Domain:
abc.local

Servers:
Srv1 (Win 2003SP1)
Srv2 (Win 2003SP1)


I like to setup DNS (first) and test it via NSLOOKUP before I promote
standalone servers to DC's.

I have two new servers (SRV1 and SRV2).

I setup the Primary DNS Suffix on both servers
Installed the DNS service on both servers.
Pointed SRV1 to itself for DNS
Pointed SRV2 to point to SRV1
Created a Standard Primary Zone on SRV1 (abc.local)
Created a Standard Secondary Zone on SRV2 (abc.local)
Setup Zone Tranfer to successfully transfer abc.local from SRV1 to SRV2

The servers are setup correctly and resolve to each other via NSLOOKUP.

I successfully run DCPROMO on SRV1, reboot and logon. Perfect!

Run DCPROMO on SRV2, reboot and logon. Perfect!

Here's the issue:

I reboot SRV1 (after SRV2 becomes a DC) and SRV1 hangs at "Preparing Network
Connections" for 5 minutes, then the

login screen appears.

Something in DNS is amiss.

Remember, i'm running a Standard DNS zone (abc.local). The (abc.local) zone
is NOT AD INTEGRATED.

Here's the key to my problem:

Once the 5 minutes passes, and I am able to logon to SRV1, I go into the DNS
management console, go directly to "_tcp" and there is no "_gc" record.

If I restart the "netlogon" service and do a "refresh", the "_gc._tcp"
resource record appears. Why am I losing the "_gc" record???

Why does the global catalog server (SRV1) keep losing the "_gc._tcp" record
in DNS, once it's rebooted?

BTW: I have run NETDIAG /FIX with no errors.

Thanks, RB

"Niatross" <niatross@newsgroup.nospam> wrote in message
news:2D59D32D-AD33-4F9C-AB9C-551561CD2A1E@microsoft.com...
> Domain:
> abc.local
>
> Servers:
> Srv1 (Win 2003SP1)
> Srv2 (Win 2003SP1)
>
>
> I like to setup DNS (first) and test it via NSLOOKUP before I promote
> standalone servers to DC's.

Better/easier to test with "DCDiag /c" on every DC.

> I have two new servers (SRV1 and SRV2).
>
> I setup the Primary DNS Suffix on both servers
> Installed the DNS service on both servers.
> Pointed SRV1 to itself for DNS
> Pointed SRV2 to point to SRV1

This is ok.

> Created a Standard Primary Zone on SRV1 (abc.local)
> Created a Standard Secondary Zone on SRV2 (abc.local)
> Setup Zone Tranfer to successfully transfer abc.local from SRV1 to SRV2

Good, if the primary is DYNAMIC.

Also, SRV2 should at least use itself as an ALTERNATE or there will be
problems resolving the domain when SVR1 is down -- even better is to
have both of them as AD Integrated so that both may accept changes.

> The servers are setup correctly and resolve to each other via NSLOOKUP.
> I successfully run DCPROMO on SRV1, reboot and logon. Perfect!
> Run DCPROMO on SRV2, reboot and logon. Perfect!

Good.

> Here's the issue:
>
> I reboot SRV1 (after SRV2 becomes a DC) and SRV1 hangs at "Preparing
> Network
> Connections" for 5 minutes, then the

With standard Primary this should not be the case DUE to DNS.


> login screen appears.
> Something in DNS is amiss.
>
> Remember, i'm running a Standard DNS zone (abc.local). The (abc.local)
> zone
> is NOT AD INTEGRATED.
>
> Here's the key to my problem:
>
> Once the 5 minutes passes, and I am able to logon to SRV1, I go into the
> DNS
> management console, go directly to "_tcp" and there is no "_gc" record.

Are the DCs set to be GCs? Normally only Srv1 would be by default but in a
single domain forest all DCs should be GCs.

> If I restart the "netlogon" service and do a "refresh", the "_gc._tcp"
> resource record appears. Why am I losing the "_gc" record???

Do you have scavenging turned on (with short timeouts)?

GC records should NOT be scavenged by default and should never be scavenged
quickly anyway.

> Why does the global catalog server (SRV1) keep losing the "_gc._tcp"
> record
> in DNS, once it's rebooted?

Maybe the file isn't getting flushed to disk on a crash/reboot but otherwise
it
should be there unless scavenged.

> BTW: I have run NETDIAG /FIX with no errors.

DCDiag /c is best for DCs.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

Herb:

To answer your questions...

Yes, the Primary is dynamic (Non-secure and secure). This is a test
environment to learn DNS. I'm using virtual machines.

I do have a single domain forest. SRV1 is the ONLY global catalog.
Scavenging is set to their defaults (never changed).

Why is SRV1 losing it's "_gc._tcp" record and taking 5 minutes to logon.

If I only use SRV1 and do not setup SRV2, SRV1 has no problems and the
"_gc._tcp" record stays put and SRV1 logs in quickly.

Thank, RB

---------------------------------------------------

"Herb Martin" wrote:

