3

The backstory...

I recently upgraded a MS Server from 03 to 2012. The server needed to be a domain controller and for simplicities sake I named it foo.com instead of naming it something different from an active online domain. So I had my local domain named the same as my web domain and when trying to access email accounts I was getting all sorts of errors. I decided to rename the domain to foo.local.

The Current Problem

I was recently adding new machines to the domain and everything was going well. However, once I went to install Outlook 2010 and add mailboxes I started experiencing the same issues I had before when the domain controller name and the web domain had the same names.
Out of morbid hope of not having to deal with the issue again and thinking it was a DNS problem I deleted a few DNS entries from my DNS Manager.
Now I am currently getting errors when trying to add machines again to the foo.local domain.

When I try to add a machine to the domain I get this error:

Note: This information is intended for a network administrator. 
If you are not your network's administrator, notify the administrator that you
received this information, which has been
recorded in the file C:\Windows\debug\dcdiag.txt.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "foo.local":

The query was for the SRV record for _ldap._tcp.dc._msdcs.foo.local

The following domain controllers were identified by the query:
fooserver01.foo.com


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.

Running dcdiag /test:dns I get this result:

C:\Program Files>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = fooServer01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\FOOSERVER01
      Starting test: Connectivity
         The host 01e7fc30-b4aa-4c8e-a036-c08a45b0ffb5._msdcs.foo.local could
         not be resolved to an IP address. Check the DNS server, DHCP, server
         name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... FOOSERVER01 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\FOOSERVER01

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... FOOSERVER01 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : foo

   Running enterprise tests on : foo.local
      Starting test: DNS
         Test results for domain controllers:

            DC: fooServer01.foobar.com
            Domain: foo.local


               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  No host records (A or AAAA) were found for this DC

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network
               adapters

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: foo.local
               fooServer01                PASS FAIL PASS PASS PASS FAIL n/a

         ......................... foo.local failed test DNS

If I'm correct, which a few hours of hopeless google searching has yielded, I need to restore/fix the DNS entries that I regrettably deleted from my DNS manager.

Please let me know if there is any further information that would be of any help!

Below is a ifconfig /all printout from fooServer01

C:\Program Files>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : fooServer01
   Primary Dns Suffix  . . . . . . . : foobar.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : foobar.com

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client) #44
   Physical Address. . . . . . . . . : 00-1E-C9-EA-86-30
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d5ba:d38:e1e8:d716%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.8
   DHCPv6 IAID . . . . . . . . . . . : 301997769
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-66-05-A8-00-1E-C9-EA-86-30

   DNS Servers . . . . . . . . . . . : ::1
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{B0DD6412-73DF-4EEB-B3B5-53FDC632B011}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Program Files>

