| Author | Messages | |
lists1
Posts:4
 | | 11/08/2005 10:37 AM |
| Instead of hijacking another thread I'm going to start my own ;)
What I've seen recently and was pretty surprised: A customer of mine had
incomplete netlogon.dns-files, they had some of the records which were supposed
to be there but not all. On some DCs about 50% of the netlogon.dns was
missing.
Really bad about this is that the tools like dcdiag only test the content of
the netlogon.dns against the DNS-Service, and that the netlogon-process does not
check the content of the netlogon.dns without any changes unless the file is
missing. So the customer had missing DNS-Informations for ages and never noticed
it - not everyone is digging around in DNS and knows what's supposed to be there
;)
DCs were W2k SP4.
Anyone seen this before? OK - I've already fixed it by renaming netlogon.dns
and restarting netlogon, but I'm curious if anyone has ideas where this might
come from and if anyone has seen it before.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":
http://tinyurl.com/44zcz Weblog:
http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org | | | |
| Gil
Posts:82
| | 11/08/2005 10:44 AM |
| Were the entries dropped off the end of the file, or were
they missing from the middle? Any pattern to the entries that were
missing?
-gil
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ulf B.
Simon-WeidnerSent: Tuesday, November 08, 2005 3:36 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Netlogon.dns
(2)
Instead of hijacking another thread I'm going to start my own ;)
What I've seen recently and was pretty surprised: A customer of mine had
incomplete netlogon.dns-files, they had some of the records which were supposed
to be there but not all. On some DCs about 50% of the netlogon.dns was
missing.
Really bad about this is that the tools like dcdiag only test the content of
the netlogon.dns against the DNS-Service, and that the netlogon-process does not
check the content of the netlogon.dns without any changes unless the file is
missing. So the customer had missing DNS-Informations for ages and never noticed
it - not everyone is digging around in DNS and knows what's supposed to be there
;)
DCs were W2k SP4.
Anyone seen this before? OK - I've already fixed it by renaming netlogon.dns
and restarting netlogon, but I'm curious if anyone has ideas where this might
come from and if anyone has seen it before.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":
http://tinyurl.com/44zcz Weblog:
http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org | | | |
| davidadner
Posts:0
| | 11/08/2005 11:09 AM |
| May want to check this out to verify this isn't the
issue:
The Domain Controller does not register _GC, _KERBEROS, and
_KPASSWD DNS entries when a Windows 2000 server starts
http://support.microsoft.com/kb/841395/
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ulf B.
Simon-WeidnerSent: Tuesday, November 08, 2005 4:36 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Netlogon.dns
(2)
Instead of hijacking another thread I'm going to start my own ;)
What I've seen recently and was pretty surprised: A customer of mine had
incomplete netlogon.dns-files, they had some of the records which were
supposed to be there but not all. On some DCs about 50% of the netlogon.dns
was missing.
Really bad about this is that the tools like dcdiag only test the content
of the netlogon.dns against the DNS-Service, and that the netlogon-process
does not check the content of the netlogon.dns without any changes unless the
file is missing. So the customer had missing DNS-Informations for ages and
never noticed it - not everyone is digging around in DNS and knows what's
supposed to be there ;)
DCs were W2k SP4.
Anyone seen this before? OK - I've already fixed it by renaming
netlogon.dns and restarting netlogon, but I'm curious if anyone has ideas
where this might come from and if anyone has seen it before.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die
Expertentipps": http://tinyurl.com/44zcz Weblog:
http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org | | | |
| lists1
Posts:4
| | 11/08/2005 11:16 AM |
| No pattern at all, sometimes kerberos SRVs, sometimes GC SRVs, sometimes
SRVs which were missing in the site dns-domain but were existing in the
"all-in-the-domain"-dns-domain, totally weired. Was more looking like after
promotion performance issues which were preventing to write all records to the
netlogon.dns, but that's a very wild guess. I would have been interested to see
it after it got promoted initially, but our company wasn't involved at this
point, two other companies did the migration (both of them here on the list - so
I won't mention them). They were running like that for years propably - they
didn't have dns aging and scavening activated so I don't think they disappeared
recently.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Gil
KirkpatrickSent: Tuesday, November 08, 2005 11:43 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Netlogon.dns
(2)
Were the entries dropped off the end of the file, or were
they missing from the middle? Any pattern to the entries that were
missing?
