Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, May 15, 2018 1:26 PM
Hi all I have installed a Windows 2012 r2 Server as PDC on a new Domain. When i run dcdiag /test:dns i get the following response:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = PDC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PDC
Starting test: Connectivity
The host
a18ee558-c314-4039-a80f-d5e7077e34e4._msdcs.domain.local could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... PDC failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PDC
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... PDC passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.local
Starting test: DNS
Test results for domain controllers:
DC: PDC
Domain: domain.local
TEST: Basic (Basc)
Error: No LDAP connectivity
Warning: adapter
[00000013] HPE Ethernet 1Gb 4-port 331i Adapter has invalid
DNS server: 10.12.23.10 (PDC.domain.local.)
Error: all DNS servers are invalid
No host records (A or AAAA) were found for this DC
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in zone domain.local
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.12.23.10 (PDC.domain.local.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.domain.local. failed on the DNS server 10.12.23.10
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: domain.local
PDC PASS FAIL PASS PASS WARN FAIL n/a
......................... domain.local failed test DNS
I have run nslookup tests they are fine, my PDC is a single homed host. However i have noticed that i do not have the default AD DNS SVR records showing under the Forward Lookup Zones under DNS. When i check the netlogon.dns file it seems they are all registered. Someone kindly help.Thanks
All replies (24)
Tuesday, May 15, 2018 3:09 PM
Hi,
Is it possible to have an output of ipconfig /all (specifically the DNS Servers part please ?
Best Regards,
Wednesday, May 16, 2018 3:17 AM | 1 vote
Hi,
Thanks for your questions.
Please type the following steps to see if it could resolve this issue.
1 I’d check that did you create a standard DNS zone firstly and then perform DC promotion with the same DNS?
2 If above done, we’ll first need to turn on the option “dynamic updates” for this DNS zone as the following figure.
3 Then, type the command "net stop netlogon" & "net start netlogon" & “ipconfig /registerdns” on the DNS server to re-register AD records.
4 Restart the DNS server and run dcdiag /test:dns again to see if it works.
5 Then, please check you can see the ADI-DNS zone and _msdcs forest zone in the DNS console
6 Surely, meanwhile, we’ll ensure that the ADI-DNS server’s connectivity and it can be ping in the domain network. Type ipconfig /all in CMD to check its IP setting with a static IP.
7 Please also use the CMD command ipconfig /all to check if local DNS setting is correct. You’ll need to configure primary DNS itself.
Reference link:
Troubleshooting dynamic updates
/en-us/previous-versions/windows/it-pro/windows-server-2003/cc756815(v=ws.10)
Solving Dynamic Update and Secure Dynamic Update Problems
/en-us/previous-versions/windows/it-pro/windows-2000-server/cc959308(v=technet.10)
Hope this helps. I look forward hearing your good news. If you have any questions, please feel free to let me know.
Best regards,
Michael
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Wednesday, May 16, 2018 11:38 AM
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Embedded LOM 1 Port 1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HPE Ethernet 1Gb 4-port 331i Adapter
Physical Address. . . . . . . . . : 98-F2-B3-E9-FF-F8
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.12.23.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.12.23.1
DNS Servers . . . . . . . . . . . : 10.12.23.10
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{935CB1FF-A99E-4C1D-AB25-92E70BF9AABC}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Wednesday, May 16, 2018 11:52 AM
Hi Michael, I had done step one, AD is already running on the DC. When i check the option of "dynamic updates" it is well configured. I uninstalled and reinstalled the DNS service. Unfortunately I still cant see the ADI-DNS zone and _msdcs forest zone in the DNS console.
when i open the netlogon.dns file this is what I get:
arlinguganda.local. 600 IN A 10.12.23.10
_ldap._tcp.darlinguganda.local. 600 IN SRV 0 100 389 DARLINGUG.
_ldap._tcp.Default-First-Site-Name._sites.darlinguganda.local. 600 IN SRV 0 100 389 DARLINGUG.
_ldap._tcp.pdc._msdcs.darlinguganda.local. 600 IN SRV 0 100 389 DARLINGUG.
