Re: problem with AD dns auto registration and subdomain

From: Paul (pjsmith_at_microtech.co.gg)
Date: 10/05/04 

Date: Tue, 5 Oct 2004 10:03:07 +0100

Thanks for the reply.

The AD is all 2003 as far as I am aware. Our child domain certainly is, as
is the main DC's in the parent domain.

In the _msdcs zone on the child on the subdomains dns server I have dc and
pdc folders. No idividual records. In the subfolers of these there are
records of the sites etc.

I've recreated the zone just to make sure. I've told it to replicate to all
dns servers in the active directory forest and left it a while. The first
Dc which was configured at the primary site seems to rebuild all it's
records fine. . AD communication between the first dc and the rest of the
forest seems OK, but communication between the new dc's I added after bring
the first back to the site does'nt seem to work.

Event log messages like this on the dc to the new dc's in the same
site/subnet

Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1925
Date: 05/10/2004
Time: 09:54:44
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: VAZON
Description:
The attempt to establish a replication link for the following writable
directory partition failed.

Directory partition:
DC=domain1,DC=INT,DC=mydomain,DC=com
Source domain controller:
CN=NTDS
Settings,CN=BUTTERCUP,CN=Servers,CN=RFH,CN=Sites,CN=Configuration,DC=INT,DC=mydomain,DC=com
Source domain controller address:
41fa8075-7a1c-4ae6-9713-e35f497c8b67._msdcs.INT.mydomain.com
Intersite transport (if any):

This domain controller will be unable to replicate with the source domain
controller until this problem is corrected.

User Action
Verify if the source domain controller is accessible or network connectivity
is available.

Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

If I check the source address it cannot be resolved with dns. It seems the
source address which is in the parent domain, not the subdomain, is not
being registered in dns.

There is currently no firewall in between the dc's, thought they are routed
on different subnets.

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:ebJ0mjpqEHA.516@TK2MSFTNGP09.phx.gbl...
> In news:b9qdnaVF1ZkYMfzcRVn-oA@giganews.com,
> Paul Smith <pjsmith@microtech.coDOTgg> made a post then I commented below
>> Hello,
>>
>> I am trying to setup 2 dc's for a child domain,
>> domain1.int.mydomain.com. The problem is that some of the DC dns
>> records are not getting registered. The ones like '
>> 3189c2ac-f684-42ab-ae65-939df4bd34c0._msdcs.int.mydomain.com'.
>>
>> The current setup is this
>>
>> 2 2003 domain controllers in the subdomain domain1.int.mydomain.com.
>> 1 DC running dns with a forward looking zone domain1.int.mydomain.com
>> that allows secure dynamic updates. The 1st dc was setup on site in
>> the parent domain and the DC records are all resolvable as they
>> should be. The 2nd dc was setup off site at the child domain
>> location. It joined the subdomain fine but there are replication
>> problems because of the missing dns entries. netdiag /fix shows lots
>> of entries such as
>> DNS Error code: ERROR_TIMEOUT (Dns server may be down.)
>> [FATAL] Failed to fix: DC DNS entry
>> _ldap._tcp.RFH._sites.gc._msdcs.INT.mydomain.com. re-registeration on
>> DNS server '192.168.0.1' failed.
>>
>> This only happens with the parent domain records. The local subdomain
>> entries ending in domain1.int.mydomain.com are all ok on the
>> subdomains dns server. The server 192.168.0.1 is definately up and
>> running and accepting dynamic updates for the subdomain.
>>
>> I have the 2 dns servers of the parent domain as forwarders on my own
>> child domain dc.
>>
>> I have tried removing and re-creating the zone on the dns server. The
>> domain1.int.mydomain.com records are all recreated as they should be
>> but the dc records for the parent domain are not. I do not have a
>> zone for the parent domain on the subdomains dns server.
>>
>> Can anyone suggest what might be wrong?
>>
>> Thanks.
>
> Is the whole infrastructure Win2003 or is it mixed?
>
> What shows up in the _msdcs zone on the child?
>
> When you created it, did you make the zone AD integrated and set it to
> Forest wide replication? If so, and communication and AD replication is
> working, then the zone should just pop up.
>
> What errors are you getting in your Event viewer in relation to AD? Are
> there firewalls between the locations?
>
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>