Missing _msdcs folder

  • Thread starter Thread starter Robert F. O'Connor
  • Start date Start date
R

Robert F. O'Connor

This folder got nuked accidentely from our primary DNS
server. Before we could react, the deletion was
apparently propogated to the other DNS server.

How do we re-create this? A response to someone else's
similar problem suggested stopping and restarting the
netlogon service, but that has had no effect. Any ideas?

-Robert
 
Okay, we seemed to get one of the servers to update
itself, but the other is refusing. They are each set to
themselves for DNS lookups, the same domain in both has
dymanic updates turned on...

Our immediate problem of users logging in is solved, but
it looks like failover will be hosed if the working
server goes offline.

So _msdcx show up in DNS one domain controller with only
records for itself in there. The second DC's DNS doesn't
show a _msdcs folder and the folder from the first one is
not propogating to it.

Thanks again in advance for any help.

-Robert
 
Once you have the DCs and the DNS configured
correctly -- yes, you can re-start NetLogon to get
each of them to re-register with DNS.

Dynamic updates enabled on the DNS (primary or
AD-integrated set.)

Each DC pointed to the set or the actually primary.
It is perfectly alright to point each DC at itself if it's
a DNS server (but in the beginning until you get
complete replication this can be a problem.)

At first, point them all at the Primary or the "main
AD-integrated" server (and make the other a secondary
of it until you get it replicated.

The key is that the DC starting NetLogon service must
find the "dynamic" DNS (Primary) and the others much
be able to replicate from that one.

And you must have ALL the DNS servers (involved) listed
as NS records.
 
-----Original Message-----
Hi Robert,

Thank you for the posting.

As you described, the _msdcs folder is missing from your primary DNS server.

This issue may occur if the zone is either Active Directory-Integrated or
Standard Primary. Additionally, the forward lookup zone is being used to
store SRV records for Active Directory.

On a multi-homed server, DNS dynamic update protocol registration may have
been turned off (disabled) on the internal network adapter. The same issue
occurs on a server that has a single network adapter and DNS dynamic update
protocol turned off.

To resolve this problem, please try the steps below:

To turn on DNS dynamic update protocol on the affected network adapter,
follow these steps:
1. On the desktop, right-click My Network Places, and then click Properties.
2. Right-click the internal network adapter, and then click Properties.
3. Click TCP/IP, and then click Properties.
4. Click the Advanced button.
5. Click the DNS tab, and then click to select the "Register this
connection's addresses in DNS" check box at the bottom of the tab.
6. Click OK until the Network Properties dialog box is closed.
7. Click Start, click Run, type "cmd" (without the quotation marks), and
then press ENTER.
8. At a command prompt, stop and restart the Netlogon service and initiate
the registration of the network adapter in DNS. To do this, use the
following command-line statements:

- net stop netlogon

- net start netlogon

- ipconfig /registerdns



If the previous steps do not resolve this issue, you may have to remove DNS
and reinstall it. To remove DNS, follow these steps:


1. Right-click My Network Places, and then click Properties.
2. In the Network and Dial-Up Connections window on the Advanced menu,
click Optional Networking Components.
3. In the Windows Optional Networking Components Wizard, click to select
Networking Services, and then click Details.
4. In the Networking Services window, click to clear the box next to Domain
Name System (DNS) check box, click OK, then click Next. This removes DNS.


Before you reinstall DNS, delete the following files:

- Cache.dns-which is located in %systemroot% \Winnt\System32\DNS

- Netlogon.dns-which is located in %systemroot% \Winnt\System32\Config

- Netlogon.dnb-which is located in %systemroot% \Winnt\System32\Config


To reinstall DNS, follow these steps:

1. Right-click My Network Places, and then click Properties.
2. In the Network and Dial-Up Connections window on the Advanced menu click
Optional Networking Components.
3. In the Windows Optional Networking Components Wizard, click to select
the Networking Services check box, and then click Details.
4. In the Networking Services dialog box, click to select the Domain Name
System (DNS) check box, click OK, and then click Next.
5. Insert CD 1 of the Small Business Server (SBS) 2000 installation discs,
or insert the Windows 2000 Server CD in the drive when you are prompted,
click OK, and DNS is reinstalled.
6. Restart the computer.

After the steps above, reconfigure the DNS server and re- create the Forward
and Reverse Lookup Zones

Other possible causes for this issue are:

- The value for Load zone data on startup on the Advanced tab in the DNS
server properties is set to From registry instead of From Active Directory
and registry. To resolve this issue, reset the value, and then restart the
server.

- The forward lookup zone was created with the wrong name or accidentally
deleted. To re-create the zone, follow these steps:

1. Make sure that the internal network adapter (and external network
adapter if there is one) point to the server IP for DNS resolution in the
TCP/IP Properties dialog box.

2. In the DNS MMC, right-click the server
Click to expand...
object, and then click New Zone.
The New Zone Wizard starts. Under Zone Type, click Active Directory
Integrated. On the next page, click Forward Lookup Zone, and then type a
domain name (for example, "domain.com" (without the quotation marks)).

3. Expand the Forward Lookup Zones folder, right-click the zone, and then
click Properties.

4. On the General tab, make sure that Only secure updates is selected in
the Allow Updates? list (this is the default setting). Click OK, and then
close the DNS MMC.

5. At a command prompt, restart the Netlogon service by using the
following command line:

- net stop netlogon

- net start netlogon

- ipconfig /registerdns


Verify that the zone file now has the following subdomains:


- _msdcs

- _sites

- _tcp

- _udp


Hope the above information and suggestion helps and answers your question.
If anything is unclear, please let me know.


Sincerely,

Cherry Qian
MCSE2000, MCSA2000, MCDBA2000
Microsoft Partner Online Support


Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please Reply to Group via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided AS IS with no warranties, and confers no rights.

.
Good information Cherry, I would only add one thing. If
Click to expand...
you have an empty root domain like we do, you should set
the root domain DNS servers to point to one server in that
domain. So we have three root domain DCs, each with DNS
installed. We point two servers to the one server and we
point that server to itself. That way all _MSDCS records
register with that one server. Then AD integrated
replication pulls those records to the other two servers.

John Rolstead
MCSE NT only
 
Hi Robert,

Thank you for the posting again to let us know the results. I am glad to
hear Netlogon works.

If there is anything unclear or if there is anything further we can help
you with, please let me know.

It was my pleasure working with you on this issue.

Sincerely,

Cherry Qian
MCSE2000, MCSA2000, MCDBA2000
Microsoft Support


Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please Reply to Group via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided AS IS with no warranties, and confers no rights.
 
Back
Top