>
> "Niatross" <niatross@newsgroup.nospam> wrote in message
> news:2D59D32D-AD33-4F9C-AB9C-551561CD2A1E@microsoft.com...
> > Domain:
> > abc.local
> >
> > Servers:
> > Srv1 (Win 2003SP1)
> > Srv2 (Win 2003SP1)
> >
> >
> > I like to setup DNS (first) and test it via NSLOOKUP before I promote
> > standalone servers to DC's.
>
> Better/easier to test with "DCDiag /c" on every DC.
>
> > I have two new servers (SRV1 and SRV2).
> >
> > I setup the Primary DNS Suffix on both servers
> > Installed the DNS service on both servers.
> > Pointed SRV1 to itself for DNS
> > Pointed SRV2 to point to SRV1
>
> This is ok.
>
> > Created a Standard Primary Zone on SRV1 (abc.local)
> > Created a Standard Secondary Zone on SRV2 (abc.local)
> > Setup Zone Tranfer to successfully transfer abc.local from SRV1 to SRV2
>
> Good, if the primary is DYNAMIC.
>
> Also, SRV2 should at least use itself as an ALTERNATE or there will be
> problems resolving the domain when SVR1 is down -- even better is to
> have both of them as AD Integrated so that both may accept changes.
>
> > The servers are setup correctly and resolve to each other via NSLOOKUP.
> > I successfully run DCPROMO on SRV1, reboot and logon. Perfect!
> > Run DCPROMO on SRV2, reboot and logon. Perfect!
>
> Good.
>
> > Here's the issue:
> >
> > I reboot SRV1 (after SRV2 becomes a DC) and SRV1 hangs at "Preparing
> > Network
> > Connections" for 5 minutes, then the
>
> With standard Primary this should not be the case DUE to DNS.
>
>
> > login screen appears.
> > Something in DNS is amiss.
> >
> > Remember, i'm running a Standard DNS zone (abc.local). The (abc.local)
> > zone
> > is NOT AD INTEGRATED.
> >
> > Here's the key to my problem:
> >
> > Once the 5 minutes passes, and I am able to logon to SRV1, I go into the
> > DNS
> > management console, go directly to "_tcp" and there is no "_gc" record.
>
> Are the DCs set to be GCs? Normally only Srv1 would be by default but in a
> single domain forest all DCs should be GCs.
>
> > If I restart the "netlogon" service and do a "refresh", the "_gc._tcp"
> > resource record appears. Why am I losing the "_gc" record???
>
> Do you have scavenging turned on (with short timeouts)?
>
> GC records should NOT be scavenged by default and should never be scavenged
> quickly anyway.
>
> > Why does the global catalog server (SRV1) keep losing the "_gc._tcp"
> > record
> > in DNS, once it's rebooted?
>
> Maybe the file isn't getting flushed to disk on a crash/reboot but otherwise
> it
> should be there unless scavenged.
>
> > BTW: I have run NETDIAG /FIX with no errors.
>
> DCDiag /c is best for DCs.
>
> --
> Herb Martin, MCSE, MVP
> http://www.LearnQuick.Com
> (phone on web site)
>
>
>

"Niatross" <niatross@newsgroup.nospam> wrote in message
news:BEF9E9EF-20D6-416F-A283-8F5E919C1431@microsoft.com...
> Herb:
>
> To answer your questions...
>
> Yes, the Primary is dynamic (Non-secure and secure). This is a test
> environment to learn DNS. I'm using virtual machines.

Nothing special here as long as IP/routing etc work as normal.

> I do have a single domain forest. SRV1 is the ONLY global catalog.
> Scavenging is set to their defaults (never changed).

The default is DISABLED.

> Why is SRV1 losing it's "_gc._tcp" record and taking 5 minutes to logon.
>
> If I only use SRV1 and do not setup SRV2, SRV1 has no problems and the
> "_gc._tcp" record stays put and SRV1 logs in quickly.

Show us your UNEDITED text from "IPConfig /all" and from "DCDiag /c"
from EACH DC (clearly identified as 1 or 2.)


> Thank, RB
>
> ---------------------------------------------------
>
> "Herb Martin" wrote:
>
>>
>> "Niatross" <niatross@newsgroup.nospam> wrote in message
>> news:2D59D32D-AD33-4F9C-AB9C-551561CD2A1E@microsoft.com...
>> > Domain:
>> > abc.local
>> >
>> > Servers:
>> > Srv1 (Win 2003SP1)
>> > Srv2 (Win 2003SP1)
>> >
>> >
>> > I like to setup DNS (first) and test it via NSLOOKUP before I promote
>> > standalone servers to DC's.
>>
>> Better/easier to test with "DCDiag /c" on every DC.
>>
>> > I have two new servers (SRV1 and SRV2).
>> >
>> > I setup the Primary DNS Suffix on both servers
>> > Installed the DNS service on both servers.
>> > Pointed SRV1 to itself for DNS
>> > Pointed SRV2 to point to SRV1
>>
>> This is ok.
>>
>> > Created a Standard Primary Zone on SRV1 (abc.local)
>> > Created a Standard Secondary Zone on SRV2 (abc.local)
>> > Setup Zone Tranfer to successfully transfer abc.local from SRV1 to SRV2
>>
>> Good, if the primary is DYNAMIC.
>>
>> Also, SRV2 should at least use itself as an ALTERNATE or there will be
>> problems resolving the domain when SVR1 is down -- even better is to
>> have both of them as AD Integrated so that both may accept changes.
>>
>> > The servers are setup correctly and resolve to each other via NSLOOKUP.
>> > I successfully run DCPROMO on SRV1, reboot and logon. Perfect!
>> > Run DCPROMO on SRV2, reboot and logon. Perfect!
>>
>> Good.
>>
>> > Here's the issue:
>> >
>> > I reboot SRV1 (after SRV2 becomes a DC) and SRV1 hangs at "Preparing
>> > Network
>> > Connections" for 5 minutes, then the
>>
>> With standard Primary this should not be the case DUE to DNS.
>>
>>
>> > login screen appears.
>> > Something in DNS is amiss.
>> >
>> > Remember, i'm running a Standard DNS zone (abc.local). The (abc.local)
>> > zone
>> > is NOT AD INTEGRATED.
>> >
>> > Here's the key to my problem:
>> >
>> > Once the 5 minutes passes, and I am able to logon to SRV1, I go into
>> > the
>> > DNS
>> > management console, go directly to "_tcp" and there is no "_gc" record.
>>
>> Are the DCs set to be GCs? Normally only Srv1 would be by default but in
>> a
>> single domain forest all DCs should be GCs.
>>
>> > If I restart the "netlogon" service and do a "refresh", the "_gc._tcp"
>> > resource record appears. Why am I losing the "_gc" record???
>>
>> Do you have scavenging turned on (with short timeouts)?
>>
>> GC records should NOT be scavenged by default and should never be
>> scavenged
>> quickly anyway.
>>
>> > Why does the global catalog server (SRV1) keep losing the "_gc._tcp"
>> > record
>> > in DNS, once it's rebooted?
>>
>> Maybe the file isn't getting flushed to disk on a crash/reboot but
>> otherwise
>> it
>> should be there unless scavenged.
>>
>> > BTW: I have run NETDIAG /FIX with no errors.
>>
>> DCDiag /c is best for DCs.
>>
>> --
>> Herb Martin, MCSE, MVP
>> http://www.LearnQuick.Com
>> (phone on web site)
>>
>>
>>

Herb,

Here are IPCONFIG and DCDIAG /C (from both servers) as you requested:

