Unable to create DNS Records on 2 of 3 DCs

-

we have 3 dcs, 2 @ our hq, , 1 @ our dr site.

2 dcs @ our hq server 2008 r2 sp1 standard,  1 dc @ our dr site server 2008 sp2.

whenever try create new dns record on either 1 of 2 dcs @ our hq following error:

dns
---------------------------
host record testing.ourdomain.local cannot created.
refused
---------------------------
ok   

i checked event viewer , found following:

event id 4015 - dns-server-services

dns server has encountered critical error active directory. check active directory functioning properly. extended error debug information (which may empty) "0000051b: atrerr: dsid-030f1f8d, #1:

0: 0000051b: dsid-030f1f8d, problem 1005 (constraint_att_type), data 0, att 20119 (ntsecuritydescriptor)". event data contains error.

dcdiag /test:dns results on 3 dcs , 2 dcs @ hq can't create dns records on both pass without errors.   1 server @ our dr site 1 throws errors , errors follow:

______________________________________


directory server diagnosis


performing initial setup:

   trying find home server...

   home server = dr-dc-01s

   * identified ad forest. 
   done gathering initial info.


doing initial required tests

   
   testing server: our-company-dr\dr-dc-01s

      starting test: connectivity

         ......................... dr-dc-01s passed test connectivity



doing primary tests

   
   testing server: our-company-dr\dr-dc-01s

   
      starting test: dns

         

         dns tests running , not hung. please wait few minutes...

         ......................... dr-dc-01s passed test dns

   
   running partition tests on : forestdnszones

   
   running partition tests on : domaindnszones

   
   running partition tests on : schema

   
   running partition tests on : configuration

   
   running partition tests on : ourcompany

   
   running enterprise tests on : ourcompany.local

      starting test: dns

         test results domain controllers:

            
            dc: dr-dc-01s.ourcompany.local

            domain: ourcompany.local

            

                  
               test: basic (basc)
                  warning: aaaa record dc not found
                  
               test: records registration (rreg)
                  network adapter

                  [00000012] broadcom bcm5709c netxtreme ii gige (ndis vbd client):

                  

                     warning: 
                     missing aaaa record @ dns server 192.168.hq.23: 
                     dr-dc-01s.ourcompany.local
                     
                     warning: 
                     missing aaaa record @ dns server 192.168.hq.23: 
                     gc._msdcs.ourcompany.local
                     
                     warning: 
                     missing aaaa record @ dns server 192.168.hq.22: 
                     dr-dc-01s.ourcompany.local
                     
                     warning: 
 
                     missing aaaa record @ dns server 192.168.hq.22: 
                     gc._msdcs.ourcompany.local
                     
                     warning: 
                     missing aaaa record @ dns server 192.168.dr.51: 
                     dr-dc-01s.ourcompany.local
                     
                     warning: 
                     missing aaaa record @ dns server 192.168.dr.51: 
                     gc._msdcs.ourcompany.local
                     
               warning: record registrations not found in network adapters

         
               dr-dc-01s                   pass warn pass pass pass warn n/a  
         ......................... ourcompany.local passed test dns

_____________________________________________________________________________________________

for it's not emergency, need fix.   other directory services seem functioning correctly , i've done ton of googling , searching try figure out how fix this, haven't found right resource yet.   can create new dns records logging onto our dr server , creating dns records there, waiting few minutes changes replicate other dcs, no means permanent solution.

if have suggestions on how fix or suggestions on at/for next i'm ears.


i called ms support , opened case.   called few hours later, got connected , took look.   changed "dynamic updates" on ourdomain.local "secure only" "nonsecure , secure" , able create new dns records.


Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more

ADFS 3.0 Event ID 4625 | An Error occurred During Logon | Status: 0xC000035B

-
we're getting these random errors on our adfs security logs, how can track down generating them? an account failed log on. subject: security id: null sid account name: - account domain: - logon id: 0x0 logon type: 3 account logon failed: security id: null sid account name: account domain: failure information: failure reason: an error occured during logon. status: 0xc000035b sub status: 0x0 process information: caller process id: 0x0 caller process name: - network information: workstation name: - source network address: - source port: - detailed authentication information: logon process: kerberos authentication package: kerberos transited services: - package name (ntlm only): - key length: 0 event generated when logon request fails. generated on computer access attempted. subject fields indicate account on local system requested logon. commonly service such server service, or local process such ...
Read more

DFSR RPC replication errors 5014 1726 with large files over VPN

-
i have similar issue ryan in reply http://social.technet.microsoft.com/forums/en-gb/winserverfiles/thread/6d49fd71-2236-4fcb-9763-bf1c03459ee8 cited below. start additional thread here because other 1 related windows server 2003 (r2) , i'm (as ryan) on windows 2008 r2 x64. here first of post ryan: i've got same problem on 2008 r2 dfsr server.  the spoke server has 2x intel 1 gigb on-board nics in active/standby teamed configuration. the hub server (running on vmware using 10gbit vmnet3 nic driver) logs dfsr event 5014 every 2-15mins (usually around 5mins). the spoke server not log event. replication running slowly. initial sync/replication. had re-configure replication folder because of lost dfsr database on spoke server.  could teamed nic on spoke causing error on host? a note: last time did initial sync on folder processed @ 30k files , hour. time it's doing few hundred and hour. another note: hub server has several replication groups , conne...
Read more