_ldap._tcp.gc._msdcs.darlinguganda.local. 600 IN SRV 0 100 3268 DARLINGUG.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.darlinguganda.local. 600 IN SRV 0 100 3268 DARLINGUG.
_ldap._tcp.5874e125-5fc1-4bfc-90fe-3551ec393ed8.domains._msdcs.darlinguganda.local. 600 IN SRV 0 100 389 DARLINGUG.
gc._msdcs.darlinguganda.local. 600 IN A 10.12.23.10
a18ee558-c314-4039-a80f-d5e7077e34e4._msdcs.darlinguganda.local. 600 IN CNAME DARLINGUG.
_kerberos._tcp.dc._msdcs.darlinguganda.local. 600 IN SRV 0 100 88 DARLINGUG.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.darlinguganda.local. 600 IN SRV 0 100 88 DARLINGUG.
_ldap._tcp.dc._msdcs.darlinguganda.local. 600 IN SRV 0 100 389 DARLINGUG.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.darlinguganda.local. 600 IN SRV 0 100 389 DARLINGUG.
_kerberos._tcp.darlinguganda.local. 600 IN SRV 0 100 88 DARLINGUG.
_kerberos._tcp.Default-First-Site-Name._sites.darlinguganda.local. 600 IN SRV 0 100 88 DARLINGUG.
_gc._tcp.darlinguganda.local. 600 IN SRV 0 100 3268 DARLINGUG.
_gc._tcp.Default-First-Site-Name._sites.darlinguganda.local. 600 IN SRV 0 100 3268 DARLINGUG.
_kerberos._udp.darlinguganda.local. 600 IN SRV 0 100 88 DARLINGUG.
_kpasswd._tcp.darlinguganda.local. 600 IN SRV 0 100 464 DARLINGUG.
_kpasswd._udp.darlinguganda.local. 600 IN SRV 0 100 464 DARLINGUG.
DomainDnsZones.darlinguganda.local. 600 IN A 10.12.23.10
_ldap._tcp.DomainDnsZones.darlinguganda.local. 600 IN SRV 0 100 389 DARLINGUG.
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.darlinguganda.local. 600 IN SRV 0 100 389 DARLINGUG.
ForestDnsZones.darlinguganda.local. 600 IN A 10.12.23.10
_ldap._tcp.ForestDnsZones.darlinguganda.local. 600 IN SRV 0 100 389 DARLINGUG.
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.darlinguganda.local. 600 IN SRV 0 100 389 DARLINGUG.
It seems the files do exist but i cant see these under the DNS console. Please Advise
Wednesday, May 16, 2018 1:04 PM
Michael,
I have also run dcdiag /c /v I am seeing DNS errors here:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine DARLINGUG, is a Directory Server.
Home Server = DARLINGUG
* Connecting to directory service on server DARLINGUG.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=darlinguganda,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=darlinguganda,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=darlinguganda,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DARLINGUG,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=darlinguganda,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DARLINGUG
Starting test: Connectivity
* Active Directory LDAP Services Check
The host
a18ee558-c314-4039-a80f-d5e7077e34e4._msdcs.darlinguganda.local could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... DARLINGUG failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DARLINGUG
Skipping all tests, because server DARLINGUG is not responding to
directory service requests.
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... DARLINGUG passed test DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : darlinguganda
Starting test: CheckSDRefDom
......................... darlinguganda passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... darlinguganda passed test CrossRefValidation
Running enterprise tests on : darlinguganda.local
Starting test: DNS
Test results for domain controllers:
DC: DARLINGUG
Domain: darlinguganda.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No LDAP connectivity
The OS
Microsoft Windows Server 2012 R2 Standard (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000013] HPE Ethernet 1Gb 4-port 331i Adapter:
MAC address is 98:F2:B3:E9:FF:F8
IP Address is static
IP address: 10.12.23.10
DNS servers:
Warning:
10.12.23.10 (darlingug.darlinguganda.local.) [Invalid]
Warning: adapter
[00000013] HPE Ethernet 1Gb 4-port 331i Adapter has
invalid DNS server: 10.12.23.10
(darlingug.darlinguganda.local.)