SRV1 Windows IP Configuration

Host Name . . . . . . . . . . . . : SRV1
Primary Dns Suffix . . . . . . . : abc.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abc.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
Adapter(Generic)
Physical Address. . . . . . . . . : 00-03-FF-38-B5-C7
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1

--------------------------------------------

SRV2 Windows IP Configuration

Host Name . . . . . . . . . . . . : SRV2
Primary Dns Suffix . . . . . . . : abc.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abc.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
Adapter(Generic)
Physical Address. . . . . . . . . : 00-03-FF-25-B5-C7
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1

--------------------------------------------

SRV1 Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SRV1
Starting test: Connectivity
......................... SRV1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SRV1
Starting test: Replications
......................... SRV1 passed test Replications
Starting test: Topology
......................... SRV1 passed test Topology
Starting test: CutoffServers
......................... SRV1 passed test CutoffServers
Starting test: NCSecDesc
......................... SRV1 passed test NCSecDesc
Starting test: NetLogons
......................... SRV1 passed test NetLogons
Starting test: Advertising
......................... SRV1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SRV1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SRV1 passed test RidManager
Starting test: MachineAccount
......................... SRV1 passed test MachineAccount
Starting test: Services
......................... SRV1 passed test Services
Starting test: OutboundSecureChannels
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SRV1 passed test OutboundSecureChannels

Starting test: ObjectsReplicated
......................... SRV1 passed test ObjectsReplicated
Starting test: frssysvol
......................... SRV1 passed test frssysvol
Starting test: frsevent
......................... SRV1 passed test frsevent
Starting test: kccevent
......................... SRV1 passed test kccevent
Starting test: systemlog
......................... SRV1 passed test systemlog
Starting test: VerifyReplicas
......................... SRV1 passed test VerifyReplicas
Starting test: VerifyReferences
......................... SRV1 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SRV1 passed test VerifyEnterpriseReferences
Starting test: CheckSecurityError
[SRV1] No security related replication errors were found on this
DC! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... SRV1 passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : abc
Starting test: CrossRefValidation
......................... abc passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... abc passed test CheckSDRefDom

Running enterprise tests on : abc.local
Starting test: Intersite
......................... abc.local passed test Intersite
Starting test: FsmoCheck
......................... abc.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: SRV1.abc.local
Domain: abc.local


TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server:
a.root-servers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server:
c.root-servers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-servers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-servers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-servers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-servers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-servers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-servers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-servers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server:
m.root-servers.net. (202.12.27.33)

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not
secure abc.local.

Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53

DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90

DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107

DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4

DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10

DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12

DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17

DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241

DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30

DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129

DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12

DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4

DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext

__________________________________________________ ______________
Domain: abc.local
SRV1 PASS PASS FAIL PASS WARN PASS n/a

......................... abc.local failed test DNS

--------------------------------------------

SRV2 Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SRV2
Starting test: Connectivity
......................... SRV2 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SRV2
Starting test: Replications
......................... SRV2 passed test Replications
Starting test: Topology
......................... SRV2 passed test Topology
Starting test: CutoffServers
......................... SRV2 passed test CutoffServers
Starting test: NCSecDesc
......................... SRV2 passed test NCSecDesc
Starting test: NetLogons
......................... SRV2 passed test NetLogons
Starting test: Advertising
......................... SRV2 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SRV2 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SRV2 passed test RidManager
Starting test: MachineAccount
......................... SRV2 passed test MachineAccount
Starting test: Services
......................... SRV2 passed test Services
Starting test: OutboundSecureChannels
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SRV2 passed test OutboundSecureChannels

Starting test: ObjectsReplicated
......................... SRV2 passed test ObjectsReplicated
Starting test: frssysvol
......................... SRV2 passed test frssysvol
Starting test: frsevent
......................... SRV2 passed test frsevent
Starting test: kccevent
......................... SRV2 passed test kccevent
Starting test: systemlog
......................... SRV2 passed test systemlog
Starting test: VerifyReplicas
......................... SRV2 passed test VerifyReplicas
Starting test: VerifyReferences
......................... SRV2 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... SRV2 passed test VerifyEnterpriseRefere
nces
Starting test: CheckSecurityError
[SRV2] No security related replication errors were found on this
DC! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... SRV2 passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : abc
Starting test: CrossRefValidation
......................... abc passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... abc passed test CheckSDRefDom

Running enterprise tests on : abc.local
Starting test: Intersite
......................... abc.local passed test Intersite
Starting test: FsmoCheck
......................... abc.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: SRV2.abc.local
Domain: abc.local


TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server:
a.root-servers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server:
c.root-servers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-servers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-servers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-servers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-servers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-servers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-servers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-servers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server:
m.root-servers.net. (202.12.27.33)

Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53

DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90

DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107

DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4

DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10

DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12

DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17

DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241

DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30

DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129

DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12

DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4

DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext

__________________________________________________ ______________
Domain: abc.local
SRV2 PASS PASS FAIL PASS n/a PASS n/a

......................... abc.local failed test DNS

Thanks, RB

"Herb Martin" wrote:

