Wrong DC's for _ldap and _kerberos in sites.

[jasonsig]

Hi, I am having the problem of having the wrong server listed in dns
under _mscds for a particular site.
The site has a valid dc, but somehow there is also a second Dc listed.
The extra dc exsits but within a different site.
Sites and services show the Dc's in their proper sites, but the
records in dns reflect that at one time the extra server was in the
site in question.

The problem I am having is that when a client logs in within the site
in question, they do not authenticate to their local dc within their
site but the other dc that is listed.

Would it be possible to manually delete the records for _msdcs
_sites ..etc.

jason

 

[Mark Renoden [MSFT]]

Hi Jason

It is possible for an old record to remain in DNS and it is perfectly fine
if you manually delete it. Restart the netlogon service on the DC in
question and you should see it re-register with the appropriate site in DNS.

If the issue continues at this point, try the following:-

1. Stop the netlogon service on the DC in question.
2. Rename or delete netlogon.dnb and netlogon.dns in the
%windir%\system32\config folder (with say .old1/.old2 extensions).
3. Restart the netlogon service on the DC in question.

--
Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.