-gil
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ulf B.
Simon-WeidnerSent: Tuesday, November 08, 2005 3:36 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Netlogon.dns
(2)
Instead of hijacking another thread I'm going to start my own ;)
What I've seen recently and was pretty surprised: A customer of mine had
incomplete netlogon.dns-files, they had some of the records which were
supposed to be there but not all. On some DCs about 50% of the netlogon.dns
was missing.
Really bad about this is that the tools like dcdiag only test the content
of the netlogon.dns against the DNS-Service, and that the netlogon-process
does not check the content of the netlogon.dns without any changes unless the
file is missing. So the customer had missing DNS-Informations for ages and
never noticed it - not everyone is digging around in DNS and knows what's
supposed to be there ;)
DCs were W2k SP4.
Anyone seen this before? OK - I've already fixed it by renaming
netlogon.dns and restarting netlogon, but I'm curious if anyone has ideas
where this might come from and if anyone has seen it before.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die
Expertentipps": http://tinyurl.com/44zcz Weblog:
http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org | | | |
| efleis1
Posts:0
| | 11/08/2005 11:19 AM |
| I would have SWORN there was an issue in
this code path, but the details escaped me.
So I pinged Steve offline who remembered
the details¦..basically, it™s this: http://support.microsoft.com/default.aspx?scid=KB;EN-US;841395
So that could be what you™re
hitting.
With some more details, we might be able
to diagnose it if it is something else. But we might need to debug it to know
for sure.
~Eric
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Gil Kirkpatrick
Sent: Tuesday, November 08, 2005
2:43 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir]
Netlogon.dns (2)
Were the entries dropped off the end of
the file, or were they missing from the middle? Any pattern to the entries that
were missing?
-gil
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ulf B. Simon-Weidner
Sent: Tuesday, November 08, 2005
3:36 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Netlogon.dns
(2)
Instead
of hijacking another thread I'm going to start my own ;)
What I've
seen recently and was pretty surprised: A customer of mine had incomplete
netlogon.dns-files, they had some of the records which were supposed to be
there but not all. On some DCs about 50% of the netlogon.dns was missing.
Really
bad about this is that the tools like dcdiag only test the content of the
netlogon.dns against the DNS-Service, and that the netlogon-process does not
check the content of the netlogon.dns without any changes unless the file is
missing. So the customer had missing DNS-Informations for ages and never
noticed it - not everyone is digging around in DNS and knows what's supposed to
be there ;)
DCs were
W2k SP4.
Anyone
seen this before? OK - I've already fixed it by renaming netlogon.dns and
restarting netlogon, but I'm curious if anyone has ideas where this might come
from and if anyone has seen it before.
Gruesse
- Sincerely,
Ulf
B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org | | | |
| lists1
Posts:4
| | 11/08/2005 11:37 AM |
| Thanks ~eric and David,
It wasn't as consistent as I would assume the behaviour of that
hotfix.
Additionally the KB has an error - the Workaround won't work since
netlogon.dns is not being rebuild if it exists when you restart netlogon. The
Workaround should read as 1. rename netlogon.dns to netlogon.bak, 2. restart the
netlogon-service.
Debugging may be possible, however I fixed the issue couple weeks ago
since they are going to consolidate a domain into the one with the issues, and
they had major performance issues and some kindergarden-errors in the design. I
had to fix it asap to increase performance and to enable them to carry on with
the domain consolidation.
It's not that they need to get it fixed now - I'm mainly curious why it
happened.