>
> "Niatross" <niatross@newsgroup.nospam> wrote in message
> news:BEF9E9EF-20D6-416F-A283-8F5E919C1431@microsoft.com...
> > Herb:
> >
> > To answer your questions...
> >
> > Yes, the Primary is dynamic (Non-secure and secure). This is a test
> > environment to learn DNS. I'm using virtual machines.
>
> Nothing special here as long as IP/routing etc work as normal.
>
> > I do have a single domain forest. SRV1 is the ONLY global catalog.
> > Scavenging is set to their defaults (never changed).
>
> The default is DISABLED.
>
> > Why is SRV1 losing it's "_gc._tcp" record and taking 5 minutes to logon.
> >
> > If I only use SRV1 and do not setup SRV2, SRV1 has no problems and the
> > "_gc._tcp" record stays put and SRV1 logs in quickly.
>
> Show us your UNEDITED text from "IPConfig /all" and from "DCDiag /c"
> from EACH DC (clearly identified as 1 or 2.)
>
>
> > Thank, RB
> >
> > ---------------------------------------------------
> >
> > "Herb Martin" wrote:
> >
> >>
> >> "Niatross" <niatross@newsgroup.nospam> wrote in message
> >> news:2D59D32D-AD33-4F9C-AB9C-551561CD2A1E@microsoft.com...
> >> > Domain:
> >> > abc.local
> >> >
> >> > Servers:
> >> > Srv1 (Win 2003SP1)
> >> > Srv2 (Win 2003SP1)
> >> >
> >> >
> >> > I like to setup DNS (first) and test it via NSLOOKUP before I promote
> >> > standalone servers to DC's.
> >>
> >> Better/easier to test with "DCDiag /c" on every DC.
> >>
> >> > I have two new servers (SRV1 and SRV2).
> >> >
> >> > I setup the Primary DNS Suffix on both servers
> >> > Installed the DNS service on both servers.
> >> > Pointed SRV1 to itself for DNS
> >> > Pointed SRV2 to point to SRV1
> >>
> >> This is ok.
> >>
> >> > Created a Standard Primary Zone on SRV1 (abc.local)
> >> > Created a Standard Secondary Zone on SRV2 (abc.local)
> >> > Setup Zone Tranfer to successfully transfer abc.local from SRV1 to SRV2
> >>
> >> Good, if the primary is DYNAMIC.
> >>
> >> Also, SRV2 should at least use itself as an ALTERNATE or there will be
> >> problems resolving the domain when SVR1 is down -- even better is to
> >> have both of them as AD Integrated so that both may accept changes.
> >>
> >> > The servers are setup correctly and resolve to each other via NSLOOKUP.
> >> > I successfully run DCPROMO on SRV1, reboot and logon. Perfect!
> >> > Run DCPROMO on SRV2, reboot and logon. Perfect!
> >>
> >> Good.
> >>
> >> > Here's the issue:
> >> >
> >> > I reboot SRV1 (after SRV2 becomes a DC) and SRV1 hangs at "Preparing
> >> > Network
> >> > Connections" for 5 minutes, then the
> >>
> >> With standard Primary this should not be the case DUE to DNS.
> >>
> >>
> >> > login screen appears.
> >> > Something in DNS is amiss.
> >> >
> >> > Remember, i'm running a Standard DNS zone (abc.local). The (abc.local)
> >> > zone
> >> > is NOT AD INTEGRATED.
> >> >
> >> > Here's the key to my problem:
> >> >
> >> > Once the 5 minutes passes, and I am able to logon to SRV1, I go into
> >> > the
> >> > DNS
> >> > management console, go directly to "_tcp" and there is no "_gc" record.
> >>
> >> Are the DCs set to be GCs? Normally only Srv1 would be by default but in
> >> a
> >> single domain forest all DCs should be GCs.
> >>
> >> > If I restart the "netlogon" service and do a "refresh", the "_gc._tcp"
> >> > resource record appears. Why am I losing the "_gc" record???
> >>
> >> Do you have scavenging turned on (with short timeouts)?
> >>
> >> GC records should NOT be scavenged by default and should never be
> >> scavenged
> >> quickly anyway.
> >>
> >> > Why does the global catalog server (SRV1) keep losing the "_gc._tcp"
> >> > record
> >> > in DNS, once it's rebooted?
> >>
> >> Maybe the file isn't getting flushed to disk on a crash/reboot but
> >> otherwise
> >> it
> >> should be there unless scavenged.
> >>
> >> > BTW: I have run NETDIAG /FIX with no errors.
> >>
> >> DCDiag /c is best for DCs.
> >>
> >> --
> >> Herb Martin, MCSE, MVP
> >> http://www.LearnQuick.Com
> >> (phone on web site)
> >>
> >>
> >>
>
>
>

"Niatross" <niatross@newsgroup.nospam> wrote in message
news:01C063DB-CEB4-4589-A584-8714F4280DE1@microsoft.com...
> Herb,
>
> Here are IPCONFIG and DCDIAG /C (from both servers) as you requested:
>
> SRV1 Windows IP Configuration
> Host Name . . . . . . . . . . . . : SRV1
> Primary Dns Suffix . . . . . . . : abc.local
> IP Address. . . . . . . . . . . . : 192.168.1.1
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.168.1.1
> --------------------------------------------
>
> SRV2 Windows IP Configuration
> Host Name . . . . . . . . . . . . : SRV2
> Primary Dns Suffix . . . . . . . : abc.local
> IP Address. . . . . . . . . . . . : 192.168.1.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> DNS Servers . . . . . . . . . . . : 192.168.1.1
> --------------------------------------------

Looks ok.

Your DCDiag looks ok too since the Root server problems are
due to being on a private net with no router/connectivity to the
Internet. You can use the DNS server "advanced tab" to set
"Disable Recursion" and make these go away -- it will disable
the use of root hints AND forwarding so never use this if you
must also resolve external domains, including the Internet.

Are you GCs records there now? It passed so they should be.

Remember you should likely set both DCs at GCs anyway.


--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)