DNS Manager Tree

fooServer01
|- Forward Lookup Zones
|  |- _msdcs.foobar.com
|  |  |- local
|  |  |  |- foo Host(A) 192.168.0.1 static
|  |  |- (same as parent folder) Start of Authority (SOA) [7],fooserver01.foobar.com,hostmaster.foobar.com static
|  |  |- (same as parent folder) Name Server (NS) fooserver01.foobar.com static
|  |  |- fooserver01 Alias (CNAME) fooserver01.foobar.com static
|  |- foo.local
|  |  |- _msdcs
|  |  |  |- _dc
|  |  |  |  |- _sites
|  |  |  |  |  |- Default-First-Name-Site
|  |  |  |  |  |  |- _tcp
|  |  |  |  |  |  |  |- _kerberos Service Location (SRV) [0][100][89] fooserver01.foobar.com. Timestamp
|  |  |  |  |  |  |  |- _ldap Service Location (SRV) [0][100][389] fooserver01.foobar.com. Timestamp
|  |  |  |  |- _tcp
|  |  |  |  |  |- _kerberos Service Location (SRV) [0][100][88] fooserver01.foobar.com. Timestamp
|  |  |  |  |  |- _ldap Service Location (SRV) [0][100][389] fooserver01.foobar.com Timestamp
|  |  |  |- domains
|  |  |  |  |- {long string of letters & numbers }
|  |  |  |  |  |- _tcp
|  |  |  |  |  |  |- _ldap Service Location (SRV) [0][100][389] fooserver01.foobar.com. Timestamp
|  |  |  |- gc
|  |  |  |  |- _sites
|  |  |  |  |  |- Default-First-Site-Name
|  |  |  |  |  |  |- _tcp
|  |  |  |  |  |  |  |- _ldap Service Location (SRV) [0][100][3268] fooserver01.foobar.com. Timestamp
|  |  |  |  |- _tcp
|  |  |  |  |  |- _ldap Service Location (SRV) [0][100][3268] fooserver01.foobar.com. Timestamp
|  |  |  |- pdc
|  |  |  |  |- _tcp
|  |  |  |  |  |- _ldap Service Location (SRV) [0][100][389] fooserver01.foobar.com. Timestamp
|  |  |- _sites
|  |  |  |- Default-First-Site-Name
|  |  |  |  |- _tcp
|  |  |- _tcp
|  |  |- _udp
|  |  |- DomainDnsZones
|  |  |  |- _sites
|  |  |  |  |- Default-First-Site-Name
|  |  |  |  |  |- _tcp
|  |  |  |- _tcp
|  |  |- ForestDnsZones
|  |  |  |- _sites
|  |  |  |  |- Default-First-Site-Name
|  |  |  |  |  |- _tcp
|  |  |  |- _tcp
|  |  |- (same as parent folder) Start of Authority (SOA) [1611], fooserver01.foobar.com, hostmaster.foobar.com static
|  |  |- (same as parent folder) Name Server (NS) fooserver01.foobar.com static
|  |  |- (same as parent folder) Host (A) 192.168.0.1 Timestamp
|  |  |- LIST OF MACHINES STARTS
|  |  |- THERE'S ABOUT 15 OF THEM
|  |  |- fooserver Alias (CNAME) FooServer01.foobar.com
|  |- _ldap.foobar.com
|  |  |- (same as parent folder) Start of Authority (SOA) [1], fooserver01.foobar.com, hostmaster.foobar.com. static
|  |  |- (same as parent folder) Name Server (NS) fooserver01.foobar.com. static
|- Reverse Lookup Zones
|- Trust Points
|- Conditional Forwarders
|- Global logs

Is this any help? Should I continue?

gh0st
  • 245
  • 1
  • 4
  • 19
  • 1
    You renamed the DC, or the domain? You mentioned Outlook, so beware, domain rename is not supported if you have installed recent versions of Exchange in your domain. See http://technet.microsoft.com/en-us/library/cc738208%28v=ws.10%29.aspx – Clayton Jan 07 '15 at 14:03
  • 2
    `I recently upgraded a MS Server from 03 to 2012` - No you didn't. There's no upgrade path from Windows Server 2003 to Windows Server 2012. My suggestion would be to start over. Rebuild the DC and create a new AD domain, named properly. – joeqwerty Jan 07 '15 at 15:37
  • @Craig620 I renamed the domain. I didn't make that clear. I'll edit my original post. – gh0st Jan 07 '15 at 17:29
  • @joeqwerty, correct. I did not officially do an "upgrade". By that I meant I went from an '03 OS to '12 as a fresh install. – gh0st Jan 07 '15 at 17:30
  • And of course now you have to rename it _again_. – Michael Hampton Jan 07 '15 at 18:38
  • @MichaelHampton are you suggesting this is how I can fix it? – gh0st Jan 07 '15 at 18:38
  • I added a tree of the entries in my DNS Manager. – gh0st Jan 08 '15 at 05:08

2 Answers2

6

Oddly enough you're not the first person to do this.
Dell even has a guide on how to register your DC back into DNS.