Ulf
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Eric
FleischmanSent: Wednesday, November 09, 2005 12:03 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Netlogon.dns
(2)
I would have SWORN
there was an issue in this code path, but the details escaped
me.
So I pinged Steve
offline who remembered the details¦..basically, it™s this: http://support.microsoft.com/default.aspx?scid=KB;EN-US;841395
So that could be what
you™re hitting.
With some more
details, we might be able to diagnose it if it is something else. But we might
need to debug it to know for sure.
~Eric
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Gil
KirkpatrickSent: Tuesday,
November 08, 2005 2:43 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Netlogon.dns
(2)
Were the entries
dropped off the end of the file, or were they missing from the middle? Any
pattern to the entries that were missing?
-gil
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ulf B.
Simon-WeidnerSent: Tuesday,
November 08, 2005 3:36 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Netlogon.dns
(2)
Instead
of hijacking another thread I'm going to start my own
;)
What I've
seen recently and was pretty surprised: A customer of mine had incomplete
netlogon.dns-files, they had some of the records which were supposed to be
there but not all. On some DCs about 50% of the netlogon.dns was
missing.
Really
bad about this is that the tools like dcdiag only test the content of the
netlogon.dns against the DNS-Service, and that the netlogon-process does not
check the content of the netlogon.dns without any changes unless the file is
missing. So the customer had missing DNS-Informations for ages and never
noticed it - not everyone is digging around in DNS and knows what's supposed
to be there ;)
DCs were
W2k SP4.
Anyone
seen this before? OK - I've already fixed it by renaming netlogon.dns and
restarting netlogon, but I'm curious if anyone has ideas where this might come
from and if anyone has seen it before.
Gruesse -
Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":
http://tinyurl.com/44zcz Weblog:
http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org | | | |
| davidadner
Posts:0
| | 11/08/2005 11:54 AM |
| In my experience the behavior noted in the KB was fairly
inconsistent. Some DC's would be fine, but then miss records on the next
reboot. The records in question would also vary.
As for the workaround, it's probably less than ideal since
you're right, simply restarting the Netlogon service doesn't always rebuild the
netlogon.dns/dnb files. However, it does sometimes, so it's not completely
wrong, either.
I would at least rule out the known issue if you
can by installing the hotfix on a test system(s) that's experiencing the
issue. Or, depending on the files in question, it's possible your DC's
already have the updated files via other hotfixes.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ulf B.
Simon-WeidnerSent: Tuesday, November 08, 2005 5:35 PM To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Netlogon.dns
(2)
Thanks ~eric and David,
It wasn't as consistent as I would assume the behaviour of that
hotfix.
Additionally the KB has an error - the Workaround won't work since
netlogon.dns is not being rebuild if it exists when you restart netlogon. The
Workaround should read as 1. rename netlogon.dns to netlogon.bak, 2. restart
the netlogon-service.
Debugging may be possible, however I fixed the issue couple weeks ago
since they are going to consolidate a domain into the one with the issues, and
they had major performance issues and some kindergarden-errors in the design.
I had to fix it asap to increase performance and to enable them to carry on
with the domain consolidation.
It's not that they need to get it fixed now - I'm mainly curious why it
happened.
Ulf
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Eric
FleischmanSent: Wednesday, November 09, 2005 12:03
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE:
[ActiveDir] Netlogon.dns (2)
I would have SWORN
there was an issue in this code path, but the details escaped
me.
So I pinged Steve
offline who remembered the details¦..basically, it™s this: http://support.microsoft.com/default.aspx?scid=KB;EN-US;841395
So that could be
what you™re hitting.
With some more
details, we might be able to diagnose it if it is something else. But we
might need to debug it to know for sure.
~Eric
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Gil
KirkpatrickSent: Tuesday,
November 08, 2005 2:43 PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Netlogon.dns
(2)
Were the entries
dropped off the end of the file, or were they missing from the middle? Any
pattern to the entries that were missing?
-gil
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ulf B.
