Missing DC's from _sites container

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We've noticed that Domain Controllers are mysteriously disappearing from DNS.
We have 14 DC's and it seems that there are always the same 10 that disapear
from the

DNS/Fwd Lookup Zones/"domain"/_msdcs/ds/_sites folder.

All other DC information in DNS is OK, only the above container is missing
the DC's. This causes users to home to the wrong server when logging in,
causing slow logins.

If we run a netdiag /l /fix on each individual missing servers, DNS is
repaired and the DC entries are placed back into DNS _sites folder.

We are trying to figure out what is causing these DC's to be removed from
DNS. Recently we have installed a new Exchange 2003 server. We noticed the
first time we ran ForestPrep and DomainPrep the same thing happened and we
had to run netdiag /fix on all the missing DC's. Since the first netdiag
/fix DNS has been OK. But we've just noticed that DC's are missing once
again and neither of those tools have been ran. Still searching around to
see how and why these entries would be delete/removed.

Any ideas would be helpful.

Avtechs
 
In
AVTechs said:
We've noticed that Domain Controllers are mysteriously disappearing
from DNS. We have 14 DC's and it seems that there are always the same
10 that disapear from the

DNS/Fwd Lookup Zones/"domain"/_msdcs/ds/_sites folder.

All other DC information in DNS is OK, only the above container is
missing the DC's. This causes users to home to the wrong server when
logging in, causing slow logins.

If we run a netdiag /l /fix on each individual missing servers, DNS is
repaired and the DC entries are placed back into DNS _sites folder.

We are trying to figure out what is causing these DC's to be removed
from DNS. Recently we have installed a new Exchange 2003 server. We
noticed the first time we ran ForestPrep and DomainPrep the same
thing happened and we had to run netdiag /fix on all the missing
DC's. Since the first netdiag /fix DNS has been OK. But we've just
noticed that DC's are missing once again and neither of those tools
have been ran. Still searching around to see how and why these
entries would be delete/removed.

Any ideas would be helpful.

Avtechs
Click to expand...

See my reply in the other DNS newsgroup.

FYI: It's better to cross-post to similar groups instead of multiposting.
The benefit is responses from any of the groups come back to all the groups
at the same time, that it was cross-posted in so you don't have to check
each one individually to find the individual responses

(This was x-posted to windows.server.dns - no followups set).

Ace
 
Generally it's due to either(or both of) DNS replication
failures or client (DCs are clients too) DNS misconfiguration.

The disappearance itself may be due to Scavenging -- which
is ok but should seldom (never?) be set to less than WEEKS.

DNS
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC.

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

If you are using AD-integrated DNS on multiple DCs then you
must ensure that you have full DNS replication at the start,
otherwise you will (likely) need to return to a SINGLE Primary
DNS server with Secondaries until you get DNS replicated,
then return the other DNS servers to AD-integration once that
works.
 
Ace Fekay said:
In

See my reply in the other DNS newsgroup.

FYI: It's better to cross-post to similar groups instead of multiposting.
The benefit is responses from any of the groups come back to all the groups
at the same time, that it was cross-posted in so you don't have to check
each one individually to find the individual responses

(This was x-posted to windows.server.dns - no followups set).

Ace
Click to expand...

Thanks Ace,

I'll try cross-posting...I guess I'm just a newbie! How do I reply to a
cross-post so that the reply hit's both NG's? It seems my reply may only go
to one NG?

Anyways, Yes there are multiple sites, one for each DC. Each DC should
have it's own site within the "DC._sites", folder but some do not.

Ex.
DNS.Fwd Lookup Zones."domain"._msdcs.dc._sites.DC1
DNS.Fwd Lookup Zones."domain"._msdcs.dc._sites.DC2
DNS.Fwd Lookup Zones."domain"._msdcs.dc._sites.DC3
DNS.Fwd Lookup Zones."domain"._msdcs.dc._sites.(missing DC)
DNS.Fwd Lookup Zones."domain"._msdcs.dc._sites.(missing DC)
.. etc......

As well, we do not have any Win2k3 DC/DNS servers yet. We have all Win2000
Servers w/SP4.

What I don't understand is why the DC's are missing from ONLY the above
container and yet ALL other instances of their entries in the following
containers are intact.

DNS.Fwd Lookup Zones."domain"._sites
DNS.Fwd Lookup Zones."domain"._tcp
DNS.Fwd Lookup Zones."domain"._udp

My biggest concern is to why only the _msdcs.dc._sites.DC1 are dissapearing.

Thanks.

Avtechs
 
I'll try cross-posting...I guess I'm just a newbie! How do I reply to a
cross-post so that the reply hit's both NG's? It seems my reply may only go
to one NG?
Click to expand...

Most news client programs, especially Outlook Express, do this
automatically when you Reply-GROUP.

Otherwise it depends on your news client program.
Anyways, Yes there are multiple sites, one for each DC. Each DC should
have it's own site within the "DC._sites", folder but some do not.
Click to expand...

Most of the time this is caused by misconfiguring the CLIENT
DNS (NIC-IP-DNSServer) settings on the DC(s).

All of the DCs are also DNS clients -- or should be -- of the
INTERNAL ONLY DNS server (set).

The other likely reason is if you started using AD-Integrated DNS
on multiple DCs before you got AD to fully replicate.

AD is dependent on DNS for replication and if you make DNS
dependent on AD before getting that right it is a circular problem.

Use DCDiag on each DC to check the DNS and to also check
AD replication. There is a /FIX switch but it is not all inclusive
so it may not fix everything -- one thing it does address though is
trying to fixup the DNS.

DNS
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC.

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
 
In
AVTechs said:
Thanks Ace,

I'll try cross-posting...I guess I'm just a newbie! How do I reply
to a cross-post so that the reply hit's both NG's? It seems my reply
may only go to one NG?

Anyways, Yes there are multiple sites, one for each DC. Each DC
should have it's own site within the "DC._sites", folder but some do
not.

Ex.
DNS.Fwd Lookup Zones."domain"._msdcs.dc._sites.DC1
DNS.Fwd Lookup Zones."domain"._msdcs.dc._sites.DC2
DNS.Fwd Lookup Zones."domain"._msdcs.dc._sites.DC3
DNS.Fwd Lookup Zones."domain"._msdcs.dc._sites.(missing DC)
DNS.Fwd Lookup Zones."domain"._msdcs.dc._sites.(missing DC)
. etc......

As well, we do not have any Win2k3 DC/DNS servers yet. We have all
Win2000 Servers w/SP4.

What I don't understand is why the DC's are missing from ONLY the
above container and yet ALL other instances of their entries in the
following containers are intact.

DNS.Fwd Lookup Zones."domain"._sites
DNS.Fwd Lookup Zones."domain"._tcp
DNS.Fwd Lookup Zones."domain"._udp

My biggest concern is to why only the _msdcs.dc._sites.DC1 are
dissapearing.

Thanks.

Avtechs
Click to expand...

As Herb said, if it's cross-posted, when you hit reply to group, the
mutliple newsgroups show up in the "Newsgroup" line up top.

Are your Sites setup and associated with the correct subnet object the
missing DCs are in? As Herb said, all machines must only use the internal
DNS servers only.

Are you receiving any Event log errors on any of the DCs?

Ace
 
Back
Top