forestdnszones and domaindnszones not listed

  • Thread starter Thread starter eric romero
  • Start date Start date
E

eric romero

Hi all

I have 2 windwos2003 dcs in a Windows2003 forest, one of them was the unique
DNS and it crashed a few days ago. During the crash I installed DNS to the
other DC and re-create the old DC (after the ntdsutil cleanup and after
seizingthe roles schena+donain name).

I have noticed that under DNS the zones "forestdnszones" and"domain
dnszones" are not listed.

How can I populate these two zones again?

thx
 
In
eric romero said:
Hi all

I have 2 windwos2003 dcs in a Windows2003 forest, one of them was the
unique DNS and it crashed a few days ago. During the crash I
installed DNS to the other DC and re-create the old DC (after the
ntdsutil cleanup and after seizing the roles schena+donain name).

I have noticed that under DNS the zones "forestdnszones" and"domain
dnszones" are not listed.

How can I populate these two zones again?

thx
Click to expand...

Do the Domain and Forest application partitions still exist? You can test if
they do by this:
c:\>nslookup
set type=ns
Click to expand...

Then, query the four special zone names by entering them into nslookup.
You should receive a response like this:
_msdcs.mydomain.com
Click to expand...
Server: serv1.mydomain.com
Address: 192.168.5.10

Non-authoritative answer:
_msdcs.mydomain.com nameserver = MYSERVER.MYDOMAIN.COM
SERVER.MYDOMAIN.COM internet address = xxx.xxx.xxx.xxx

If not, then that means that the app partitions (ForestDNSZone and
DomainDNSZones) are gone. You can re-create them and they should show up in
DNS. I'm assuming you used WIndows 2003 for the servers that you rebuilt. If
you had installed DNS on the other domain controller and created the zones,
then this would have had a copy on it. The only way I can see that it was
lost if when the first domain controller crashed, it 'must' have acted as if
you deleted the zones from AD.

You may have to ensure first that the partitions exist in the database. You
would need to use ADSI Edit to see that data. If they do exist, you just
want to reassociate the domain controller that is running DNS to that
partition:

Enlist a DNS server in a DNS application directory partition:
http://www.microsoft.com/resources/...roddocs/en-us/sag_DNS_pro_AddServerToNDNC.asp

Here's more info on creating them as well:

Create the default DNS application directory partitions:
http://www.microsoft.com/technet/tr...ocs/datacenter/sag_dns_pro_adddefaultndnc.asp

ITS Academic Media & Technology - DDNS and BIND integration in Yale's AD:
http://babs.its.yale.edu/yalead/ddns.asp


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
hi thx for the reply, this is what I get:
set type=ns
_msdcs.mo.org
Click to expand...
Server: dc2.mo.org
Address: 192.168.0.10

mo.org
primary name server = dc2.mo.org
responsible mail addr = hostmaster.mo.org
serial = 60
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 900 (15 mins)


Before the crash I had 2 windows2003 DC (just 1 with DNS), the DC with the
DNS is the one that crashed (har disk failure) so I installed DNS (maybe
this installed the basic DNS and did not get ware of the windows2003 zones?)
on the second DC (remember I had 2) and then remove the first DC (the one
that crashed) via ntdsutil and re-create the first DC. I have confirmed
that, the onlye zones I see listed on the dns now are:
_msdcs,_sites,_tcp,_udp my goal is to list forestdns and domaindns. because
I am getting an error "the replication scope could not be set there was a
server failure" when trying to change the scope to all dns in the forest.

i also have confirmed via NTDSUTIL that I have 5 NCs:

Found 5 Naming Context(s)
0 - CN=Configuration,DC=mo,DC=org
1 - DC=mo,DC=org
2 - CN=Schema,CN=Configuration,DC=mo,DC=org
3 - DC=DomainDnsZones,DC=mo,DC=org
4 - DC=ForestDnsZones,DC=mo,DC=org

I got this error when I try to enlist the DC.

