Share via

DNS Passed But Errors on New Domain Controller

Paul R 21 Reputation points
2020-08-19T15:27:00.993+00:00

I had an old domain controller, that had been original for the domain, fail without opportunity for proper demotion. I cleaned up AD/DNS/etc... on remaining DC which is running Win Server 2008R2. Migrated DC/Domain to 2008R2 level and then promoted a new Win Server 2019 box as a second DC. Had to then resolve some DNS issues, but appear to have that sorted now and both DCs show proper info in DNS.
My question is, when I run dcdiag /test:dns it comes back quick and short and pass on the original DC, but although passed on new DC, have a lot of extra entries that appear to be external queries that stated failed. Again, overall says passed DNS test, but wonder what the extra is..?

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = DCAPCLD
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DCAPCLD
Starting test: Connectivity
......................... DCAPCLD passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DCAPCLD

  Starting test: DNS

     DNS Tests are running and not hung. Please wait a few minutes...
     ......................... DCAPCLD passed test DNS

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : presenceus

Running enterprise tests on : presenceus.org
Starting test: DNS
Summary of test results for DNS servers used by the above domain controllers:

        DNS server: 128.63.2.53 (h.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
        DNS server: 128.8.10.90 (d.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
        DNS server: 128.9.0.107 (b.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
        DNS server: 198.32.64.12 (l.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
        DNS server: 2001:500:12::d0d (g.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:12::d0d
        DNS server: 2001:500:1::53 (h.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::53
        DNS server: 2001:500:200::b (b.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:200::b
        DNS server: 2001:500:2::c (c.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c
        DNS server: 2001:500:2d::d (d.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d
        DNS server: 2001:500:2f::f (f.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f
        DNS server: 2001:500:9f::42 (l.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:9f::42
        DNS server: 2001:500:a8::e (e.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:a8::e
        DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30
        DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30
        DNS server: 2001:7fd::1 (k.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1
        DNS server: 2001:7fe::53 (i.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53
        DNS server: 2001:dc3::35 (m.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35
     ......................... presenceus.org passed test DNS
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,075 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,039 questions
0 comments
Accepted answer
  1. Anonymous
    2020-08-20T15:38:16.777+00:00

    Domain controller's own address should be primary

    you have duplicates so just remove the four invalid ones. 

                     Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
           ->  Name: b.root-servers.net. IP: 128.9.0.107 [Invalid (unreachable)]
                 Name: b.root-servers.net. IP: 199.9.14.201 [Valid]
                 Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
           ->  Name: d.root-servers.net. IP: 128.8.10.90 [Invalid (unreachable)]
                 Name: d.root-servers.net. IP: 199.7.91.13 [Valid]
                 Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
                 Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
                 Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
           ->  Name: h.root-servers.net. IP: 128.63.2.53 [Invalid (unreachable)]
                 Name: h.root-servers.net. IP: 198.97.190.53 [Valid]
                 Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
                 Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
                 Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
           ->  Name: l.root-servers.net. IP: 198.32.64.12 [Invalid (unreachable)]
                 Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
                 Name: m.root-servers.net. IP: 202.12.27.33 [Valid]

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments

39 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2020-08-19T20:17:09.187+00:00

    What errors in system event log since last reboot (on both)?

    0 comments
  2. Paul R 21 Reputation points
    2020-08-19T20:36:22.3+00:00

    Here's what I'm seeing recent, that appears relevant:

    DCAMPRES:

    DFS Replication:

    8/19/2020 3:55:21 PM
    The DFS Replication service successfully established an inbound connection with partner DCAPCLD for replication group Domain System Volume.

    Additional Information:
    Connection Address Used: DCAPCLD.presenceus.org
    Connection ID: 5A2563F4-FE43-4F93-938E-79BB9F3BC702
    Replication Group ID: 0BDD34DE-83B4-4ADC-B3E6-669821CF185F

    ==============

    8/19/2020 3:54:41 PM
    The DFS Replication service failed to communicate with partner DCAPCLD for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server.

    Partner DNS Address: DCAPCLD.presenceus.org

    Optional data if available:
    Partner WINS Address: DCAPCLD
    Partner IP Address: 192.168.102.65

    The service will retry the connection periodically.

    Additional Information:
    Error: 1722 (The RPC server is unavailable.)
    Connection ID: 5A2563F4-FE43-4F93-938E-79BB9F3BC702
    Replication Group ID: 0BDD34DE-83B4-4ADC-B3E6-669821CF185F

    ==============

    8/19/2020 3:53:47 PM
    The DFS Replication service is stopping communication with partner DCAPCLD for replication group Domain System Volume due to an error. The service will retry the connection periodically.

    Additional Information:
    Error: 1723 (The RPC server is too busy to complete this operation.)
    Connection ID: 5A2563F4-FE43-4F93-938E-79BB9F3BC702
    Replication Group ID: 0BDD34DE-83B4-4ADC-B3E6-669821CF185F

    ============================================

    DCAPCLD (new DC):

    DFS Replication:

    8/19/2020 3:55:15 PM
    The DFS Replication service successfully set up an RPC listener for incoming replication requests.

    Additional Information:
    Port: 0

    ==============

    8/19/2020 3:55:12 PM
    The DFS Replication service successfully contacted domain controller DCAPCLD.presenceus.org to access configuration information.

    Directory Service:

    8/19/2020 3:55:29 PM
    All problems preventing updates to the Active Directory Domain Services database have been cleared. New updates to the Active Directory Domain Services database are succeeding. The Net Logon service has restarted.

    DNS Server:

    8/19/2020 3:55:31 PM
    The DNS server has finished the background loading and signing of zones. All zones are now available for DNS updates and zone transfers, as allowed by their individual zone configuration.

    0 comments
  3. Anonymous
    2020-08-19T20:42:22.207+00:00

    Please post the source and event IDs

    0 comments
  4. Paul R 21 Reputation points
    2020-08-19T21:35:26.197+00:00

    I saved the events from both DCs that appeared recent / relevant. If you want any events from other services or such, just let me know.

    I expect you'll just need to remove the .txt extensions to read into your Event Viewer. Thanks

    18790-dcampres-dfs-replicationevtx.txt18933-dcampres-directory-serviceevtx.txt18961-dcapcld-dfs-replicationevtx.txt18934-dcapcld-directory-serviceevtx.txt18935-dcapcld-dns-serverevtx.txt

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.