Simon-WeidnerSent:
Tuesday, November 08, 2005 3:36 PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Netlogon.dns
(2)
Instead
of hijacking another thread I'm going to start my own
;)
What
I've seen recently and was pretty surprised: A customer of mine had
incomplete netlogon.dns-files, they had some of the records which were
supposed to be there but not all. On some DCs about 50% of the netlogon.dns
was missing.
Really
bad about this is that the tools like dcdiag only test the content of the
netlogon.dns against the DNS-Service, and that the netlogon-process does not
check the content of the netlogon.dns without any changes unless the file is
missing. So the customer had missing DNS-Informations for ages and never
noticed it - not everyone is digging around in DNS and knows what's supposed
to be there ;)
DCs
were W2k SP4.
Anyone
seen this before? OK - I've already fixed it by renaming netlogon.dns and
restarting netlogon, but I'm curious if anyone has ideas where this might
come from and if anyone has seen it
before.
Gruesse -
Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":
http://tinyurl.com/44zcz Weblog:
http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org | | | |
| deji
Posts:140
| | 11/09/2005 1:07 AM |
| OK, that should read:
Ώ] I can'T swear to the veracity...blah.....blah
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Deji Akomolafe
Sent: Tue 11/8/2005 4:17 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Netlogon.dns (2)
IIRC, Guido had his fingers in that KB. I think we discussed the issue
shortly before the KB came out and we agreed Ώ] to disagree (as usual) that
making netlogon dependent on DNS is an effective solution to this problem.
Ώ] I can swear to the veracity of the "agreed" part, but I tried ;-p
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of David Adner
Sent: Tue 11/8/2005 3:51 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Netlogon.dns (2)
In my experience the behavior noted in the KB was fairly inconsistent. Some
DC's would be fine, but then miss records on the next reboot. The records in
question would also vary.
As for the workaround, it's probably less than ideal since you're right,
simply restarting the Netlogon service doesn't always rebuild the
netlogon.dns/dnb files. However, it does sometimes, so it's not completely
wrong, either.
I would at least rule out the known issue if you can by installing the hotfix
on a test system(s) that's experiencing the issue. Or, depending on the
files in question, it's possible your DC's already have the updated files via
other hotfixes.
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ulf B. Simon-Weidner
Sent: Tuesday, November 08, 2005 5:35 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Netlogon.dns (2)
Thanks ~eric and David,
It wasn't as consistent as I would assume the behaviour of that
hotfix.
Additionally the KB has an error - the Workaround won't work since
netlogon.dns is not being rebuild if it exists when you restart netlogon. The
Workaround should read as 1. rename netlogon.dns to netlogon.bak, 2. restart
the netlogon-service.
Debugging may be possible, however I fixed the issue couple weeks ago
since they are going to consolidate a domain into the one with the issues,
and they had major performance issues and some kindergarden-errors in the
design. I had to fix it asap to increase performance and to enable them to
carry on with the domain consolidation.
It's not that they need to get it fixed now - I'm mainly curious why
it happened.
Ulf
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Eric Fleischman
Sent: Wednesday, November 09, 2005 12:03 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Netlogon.dns (2)
I would have SWORN there was an issue in this code path, but
the details escaped me.
So I pinged Steve offline who remembered the
details.....basically, it's this:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;841395
So that could be what you're hitting.
With some more details, we might be able to diagnose it if it
is something else. But we might need to debug it to know for sure.
~Eric
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Gil Kirkpatrick
Sent: Tuesday, November 08, 2005 2:43 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Netlogon.dns (2)
Were the entries dropped off the end of the file, or were
they missing from the middle? Any pattern to the entries that were missing?
-gil
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ulf B. Simon-Weidner
Sent: Tuesday, November 08, 2005 3:36 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Netlogon.dns (2)
Instead of hijacking another thread I'm going to start my own
;)
What I've seen recently and was pretty surprised: A customer
of mine had incomplete netlogon.dns-files, they had some of the records which
were supposed to be there but not all. On some DCs about 50% of the
netlogon.dns was missing.