> Thanks, RB
>
> "Herb Martin" wrote:
>
>>
>> "Niatross" <niatross@newsgroup.nospam> wrote in message
>> news:BEF9E9EF-20D6-416F-A283-8F5E919C1431@microsoft.com...
>> > Herb:
>> >
>> > To answer your questions...
>> >
>> > Yes, the Primary is dynamic (Non-secure and secure). This is a test
>> > environment to learn DNS. I'm using virtual machines.
>>
>> Nothing special here as long as IP/routing etc work as normal.
>>
>> > I do have a single domain forest. SRV1 is the ONLY global catalog.
>> > Scavenging is set to their defaults (never changed).
>>
>> The default is DISABLED.
>>
>> > Why is SRV1 losing it's "_gc._tcp" record and taking 5 minutes to
>> > logon.
>> >
>> > If I only use SRV1 and do not setup SRV2, SRV1 has no problems and the
>> > "_gc._tcp" record stays put and SRV1 logs in quickly.
>>
>> Show us your UNEDITED text from "IPConfig /all" and from "DCDiag /c"
>> from EACH DC (clearly identified as 1 or 2.)
>>
>>
>> > Thank, RB
>> >
>> > ---------------------------------------------------
>> >
>> > "Herb Martin" wrote:
>> >
>> >>
>> >> "Niatross" <niatross@newsgroup.nospam> wrote in message
>> >> news:2D59D32D-AD33-4F9C-AB9C-551561CD2A1E@microsoft.com...
>> >> > Domain:
>> >> > abc.local
>> >> >
>> >> > Servers:
>> >> > Srv1 (Win 2003SP1)
>> >> > Srv2 (Win 2003SP1)
>> >> >
>> >> >
>> >> > I like to setup DNS (first) and test it via NSLOOKUP before I
>> >> > promote
>> >> > standalone servers to DC's.
>> >>
>> >> Better/easier to test with "DCDiag /c" on every DC.
>> >>
>> >> > I have two new servers (SRV1 and SRV2).
>> >> >
>> >> > I setup the Primary DNS Suffix on both servers
>> >> > Installed the DNS service on both servers.
>> >> > Pointed SRV1 to itself for DNS
>> >> > Pointed SRV2 to point to SRV1
>> >>
>> >> This is ok.
>> >>
>> >> > Created a Standard Primary Zone on SRV1 (abc.local)
>> >> > Created a Standard Secondary Zone on SRV2 (abc.local)
>> >> > Setup Zone Tranfer to successfully transfer abc.local from SRV1 to
>> >> > SRV2
>> >>
>> >> Good, if the primary is DYNAMIC.
>> >>
>> >> Also, SRV2 should at least use itself as an ALTERNATE or there will be
>> >> problems resolving the domain when SVR1 is down -- even better is to
>> >> have both of them as AD Integrated so that both may accept changes.
>> >>
>> >> > The servers are setup correctly and resolve to each other via
>> >> > NSLOOKUP.
>> >> > I successfully run DCPROMO on SRV1, reboot and logon. Perfect!
>> >> > Run DCPROMO on SRV2, reboot and logon. Perfect!
>> >>
>> >> Good.
>> >>
>> >> > Here's the issue:
>> >> >
>> >> > I reboot SRV1 (after SRV2 becomes a DC) and SRV1 hangs at "Preparing
>> >> > Network
>> >> > Connections" for 5 minutes, then the
>> >>
>> >> With standard Primary this should not be the case DUE to DNS.
>> >>
>> >>
>> >> > login screen appears.
>> >> > Something in DNS is amiss.
>> >> >
>> >> > Remember, i'm running a Standard DNS zone (abc.local). The
>> >> > (abc.local)
>> >> > zone
>> >> > is NOT AD INTEGRATED.
>> >> >
>> >> > Here's the key to my problem:
>> >> >
>> >> > Once the 5 minutes passes, and I am able to logon to SRV1, I go into
>> >> > the
>> >> > DNS
>> >> > management console, go directly to "_tcp" and there is no "_gc"
>> >> > record.
>> >>
>> >> Are the DCs set to be GCs? Normally only Srv1 would be by default but
>> >> in
>> >> a
>> >> single domain forest all DCs should be GCs.
>> >>
>> >> > If I restart the "netlogon" service and do a "refresh", the
>> >> > "_gc._tcp"
>> >> > resource record appears. Why am I losing the "_gc" record???
>> >>
>> >> Do you have scavenging turned on (with short timeouts)?
>> >>
>> >> GC records should NOT be scavenged by default and should never be
>> >> scavenged
>> >> quickly anyway.
>> >>
>> >> > Why does the global catalog server (SRV1) keep losing the
>> >> > "_gc._tcp"
>> >> > record
>> >> > in DNS, once it's rebooted?
>> >>
>> >> Maybe the file isn't getting flushed to disk on a crash/reboot but
>> >> otherwise
>> >> it
>> >> should be there unless scavenged.
>> >>
>> >> > BTW: I have run NETDIAG /FIX with no errors.
>> >>
>> >> DCDiag /c is best for DCs.
>> >>
>> >> --
>> >> Herb Martin, MCSE, MVP
>> >> http://www.LearnQuick.Com
>> >> (phone on web site)
>> >>
>> >>
>> >>
>>
>>
>>

Yes, I have these servers (virtual machines) set as "local only" so root hint
errors will be there. This is a lab, so i don't need internet access.

Yes, my _gc records show up for SRV1 (if you wait long enough).

If I reboot, SRV1...then SRV1 sits at "preparing network connections" for 5
minutes, and once i open the DNS console and look for _gc._tcp...it will be
gone again. Wait 5 minutes andd it reappears.

Take my SRV2 server (which is a DC/without GC capabilty and has a secondary
zone of SRV1's abc.local zone) and remove it from the network. Meaning run
DCPROMO to demote it and everything is fine with SRV1 and the _gc record
sticks!

This is soooo strange. Try it yourself. Setup DNS on two servers. Make one a
DC/GC and is the authoritative DNS server for a zone called abc.local. Make
the second server a DC that still holds the secondary zone for abc.local and
see how your lab goes.

If you don't set both DC's as GC's, is this the behaviour that happens???

If it is, that's weird!!!

Thanks, RB

"Herb Martin" wrote:

