Missing SRV record at DNS server – Valuable Tech Notes

Server 2008R2. 2003 functional level.
One of my branch DCs, which we will call BranchDC1, is not registering SRV records in example.com/_msdcs/gc/_sites/_tcp.

The DC is marked as a Global Catalog in Sites & Services.

C:\>dcdiag /test:replications
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = BRANCHDC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests
   Testing server: Branch1\BRANCHDC1
      Starting test: Connectivity
         ......................... BRANCHDC1 passed test Connectivity
Doing primary tests

   Testing server: Branch1\BRANCHDC1
      Starting test: Replications
         ......................... BRANCHDC1 passed test Replications

   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running partition tests on : example
   Running enterprise tests on : example.com


C:\>dcdiag /test:dns
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = BRANCHDC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests
   Testing server: Branch1\BRANCHDC1
      Starting test: Connectivity
         ......................... BRANCHDC1 passed test Connectivity

Doing primary tests
   Testing server: Branch1\BRANCHDC1
      Starting test: DNS
         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... BRANCHDC1 passed test DNS

   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running partition tests on : example
   Running enterprise tests on : example.com

      Starting test: DNS
         Test results for domain controllers:
            DC: BRANCHDC1.example.com
            Domain: example.com

               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record in zone example.com

               TEST: Records registration (RReg)
                  Network Adapter [00000000] Microsoft Virtual Machine Bus Network Adapter:
                     Warning:
                     Missing SRV record at DNS server 192.168.47.24:
                     _ldap._tcp.gc._msdcs.example.com

                     Warning:
                     Missing SRV record at DNS server 10.2.100.121:
                     _ldap._tcp.gc._msdcs.example.com

               Error: Record registrations cannot be found for all the network adapters

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: example.com
               BRANCHDC1              PASS PASS PASS PASS WARN FAIL n/a

         ......................... example.com failed test DNS

C:\>

This DC was working fine for a few years. Then, the office where it resides had to be relocated. Knowing it would be offline for 3 to 6 weeks or more, I demoted the server. This seemed to go fine. When the relocation was complete and the server was back online, I re-promoted it.

By mistake, I initially added the server to the wrong site (our datacenter). But once I realized this, I moved it to the correct site (it's own).

The dcdiag above shows the SRV record is missing on both itself and its replication partner in our datacenter. Initially, it was only reporting that the SRV record was missing from its replication partner.

If BRANCHDC1 is rebooted, or replication forced, it will recreate that SRV record on itself. But that never gets copied over to its replication partner (HQDC1), and it appears that it will eventually get deleted from BRANCHDC1.

Doing dcdiag /fix passes all tests, except NCSecDesc. But all of our DCs fail, and I'm pretty sure this can be ignored (mskb 967482).

I've ran nltest /dsregdns.

I have tried registerdns, stop/start netlogon. I swapped the order of DNS servers on BRANCHDC1's NIC (pointing to itself and HQDC1), and performed those steps again.

I checked netlogon.dns on BRANCHDC1 and it looks right (compared it to other DCs). No other SRV records appear to be missing from anywhere else that I've found thus far.

I've ran the AD Replication Status tool, which finds no errors with replication, and shows BRANCHDC1 is recognized as a GC.

As far as I can tell, BRANCHDC1 is configured the same as all of our other branch DCs, including its NIC.

I do not see any other SRV records missing. The only other funky think I see is that there is an _ldap SRV record for HQDC2 (another DC in our datacenter) located in example.com/_msdcs/gc/_sites/Branch1/_tcp in addition to the one for BRANCHDC1. It gets recreated if I delete it. This may have something to do with the BRANCHDC1 initially belonging to the same site as HQDC2. No other sites has a record there for anything but its own DC.

I'm stumped. I don't know what to try next, aside from dropping a wad of cash on support from MS.

Any help would be greatly appreciated.

Best Answer

Microsoft has an article about moving a DC to another site that you probably want to review in detail. Make sure you have your subnets, site connectors, and bridgehead servers configured. It sounds like your servers still have different ideas of what the replication topology is supposed to be, and are not on the same page.

Best Answer

Related Solutions

Server 2008 DFS Replication Issues

Windows – Directory Service is unable to allocate a relative identifier

Related Topic