Windows Server - DomainDNSZones child domain DNS entries missing

Asked By WayCoolkennel

19-Nov-09 02:46 PM

Trying to run /RODC and have a child domain that is failing.   The error
is

LDAP API ldap_search_s finished, return code is 0xa

Adprep could not contact a replica for partition
DC=DomainDnsZones,DC=childdomain,DC=mydomain,DC=domain,DC=com.

Error code: 0x0. Server extended error code: 0x0, Server error message:
(null).

Ok.. so I have read the KB (script to set the FSMO, this script fails
with "a referral was returned"  and I have read the similar thread here
http://forums.techarena.in/server-dns/503672.htm ..   I have determined
that DomainDNSZones partition exists for the child domain.  The child
domain DNS is set to "Replicate to all DNS servers in the Forest"   But
there are no DomainDNSZones.childdomain.mydomain.domain.com DNS entries
.

The child domain is delegated in the root DNS.

So.. I need to get the child domain to recreate the DNS entries .. but
I cant seem to figure it out.

I saw that someone suggested creating the domain "DomainDNSZones"  then
running Netdiag /v /fix

Is  this the correct procedure ?

Thanks for any help !

--Steve


--
WayCoolkennel
------------------------------------------------------------------------
WayCoolkennel's Profile: http://forums.techarena.in/members/153308.htm
View this thread: http://forums.techarena.in/server-dns/1273143.htm

http://forums.techarena.in

Windows Server DNS Discussions

DomainDNSZones
(1)

ForestDnsZones
(1)

Database
(1)

Metadata
(1)

Windows
(1)

Trainer
(1)

Netdiag
(1)

Adprep
(1)

Marcin replied to WayCoolkennel

19-Nov-09 07:00 PM

Refer to http://support.microsoft.com/kb/949257

hth
Marcin

WayCoolkennel replied to Marcin

20-Nov-09 03:42 PM

Thanks for the reply... but...

As I stated in my OP..  I have attempted to use the fixfsmo.vbs and it
returns an error.. right now that error is:

fixfsmo.vbs(21, 5) (null): The specified domain either does not exist
or could not be contacted.

So I am assuming that it cannot do a DNS lookup for something.. ?


--
WayCoolkennel
------------------------------------------------------------------------
WayCoolkennel's Profile: http://forums.techarena.in/members/153308.htm
View this thread: http://forums.techarena.in/server-dns/1273143.htm

http://forums.techarena.in

Ace Fekay [MCT] replied to WayCoolkennel

20-Nov-09 10:39 PM

A 'domain does not exist or cannot be contacted' is normally rooted with DNS
problems or DNS misconfigurations. How is your current DNS infrastructure
setup regarding the forest root domain and child domains, if any exist?

What zone replication scope are the _msdcs.yourdomain.local and the
yourdomain.local in?

Can you post an ipconfig /all of two of the DCs in your domain, please?

Have you ever had a DC that failed that you pulled off the network without
demoting it or performing a Metadata Cleanup? To make sure no DCs are still
in AD, please take  a look at this following article that shows how to use
ntdsutil to see what is in the actual AD database, which you can use to
remove any data (DCs, domains, etc), that no longer belong.

It could also be due to a duplicate zone scope in AD. Please read the
following to find out if this is the case, and how to fix it.

Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

WayCoolkennel replied to Ace Fekay [MCT]

23-Nov-09 05:24 PM

A 'domain does not exist or cannot be contacted' is normally rooted with DNS
problems or DNS misconfigurations. How is your current DNS infrastructure
setup regarding the forest root domain and child domains, if any exist?

What zone replication scope are the _msdcs.yourdomain.local and the
yourdomain.local in?

[/QUOTE  Wrote:


--
WayCoolkennel
------------------------------------------------------------------------
WayCoolkennel's Profile: http://forums.techarena.in/members/153308.htm
View this thread: http://forums.techarena.in/server-dns/1273143.htm

http://forums.techarena.in

Ace Fekay [MCT] replied to WayCoolkennel

23-Nov-09 07:31 PM

Ok, let us take a look at your original post. You said:


I can see why there are (or is?) no entries for the child domain in the
DomainDnsZones partition . If you have the zone set to the ForestDnsZones
partition, why would it exist in the DomainDnsZones partition?


