Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
kingsc

DCDIAG DNS Issue - Server 2003/2008

Recommended Posts

Hi all, new to this topic and trying to setup Exchange 2003 on a Windows Server 2003. The DNS server is a seperate server running Windows Server 2008.

This is what I get back when running DCDIAG using the "/s:SRV-1" flag:

Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SRV-1

Starting test: Connectivity

The host de67edef-eceb-4b03-a449-15b7f915044b._msdcs.table1.com could not be resolved to an

IP address. Check the DNS server, DHCP, server name, etc

Although the Guid DNS name

(de67edef-eceb-4b03-a449-15b7f915044b._msdcs.table1.com) couldn't be

resolved, the server name (srv-1.table1.com) resolved to the IP

address (192.168.10.130) and was pingable. Check that the IP address

is registered correctly with the DNS server.

......................... SRV-1 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SRV-1

Skipping all tests, because server SRV-1 is

not responding to directory service requests

Running partition tests on : ForestDnsZones

Starting test: CrossRefValidation

......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones

Starting test: CrossRefValidation

......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Running partition tests on : table1

Starting test: CrossRefValidation

......................... table1 passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... table1 passed test CheckSDRefDom

Running enterprise tests on : table1.com

Starting test: Intersite

......................... table1.com passed test Intersite

Starting test: FsmoCheck

......................... table1.com passed test FsmoCheck

I need this check to pass before I can continue installing Exchange. Like I said I'm new to this so I'm sure it's something simple related to the DNS server. Can anyone help?

Share this post


Link to post
Share on other sites

Well, it's complaining that you are missing a DC host record that it thinks is still valid (de67edef-eceb-4b03-a449-15b7f915044b) in the _msdcs tree for DNS in your domain. You should probably start by figuring out what that GUID points to and work from there.

Share this post


Link to post
Share on other sites

Ah, hi there cluberti, I don't think I've talked with you since back when I was trying to put together my universal image.

What you're saying makes sense to me, and I did check the _mcds tree, but I don't know what I'm doing unfortunately. I have two trees, the _msdcs one and a table1.com one.

I'll post screenshots later, but in the table1.com tree, IIRC, there is an A record for both SRV-1 and SRV-2(The computer I'm running DCDiag from, that I'll be installing exchange on). Also, IIRC, the _msdcs tree is empty, which maybe explains why I'm getting that error?

But if that's the case, why is it trying to utilize that tree when both SRV-1 and 2 are in the table1.com domain?

I'll utilize the hyperlink you gave me and see what I can find. Thanks.

Edited by kingsc

Share this post


Link to post
Share on other sites

The _msdcs tree should contain the GUIDs (and A records) for all of the domain controllers in your environment at the root domain level, as well as sub-folders (containing records, of course) like dc, domains, gc, and pdc. If it is empty, your domain's DNS and site structure is most definitely broken, and you should be resolving this before going any further. Usually restarting netlogon on the DCs fixes this, but this can fail if an authoritative restore failed in the past, or if a DC promotion event caused a GC issue, etc (you are probably going to find the logs on your DCs and DNS server(s) are unclean, and full of errors - start by resolving those).

The reason this must pass is to access the Active Directory and update the Schema (which Exchange is going to do), it needs to find the domain controllers and holders of the FSMO roles, as well as a global catalog server, before running the update. Having host records is fine, but your domain's forward records for the AD itself are broken, and Exchange will not continue (nor should it try) to install on a broken domain.

Share this post


Link to post
Share on other sites

The _msdcs tree should contain the GUIDs (and A records) for all of the domain controllers in your environment at the root domain level, as well as sub-folders (containing records, of course) like dc, domains, gc, and pdc. If it is empty, your domain's DNS and site structure is most definitely broken, and you should be resolving this before going any further. Usually restarting netlogon on the DCs fixes this, but this can fail if an authoritative restore failed in the past, or if a DC promotion event caused a GC issue, etc (you are probably going to find the logs on your DCs and DNS server(s) are unclean, and full of errors - start by resolving those).

The reason this must pass is to access the Active Directory and update the Schema (which Exchange is going to do), it needs to find the domain controllers and holders of the FSMO roles, as well as a global catalog server, before running the update. Having host records is fine, but your domain's forward records for the AD itself are broken, and Exchange will not continue (nor should it try) to install on a broken domain.

Awesome response and very informative, thank you! This is the history with our DNS server:

The DNS server is also our AD server. I told the guy who was setting it up to not start the AD installation process until the next day because he wasn't going to have time to finish it. Well he did it anyway, and in a rush, after the AD was done installing, the DNS part came up and he cancelled it.

So after some work, we had dns problems of course, so he removed the role and re-added it. We tried creating a primary lookup zone for table1.com afterward, but it was already there I guess since that's what the error at the end of the procedure told us.

I won't be able to look at it again until Monday(I think) unfortunately, but I'll update as soon as I do and hopefully be able to provide some screenshots!

Edited by kingsc

Share this post


Link to post
Share on other sites

The _msdcs tree should contain the GUIDs (and A records) for all of the domain controllers in your environment at the root domain level, as well as sub-folders (containing records, of course) like dc, domains, gc, and pdc. If it is empty, your domain's DNS and site structure is most definitely broken, and you should be resolving this before going any further. Usually restarting netlogon on the DCs fixes this, but this can fail if an authoritative restore failed in the past, or if a DC promotion event caused a GC issue, etc (you are probably going to find the logs on your DCs and DNS server(s) are unclean, and full of errors - start by resolving those).

The reason this must pass is to access the Active Directory and update the Schema (which Exchange is going to do), it needs to find the domain controllers and holders of the FSMO roles, as well as a global catalog server, before running the update. Having host records is fine, but your domain's forward records for the AD itself are broken, and Exchange will not continue (nor should it try) to install on a broken domain.

Awesome response and very informative, thank you! This is the history with our DNS server:

The DNS server is also our AD server. I told the guy who was setting it up to not start the AD installation process until the next day because he wasn't going to have time to finish it. Well he did it anyway, and in a rush, after the AD was done installing, the DNS part came up and he cancelled it.

So after some work, we had dns problems of course, so he removed the role and re-added it. We tried creating a primary lookup zone for table1.com afterward, but it was already there I guess since that's what the error at the end of the procedure told us.

I won't be able to look at it again until Monday(I think) unfortunately, but I'll update as soon as I do and hopefully be able to provide some screenshots!

Ok I have no idea what I'm doing here but while I'm trying to work this out, I thought I'd attach a pic of what the DNS structure looks like. ALso, we did verify we can get out to the internet from computers that list only our DNS server for their DNS server.

Edited by kingsc

Share this post


Link to post
Share on other sites

Wierd, I don't see the attachment there, anyone see it? I included the image here in case it didn't attach properly.

DNS.jpg

Edited by kingsc

Share this post


Link to post
Share on other sites

So I cheated and added a host record to _mcdcs for "de67edef-eceb-4b03-a449-15b7f915044b"

The check now passes, but I get the following warning:

Testing server: Default-First-Site-Name\SRV-1

Starting test: Connectivity

*** Warning: could not confirm the identity of this server in

the directory versus the names returned by DNS servers.

If there are problems accessing this directory server then

you may need to check that this server is correctly registered

with DNS

......................... SRV-1 passed test Connectivity

Share this post


Link to post
Share on other sites

is this your only DNS server? could you verify that at least one DC is a global Catalog?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×