Missing _msdcs zones
Steve Bruce, mct
DNS configuration wrong on their Small Business Server, Win2k or Server2003
domains. (They were usually installed by Linux fans or techs that never had
training past NT4)
When DNS is misconfigured on interfaces during dcpromo, the _msdcs zone may
not be created but nobody notices, sometimes for years.
Usually the missing zone can be created by restarting the netlogon service
after correcting other dns settings.
My Question: When that doesn't work, then what ? (short of doing it by hand
or demoting/promoting)
Thanks
![Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjVWEHNriBiYPzXk-vgDPwHLgmiXqqoZ_BdoNm0rTxa-ZYFnAw=s40-c)
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
I haven't seen one yet that can't have their DNS redone.
What else did they not wizard install on those little guys?
Tony Su
forward lookup zone for the Windows Domain namespace is stored in AD (inspect
the zone's properties), then force a reload.
--
Tony Su
www.su-networking.com
ISA
SBS
Enterprise Mobile Solutions Architect
Steve Bruce, mct
After I correcting dns values on the interfaces and verfiying the accuracy
of non-service records in DNS, I restart the netlogon service. Usually that
will create and populate the _msdcs zone. I was trying learn what technique
should be used to create that zone when the procedure I describe does not
create the zone.
Thanks
"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbra...@pacbell.net>
wrote in message news:%23AZAxtC%23FH...@TK2MSFTNGP15.phx.gbl...
David Copeland [MSFT]
1) Is the server only pointing to itself for DNS?
2) Is the nic set to Register this connection's addresses in DNS (right
click on the network interface connectoid/Properties/ TCP/IP
Properties/Advanced/DNS)
3) Is the DHCP client service started?
4) If they only have the forward lookup zone (ie. the _msdcs isn't separate
forward lookup zone) then is the forward lookup zone set to allow dynamic
updates?
--
Hope that helps,
David Copeland
Microsoft Small Business Server Support
This posting is provided "AS IS" with no warranties, and confers no rights.
SBS Newsgroups:
SBS v4.x: microsoft.public.backoffice.smallbiz
SBS 2000: microsoft.public.backoffice.smallbiz2000
SBS 2003: microsoft.public.windows.server.sbs
"Tony Su" <Ton...@discussions.microsoft.com> wrote in message
news:622FF7BD-BC65-451C...@microsoft.com...
Karl Middleton
wizards IE: some non-expert trying to hand craft the system
If you run the CEICW it should set up all your NICs correctly so that they
register in DNS properly and allow the AD stuff to work as it should.
I would say that if _msdcs is not there they would have other problems like
GPOs not working, login scripts not working, etc. Have you found any of
these?
"Steve Bruce, mct" <swb...@msn.com> wrote in message
news:%23wNvzoC%23FHA...@TK2MSFTNGP09.phx.gbl...
Tony Su
But my impression is that the CEICW won't do anything in this case.
AFAIK DNS should be set up during SBS Setup during the portion that does a
dcpromo to create the first DC in the forest... which should automatically
create and configure the AD zone in DNS.
--
Tony Su
www.su-networking.com
ISA
SBS
Enterprise Mobile Solutions Architect
Steve Bruce, mct
default dns registration options.
I can't get the _msdcs zone to be created by restarting the netlogon service
which usually works (at least on new installations).
I know the cause of missing _msdcs zone was because they had all DNS
settings on all interfaces pointing to the ISP during setup and for the last
year. Even though they has purchased SBS2003, it was done by a linux guy
who installed a linux mail server at the same time and did not install the
Exchange component at all !!
They have slow logins, cannot find printers in the directory and other
expected problems that they were just living with.
"Karl Middleton" <nos...@nospam.com> wrote in message
news:e1Jke5F%23FHA...@TK2MSFTNGP12.phx.gbl...
Tony Su
Try
Rt-click on your AD-integrated forward lookup zone name, click "reload"
--
Tony Su
www.su-networking.com
ISA
SBS
Enterprise Mobile Solutions Architect
David Copeland [MSFT]
Does the _msdcs zone show up under the AD forward lookup zone? If so, is it
grayed out indicating that it has been deletegated? If so, then you may need
to manually re-create the _msdcs.contoso.local zone. If it doesn't show up
at all in the forward lookup zone for the AD domain name, then I'd double
check the DNS settings in the Properties of TCP/IP on the nic (as well as,
verify that the zone does allow dynamic updates).. and/or registry keys to
verify that the dynamic updating has not been disabled.. If it still
doesn't work with secure dynamic updates.. then as a test you might try
changing it to simply allow dynamic updates (secure and non-secure).. if
that works, then I'd be more wondering about whether or not the server's
secure channel for the domain itself is still intact.. since as you
mentioned that the server had been pointing to the ISP for some time.
How to enable or disable DNS updates in Windows 2000 and in Windows Server
2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;246804
Might try renaming the following two files to see if that helps as well..
You might also check in the netlogon.dns file to verify the records that it
should be registering into what domain.. (in the event maybe the domain name
had been renamed)
. Netlogon.dns-which is located in %systemroot%\Winnt\System32\Config
. Netlogon.dnb-which is located in %systemroot%\Winnt\System32\Config
--
Hope that helps,
David Copeland
Microsoft Small Business Server Support
This posting is provided "AS IS" with no warranties, and confers no rights.
SBS Newsgroups:
SBS v4.x: microsoft.public.backoffice.smallbiz
SBS 2000: microsoft.public.backoffice.smallbiz2000
SBS 2003: microsoft.public.windows.server.sbs
"Tony Su" <Ton...@discussions.microsoft.com> wrote in message
news:99555EDA-8469-4DB1...@microsoft.com...