I am building a lab environment to up-skill admins to windows and have included various troubleshooting tasks. I would like to break DNS or some other service in a way that would require them to look at logs.
I can think of plenty of times where something has inadvertently broken and i found the issue in the logs but I can't think of anything straight forward that would be easy to reproduce and fix that would be good for this scenario.
Remove a subnet from the AD site to generate NETLOGON event ID: 5807, in a larger environment with DC's in different geographic regions and different latency between sites member servers will connect to a random DC rather than one in their local site, which cause some issues.
A few other ways to mess up DNS, create multiple a records for the same IP, this happens alot when scavenging is not enabled or a decomm procedure is not followed. Or remove a reverse lookup zone and PTR record.
