problem with dns

[patrichek]

Hi,
i recently started working for a firm and they are running w2k3 server. the system looked as if it were setup correctly until i got to the dns forwarders.
the msdcs folder is outside of the forwarders folder. and I know realize i'munable to join computers to the domain.
I also noticed whomever had been working there before had paperwork for renaming the domain.

any ideas on how or why this msdcs folder is where it is? should I just delete the dns server and start new?

thanks for the responses!

 

[JimWells]

When you say 'Forwarders folder' -- do you mean the "Forward Lookup Zone" ?

 

[patrichek]

oh yeah sorry, it was a long day

 

[djtech2k]

I would probably remove DNS and reinstall. The issue with not being able to join the domain is probably because your client cannot find the domain. Make sure the client is pointing to the AD DNS server for resolution as its primary. If not, it will not find AD and it will never join.

 

[patrichek]

it does point to AD dns.
ok, it looks as if the last guy tried to rename the domain and screwed things up a bit.
i'll have to investigate further.

 

[fissidens]

We have a similar situation I think but I didn't realise it was wrong. In Forward Lookup Zones on the PDC, we have a single zone such as MyDomain.local under which are folders for _mcds, _sites, _tcp, _udp, DomainDNSZones and ForestDNSZones. BUT we also have a second zone called _mcdcs.MyDomain.local under which are folders for dc, domains, gc and pdc. Is that correct? Everything seems to be working. Thanks for anyone's help

 

[JimWells]

It is normal to have a DCS zone like you describe - but we're operating in a flat domain now; I don't remember what is supposed to be there in a multi-domain forest. In mine, I just have some SOA and NS entries.

Patrichek -- try restarting the NETLOGON service on a domain controller, then run "ipconfig /registerdns." That might restore the correct DNS entries.

You might also check the documentation that comes with the Domain Rename Tool - lots of other things get broken with that process. (You ARE running Windows Server 2003 - Native Mode, right?)

 

[patrichek]

that is correct, windows 2003 native.
you know what is so odd is there is the msdcs folder above the forward lookup zone folder and then there is a grayed out msdcs folder inside the forward lookup zone folder. BTW, i'm unable to open the grayed out folder.
oh joy!

 

[JimWells]

It seems that your "outside" MSDCS folder is the one that belongs INSIDE the zone for your Active Directory domain...

Have you tried the IPCONFIG /registerdns command?

You can also do some repair with DNSCMD /CONFIG, but I've never used it myself...so YMMV.

 

[patrichek]

yep i reinstalled dns and ran the ipconfg register now i dont even have an msdcs folder
what lies ahead i wonder?

 

[JimWells]

Not even under the forward lookup zone for your domain?

Can you paste the results of "dcdiag" here?


Your DC was pointed to itself as the only DNS server in TCP/IP properties before you ran the command, right?

 

[patrichek]

hi,
it passes everything but the connectivity test.

 

[JimWells]

Does it STOP after the connectivity test, or do all 20-something tests after it all return okay?

 

[JimWells]

Does it STOP after the connectivity test, or do all 20-something tests after it all return okay? Care to post the output from DCDIAG on this thread?

 

[patrichek]

Jim,
it keeps going and everything else passes.
it looks as if this guy rename our domain from reskit.com to reskit. (with the period)
i know they were complaining about our inside domain name being the same as the outside on the website. but that was an easy fix.

 

[JimWells]

Sounds odd.

I guess if you're daring you could try renaming the domain again, to see what happens...

What FQDN do the member computers think they're on?

 

[patrichek]

I was thinking about bringing in a temporary server and creating a domain named reskit.com then demoting our server and then promote to the new domain. I really don't want to reinstall the OS and hate to mess with the config too much.
The AD isn't very big yet so it wouldn't really be a problem to input all the users again.
can you think of a safer plan? I see the previous dude made a backup before he changed the domain name, but i really hate restoring system state.

thanks again!

 

[JimWells]

Hey - if you can start from scratch with a DNS problem this big, do it... are you going to name it reskit.com or reskit.local, though? (The latter is almost always, always preferable).

 

[patrichek]

hmmm....i planed on reskit.com but i see your point going with reskit.local since our website is hosted outside.
thanks again!

 

[JimWells]

Not a problem...if you have a whole bunch of users or poor documentation, you can also import AD users from a variety of sources. You could try exporting them now and reimporting later...