CNAME record missing from AD forest GUID

  • Thread starter Thread starter Jack
  • Start date Start date
J

Jack

This is a re-posted msg from win2KAD forum since no one has any advise yet.

I am running dnslint unitlity from my DC1 and received error such as
CNAME record for and AD forest GUID was missing from a DNS server. DC2
was used for redundancy.

Below is the DNSLink report:

*********************************************************************
Root of Active Directory Forest:

ABCdomain

Active Directory Forest Replication GUIDs Found:

DC: SERIAL-PDC
GUID: 3cd2ef74-4b24-46eb-a873-a35035fe8300

DC: SERIAL-BACKUP
GUID: dcfbcff5-31f6-49b2-bba2-858b859829c4

Total GUIDs found: 2
--------------------------------------------------------------------------------

The following 1 DNS servers were checked for records related to AD
forest replication:

**DNS server: serial-pdc.ABCdomain
IP Address: 192.168.8.4
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

**SOA record data from server:
Authoritative name server: serial-pdc.ABCdomain
Hostmaster: admin
Zone serial number: 58
Zone expires in: 1.00 day(s)
Refresh period: 600 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


**Additional authoritative (NS) records from server:
serial-pdc.ABCdomain Unknown

**Alias (CNAME) and glue (A) records for forest GUIDs from server:

**Total number of CNAME records found on this server: 0

**Total number of CNAME records missing on this server: 2

**Total number of glue (A) records this server could not find: 0

** CNAME records for forest GUIDs missing on server:
GUID: 3cd2ef74-4b24-46eb-a873-a35035fe8300._msdcs.ABCdomain
DC: SERIAL-PDC

GUID: dcfbcff5-31f6-49b2-bba2-858b859829c4._msdcs.ABCdomain
DC: SERIAL-BACKUP


Notes:
At least one CNAME record for an AD forest GUID was missing from a DNS
server
***********************************************************************

In this case, how should I add CNAME record to my DNS? Can anyone give
me specific advise as I am still learning how to manage a DNS server.

Thks.
 
Jack said:
This is a re-posted msg from win2KAD forum since no one has any advise yet.

I am running dnslint unitlity from my DC1 and received error such as
CNAME record for and AD forest GUID was missing from a DNS server. DC2
was used for redundancy.

Below is the DNSLink report:
Click to expand...

In this case, how should I add CNAME record to my DNS? Can anyone give
me specific advise as I am still learning how to manage a DNS server.
Click to expand...


Fix your DNS and re-register any missing records with the tools
or methods mentioned below, or by hand ONLY if those methods
don't work.

First thing to do is to double check the DNS server AND client
(on the DCs especially.)

Many people use the wrong, or multiple DNS servers (both external
and internal) on the DC NIC->IP properties.

Also note that you seem to have a single-label "DOMAINNAME"
which is a significant problem and requires specific steps which
you can find with the search at the end of the guide given here...


DNS for AD

1) Dynamic for the zone supporting AD

2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)

3) DCs and even DNS servers are DNS clients too -- see #2

4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
 
Hi Martin,

I have resolved the problem now. Thank you so much for your advise and
help. Appreciate that very much.

Just one little question here. Now that both DCs are operational, if say
the DC running PDC emulator is down one day for some reason, does that
mean that the 2nd DC has to be 'promoted' to Global catalog so that
users can log on successfully?

Herb said:
I am running dnslint unitlity from my DC1 and received error such as
CNAME record for and AD forest GUID was missing from a DNS server. DC2
was used for redundancy.

Below is the DNSLink report:
Click to expand...


In this case, how should I add CNAME record to my DNS? Can anyone give
me specific advise as I am still learning how to manage a DNS server.
Click to expand...



Fix your DNS and re-register any missing records with the tools
or methods mentioned below, or by hand ONLY if those methods
don't work.

First thing to do is to double check the DNS server AND client
(on the DCs especially.)

Many people use the wrong, or multiple DNS servers (both external
and internal) on the DC NIC->IP properties.

Also note that you seem to have a single-label "DOMAINNAME"
which is a significant problem and requires specific steps which
you can find with the search at the end of the guide given here...


DNS for AD

1) Dynamic for the zone supporting AD

2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)

3) DCs and even DNS servers are DNS clients too -- see #2

4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

...or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
Click to expand...
 
Jack said:
Hi Martin,

I have resolved the problem now. Thank you so much for your advise and
help. Appreciate that very much.

Just one little question here. Now that both DCs are operational, if say
the DC running PDC emulator is down one day for some reason, does that
mean that the 2nd DC has to be 'promoted' to Global catalog so that
users can log on successfully?
Click to expand...


For single domain forests all DCs should generally be included
as DCs.



--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Herb said:
I am running dnslint unitlity from my DC1 and received error such as
CNAME record for and AD forest GUID was missing from a DNS server. DC2
was used for redundancy.

Below is the DNSLink report:
Click to expand...


In this case, how should I add CNAME record to my DNS? Can anyone give
me specific advise as I am still learning how to manage a DNS server.
Click to expand...



Fix your DNS and re-register any missing records with the tools
or methods mentioned below, or by hand ONLY if those methods
don't work.

First thing to do is to double check the DNS server AND client
(on the DCs especially.)

Many people use the wrong, or multiple DNS servers (both external
and internal) on the DC NIC->IP properties.

Also note that you seem to have a single-label "DOMAINNAME"
which is a significant problem and requires specific steps which
you can find with the search at the end of the guide given here...


DNS for AD

1) Dynamic for the zone supporting AD

2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)

3) DCs and even DNS servers are DNS clients too -- see #2

4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

...or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
Click to expand...
Click to expand...
 
Back
Top