Missing Some _msdcs Records

Hi All:

Randomly we have various dns SRV records that disappear from our DNS. We
correct the issue be running one of the tools using the registerdns option
which fixes. Any idea of why these records are disappearing? Maybe its due
to the records expiring and becoming stale....then getting removed?

The records in question are _msdcs\dc\_tcp\
_kerberos
_ldap
_kpasswd

Records for a few of the DCs are there but missing records for many of the
other DCs. And these records I guess are replicated to the other DNS/DCs so
they all have the same records (all of the dns/dcs are missing the same
records).

Any help would be appreciated.

Thanks!

"Charles" <> wrote in message
news:B1D74AFF-24CF-4E2A-A9A9-...
> Hi All:
>
> Randomly we have various dns SRV records that disappear from our DNS. We
> correct the issue be running one of the tools using the registerdns option
> which fixes. Any idea of why these records are disappearing? Maybe its
> due
> to the records expiring and becoming stale....then getting removed?
>
> The records in question are _msdcs\dc\_tcp\
> _kerberos
> _ldap
> _kpasswd
>
> Records for a few of the DCs are there but missing records for many of the
> other DCs. And these records I guess are replicated to the other DNS/DCs
> so
> they all have the same records (all of the dns/dcs are missing the same
> records).
>
> Any help would be appreciated.
>
> Thanks!


There are numerous reasons this can be happening. But I can say, by default,
it just works. Any changes to default configurations will affect it. However
it will be difficult to tell based on the limited config info other than
just providing the symptoms in your post.

If you can describe and provide the following, it will help figure out a
diagnosis or at least what to look for.

1. Unedited ipconfig /all from two of your DCs.
2. How many Sites are configured?
3. Operating system versions of your DCs?
4. How many domains in the forest?
5. Are the zone AD integrated? If so, what replication scope are the zones
in?
6. If AD Integrated, were any changes made to the replication scopes on any
of the DCs?
7. Did anyone else create an identical zone on a DC, such as when they
promoted a new DC into the domain/forest?

That should be good for starters.

Thanks,

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer


For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right
things." - Peter F. Drucker
http://twitter.com/acefekay

Hi Ace:

Thanks for your fast response! Actually just looking for some ideas and
maybe a few reasons why/how these records could disappear. I figure if I can
get an idea what has caused this in the past if anyone has seen this issue,
that would be good for me at this point.

But I will mention that IPSEC had been configured before this problem
started. No new zones had been created. All DCs running Win2003 sp2. DNS
integrated. No new DCs in the forest.

Thanks for your help!

Charles

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "Charles" <> wrote in message
> news:B1D74AFF-24CF-4E2A-A9A9-...
> > Hi All:
> >
> > Randomly we have various dns SRV records that disappear from our DNS. We
> > correct the issue be running one of the tools using the registerdns option
> > which fixes. Any idea of why these records are disappearing? Maybe its
> > due
> > to the records expiring and becoming stale....then getting removed?
> >
> > The records in question are _msdcs\dc\_tcp\
> > _kerberos
> > _ldap
> > _kpasswd
> >
> > Records for a few of the DCs are there but missing records for many of the
> > other DCs. And these records I guess are replicated to the other DNS/DCs
> > so
> > they all have the same records (all of the dns/dcs are missing the same
> > records).
> >
> > Any help would be appreciated.
> >
> > Thanks!
>
>
> There are numerous reasons this can be happening. But I can say, by default,
> it just works. Any changes to default configurations will affect it. However
> it will be difficult to tell based on the limited config info other than
> just providing the symptoms in your post.
>
> If you can describe and provide the following, it will help figure out a
> diagnosis or at least what to look for.
>
> 1. Unedited ipconfig /all from two of your DCs.
> 2. How many Sites are configured?
> 3. Operating system versions of your DCs?
> 4. How many domains in the forest?
> 5. Are the zone AD integrated? If so, what replication scope are the zones
> in?
> 6. If AD Integrated, were any changes made to the replication scopes on any
> of the DCs?
> 7. Did anyone else create an identical zone on a DC, such as when they
> promoted a new DC into the domain/forest?
>
> That should be good for starters.
>
> Thanks,
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
>
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> "Efficiency is doing things right; effectiveness is doing the right
> things." - Peter F. Drucker
> http://twitter.com/acefekay
>
>
>

"Charles" <> wrote in message
news:523CF1D5-A0C9-402D-BFAE-...
> Hi Ace:
>
> Thanks for your fast response! Actually just looking for some ideas and
> maybe a few reasons why/how these records could disappear. I figure if I
> can
> get an idea what has caused this in the past if anyone has seen this
> issue,
> that would be good for me at this point.
>
> But I will mention that IPSEC had been configured before this problem
> started. No new zones had been created. All DCs running Win2003 sp2.
> DNS
> integrated. No new DCs in the forest.
>
> Thanks for your help!
>
> Charles

You're welcome so far!

IPSec, hmm. How is it configured, for what purpose, and are the DCs affected
by the IPSec policy?

Ace

I don't know. Will have to find that out. But in the meantime, in general
have you heard of this happening before? If so, can you give me some of the
causes (not that it will help directly but may give me some hints what to
check out).

Thanks!

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "Charles" <> wrote in message
> news:523CF1D5-A0C9-402D-BFAE-...
> > Hi Ace:
> >
> > Thanks for your fast response! Actually just looking for some ideas and
> > maybe a few reasons why/how these records could disappear. I figure if I
> > can
> > get an idea what has caused this in the past if anyone has seen this
> > issue,
> > that would be good for me at this point.
> >
> > But I will mention that IPSEC had been configured before this problem
> > started. No new zones had been created. All DCs running Win2003 sp2.
> > DNS
> > integrated. No new DCs in the forest.
> >
> > Thanks for your help!
> >
> > Charles
>
> You're welcome so far!
>
> IPSec, hmm. How is it configured, for what purpose, and are the DCs affected
> by the IPSec policy?
>
> Ace
>
>
>
>
>

"Charles" <> wrote in message
news:CD4EE7DF-E255-4DED-9C8B-...
>I don't know. Will have to find that out. But in the meantime, in general
> have you heard of this happening before? If so, can you give me some of
> the
> causes (not that it will help directly but may give me some hints what to
> check out).
>
> Thanks!

Yes, I've heard about it.

Incorrect IPs (using ISPs or the Router's DNS)
Multihomed DCs
IPSec filters blocking some ports. AD requires 29 ports plus the full range
of UDP 1024 and above
Replication scope changes
Dupe zones in AD
DNS registration misconfig
Disjointed namespace
Replication problems
RRAS on a DC
Single label name AD DNS domain name
Firewall ports blocking traffic (see IPSec above)

Some of them I would have to elaborate on conditions and specifics, but that
would be too much for me to get into here. I would rather pinpoint it, but
if you can't offer anything to help you, and being the many numerous
possibilities, it would be toooo much to get into and making a diagnosis
would be impossible knowing what I know about your system.

Ace