I have two domain controllers with DNS/DHCP enabled on both. Both are Windows 2008 R2 (migrated from Windows 2003 a while back). Best practices analyzer seems to be showing couple of errors I can't figure out. Both controllers are Virtual Machines with 1 NIC only. First AD is 192.168.1.16, secondary is 192.168.1.17
-
DNS servers on <interface> should include the loopback address, but not as the first entry.
I have added 127.0.0.1 as 3rd dns server to the interface that the problem occurs on, but still BPA complains. Any thoughts why? -
Zone PRIVATEZONE secondary servers must respond to queries for the zone.
It seems to me DNS/AD server works fine on secondary controller. I can nslookup to it from first AD controller and check external and internal names. Why it's complaining then ? -
The DNS server 192.168.1.16 on <interface> must resolve names in the forest root domain name zone.
This shows multiple times for 192.168.1.17 and 127.0.0.1 as well (since it's added). Not sure what could be the problem, everything seems fine? -
The DNS server 192.168.1.16 on <interface> must resolve names in the primary DNS domain zone
-
Warning: Zone PRIVATEZONE secondary server 192.168.1.16 should respond to queries for the zone.
Same stuff appears for 192.168.1.17.
DCDIAG shows everything is ok.
repadmin /showrepl <controler2> shows everything is good.
Best Answer
After reading some of the BPA stuff, BPA is possibly complaining too much.
The Best Practices Analyzer documentation for Server 2008R2 is located here: http://technet.microsoft.com/en-us/library/dd392255%28WS.10%29.aspx
Why is it doing the false-fails? I couldn't tell you. If you've verified that it works using manual methods, it's time to contact Microsoft.