Re: <forestroot> folder deleted

"Fel" <> wrote in message
news:...
> Hello all,
>
> On my main and only DNS server the <forestroot> under Forward Lookup
> Zones, the main <forestroot> has been deleted.
>
> I have created a new primary zone. Most of the workstation have
> 'registered' themselves.
>
> My problem is that all the sub folders ( _msdcs, _site, _tcp, _udp,
> DomainDnsZone and ForestDnsZone) are missing ...
>
> How can I fix that ?
>
> I thought restarting the netlogon service ...
>
> Thnaks for your help !!
>
> Fel


Interesting. So you mean the _msdcs.yorudomain.com, and the yourdomain.com
zones, and the SRV folders (_udp, _sites, __tcp) are all missing?

Without additional information instead of just the symptoms, it will be
difficult to diagnose other than generalized possibilities.

Normally yes, restarting netlogon will fix it. Another more specific method
is to rename the netlogon.bak and netlogon.dns files in the system32\config
folder, then running an ipconfig /registerdns, then restarting the netlogon,
will usually fix it. But there are rules behind this, such as the Primary
DNS suffix must match the zOne name in DNS that is allowing updates, which
must match the AD DNS domain name, which must NOT be a single label name,
and you are NOT using your ISP's DNS server, otherwise none of this will
work.

What was last changed prior to this occuring? Was a DC perhaps promoted into
the domain, DNS installed on it, and someone manually created the
yourdomain.com zone on it and didn't allow replication to populate it? If
so, that would definitely remove the zone.

Also if someone mnaually created a AD integrated zone with a different
replication zone on that DC, then that would have created a dupe zone
scenario, which may cause the same thing.

If you have your ISP's DNS addresses in your DCs, or if the yourdomain.com
zone is single label (such as yourdomain without the com, local, etc), that
will cause it too.

If the DC is multihomed (more than one NIC), it may contribute to it
(multihomed DCs are problematic at best).

If you can post the following, it will be helpful for more specific ideas of
diagnosing this.

Unedited ipconfig /all of two DCs.
What was recently changed?
Multiple administrators?
MOre than one domain in the forest?
Operating system version and service pack level.

That should be good for starters.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer


For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right
things." - Peter F. Drucker
http://twitter.com/acefekay

"Fel" <> wrote in message
news:...
> Hi Ace,
>
> The _msdcs.mydomain.local is not missing. Only the mydomain.local zones
> and the SRV folders are missing ...
> mydomain.local has been manually deleted.
>
> There is only one DC into the domain
> Ths OS version is 2003RS SP2
> The ISP's DSN addresses are not in my DC which is multihomed (but it can
> be turned off).
> There is no more than one domain in the forest.
> The zone is not single label
>
> I have already saved netlogon.dns|dnd|ftl (no .bak found) from the
> system32/config folder
>
>
> Configuration IP de Windows
> Nom de l'hôte . . . . . . . . . . : RootDC
> Suffixe DNS principal . . . . . . : mydomain.local
> Type de nœud . . . . . . . . . . : Inconnu
> Routage IP activé . . . . . . . . : Oui
> Proxy WINS activé . . . . . . . . : Non
> Liste de recherche du suffixe DNS.: mydomain.local
>
> Carte PPP Interface (numérotation entrante) de serveur RAS :
> Suffixe DNS propre à la connexion :
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> Adresse physique . . . . . . . . . : 00-53-45-00-00-00
> DHCP activé. . . . . . . . . . . . : Non
> Adresse IP. . . . . . . . . . . . : 192.168.10.175
> Masque de sous-réseau . . . . . . : 255.255.255.255
> Passerelle par défaut . . . . . . :
>
> Carte Ethernet caraxlan221 :
> Suffixe DNS propre à la connexion :
> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme
> II GigE (NDIS VBD Client) #2
> Adresse physique . . . . . . . . . : 00-1C-23-D2-AA-C6
> DHCP activé. . . . . . . . . . . . : Non
> Adresse IP. . . . . . . . . . . . : 192.168.10.221
> Masque de sous-réseau . . . . . . : 255.255.255.0
> Passerelle par défaut . . . . . . : 192.168.10.1
> Serveurs DNS . . . . . . . . . . : 192.168.10.221
> NetBIOS sur TCPIP. . . . . . . . : Désactivé
>
> Carte Ethernet caraxlan100 :
> Suffixe DNS propre à la connexion :
> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme
> II GigE (NDIS VBD Client)
> Adresse physique . . . . . . . . . : 00-1C-23-D2-AA-C4
> DHCP activé. . . . . . . . . . . . : Non
> Adresse IP. . . . . . . . . . . . : 192.168.10.100
> Masque de sous-réseau . . . . . . : 255.255.255.0
> Passerelle par défaut . . . . . . : 192.168.10.1
> Serveurs DNS . . . . . . . . . . : 192.168.10.221
> NetBIOS sur TCPIP. . . . . . . . : Désactivé
>
>
> Thanks for your advices Ace.
>

Hello Fel,

There are too many interfaces on this domain controller. I would first
suggest to remove the PPP interface. That looks like a RRAS interface. I am
not sure what that is used for on this machine. Is RRAS installed? That is
another non-recommended service on a domain controller. Domain controllers
are sensitive to the DNS registered entries, and the multiple interfaces,
including if RRAS is installed, causes problems.

I see two of the installed NICs are in the same IP range. It looks like
192.168.10.221 is the main NIC. I suggest that if the two NICs are of the
same namebrand and model. to download and install the manufacturer's
software for the NICs and team them, otherwise, disable the NIC with
192.168.10.100.

For the deleted zone, which is unfortunate, if you do not have a system
state backup, simply recreate the mydomain.local zone, and make it AD
integrated, and set updates to allow secure and non-secure for now, then
attempt the registration process on the domain controller. Try:

ipconfig /all
net stop netlogon
net start netlogon

I do not understand the language the ipconfig is in, but it appears that
NetBIOS is disabled. Not a problem, but just as an FYI, if you have the DHCP
Client service disabled, that will prevent registration and name resolution.
This service must be enabled on all machines that need to register and
resolve names.


Ace