Hello Herb,
>
> Appreciate the quick reply. Here is an update:
>
> > 1) Dynamic for the zone supporting AD
>
> Done. Active Directory-integrated, dynamic yes (unsecure at the moment)
>
> > 2) All internal DNS clients NIC\IP properties must specify SOLELY
> > that internal, dynamic DNS server (set.)
>
> Check.
>
> > 3) DCs and even DNS servers are DNS clients too -- see #2
>
> The single domain controller hosts DNS. The DC points to itself for
> DNS.
>
> > THEN try these on each DC ... dcdiag /fix
>
> Done on the one and only DC. First error is DNS, which we know about
> because populating the DNS is what we are trying to do. Second error is
> about the GC, which we have checked. The GC is active on the DC and,
> thus, I am reasonably certain that this is a DNS-related problem, too.
>
> (5e97a6d4-ed58-4d3b-92f1-f8bec097e738._msdcs.domain) couldn't be
> resolved, the server name (server.domain) resolved to the IP address
> (192.168.10.2) and was pingable.
>
> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
> A Global Catalog Server could not be located - All GC's are down.
> Next step?
>
> J Wolfgang Goerlich
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

You know I forgot to mention that your SINGLE label
domain name is likely part of your problem.

Start here:

http://support.microsoft.com/Default.aspx?kbid=826743

Or Google this:

[ single label domain name dns site:microsoft.com ]

or

[ single label domain name dns microsoft: ]


--
Herb Martin


<jwgoerlich@beogroup.com> wrote in message
news:1102704455.935775.291430@f14g2000cwb.googlegroups.com...
> Yes, rebooted the computer.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Good information. Much obliged for your help, Herb. We are proceeding
to rebuild Active Directory. The article 826743 and other symptoms (too
numerous to mention) have convinced us that the implementation is wrong
on several levels. Better to start fresh and do it right then to track
down bugs and chase our tails for the next several months.
Thanks again for your time, it was very helpful.

J Wolfgang Goerlich

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

<jwgoerlich@beogroup.com> wrote in message
news:1103117876.682241.319550@c13g2000cwb.googlegroups.com...
> Good information. Much obliged for your help, Herb. We are proceeding
> to rebuild Active Directory. The article 826743 and other symptoms (too
> numerous to mention) have convinced us that the implementation is wrong
> on several levels. Better to start fresh and do it right then to track
> down bugs and chase our tails for the next several months.
> Thanks again for your time, it was very helpful.


Glad to help.

You know perhaps, that generally I am against re-installing
domains, or even regular machines just to "clean them up"
as many people suggest as a near matter of course, BUT....

This is one of the exceptions, I usually make. That darn
single label domain name is so irritating that it is probably
worth it.



--
Herb Martin


>
> J Wolfgang Goerlich
>