Error: all DNS servers are invalid
No host records (A or AAAA) were found for this DC
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
197.220.124.110 (<name unavailable>) [Valid]
5.11.11.11 (<name unavailable>) [Valid]
5.11.11.5 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: darlinguganda.local.
Delegated domain name: _msdcs.darlinguganda.local.
DNS server: darlingug.darlinguganda.local. IP:10.12.23.10 [Valid]
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in zone darlinguganda.local
[Error details: 13 (Type: Win32 - Description: The data is invalid.)]
Test record dcdiag-test-record deleted successfully in zone darlinguganda.local
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.12.23.10 (darlingug.darlinguganda.local.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.darlinguganda.local. failed on the DNS server 10.12.23.10
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS delegation for the domain _msdcs.darlinguganda.local. is operational on IP 10.12.23.10
DNS server: 197.220.124.110 (<name unavailable>)
All tests passed on this DNS server
DNS server: 5.11.11.11 (<name unavailable>)
All tests passed on this DNS server
DNS server: 5.11.11.5 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: darlinguganda.local
DARLINGUG PASS FAIL PASS PASS WARN FAIL n/a
......................... darlinguganda.local failed test DNS
Starting test: LocatorCheck
GC Name: \DARLINGUG
Locator Flags: 0xe000f3fd
PDC Name: \DARLINGUG
Locator Flags: 0xe000f3fd
Time Server Name: \DARLINGUG
Locator Flags: 0xe000f3fd
Preferred Time Server Name: \DARLINGUG
Locator Flags: 0xe000f3fd
KDC Name: \DARLINGUG
Locator Flags: 0xe000f3fd
......................... darlinguganda.local passed test LocatorCheck
Starting test: FsmoCheck
GC Name: \DARLINGUG
Locator Flags: 0xe000f3fd
PDC Name: \DARLINGUG
Locator Flags: 0xe000f3fd
Time Server Name: \DARLINGUG
Locator Flags: 0xe000f3fd
Preferred Time Server Name: \DARLINGUG
Locator Flags: 0xe000f3fd
KDC Name: \DARLINGUG
Locator Flags: 0xe000f3fd
......................... darlinguganda.local passed test FsmoCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... darlinguganda.local passed test Intersite
Wednesday, May 16, 2018 4:16 PM
Is it possible to have a screenshot of what you have in forwarder lookup zone, a screenshot similar to what Michael sent you ?
Best Regards,
Thursday, May 17, 2018 7:38 AM
My account is not allowing me to send images "until it is verified". When I expand the _msdcs.domain.local Forward lookup Zone, there are only 2 text files and no subfolders, the same as the domain forward lookup zone, I only find text files and no subfolder (the SVR Records are non existent.
But as indicated earlier on when i go the netlogon.dns file i have text depicting that these do exist.
Kindly help.
Thursday, May 17, 2018 8:11 AM
So in the zone domain.local you don't have any A record for the domain controller ?
Best Regards,
Thursday, May 17, 2018 11:44 AM
I do have records there.
Thursday, May 17, 2018 11:58 AM
Can you check if you have something related to your DC in _tcp for domain.local ?
Best Regards,
Thursday, May 17, 2018 12:02 PM
I do not have the _tcp in the domain.local i only have SOA, NS, and A records for the DC.
Thursday, May 17, 2018 12:14 PM
I think you have an issue with the creation of the zone, do you remember how you installed this domain controller ?
When you uninstalled the DNS server and reinstall it did you create the zone domain.local manually ?
If you can I think it's better to remove all (AD DS and DNS server) and reinstall the domain controller (If you only have 1 DC you should remove the domain too)
Best Regards,
Thursday, May 17, 2018 12:36 PM
I installed Win Server 2012 r2, created a new forest domain.local, installed AD DS and DHCP and DNS services.