That explains it further. In a parent-child delegation, you delegate the
child zone from the parent zone to the child domain's DNS servers. In order
to properly do that, you need to change the parent zone (if not already set)
to DomainDnsZones partition, then create a zone on one (yes, just ONE of the
DCs or you will create a duplicate & conflicting zone scenario) of the child
domain DNS servers and put it in the DomainDnsZones partition. Then you go
back to one of the parent domain DNS servers, and create the delegation.

If you have the child zone in the ForestDnsZones partition, then that means
it exists on ALL DCs. Hence it now creates a duplicate or a conflict in the
parent zone. It sees the delegation, meaning to go ask elsewhere, yet it
exists in it is own context. Therefore, it does not know what to do with it,
hence a conflict.



First, you make sure that each child zone (if you have more than one child)
are all set to DomainDnsZones partition, and make sure the parent zone is as
well, allow replication to occur, if it can, that is because tthe conflict
or dupe scenario in your case may cause a problem with replication. Also,
ALL machines in the child domain must ONLY use the child domain DNS servers,
not the parent.

Keep in mind, a delegation is just that, you are telling it that another DNS

WayCoolkennel replied to WayCoolkennel

24-Nov-09 01:49 PM

Thanks Ace appreciated the help ! yes this makes much more sense...

I tried to change the child domain DNS server to set the scope to
DomainDNSZones  . .but I receive an error.. "There was a server
failure"

I dont own this child domain btw.. but was granted admin by the admin
for th child domain..   they have had two different consultants work in
this domain.. and well.. I have no idea what all may have been done...

The parent is currently set to DomainDNSZones.  All other child DNS
servers are set to DomainDNSZones and they work fine and get updated by
/rodc no problem..


--
WayCoolkennel
------------------------------------------------------------------------
WayCoolkennel's Profile: http://forums.techarena.in/members/153308.htm
View this thread: http://forums.techarena.in/server-dns/1273143.htm

http://forums.techarena.in

Ace Fekay [MCT] replied to WayCoolkennel

24-Nov-09 10:55 PM

You must be Enterprise Admin to make such a change. Remember, you are taking
it out of the ForestDnsZones, which requires the Domain Admin from the
forest root to perform any task with this replication scope.


You're going to need to gather some info of exactly what was done.
Otherwise, the problem will continue until what was done has been
established, and a game plan to resolve it.



The parent zone and child zones are set to DomainDnsZones? That's confusing,
since you said in your original post the child zone is in the ForestDnsZones
partition.

Ace

WayCoolkennel replied to Ace Fekay [MCT]

25-Nov-09 01:30 PM

Thanks for the help Ace.. I am thinking a call to MS is in order...

There is no way for me to know .. or even find out what all has been
done by the consultants in this child domain.

I was attempting to follow your post .. so I changed the parent (root
domain) to DomainDNSZones thats why you are confused.   I can change the
child zone on the Parent DNS server to DomainDNSZones but when
replication occurs it dissapears from the Child DNS server.  So it seems
the Parent DNS server seems to own the zone ?

Right now everything is back to square one..  the Parent DNS zone
ad.mydomain.com  is set to ForestDNSZones  AND  the child forward zone
(child.ad.mydomain.com) is also set to ForestDNSZones on the parent DNS
Server.

I cant seem to change anything with regard to replication scope on the
child DNS server for the child forward zone.


--
WayCoolkennel
------------------------------------------------------------------------
WayCoolkennel's Profile: http://forums.techarena.in/members/153308.htm
View this thread: http://forums.techarena.in/server-dns/1273143.htm

http://forums.techarena.in

Ace Fekay [MCT] replied to WayCoolkennel

25-Nov-09 07:14 PM

I assume you attempted to change it at the child domain logged on as the
forest root domain administrator. One other way to fix it is to pick one of
the DCs, change the zone on it to a Primary zone (uncheck the box that says
store in AD), and allow replication to occur. This strips out of the app
partitions.  Then after replication has occured, check the box again and
specify to replicate in the domain.

But it may be better for you to contact Microsoft to assist. Newsgroups can
help so much until there are road blocks, or the time it takes is far
greater where the problems remain.

Let us know how you make out.

