Nslookup not showing one DC

  • 212 Views
  • Last Post 21 April 2016
SmitaCarneiro posted this 20 April 2016

  We moved 2 physical server 2008 R2 domain controllers (DC01 and DC03) in the past 2 days as part of a data center move. The subnet and IPs stayed the same. After that I was able to run DCDiag against those 2 DCs and everything seemed OK. Today I see that when I type ‘nslookup domain name’, I get a list of all the domain controllers except for DC01. I do see DC03. That led me to think some DNS record was missing. I manually went through the DNS records and DC01 shows up in all the places that the other DCs are.   I also ran: nslookup Set type=srv ldap.tcp.dc._msdcs.domainname   All the DCs show up correctly in these results.   Netdom query dc – shows all the DCs correctly.   All these DCs are on the same subnet and in the same site, so it does not have anything to do with netmask ordering.   There are DNS records for this server, both A and NS server.   Running Get-ADDomainController –filter * gives me all the DCs including DC01.   The DC is pointing to itself for DNS servers, and it also has a second DC listed.   The SPNs for the DC were compared to other DCs that are OK and they are almost identical except that DC01 has 2 extra: WSMAN/DC01 WSMAN/DC01.domainname   Other things I did on the server: Rebooted the DC Restarted the Netlogon service Restarted both the AD Domain Services and AD Web Services Restarted the DNS client and Server service Ran ipconfig /registerDNS   I have repeatedly flushed the DNS cache.   Repadmin /showrepl shows no errors.   There was an issue in the beginning and I don’t know whether that has had an impact. When DC01 and DC03 were moved initially, I could not resolve the name for them, there was no DNS record. The record for DC01 was put back manually twice by someone else, but later disappeared.   Then this was done to it and DC03 by one of the server admins: Regedit was started and he went to HKLM\Software\Microsoft\Windows NT\CurrentVersion\networkList\signatures\Unmanaged. The GUID there was noted. Then he browsed to HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles(Guid from the previous step). The value of the Category key was changed to 2 to indicate this was for a domain.   After that I was able to resolve the name correctly. I believe the above was done to fix an issue with NLA.     I compared the contents of the netlogon.dns file to the record here https://technet.microsoft.com/en-us/library/cc961921.aspx and they seem pretty close.   So what records is nslookup looking for? Any help would be appreciated.   Thank you!   Smita Carneiro, GCWN Active Directory Systems Engineer IT Security and Policy Ross Enterprise Center 3495 Kent Avenue, Suite 100 West Lafayette, IN 47906      

Order By: Standard | Newest | Votes
Ravi.Sabharanjak posted this 20 April 2016

If you are using nslookup domainname without any options , it is looking for A records that the DC should normally register.
See if you have any of these configured on the DC that is missing records in DNS - https://technet.microsoft.com/en-us/library/cc778029(v=ws.10).aspx


show

idarryl posted this 21 April 2016

When you ran nslookup, which server were you querying against?  Did you use the same server when you did you manual checks?
Also, you said "The DC is pointing to itself for DNS servers, and it also has a second DC listed."  The DC should point to itself, but not as the first entry, https://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx
Did you change the DNS client settings as part of the move?  There's a DNS bug: https://support.microsoft.com/en-us/kb/2520155
On Wed, 20 Apr 2016 at 21:28 Ravi Sabharanjak <ravi.sabharanjak@xxxxxxxxxxxxxxxx> wrote:
If you are using nslookup domainname without any options , it is looking for A records that the DC should normally register.
See if you have any of these configured on the DC that is missing records in DNS - https://technet.microsoft.com/en-us/library/cc778029(v=ws.10).aspx


show

SmitaCarneiro posted this 21 April 2016

Thanks Ravi and Darryl.

When I got to the last link you sent about the DC not pointing to itself, I went and checked the Advanced settings, and the ‘register this connections’s address

in DNS ‘ was unchecked.

Checked it and everything is now back to normal.

 

I just got an email from a server admin saying he had unchecked it, and I’m waiting to understand why.

 

Thanks again!

 

Smita

 

show

idarryl posted this 21 April 2016

Ok, thanks for the update. 
On Thu, 21 Apr 2016 at 15:23 Carneiro, Smita A. <carneiro@xxxxxxxxxxxxxxxx> wrote:
















Thanks Ravi and Darryl.

When I got to the last link you sent about the DC not pointing to itself, I went and checked the Advanced settings, and the ‘register this connections’s address

in DNS ‘ was unchecked.

Checked it and everything is now back to normal.

 

I just got an email from a server admin saying he had unchecked it, and I’m waiting to understand why.

 

Thanks again!

 

Smita

 

show

Close