>
> "Niatross" <niatross@newsgroup.nospam> wrote in message
> news:01C063DB-CEB4-4589-A584-8714F4280DE1@microsoft.com...
> > Herb,
> >
> > Here are IPCONFIG and DCDIAG /C (from both servers) as you requested:
> >
> > SRV1 Windows IP Configuration
> > Host Name . . . . . . . . . . . . : SRV1
> > Primary Dns Suffix . . . . . . . : abc.local
> > IP Address. . . . . . . . . . . . : 192.168.1.1
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > Default Gateway . . . . . . . . . :
> > DNS Servers . . . . . . . . . . . : 192.168.1.1
> > --------------------------------------------
> >
> > SRV2 Windows IP Configuration
> > Host Name . . . . . . . . . . . . : SRV2
> > Primary Dns Suffix . . . . . . . : abc.local
> > IP Address. . . . . . . . . . . . : 192.168.1.2
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > DNS Servers . . . . . . . . . . . : 192.168.1.1
> > --------------------------------------------
>
> Looks ok.
>
> Your DCDiag looks ok too since the Root server problems are
> due to being on a private net with no router/connectivity to the
> Internet. You can use the DNS server "advanced tab" to set
> "Disable Recursion" and make these go away -- it will disable
> the use of root hints AND forwarding so never use this if you
> must also resolve external domains, including the Internet.
>
> Are you GCs records there now? It passed so they should be.
>
> Remember you should likely set both DCs at GCs anyway.
>
>
> --
> Herb Martin, MCSE, MVP
> http://www.LearnQuick.Com
> (phone on web site)
>
>
> > Thanks, RB
> >
> > "Herb Martin" wrote:
> >
> >>
> >> "Niatross" <niatross@newsgroup.nospam> wrote in message
> >> news:BEF9E9EF-20D6-416F-A283-8F5E919C1431@microsoft.com...
> >> > Herb:
> >> >
> >> > To answer your questions...
> >> >
> >> > Yes, the Primary is dynamic (Non-secure and secure). This is a test
> >> > environment to learn DNS. I'm using virtual machines.
> >>
> >> Nothing special here as long as IP/routing etc work as normal.
> >>
> >> > I do have a single domain forest. SRV1 is the ONLY global catalog.
> >> > Scavenging is set to their defaults (never changed).
> >>
> >> The default is DISABLED.
> >>
> >> > Why is SRV1 losing it's "_gc._tcp" record and taking 5 minutes to
> >> > logon.
> >> >
> >> > If I only use SRV1 and do not setup SRV2, SRV1 has no problems and the
> >> > "_gc._tcp" record stays put and SRV1 logs in quickly.
> >>
> >> Show us your UNEDITED text from "IPConfig /all" and from "DCDiag /c"
> >> from EACH DC (clearly identified as 1 or 2.)
> >>
> >>
> >> > Thank, RB
> >> >
> >> > ---------------------------------------------------
> >> >
> >> > "Herb Martin" wrote:
> >> >
> >> >>
> >> >> "Niatross" <niatross@newsgroup.nospam> wrote in message
> >> >> news:2D59D32D-AD33-4F9C-AB9C-551561CD2A1E@microsoft.com...
> >> >> > Domain:
> >> >> > abc.local
> >> >> >
> >> >> > Servers:
> >> >> > Srv1 (Win 2003SP1)
> >> >> > Srv2 (Win 2003SP1)
> >> >> >
> >> >> >
> >> >> > I like to setup DNS (first) and test it via NSLOOKUP before I
> >> >> > promote
> >> >> > standalone servers to DC's.
> >> >>
> >> >> Better/easier to test with "DCDiag /c" on every DC.
> >> >>
> >> >> > I have two new servers (SRV1 and SRV2).
> >> >> >
> >> >> > I setup the Primary DNS Suffix on both servers
> >> >> > Installed the DNS service on both servers.
> >> >> > Pointed SRV1 to itself for DNS
> >> >> > Pointed SRV2 to point to SRV1
> >> >>
> >> >> This is ok.
> >> >>
> >> >> > Created a Standard Primary Zone on SRV1 (abc.local)
> >> >> > Created a Standard Secondary Zone on SRV2 (abc.local)
> >> >> > Setup Zone Tranfer to successfully transfer abc.local from SRV1 to
> >> >> > SRV2
> >> >>
> >> >> Good, if the primary is DYNAMIC.
> >> >>
> >> >> Also, SRV2 should at least use itself as an ALTERNATE or there will be
> >> >> problems resolving the domain when SVR1 is down -- even better is to
> >> >> have both of them as AD Integrated so that both may accept changes.
> >> >>
> >> >> > The servers are setup correctly and resolve to each other via
> >> >> > NSLOOKUP.
> >> >> > I successfully run DCPROMO on SRV1, reboot and logon. Perfect!
> >> >> > Run DCPROMO on SRV2, reboot and logon. Perfect!
> >> >>
> >> >> Good.
> >> >>
> >> >> > Here's the issue:
> >> >> >
> >> >> > I reboot SRV1 (after SRV2 becomes a DC) and SRV1 hangs at "Preparing
> >> >> > Network
> >> >> > Connections" for 5 minutes, then the
> >> >>
> >> >> With standard Primary this should not be the case DUE to DNS.
> >> >>
> >> >>
> >> >> > login screen appears.
> >> >> > Something in DNS is amiss.
> >> >> >
> >> >> > Remember, i'm running a Standard DNS zone (abc.local). The
> >> >> > (abc.local)
> >> >> > zone
> >> >> > is NOT AD INTEGRATED.
> >> >> >
> >> >> > Here's the key to my problem:
> >> >> >
> >> >> > Once the 5 minutes passes, and I am able to logon to SRV1, I go into
> >> >> > the
> >> >> > DNS
> >> >> > management console, go directly to "_tcp" and there is no "_gc"
> >> >> > record.
> >> >>
> >> >> Are the DCs set to be GCs? Normally only Srv1 would be by default but
> >> >> in
> >> >> a
> >> >> single domain forest all DCs should be GCs.
> >> >>
> >> >> > If I restart the "netlogon" service and do a "refresh", the
> >> >> > "_gc._tcp"
> >> >> > resource record appears. Why am I losing the "_gc" record???
> >> >>
> >> >> Do you have scavenging turned on (with short timeouts)?
> >> >>
> >> >> GC records should NOT be scavenged by default and should never be
> >> >> scavenged
> >> >> quickly anyway.
> >> >>
> >> >> > Why does the global catalog server (SRV1) keep losing the
> >> >> > "_gc._tcp"
> >> >> > record
> >> >> > in DNS, once it's rebooted?
> >> >>
> >> >> Maybe the file isn't getting flushed to disk on a crash/reboot but
> >> >> otherwise
> >> >> it
> >> >> should be there unless scavenged.
> >> >>
> >> >> > BTW: I have run NETDIAG /FIX with no errors.
> >> >>
> >> >> DCDiag /c is best for DCs.
> >> >>
> >> >> --
> >> >> Herb Martin, MCSE, MVP
> >> >> http://www.LearnQuick.Com
> >> >> (phone on web site)
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>

"Niatross" <niatross@newsgroup.nospam> wrote in message
news:7E861D20-9960-439C-91DD-4DCA70AA989B@microsoft.com...
> Yes, I have these servers (virtual machines) set as "local only" so root
> hint
> errors will be there. This is a lab, so i don't need internet access.

No problem but you want to eliminate the errors (by that setting I gave
you) so as to make it easier to troubleshoot with DCDiag.

> Yes, my _gc records show up for SRV1 (if you wait long enough).
>
> If I reboot, SRV1...then SRV1 sits at "preparing network connections" for
> 5
> minutes, and once i open the DNS console and look for _gc._tcp...it will
> be
> gone again. Wait 5 minutes andd it reappears.

Then it is really ok, but that seems very odd.