When i removed DNS the domain.local zone was there but the subfolders where missing like in the instance i had installed earlier on.
Do you mean reinstalling the OS or just the services?
Thanks
Thursday, May 17, 2018 12:43 PM
No just the services
Best Regards,
Thursday, May 17, 2018 1:05 PM
Okay. Will do so and will advise.
Monday, May 21, 2018 8:56 AM
Hi, I uninstalled the services as instructed, upon re installation i have the same. Kindly advise. ifanyone is willing to do remote access and check the issue advise.
Thanks
Wednesday, May 23, 2018 7:54 AM
Hi,
Please check the two things on our Windows.
1. Type services.msc on RUN.exe to check RPC service and its dependencies state is running (started), and change the startup type to Automatic as the following figure.
2.Please check Windows Firewall and Anti-virus software on the DC. We'll need to make sure that AD services such as RPC, LADP are allowed in the settings of Windows Firewall or Anti-virus software as below.
For testing purpose, we best turn off the firewall temporarily.
Hope this helps. I look forward hearing your good news. Highly appreciate your effort and time.
Best regards,
Michael
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Wednesday, May 23, 2018 10:52 AM
Hi Michael,
I have checked the services they are all okay. However, the Firewalls is disabled. Could this be the issue?
I have an SQL Database being accessed over the network on the same machine, could this also be the issue?
Friday, May 25, 2018 6:52 AM
Hi,
I think it doesn't matter that it's also SQL database.
Do you mean the rules regarding Active Directory such as RPC, LDAP listed in above figure were disabled within the windows firewall?If this, we need to enable these rules listed in this picture.
Or meant you turn off and disable windows firewall completely as below?
If this, that's what we need to do for testing exactly. Please run again the command DCDIAG /TEST:DNS to see if it could work.
Highly appreciate your successive effort and time. I look forward hearing your good news. If you have any question and concern, please feel free to let me know.
Best regards,
Michael
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Friday, May 25, 2018 9:42 AM
Or meant you turn off and disable windows firewall completely as below?
What i mean is the Firewall is completely turned off.
Friday, May 25, 2018 10:02 AM
DCDIAG /TEST:DNS Results
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DARLINGUG
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DARLINGUG
Starting test: Connectivity
The host
2d5d5d1d-cfaa-4f97-a979-709e95591540._msdcs.darlinguganda.local could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... DARLINGUG failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DARLINGUG
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... DARLINGUG passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : darlinguganda
Running enterprise tests on : darlinguganda.local
Starting test: DNS
Test results for domain controllers:
DC: DARLINGUG
Domain: darlinguganda.local
TEST: Basic (Basc)
Error: No LDAP connectivity
Warning: adapter
[00000013] HPE Ethernet 1Gb 4-port 331i Adapter has invalid
DNS server: 10.12.23.10 (darlingug.darlinguganda.local.)
Error: all DNS servers are invalid
No host records (A or AAAA) were found for this DC
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in zone darlinguganda.local
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.12.23.10 (darlingug.darlinguganda.local.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.darlinguganda.local. failed on the DNS server 10.12.23.10
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: darlinguganda.local
DARLINGUG PASS FAIL PASS PASS WARN FAIL n/a
......................... darlinguganda.local failed test DNS
Tuesday, May 29, 2018 10:18 AM
Hi,
Thanks for your update.
Please try it again as the following article and we hope it may help you to resolve your issue;
In addition, it is not recommended to install SQL Server on a domain controller. You may encounter problems when installing SQL Server on a domain controller.
Hope this helps. If you have any question and concern, please feel free to let me know.
Best regards,
Michael
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Saturday, October 27, 2018 8:12 PM
Many thanks Michael! There is so many useless posts about what is missing but none (beside yours) how to recreate the missing SRVs. The fact that AD installation with the new integrated dcpromo.exe into role install is not creating these records is unbelievable - still true.
Monday, October 29, 2018 7:41 AM
Another thing that is strange is that you don't have any primary DNS suffix so maybe that's why the DNS part is not working.
Can you check there to see if you have something ?
Best Regards,