C:\Documents and Settings\exchadmin>dnscmd dc2.mo.org
/EnlistDirectoryPartition ForestDnsZones.mo.org
Enlist directory partition failed: ForestDnsZones.mo.org
status = 9904 (0x000026B0)

Command failed: DNS_ERROR_DP_ALREADY_ENLISTED 9904 (000026b0)

Any other ideas?

thx

"Ace Fekay [MVP]"
 
In
eric romero said:
hi thx for the reply, this is what I get:

Server: dc2.mo.org
Address: 192.168.0.10

mo.org
primary name server = dc2.mo.org
responsible mail addr = hostmaster.mo.org
serial = 60
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 900 (15 mins)


Before the crash I had 2 windows2003 DC (just 1 with DNS), the DC
with the DNS is the one that crashed (har disk failure) so I
installed DNS (maybe this installed the basic DNS and did not get
ware of the windows2003 zones?) on the second DC (remember I had 2)
and then remove the first DC (the one that crashed) via ntdsutil and
re-create the first DC. I have confirmed that, the onlye zones I see
listed on the dns now are: _msdcs,_sites,_tcp,_udp my goal is to list
forestdns and domaindns. because I am getting an error "the
replication scope could not be set there was a server failure" when
trying to change the scope to all dns in the forest.

i also have confirmed via NTDSUTIL that I have 5 NCs:

Found 5 Naming Context(s)
0 - CN=Configuration,DC=mo,DC=org
1 - DC=mo,DC=org
2 - CN=Schema,CN=Configuration,DC=mo,DC=org
3 - DC=DomainDnsZones,DC=mo,DC=org
4 - DC=ForestDnsZones,DC=mo,DC=org

I got this error when I try to enlist the DC.

C:\Documents and Settings\exchadmin>dnscmd dc2.mo.org
/EnlistDirectoryPartition ForestDnsZones.mo.org
Enlist directory partition failed: ForestDnsZones.mo.org
status = 9904 (0x000026B0)

Command failed: DNS_ERROR_DP_ALREADY_ENLISTED 9904 (000026b0)

Any other ideas?

thx
Click to expand...

Hmm. Have you tried to just create the zone as it showed in one of those
articles?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
made a post then I commented below


Just to add, maybe looking into ADSI Edit may do the trick.

Ace
 
Hi Ace, thanks I am not sure where/what to check in ADSI

I have found under configuration \ partitions the directory partitions names
for bot forestdnszones and domaindnszones.

Is this what I need to check in ADSI?

thx
"Ace Fekay [MVP]"
 
In
eric romero said:
Hi Ace, thanks I am not sure where/what to check in ADSI

I have found under configuration \ partitions the directory
partitions names for bot forestdnszones and domaindnszones.

Is this what I need to check in ADSI?

thx
Click to expand...

Hi Eric,

Yes, that's the location. Unfortunately I don't have a 2003 server in front
of me to walk you thru it. If I get a chance tomorrow, I'll take a look at
what I can do for you.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
ok thank you very much, so far yes these two entries are listed in ADSI but
the issue is that none of my two DNS listed them as a zones.
"Ace Fekay [MVP]"
 
In
eric romero said:
ok thank you very much, so far yes these two entries are listed in
ADSI but the issue is that none of my two DNS listed them as a zones.
Click to expand...

SDorry, I didn;'t get a chance. What I wanted to try is to take a complety
new install with those zones, and then delete them from DNS, and then see
how to put them back in.

Also, dumb question on my part, what view are you in?

Ace
 
In
eric romero said:
Hi Ace,

I am using the advanced view.

thx
-Eric
Click to expand...


I recreated your scenario. I installed a fresh DC and DNS and it created
those child zones under the zone. Then I restarted the machine (just for the
heck of it). I noticed they were gone. I then checked ADSIEdit and they were
still there. So I re-created the zones manuall. I did it by rt-clicking my
domain.com zone, selected new domain, (child domain is what it will wind up
being) and in the wizard typed in them name ForestDnsZone, . Then I did the
same thing with DomainDnsZone. However, I noticed they were empty after
creating them. I refreshed the screen, still empty. Then I restarted the
netlogon service, Voila! The zones populated.

Let me know if this helped.

Ace
 
Hi Ace thanks for your reply.

In my case that did not work, the new zones never got populated.

I will keep searching on what to do to fix this issue.
thx
-Eric
"Ace Fekay [MVP]"
 
In
eric romero said:
Hi Ace thanks for your reply.

In my case that did not work, the new zones never got populated.

I will keep searching on what to do to fix this issue.
thx
-Eric
Click to expand...


Would you like me to remote into this and see what's up with it?

Ace
 
Back
Top