After finishing a successful server migration from SBS 2003 to multiple Windows Server 2008 R2 servers there were some DNS issues. After a restart of the domain controller it looked like DNS is not working as it should the servers are also signaling they don’t have an internet connection. Restarting the DNS service fixes all problems for that time, but after a new restart same problem comes back every time.
Looking at the system event log there are a lot warnings and error events from the Source: NETLOGON
Event ID: 5774
The dynamic registration of the DNS record ‘domain.local. 600 IN A 192.168.117.21’ failed on the following DNS server:
DNS server IP address: ::
Returned Response Code (RCODE): 0
Returned Status Code: 0
For computers and users to locate this domain controller, this record must be registered in DNS.
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run ‘nltest.exe /dsregdns’ from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
Error Value: DNS name does not exist.
Event ID: 5781
Dynamic registration or deletion of one or more DNS records associated with DNS domain ‘domain.local.’ failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
– TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
– Specified preferred and alternate DNS servers are not running
– DNS server(s) primary for the records to be registered is not running
– Preferred or alternate DNS servers are configured with wrong root hints
– Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running ‘nltest.exe /dsregdns’ from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
As we run DCDIAG /C before this didn’t give any error, but when we now run DCDIAG /test:dns we see the following result:
Running enterprise tests on : domain.local
Starting test: DNS
Test results for domain controllers:
DC: NewServer. domain.local
TEST: Delegations (Del)
Error: DNS server: OLDSERVERNAME. domain.local.
As you can see the test is trying to resolve the old servername at the Delegations test.
At the end the problem was when looking in DNS manager and going to the domain.local – _msdcs subzone, the NS record had still the old servername entered.
Just change the record and change the data to the new server information. This resolved the first error, but the second stayed.
This error occures because there are one or more DNS zones are not correctly saved within Active Directory. You can easy see this by using the Registry editor regedit.exe and browse to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ DNS Server \ Zones. All you dns zones should be located over here.
When you select a zone it would look like this:
As you can see there isn’t a REG_SZ value DirectoryPartition DomainDnsZones.domain.local or ForestDnsZones.domain.local these are the problem zones. I had to delete these zones (both were manual made zones in the past on the old DC) and recreate them. After recreation the REG_SZ value DirectoryPartition value was set and the event warnings didn’t come back as after restarts no problems have raised anymore.