Windows Server 2003 DCDiag error message "delegation is broken for foo.com.foo.com on dns server"

windows-server-2003 domain-name-system troubleshooting active-directory
6,518

Solution 1

The delegation test checks for broken delegations by ensuring that all NS records in the Active Directory domain zone in which the target domain controller resides have corresponding glue A records.

Try:

1) Setup DNS servers in TCP/IP config for your servers as folowing: own IP as primary DNS, other DC as secondary DNS (check http://support.microsoft.com/kb/825036 for details). Never use ISP (or other external) DNS as DNS server at any DC in TCP/IP settings

2) ipconfig /registerDNS on both servers

3) netdiag /fix

Solution 2

For me, someone had simply added an A HOST record under the wrong place.

IE if your domain was Test.Microsoft.internal, someone had created a sub domain in DNS called "internal", with a sub domain called "microsoft", and within that a sub domain called "Test" - hence you then get [computername].test.microsoft.internal.test.microsoft.internal The DCDIAG dns test will then give you the "delegation is broken for ..." error for each and every Name Server for your DNS zone.

E.G. This was in my tree view in DNS:

Test.Microsoft.internal
       +_mcsdcs
       +_sites
       +_tcp
       +_udp
       -internal
              -microsoft
                     -test

Took me a while to figure this out, as it's somewhat misleading. Deleting the emboldened domains resolved the error message. Otherwise it wasn't really that important, but the error makes it sound like it is!

Share:
6,518

Related videos on Youtube

MikeJ
Author by

MikeJ

Software developer living in waterloo, canada.

Updated on September 17, 2022

Comments

  • MikeJ
    MikeJ over 1 year

    It started as a simple diagnostic: dcdiag /c

    when it ran it gave me the following error from the DNS portion of the DCDIAG test

    delegation is broken for foo.com.foo.com on dns server on dns server 192.168.1.1

    and

    delegation is broken for foo.com.foo.com on dns server on dns server 192.168.1.2

    Those IP's correspond to the two domain controllers on the network.

    So now I am left wondering. What is a broken delegation and more importantly, how do I fix it?

  • MikeJ
    MikeJ about 14 years
    I tried your suggestion but it did not resolve the problem :(. I suspect there is an issue in how the DNS servers themselves are configured on the PDC and BDC. I am sure it is something fundamentally simple, but for the life of me I dont know what I am missing to resovle the issue.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cannot connect Windows 7 machine to windows 2003 domain
Windows Cannot View Domain Location
Windows AD DNS: Event ID 5504
Active Directory: is it good to have 127.0.0.1 as DNS server entry on 2 machines that are 2 DNS servers in a local net?
Active Directory - DNS entries missing after installation
Unable to resolve FQDN, hostname works
missing PTR record for one of my domain controllers in Active Directory Integrated reverse lookup zone
How to get DNS SERVER Statistics ? Total Queries per day ? (windows Server 2003)
Reverse DNS not automatically updating on Windows DNS server
How to import a groups members using 'ldifde'?