Windows Server 2003 DCDiag error message “delegation is broken for foo.com.foo.com on dns server”

active-directorydomain-name-systemtroubleshootingwindows-server-2003

It started as a simple diagnostic: dcdiag /c

when it ran it gave me the following error from the DNS portion of the DCDIAG test

delegation is broken for foo.com.foo.com on dns server on dns server 192.168.1.1

and

delegation is broken for foo.com.foo.com on dns server on dns server 192.168.1.2

Those IP's correspond to the two domain controllers on the network.

So now I am left wondering. What is a broken delegation and more importantly, how do I fix it?

Best Answer

The delegation test checks for broken delegations by ensuring that all NS records in the Active Directory domain zone in which the target domain controller resides have corresponding glue A records.

Try:

1) Setup DNS servers in TCP/IP config for your servers as folowing: own IP as primary DNS, other DC as secondary DNS (check http://support.microsoft.com/kb/825036 for details). Never use ISP (or other external) DNS as DNS server at any DC in TCP/IP settings

2) ipconfig /registerDNS on both servers

3) netdiag /fix

Best Answer

Related Solutions

Active Directory DNS: Second AD controller not showing up in DNS

Windows 2003 server: can’t join domain

Related Topic