Missing SRV record at DNS server
Microsoft has an article about moving a DC to another site that you probably want to review in detail. Make sure you have your subnets, site connectors, and bridgehead servers configured. It sounds like your servers still have different ideas of what the replication topology is supposed to be, and are not on the same page.
Related videos on Youtube
03 : 38
02 : 14
05 : 11
04 : 10
02 : 48
Fersty
Updated on September 18, 2022Comments
-
Fersty almost 2 years
Server 2008R2. 2003 functional level. One of my branch DCs, which we will call BranchDC1, is not registering SRV records in example.com/_msdcs/gc/_sites/_tcp.
The DC is marked as a Global Catalog in Sites & Services.
C:\>dcdiag /test:replications Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = BRANCHDC1 * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Branch1\BRANCHDC1 Starting test: Connectivity ......................... BRANCHDC1 passed test Connectivity Doing primary tests Testing server: Branch1\BRANCHDC1 Starting test: Replications ......................... BRANCHDC1 passed test Replications Running partition tests on : ForestDnsZones Running partition tests on : DomainDnsZones Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : example Running enterprise tests on : example.com C:\>dcdiag /test:dns Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = BRANCHDC1 * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Branch1\BRANCHDC1 Starting test: Connectivity ......................... BRANCHDC1 passed test Connectivity Doing primary tests Testing server: Branch1\BRANCHDC1 Starting test: DNS DNS Tests are running and not hung. Please wait a few minutes... ......................... BRANCHDC1 passed test DNS Running partition tests on : ForestDnsZones Running partition tests on : DomainDnsZones Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : example Running enterprise tests on : example.com Starting test: DNS Test results for domain controllers: DC: BRANCHDC1.example.com Domain: example.com TEST: Dynamic update (Dyn) Warning: Failed to delete the test record dcdiag-test-record in zone example.com TEST: Records registration (RReg) Network Adapter [00000000] Microsoft Virtual Machine Bus Network Adapter: Warning: Missing SRV record at DNS server 192.168.47.24: _ldap._tcp.gc._msdcs.example.com Warning: Missing SRV record at DNS server 10.2.100.121: _ldap._tcp.gc._msdcs.example.com Error: Record registrations cannot be found for all the network adapters Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext _________________________________________________________________ Domain: example.com BRANCHDC1 PASS PASS PASS PASS WARN FAIL n/a ......................... example.com failed test DNS C:\>This DC was working fine for a few years. Then, the office where it resides had to be relocated. Knowing it would be offline for 3 to 6 weeks or more, I demoted the server. This seemed to go fine. When the relocation was complete and the server was back online, I re-promoted it.
By mistake, I initially added the server to the wrong site (our datacenter). But once I realized this, I moved it to the correct site (it's own).
The dcdiag above shows the SRV record is missing on both itself and its replication partner in our datacenter. Initially, it was only reporting that the SRV record was missing from its replication partner.
If BRANCHDC1 is rebooted, or replication forced, it will recreate that SRV record on itself. But that never gets copied over to its replication partner (HQDC1), and it appears that it will eventually get deleted from BRANCHDC1.
Doing dcdiag /fix passes all tests, except NCSecDesc. But all of our DCs fail, and I'm pretty sure this can be ignored (mskb 967482).
I've ran nltest /dsregdns.
I have tried registerdns, stop/start netlogon. I swapped the order of DNS servers on BRANCHDC1's NIC (pointing to itself and HQDC1), and performed those steps again.
I checked netlogon.dns on BRANCHDC1 and it looks right (compared it to other DCs). No other SRV records appear to be missing from anywhere else that I've found thus far.
I've ran the AD Replication Status tool, which finds no errors with replication, and shows BRANCHDC1 is recognized as a GC.
As far as I can tell, BRANCHDC1 is configured the same as all of our other branch DCs, including its NIC.
I do not see any other SRV records missing. The only other funky think I see is that there is an _ldap SRV record for HQDC2 (another DC in our datacenter) located in example.com/_msdcs/gc/_sites/Branch1/_tcp in addition to the one for BRANCHDC1. It gets recreated if I delete it. This may have something to do with the BRANCHDC1 initially belonging to the same site as HQDC2. No other sites has a record there for anything but its own DC.
I'm stumped. I don't know what to try next, aside from dropping a wad of cash on support from MS.
Any help would be greatly appreciated.
-
Massimo over 9 yearsIf BRANCHDC1 is rebooted, or replication forced, it will recreate that SRV record on itself. But that never gets copied over to its replication partner (HQDC1), and it appears that it will eventually get deleted from BRANCHDC1.This smells heavily of replication problems... -
Fersty about 9 yearsDemote/repromote was something I was hoping to hold off on. But I may try that tomorrow.
-
-
Jenny D over 8 yearsWhilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.