Really bad about this is that the tools like dcdiag only test
the content of the netlogon.dns against the DNS-Service, and that the
netlogon-process does not check the content of the netlogon.dns without any
changes unless the file is missing. So the customer had missing
DNS-Informations for ages and never noticed it - not everyone is digging
around in DNS and knows what's supposed to be there ;)
DCs were W2k SP4.
Anyone seen this before? OK - I've already fixed it by
renaming netlogon.dns and restarting netlogon, but I'm curious if anyone has
ideas where this might come from and if anyone has seen it before.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":
http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| deji
Posts:140
| | 11/09/2005 12:22 PM |
| IIRC, Guido had his fingers in that KB. I think we discussed the issue
shortly before the KB came out and we agreed Ώ] to disagree (as usual) that
making netlogon dependent on DNS is an effective solution to this problem.
Ώ] I can swear to the veracity of the "agreed" part, but I tried ;-p
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of David Adner
Sent: Tue 11/8/2005 3:51 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Netlogon.dns (2)
In my experience the behavior noted in the KB was fairly inconsistent. Some
DC's would be fine, but then miss records on the next reboot. The records in
question would also vary.
As for the workaround, it's probably less than ideal since you're right,
simply restarting the Netlogon service doesn't always rebuild the
netlogon.dns/dnb files. However, it does sometimes, so it's not completely
wrong, either.
I would at least rule out the known issue if you can by installing the hotfix
on a test system(s) that's experiencing the issue. Or, depending on the
files in question, it's possible your DC's already have the updated files via
other hotfixes.
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ulf B. Simon-Weidner
Sent: Tuesday, November 08, 2005 5:35 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Netlogon.dns (2)
Thanks ~eric and David,
It wasn't as consistent as I would assume the behaviour of that
hotfix.
Additionally the KB has an error - the Workaround won't work since
netlogon.dns is not being rebuild if it exists when you restart netlogon. The
Workaround should read as 1. rename netlogon.dns to netlogon.bak, 2. restart
the netlogon-service.
Debugging may be possible, however I fixed the issue couple weeks ago
since they are going to consolidate a domain into the one with the issues,
and they had major performance issues and some kindergarden-errors in the
design. I had to fix it asap to increase performance and to enable them to
carry on with the domain consolidation.
It's not that they need to get it fixed now - I'm mainly curious why
it happened.
Ulf
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Eric Fleischman
Sent: Wednesday, November 09, 2005 12:03 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Netlogon.dns (2)
I would have SWORN there was an issue in this code path, but
the details escaped me.
So I pinged Steve offline who remembered the
details.....basically, it's this:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;841395
So that could be what you're hitting.
With some more details, we might be able to diagnose it if it
is something else. But we might need to debug it to know for sure.
~Eric
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Gil Kirkpatrick
Sent: Tuesday, November 08, 2005 2:43 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Netlogon.dns (2)
Were the entries dropped off the end of the file, or were
they missing from the middle? Any pattern to the entries that were missing?
-gil
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ulf B. Simon-Weidner
Sent: Tuesday, November 08, 2005 3:36 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Netlogon.dns (2)
Instead of hijacking another thread I'm going to start my own
;)
What I've seen recently and was pretty surprised: A customer
of mine had incomplete netlogon.dns-files, they had some of the records which
were supposed to be there but not all. On some DCs about 50% of the
netlogon.dns was missing.
Really bad about this is that the tools like dcdiag only test
the content of the netlogon.dns against the DNS-Service, and that the
netlogon-process does not check the content of the netlogon.dns without any
changes unless the file is missing. So the customer had missing
DNS-Informations for ages and never noticed it - not everyone is digging
around in DNS and knows what's supposed to be there ;)
DCs were W2k SP4.
Anyone seen this before? OK - I've already fixed it by
renaming netlogon.dns and restarting netlogon, but I'm curious if anyone has
ideas where this might come from and if anyone has seen it before.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":
http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
|
|