> Take my SRV2 server (which is a DC/without GC capabilty and has a
> secondary

Make it a GC too.

> zone of SRV1's abc.local zone) and remove it from the network. Meaning run
> DCPROMO to demote it and everything is fine with SRV1 and the _gc record
> sticks!
>
> This is soooo strange. Try it yourself. Setup DNS on two servers. Make one
> a
> DC/GC and is the authoritative DNS server for a zone called abc.local.
> Make
> the second server a DC that still holds the secondary zone for abc.local
> and
> see how your lab goes.
>
> If you don't set both DC's as GC's, is this the behaviour that happens???

I don't think it should happen at all but you should have both as GCs
anyway.

> If it is, that's weird!!!
>
> Thanks, RB
>
> "Herb Martin" wrote:
>
>>
>> "Niatross" <niatross@newsgroup.nospam> wrote in message
>> news:01C063DB-CEB4-4589-A584-8714F4280DE1@microsoft.com...
>> > Herb,
>> >
>> > Here are IPCONFIG and DCDIAG /C (from both servers) as you requested:
>> >
>> > SRV1 Windows IP Configuration
>> > Host Name . . . . . . . . . . . . : SRV1
>> > Primary Dns Suffix . . . . . . . : abc.local
>> > IP Address. . . . . . . . . . . . : 192.168.1.1
>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> > Default Gateway . . . . . . . . . :
>> > DNS Servers . . . . . . . . . . . : 192.168.1.1
>> > --------------------------------------------
>> >
>> > SRV2 Windows IP Configuration
>> > Host Name . . . . . . . . . . . . : SRV2
>> > Primary Dns Suffix . . . . . . . : abc.local
>> > IP Address. . . . . . . . . . . . : 192.168.1.2
>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> > DNS Servers . . . . . . . . . . . : 192.168.1.1
>> > --------------------------------------------
>>
>> Looks ok.
>>
>> Your DCDiag looks ok too since the Root server problems are
>> due to being on a private net with no router/connectivity to the
>> Internet. You can use the DNS server "advanced tab" to set
>> "Disable Recursion" and make these go away -- it will disable
>> the use of root hints AND forwarding so never use this if you
>> must also resolve external domains, including the Internet.
>>
>> Are you GCs records there now? It passed so they should be.
>>
>> Remember you should likely set both DCs at GCs anyway.
>>
>>
>> --
>> Herb Martin, MCSE, MVP
>> http://www.LearnQuick.Com
>> (phone on web site)
>>
>>
>> > Thanks, RB
>> >
>> > "Herb Martin" wrote:
>> >
>> >>
>> >> "Niatross" <niatross@newsgroup.nospam> wrote in message
>> >> news:BEF9E9EF-20D6-416F-A283-8F5E919C1431@microsoft.com...
>> >> > Herb:
>> >> >
>> >> > To answer your questions...
>> >> >
>> >> > Yes, the Primary is dynamic (Non-secure and secure). This is a test
>> >> > environment to learn DNS. I'm using virtual machines.
>> >>
>> >> Nothing special here as long as IP/routing etc work as normal.
>> >>
>> >> > I do have a single domain forest. SRV1 is the ONLY global catalog.
>> >> > Scavenging is set to their defaults (never changed).
>> >>
>> >> The default is DISABLED.
>> >>
>> >> > Why is SRV1 losing it's "_gc._tcp" record and taking 5 minutes to
>> >> > logon.
>> >> >
>> >> > If I only use SRV1 and do not setup SRV2, SRV1 has no problems and
>> >> > the
>> >> > "_gc._tcp" record stays put and SRV1 logs in quickly.
>> >>
>> >> Show us your UNEDITED text from "IPConfig /all" and from "DCDiag /c"
>> >> from EACH DC (clearly identified as 1 or 2.)
>> >>
>> >>
>> >> > Thank, RB
>> >> >
>> >> > ---------------------------------------------------
>> >> >
>> >> > "Herb Martin" wrote:
>> >> >
>> >> >>
>> >> >> "Niatross" <niatross@newsgroup.nospam> wrote in message
>> >> >> news:2D59D32D-AD33-4F9C-AB9C-551561CD2A1E@microsoft.com...
>> >> >> > Domain:
>> >> >> > abc.local
>> >> >> >
>> >> >> > Servers:
>> >> >> > Srv1 (Win 2003SP1)
>> >> >> > Srv2 (Win 2003SP1)
>> >> >> >
>> >> >> >
>> >> >> > I like to setup DNS (first) and test it via NSLOOKUP before I
>> >> >> > promote
>> >> >> > standalone servers to DC's.
>> >> >>
>> >> >> Better/easier to test with "DCDiag /c" on every DC.
>> >> >>
>> >> >> > I have two new servers (SRV1 and SRV2).
>> >> >> >
>> >> >> > I setup the Primary DNS Suffix on both servers
>> >> >> > Installed the DNS service on both servers.
>> >> >> > Pointed SRV1 to itself for DNS
>> >> >> > Pointed SRV2 to point to SRV1
>> >> >>
>> >> >> This is ok.
>> >> >>
>> >> >> > Created a Standard Primary Zone on SRV1 (abc.local)
>> >> >> > Created a Standard Secondary Zone on SRV2 (abc.local)
>> >> >> > Setup Zone Tranfer to successfully transfer abc.local from SRV1
>> >> >> > to
>> >> >> > SRV2
>> >> >>
>> >> >> Good, if the primary is DYNAMIC.
>> >> >>
>> >> >> Also, SRV2 should at least use itself as an ALTERNATE or there will
>> >> >> be
>> >> >> problems resolving the domain when SVR1 is down -- even better is
>> >> >> to
>> >> >> have both of them as AD Integrated so that both may accept changes.
>> >> >>
>> >> >> > The servers are setup correctly and resolve to each other via
>> >> >> > NSLOOKUP.
>> >> >> > I successfully run DCPROMO on SRV1, reboot and logon. Perfect!
>> >> >> > Run DCPROMO on SRV2, reboot and logon. Perfect!
>> >> >>
>> >> >> Good.
>> >> >>
>> >> >> > Here's the issue:
>> >> >> >
>> >> >> > I reboot SRV1 (after SRV2 becomes a DC) and SRV1 hangs at
>> >> >> > "Preparing
>> >> >> > Network
>> >> >> > Connections" for 5 minutes, then the
>> >> >>
>> >> >> With standard Primary this should not be the case DUE to DNS.
>> >> >>
>> >> >>
>> >> >> > login screen appears.
>> >> >> > Something in DNS is amiss.
>> >> >> >
>> >> >> > Remember, i'm running a Standard DNS zone (abc.local). The
>> >> >> > (abc.local)
>> >> >> > zone
>> >> >> > is NOT AD INTEGRATED.
>> >> >> >
>> >> >> > Here's the key to my problem:
>> >> >> >
>> >> >> > Once the 5 minutes passes, and I am able to logon to SRV1, I go
>> >> >> > into
>> >> >> > the
>> >> >> > DNS
>> >> >> > management console, go directly to "_tcp" and there is no "_gc"
>> >> >> > record.
>> >> >>
>> >> >> Are the DCs set to be GCs? Normally only Srv1 would be by default
>> >> >> but
>> >> >> in
>> >> >> a
>> >> >> single domain forest all DCs should be GCs.
>> >> >>
>> >> >> > If I restart the "netlogon" service and do a "refresh", the
>> >> >> > "_gc._tcp"
>> >> >> > resource record appears. Why am I losing the "_gc" record???
>> >> >>
>> >> >> Do you have scavenging turned on (with short timeouts)?
>> >> >>
>> >> >> GC records should NOT be scavenged by default and should never be
>> >> >> scavenged
>> >> >> quickly anyway.
>> >> >>
>> >> >> > Why does the global catalog server (SRV1) keep losing the
>> >> >> > "_gc._tcp"
>> >> >> > record
>> >> >> > in DNS, once it's rebooted?
>> >> >>
>> >> >> Maybe the file isn't getting flushed to disk on a crash/reboot but
>> >> >> otherwise
>> >> >> it
>> >> >> should be there unless scavenged.
>> >> >>
>> >> >> > BTW: I have run NETDIAG /FIX with no errors.
>> >> >>
>> >> >> DCDiag /c is best for DCs.
>> >> >>
>> >> >> --
>> >> >> Herb Martin, MCSE, MVP
>> >> >> http://www.LearnQuick.Com
>> >> >> (phone on web site)
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>

