Server 2012 R2 Active Directory Domain SRV dns records suddenly disappeared

domain-name-system active-directory domain-controller windows-server-2012-r2 srv-record
22,646

Solution 1

1. Restart the Netlogon service on one of the Domain Controllers

OR

2. Run DCDiag /fix

OR

3. Manually create the records from the netlogon.dns file from one of the Domain Controllers

Solution 2

It's unusual for DNS records to be deleted (unless a person deleted them). Usually they are dnsTombstoned, so the records may still appear if using another tool like ADSIEdit even if not visible in DNS Manager or nslookup.

There are edge cases where scavenging can cause this (and a lot of other problems if scavenging is not configured properly).

http://blogs.technet.com/b/askpfeplat/archive/2012/07/09/the-case-of-the-missing-srv-records.aspx

http://blogs.technet.com/b/ad/archive/2008/08/08/a-complicated-scenario-regarding-dns-and-the-dc-locator-srvs.aspx

Solution 3

I did restart NetLogon service and run dcdiag /fix but there was no luck. After 3-4 hours of searching and reading, I decided to uninstall Active Directory Services and install it again but the installation failed too!

Then I decided to add DNS records manually according to this and this, so I deleted the domain's zone and added it again, and when adding the zone I noticed Allow only secure dynamic updates, and I remembered from somewhere that this setting should be enabled, so I checked this check box and then restarted the netlogon service and tadaaa !! It added all the records. I also ran dcdiag /fix and then dcdiag. All the tests were passed except one (SystemLog I think) which I ignored. After that I could join other PCs to the domain. This maybe the case for others. Just needed to enable secure dynamic updates on my domain's zone.

Hope this prevents others going through all that trouble that I went.

Share:
22,646

Related videos on Youtube

Super1337
Author by

Super1337

Updated on September 18, 2022

Comments

  • Super1337
    Super1337 almost 2 years

    I have a test domain that I recently configured. All of a sudden, no users can log in except those with cached credentials. The domain includes two domain controllers that are both global catalogs that replicate to each other.

    After investigating the issue, I discovered that all of the _mcdcs domain records are completely gone on both of the DNS servers. This makes it impossible to locate a domain controller because SRV records such as _ldap and _kerberos are unresolvable.

    I'm not quite sure how this happened... is this something that clearing the DNS cache or DNS scavenging would cause?

    At this point I need to restore the records somehow. I looked at the settings of another domain, and it looks like they can be recreated manually... but I noticed that some of the DNS records appear to have SID names in them... and I have no idea what identifier would need to be used to recreate them.

    Is there is a better process that one can use for getting out of a situation like this?

  • Super1337
    Super1337 over 9 years
    DCDiag /fix and restarting netlogon did not work for me... I was able to find the netlogon.dns file and recreate all of the dns records. It was pretty painful... took me about 30 minutes to manually create and test them but it ultimately seems to have fixed the problem. Thanks for your thoughts
  • HiredMind
    HiredMind over 8 years
    There are lots of different causes. support.microsoft.com/en-us/kb/2985877
  • Piotr Kula
    Piotr Kula about 6 years
    oh yea. wham bam thank you man! I had azone setup long before converting the server to DC - all i had to do is delete the old zone and add it back it. Boom.. everything added back in. Thanks! (i think before it was not setup for AD and adding it after DC it had the AD option you mentioned for secure udpates)- And now i can connect to my domain! Thanks!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cannot create a new domain in an existing active directory forest
Adding client computers to an active directory domain controller
No domain controller can be contacted when domain joining a server
Can't connect to domain controller
Cannot connect Windows 7 machine to windows 2003 domain
Windows Domain Controller/DNS Failure
Active Directory Multi Site. Choose nearest DCs into Linux/Not-Microsoft applications
Mutli-DC Environment DNS Error 4015
AD Dynamic DNS Updates not triggering on clients
Adding a second tree domain to AD forest (2012 R2)