Re: Herb Martin...Global Catalog SRV record missing!

---

• From: Niatross <niatross@xxxxxxxxxxxxxxxx>
• Date: Tue, 19 Jun 2007 09:24:00 -0700

---

Herb,

Here are IPCONFIG and DCDIAG /C (from both servers) as you requested:

SRV1 Windows IP Configuration

Host Name . . . . . . . . . . . . : SRV1
Primary Dns Suffix . . . . . . . : abc.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abc.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
Adapter(Generic)
Physical Address. . . . . . . . . : 00-03-FF-38-B5-C7
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1

--------------------------------------------

SRV2 Windows IP Configuration

Host Name . . . . . . . . . . . . : SRV2
Primary Dns Suffix . . . . . . . : abc.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abc.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
Adapter(Generic)
Physical Address. . . . . . . . . : 00-03-FF-25-B5-C7
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1

--------------------------------------------

SRV1 Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SRV1
Starting test: Connectivity
......................... SRV1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SRV1
Starting test: Replications
......................... SRV1 passed test Replications
Starting test: Topology
......................... SRV1 passed test Topology
Starting test: CutoffServers
......................... SRV1 passed test CutoffServers
Starting test: NCSecDesc
......................... SRV1 passed test NCSecDesc
Starting test: NetLogons
......................... SRV1 passed test NetLogons
Starting test: Advertising
......................... SRV1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SRV1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SRV1 passed test RidManager
Starting test: MachineAccount
......................... SRV1 passed test MachineAccount
Starting test: Services
......................... SRV1 passed test Services
Starting test: OutboundSecureChannels
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SRV1 passed test OutboundSecureChannels

Starting test: ObjectsReplicated
......................... SRV1 passed test ObjectsReplicated
Starting test: frssysvol
......................... SRV1 passed test frssysvol
Starting test: frsevent
......................... SRV1 passed test frsevent
Starting test: kccevent
......................... SRV1 passed test kccevent
Starting test: systemlog
......................... SRV1 passed test systemlog
Starting test: VerifyReplicas
......................... SRV1 passed test VerifyReplicas
Starting test: VerifyReferences
......................... SRV1 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SRV1 passed test VerifyEnterpriseReferences
Starting test: CheckSecurityError
[SRV1] No security related replication errors were found on this
DC! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... SRV1 passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : abc
Starting test: CrossRefValidation
......................... abc passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... abc passed test CheckSDRefDom

Running enterprise tests on : abc.local
Starting test: Intersite
......................... abc.local passed test Intersite
Starting test: FsmoCheck
......................... abc.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: SRV1.abc.local
Domain: abc.local


TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server:
a.root-servers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server:
c.root-servers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-servers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-servers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-servers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-servers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-servers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-servers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-servers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server:
m.root-servers.net. (202.12.27.33)

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not
secure abc.local.

Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53

DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90

DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107

DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4

DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10

DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12

DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17

DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241

DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30

DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129

DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12

DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4

DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext

________________________________________________________________
Domain: abc.local
SRV1 PASS PASS FAIL PASS WARN PASS n/a

......................... abc.local failed test DNS

--------------------------------------------

SRV2 Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SRV2
Starting test: Connectivity
......................... SRV2 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SRV2
Starting test: Replications
......................... SRV2 passed test Replications
Starting test: Topology
......................... SRV2 passed test Topology
Starting test: CutoffServers
......................... SRV2 passed test CutoffServers
Starting test: NCSecDesc
......................... SRV2 passed test NCSecDesc
Starting test: NetLogons
......................... SRV2 passed test NetLogons
Starting test: Advertising
......................... SRV2 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SRV2 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SRV2 passed test RidManager
Starting test: MachineAccount
......................... SRV2 passed test MachineAccount
Starting test: Services
......................... SRV2 passed test Services
Starting test: OutboundSecureChannels
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SRV2 passed test OutboundSecureChannels

Starting test: ObjectsReplicated
......................... SRV2 passed test ObjectsReplicated
Starting test: frssysvol
......................... SRV2 passed test frssysvol
Starting test: frsevent
......................... SRV2 passed test frsevent
Starting test: kccevent
......................... SRV2 passed test kccevent
Starting test: systemlog
......................... SRV2 passed test systemlog
Starting test: VerifyReplicas
......................... SRV2 passed test VerifyReplicas
Starting test: VerifyReferences
......................... SRV2 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SRV2 passed test VerifyEnterpriseRefere
nces
Starting test: CheckSecurityError
[SRV2] No security related replication errors were found on this
DC! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... SRV2 passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : abc
Starting test: CrossRefValidation
......................... abc passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... abc passed test CheckSDRefDom

Running enterprise tests on : abc.local
Starting test: Intersite
......................... abc.local passed test Intersite
Starting test: FsmoCheck
......................... abc.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: SRV2.abc.local
Domain: abc.local


TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server:
a.root-servers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server:
c.root-servers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-servers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-servers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-servers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-servers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-servers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-servers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-servers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server:
m.root-servers.net. (202.12.27.33)

Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53

DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90

DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107

DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4

DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10

DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12

DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17

DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241

DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30

DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129

DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12

DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4

DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext

________________________________________________________________
Domain: abc.local
SRV2 PASS PASS FAIL PASS n/a PASS n/a

......................... abc.local failed test DNS

Thanks, RB

"Herb Martin" wrote:

"Niatross" <niatross@xxxxxxxxxxxxxxxx> wrote in message
news:BEF9E9EF-20D6-416F-A283-8F5E919C1431@xxxxxxxxxxxxxxxx

Herb:

To answer your questions...