You really should review everything though, a domain controller is the key part of your infrastructure that needs to be consistent and reliable.
Renaming a DC is something I've avoided at all costs in the past, and reluctantly executed with a lot of mistakes / problems that I wish I never had to resolve.
Take system state backups before each action, and verify each action extensively. Don't start deleting stuff at random!

Reaces
  • 5,597
  • 4
  • 38
  • 46
  • I'm assuming these steps are done on the broken DC. – gh0st Jan 07 '15 at 08:35
  • @gh0st Correct. – Reaces Jan 07 '15 at 08:36
  • 4
    Renaming a dc at all costs should be bolded, highlighted, and underlined 3 times. The best way to rename a DC is to demote it, and rebuild it as a new DC. – Jim B Jan 07 '15 at 15:14
  • @JimB just to be clear, I didn't rename the DC, I renamed the domain using rendom.exe. – gh0st Jan 07 '15 at 17:31
  • @Reaces these steps didn't absolutely work. Are these steps mean to repair any changes made in the DNS Manager? – gh0st Jan 07 '15 at 17:33
  • @gh0st These actions are ment to register your DC in your local DNS servers. To allow computers to find your DC when they want to join your domain. When you say didn't _absolutely_ work, what do you mean? – Reaces Jan 07 '15 at 17:58
  • @Reaces I mean the clients still get the same error they were getting prior to these steps were taken upon trying to join them to the domain. – gh0st Jan 07 '15 at 18:03
  • Renaming a **Domain Controller** is perfectly fine, as long as you reboot it a couple of times. Renaming a **Domain** is a royal pain, it's more often unsupported than not, and should be avoided at all costs. – Massimo Jan 07 '15 at 18:04
  • Well renaming the **domain** is what I did. Everything was running smoothly (sort of) until I went and deleted a few lines out of my DNS manager. All I need to do is figure out how to fix the error that it gives me when I try to join the domain again. – gh0st Jan 07 '15 at 20:34
  • I don't understand why this has been so difficult to fix. All I believe I did to cause this was delete items out of the DNS Manager. Can somebody post a complete breakdown of their primary domain controllers DNS Manager and I'll post mine in the original question? – gh0st Jan 08 '15 at 04:40
  • I added a tree of entries in my DNS Manager. – gh0st Jan 08 '15 at 05:08
  • @gh0st "**I don't understand why this has been so difficult to fix.**" Because, respectfully, it's a very silly thing to do. You don't hack off one of your limbs and re-attach it with a couple of band-aids and expect that to be the end of the matter, yet renaming a domain is much the same level of operation to carry out on a domain, and causes similar amounts of disruption. Simply put: Don't rename a production domain or delete random AD entries from DNS - it is highly unlikely to result in less work than building a new domain and migrating objects. – Rob Moir Jan 08 '15 at 15:24
  • @RobM You might want to add an @ to the person you're replying to, currently this notified me and I don't think you're responding to me ;) – Reaces Jan 08 '15 at 15:25
  • Sorry @Reaces - now fixed. – Rob Moir Jan 08 '15 at 15:26
1

Given that I deleted some entries in my DNS Manager I figured it was the perfect place to start. I may be missing entries but the ones I entered were enough to get my workstation to join the domain properly. These are the entries I added.

  1. Added a new zone called foobar.com back to the Forward Lookup Zones.
  2. Inside the new zone I added Other New Records and selected Service Location (SRV).
  3. Left Domain the default value, entered _ldap for service, _tcp for protocol, 0 for priority, 100 for weight, 389 for port number, and the ip of the host offering the service for host offering this service.
  4. Then added another new record using Service Location (SRV)
  5. In this dialog I again left Domain as the default value, _gc for the service, _tcp for the protocol, 0 for the priority, 100 for the weight, and 3268 for the port number.

I then jumped back on the workstation to test and the join to the domain was successful.
I'm using this as a temporary solution as I figure I will re-install Windows Server 2012 and start from the ground up once the pressure is off so take this with a grain of salt.

gh0st
  • 245
  • 1
  • 4
  • 19