Acr

Previous Discussion: DHCP entries slow showing up in DNS

DomainDnsZones and ForestDnsZones remaining after DNS server removal Windows Server

DomainDnsZones and ForestDnsZones remaining after DNS server removal Windows Server Please, would you be able to confirm authoritatively replicas from such a DC, please? thank you very much. ondra. Windows Server DNS Discussions DomainDnsZones (1) ForestDnsZones (1) Database (1) Trainer (1) Ondra (1) Joson (1) Ondrej Sevecek <ondass@community.nospam> , posted the following did you use? Can you elaborate please? The application partitions are part of the AD database and is replicated throughout the domain or forest, depending on if it is the DomainDnsZones (each domain has one if it was created) or ForestDnsZones partition (if it was created). It is not advised to delete them. - - Ace This posting

eventid 4515 zone was previously loaded from MicrosoftDNS (another Windows Server

MicrosoftDNS Now connect to the other Directory Partitions in AD: Connect to naming context : DC = ForestDNSZones, DC = domain, DC = local Also connect to naming context : DC = DomainDNSZones, DC = domain, DC = local In our case. . under MicrosoftDNS there is a domain.local entry. . and also in DomainDNSZones there is this entry. . should i just delete the entry under DomainDNSZones and all will be well? What is the negative effect of not making this change? Thanks in advance Windows Server DNS Discussions ForestDNSZones (1) DomainDNSZones (1) ADSIEdit (1) MicrosoftDNS (1) Â€œADSI (1) DomainNC (1) Database (1) Diversities (1) markm75 <markm75@> typed: First, 4515 maybe indicating a dupe zone. By chance this issue. If you do have a duplicate, one in the DomainNC and one in DomainDnsZones, then you should manually delete the extra zone you created. Then go into ADSIEdit and

dns integrated zones not replicated to new DCs in new site Windows Server

DC in a new site, the configuration, schme and domain partitions replicated fine, but the domaindnszones and forestdnszones are not being replicated even though the DNS service is installed on the new server domain & right click on DNS server > Select Transfer from Master. This will transfer the DNS Database from your previous DNS server. Cheers!! keywords: dns, integrated, zones, not, replicated, to, new, DCs DC in a new site, the configuration, schme and domain partitions replicated fine, but the domaindnszones and forestdnszones a

Please Help. . . . Server 2003 and 2008 domain controller problems. . . Windows Server

0].ftLocalAcquireTime = 3711e620 01c9a108 pServer[0].ftRemoteConnectTime = 36ebc080 01c9a108 pServer[0].ppszMasterNCs: ppszMasterNCs[0] = DC = ForestDnsZones, DC = MYDOMAIN, DC = org ppszMasterNCs[1] = DC = DomainDnsZones, DC = MYDOMAIN, DC = org ppszMasterNCs[2] = CN = Schema, CN = Configuration, DC = MYDOMAIN, DC = org ppszMasterNCs 1].ftLocalAcquireTime = 00000000 00000000 pServer[1].ftRemoteConnectTime = 00000000 00000000 pServer[1].ppszMasterNCs: ppszMasterNCs[0] = DC = ForestDnsZones, DC = MYDOMAIN, DC = org ppszMasterNCs[1] = DC = DomainDnsZones, DC = MYDOMAIN, DC = org ppszMasterNCs[2] = CN = Schema, CN = Configuration, DC = MYDOMAIN, DC = org ppszMasterNCs 2].ftLocalAcquireTime = 00000000 00000000 pServer[2].ftRemoteConnectTime = 00000000 00000000 pServer[2].ppszMasterNCs: ppszMasterNCs[0] = DC = ForestDnsZones, DC = MYDOMAIN, DC = org ppszMasterNCs[1] = DC = DomainDnsZones, DC = MYDOMAIN, DC = org ppszMasterNCs[2] = CN = Schema, CN = Configuration, DC = MYDOMAIN, DC = org ppszMasterNCs MYDOMAIN, DC = org pSites[0].iSiteOption = 0 pSites[0].cServers = 3 NC: pNCs[0].pszName = ForestDnsZones pNCs[0].pszDn = DC = ForestDnsZones, DC = MYDOMAIN, DC = org pNCs[0].aCrInfo[0].dwFlags = 0x00000201 pNCs[0].aCrInfo[0].pszDn