Read inline please.

In news:%23p0Cz6ssHHA.4476@TK2MSFTNGP03.phx.gbl,
Herb Martin <news@learnquick.com> typed:
> "Niatross" <niatross@newsgroup.nospam> wrote in message
> news:7E861D20-9960-439C-91DD-4DCA70AA989B@microsoft.com...
>> Yes, I have these servers (virtual machines) set as "local only" so
>> root hint
>> errors will be there. This is a lab, so i don't need internet access.
>
> No problem but you want to eliminate the errors (by that setting I
> gave you) so as to make it easier to troubleshoot with DCDiag.
>
>> Yes, my _gc records show up for SRV1 (if you wait long enough).
>>
>> If I reboot, SRV1...then SRV1 sits at "preparing network
>> connections" for 5
>> minutes, and once i open the DNS console and look for _gc._tcp...it
>> will be
>> gone again. Wait 5 minutes andd it reappears.
>
> Then it is really ok, but that seems very odd.
>
>> Take my SRV2 server (which is a DC/without GC capabilty and has a
>> secondary
>
> Make it a GC too.

I made this recommendation to make both DCs a GC in the other thread RB
started, I also recommended he delete the Secondary zone and make the
Primary ADI, then point each DC to the other for the Preferred DNS and to
itself for Alternate. (After the zone replicates) Part of his problem is
that when this DC boots AD cannot start fully until DNS has started and
loaded the zone. I can't say the this DC is deregistering the records itself
when it shut down, I have not found this behavior to be true when using ADI
zones but I have not tested this on a DC with Standard Primary zones and
unsecured updates.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

Netlogon needs to wait for DNS, but what I don't understand is that the first
server that I setup (SRV1) never had any problems with this _gc._tcp SRV
record. It was the only server in my lab, and it never had to wait 5 minutes
in order to log on.

Once SRV2 becomes a DC, it's all over with......It's back to waiting 5
minutes if you ever have to reboot SRV1.

Demote SRV2 to a member server, and SRV1 has no problems if you reboot it.

Today I uninstalled DNS from SRV2, and as long as SRV2 is not a DC, SRV1
logs right in with no 5 minute wait.

It seems that a standard DNS Primary on SRV1 loses it _gc._tcp setting
whenever you have another DC setup in the same domain AND SRV1 is shutdown or
rebooted. It's as if it unregisters the _gc._tcp SRV record.

Thanks, RB

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Read inline please.
>
> In news:%23p0Cz6ssHHA.4476@TK2MSFTNGP03.phx.gbl,
> Herb Martin <news@learnquick.com> typed:
> > "Niatross" <niatross@newsgroup.nospam> wrote in message
> > news:7E861D20-9960-439C-91DD-4DCA70AA989B@microsoft.com...
> >> Yes, I have these servers (virtual machines) set as "local only" so
> >> root hint
> >> errors will be there. This is a lab, so i don't need internet access.
> >
> > No problem but you want to eliminate the errors (by that setting I
> > gave you) so as to make it easier to troubleshoot with DCDiag.
> >
> >> Yes, my _gc records show up for SRV1 (if you wait long enough).
> >>
> >> If I reboot, SRV1...then SRV1 sits at "preparing network
> >> connections" for 5
> >> minutes, and once i open the DNS console and look for _gc._tcp...it
> >> will be
> >> gone again. Wait 5 minutes andd it reappears.
> >
> > Then it is really ok, but that seems very odd.
> >
> >> Take my SRV2 server (which is a DC/without GC capabilty and has a
> >> secondary
> >
> > Make it a GC too.
>
> I made this recommendation to make both DCs a GC in the other thread RB
> started, I also recommended he delete the Secondary zone and make the
> Primary ADI, then point each DC to the other for the Preferred DNS and to
> itself for Alternate. (After the zone replicates) Part of his problem is
> that when this DC boots AD cannot start fully until DNS has started and
> loaded the zone. I can't say the this DC is deregistering the records itself
> when it shut down, I have not found this behavior to be true when using ADI
> zones but I have not tested this on a DC with Standard Primary zones and
> unsecured updates.
>
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
>
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>
>