Yes, the Primary is dynamic (Non-secure and secure). This is a test
environment to learn DNS. I'm using virtual machines.

Nothing special here as long as IP/routing etc work as normal.

I do have a single domain forest. SRV1 is the ONLY global catalog.
Scavenging is set to their defaults (never changed).

The default is DISABLED.

Why is SRV1 losing it's "_gc._tcp" record and taking 5 minutes to logon.

If I only use SRV1 and do not setup SRV2, SRV1 has no problems and the
"_gc._tcp" record stays put and SRV1 logs in quickly.

Show us your UNEDITED text from "IPConfig /all" and from "DCDiag /c"
from EACH DC (clearly identified as 1 or 2.)

Thank, RB

---------------------------------------------------

"Herb Martin" wrote:

"Niatross" <niatross@xxxxxxxxxxxxxxxx> wrote in message
news:2D59D32D-AD33-4F9C-AB9C-551561CD2A1E@xxxxxxxxxxxxxxxx

Domain:
abc.local

Servers:
Srv1 (Win 2003SP1)
Srv2 (Win 2003SP1)


I like to setup DNS (first) and test it via NSLOOKUP before I promote
standalone servers to DC's.

Better/easier to test with "DCDiag /c" on every DC.

I have two new servers (SRV1 and SRV2).

I setup the Primary DNS Suffix on both servers
Installed the DNS service on both servers.
Pointed SRV1 to itself for DNS
Pointed SRV2 to point to SRV1

This is ok.

Created a Standard Primary Zone on SRV1 (abc.local)
Created a Standard Secondary Zone on SRV2 (abc.local)
Setup Zone Tranfer to successfully transfer abc.local from SRV1 to SRV2

Good, if the primary is DYNAMIC.

Also, SRV2 should at least use itself as an ALTERNATE or there will be
problems resolving the domain when SVR1 is down -- even better is to
have both of them as AD Integrated so that both may accept changes.

The servers are setup correctly and resolve to each other via NSLOOKUP.
I successfully run DCPROMO on SRV1, reboot and logon. Perfect!
Run DCPROMO on SRV2, reboot and logon. Perfect!

Good.

Here's the issue:

I reboot SRV1 (after SRV2 becomes a DC) and SRV1 hangs at "Preparing
Network
Connections" for 5 minutes, then the

With standard Primary this should not be the case DUE to DNS.

login screen appears.
Something in DNS is amiss.

Remember, i'm running a Standard DNS zone (abc.local). The (abc.local)
zone
is NOT AD INTEGRATED.

Here's the key to my problem:

Once the 5 minutes passes, and I am able to logon to SRV1, I go into
the
DNS
management console, go directly to "_tcp" and there is no "_gc" record.

Are the DCs set to be GCs? Normally only Srv1 would be by default but in
a
single domain forest all DCs should be GCs.

If I restart the "netlogon" service and do a "refresh", the "_gc._tcp"
resource record appears. Why am I losing the "_gc" record???

Do you have scavenging turned on (with short timeouts)?

GC records should NOT be scavenged by default and should never be
scavenged
quickly anyway.

Why does the global catalog server (SRV1) keep losing the "_gc._tcp"
record
in DNS, once it's rebooted?

Maybe the file isn't getting flushed to disk on a crash/reboot but
otherwise
it
should be there unless scavenged.

BTW: I have run NETDIAG /FIX with no errors.

DCDiag /c is best for DCs.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

.

---

• Follow-Ups:
  • Re: Herb Martin...Global Catalog SRV record missing!
    • From: Herb Martin

• References:
  • Re: Global Catalog SRV record missing!
    • From: Herb Martin
  • Attn: Herb Martin...Global Catalog SRV record missing!
    • From: Niatross
  • Re: Herb Martin...Global Catalog SRV record missing!
    • From: Herb Martin

• Prev by Date: Re: AD DNS subdomains fail when internet lost
• Next by Date: Re: DNSapi errors
• Previous by thread: Re: Herb Martin...Global Catalog SRV record missing!
• Next by thread: Re: Herb Martin...Global Catalog SRV record missing!
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Cannot get access to router on SBS server ... point the DNS server setting to the IP of the SBS ... calling CNetCommit::ValidateFulltimeConnectionProperties. ... Call to Reading web publishing selection returned ok. ... (microsoft.public.windows.server.sbs) Re: DNS warning. ... click the applicable DNS server. ... Click the Root Hints tab. ... Master lists of secondary zones. ... (microsoft.public.backoffice.smallbiz) Re: One DC crashed and the other didnt take over - Please assist ... Error: Root hints list has invalid root hint server: ... DNS server: 128.63.2.53 ... (microsoft.public.windows.server.active_directory) Re: DNS warning. ... click the applicable DNS server. ... Click the Root Hints tab. ... Master lists of secondary zones. ... (microsoft.public.backoffice.smallbiz) [UNIX] Hardening the BIND DNS Server ... Hardening the BIND DNS Server ... Your Domain Name Service is the road sign to your systems on the Internet. ... (Securiteam)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.dns  > 2007-06