question

FedericoCoppola-2569 avatar image
0 Votes"
FedericoCoppola-2569 asked DSPatrick commented

I can not see DNS records inside DNS zones in secondary domain controller

Hi all,
I have two Domain Controller inside company.
Both of them are Windows 2016 DataCenter and they are installed in English Language.

Today I noted this issue:

On the first domain controller, inside DNS I can see all records inside the DNS zones.
On the second domain controller, inside DNS I see just DNS zones but inside domain zone there aren't DNS record, there are just the NameServer record!

After that I tried to the first domain controller, using DNS console, to connect to the second domain controller.
In this case I can see all DNS zones and records properly

What can I do?

Thanks
Federico

windows-serverwindows-server-2016windows-dhcp-dns
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

There seems to be some sort of corruption on this server. As a work-around it sounds like you can just use the newly created MSC but in my opinion I'd replace that domain controller ASAP.

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new one for replacement, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.


--please don't forget to upvote and Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Something here may help.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/dns-records-not-present

--please don't forget to upvote and Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,

Before going further, did you confirm that both the 2 DCs are working well and the replication status between DCs is good?
Following command can be tested:
Dcdiag /v >c:\dcdiag1.log
Repadmin /showrepl >C:\repl.txt
Repadmin /showreps *

Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FedericoCoppola-2569 avatar image
0 Votes"
FedericoCoppola-2569 answered FedericoCoppola-2569 edited

Hi @FanFan-MSFT,
I have tried to execute command in CMD.

I have attached output to this post.

Finally I have this error on both domain controller:

C:\Windows\system32>Repadmin /showreps
LDAP error 81 (Server Down) Win32 Err 58.
*

What can I do?

107091-dcdiag1-first-dc.log
107060-dcdiag1-second-dc.log
107101-repl-first-dc.txt
107082-repl-second-dc.txt

Finally, just to share more information about this issue, here some pictures.

This picture is about DNS record in DNS Zone in DC02
107064-image.png

This picture is about DNS records in DNS Zone of DC02 from DC01. From DC01 seems to be all regular...
107047-image.png



repl-first-dc.txt (1.3 KiB)
repl-second-dc.txt (1.3 KiB)
image.png (233.2 KiB)
image.png (364.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

DFS Replication service encountered an error communicating with partner PE-DC-002 for replication group Domain System Volume There are no more endpoints available from the endpoint mapper

I'd check the event logs for more details. The "no more end points available" is usually the result of port exhaustion, as a temporary fix rebooting may help. Also check that the required ports are flowing between networks.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts

--please don't forget to upvote and Accept as answer if the reply is helpful--









5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FedericoCoppola-2569 avatar image
0 Votes"
FedericoCoppola-2569 answered

Hi @DSPatrick,
Two domain controllers are in the same network VLAN.

These two domain controllers are running from 2/3 years, always in the same network.
There is just Windows Firewall running on all company servers and domain controller servers.

I rebooted DC01, I do not see changes in this moment.

Thanks
Federico

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited

What is in the event logs? (source and event ID) Might also try demote, reboot, promo the problematic one.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FedericoCoppola-2569 avatar image
0 Votes"
FedericoCoppola-2569 answered

Hi @DSPatrick

Inside EventViewer I filtered logs in Event Viewer > Applications and Services > DFS Replication using Critical, Error, Warning levels as showed.

107202-2021-06-18-20h27-41.jpg

After reboot sometime happear the warning/error few times (just one or two times). Otherwise I have just successful DFS sync.
107221-image.png

Anyway I continue to not see any DNS records inside DNS Zone in DC02. Inside DC01 I see all.



image.png (541.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Simplest thing to do may be to move roles off, demote, reboot, promo the problematic one.

--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.