Every 4 Hours I get about 10 NETLOGON Errors 5774, for example:

Bei der dynamischen Registrierung des DNS-Eintrags "_ldap._tcp.Standardname-des-ersten-Standorts._sites.dc._msdcs.domain.de. 600 IN SRV 0 100 389 SERVER.domain.local." auf folgendem DNS-Server ist ein Fehler aufgetreten: 

IP-Adresse des DNS-Servers: 217.160.80.136 / Verbindungsantwortcode (RCODE): 0 / Zurckgegebener Statuscode: 1460 

Here domain.de is the old domainname, Domain.local the new one, the change was made about 3 years ago. The Server runs well, there are no known Problems on daily work.

Over a long time I tried many things to solve the Problem, but no success.

- Recreating the DNS Zones

- dcdiag /fix

- Deleting the DNS Cache at Client/Serverside

- gpfixup

- Seaching the AD for old entries with Domain.de -> nothing found

- deleting netlogon.dns/netlogon.dnb and restart NETLOGON, call nltest /dsregdns

The last test recreates the netlogon-files and there I can see some obsolete entries pointing to domain.de,

for example: domain.de 600 IN A 192.168.0.11

but I don't find the right place, where I can fix this.

Has everyone an idea where I can find the source definition of this entries and what I can do to clean this?

• Edited by Freisu Friday, August 28, 2015 4:18 PM

Hi, thanks for your reply.

BS: Windows Server 2008 R2
Only one Root DC, no childs

Network-Settiongs:
IP-DC: 192.169.0.11
IP-DNS (1): 192.168.0.11
IP-DNS (2): 127.0.0.1
Gateway: 192.168.0.1 (DSL-Router, Fritz-box)

DNS-Settings:
root hints: 192.168.0.11 (DC)
forwarder: 192.168.0.1 (DSL-Router)
Settings: nothing special

Domain-Names:
Old: xxx.de
New: xxx.local (since 2012)
Hosted Internet site: xxx.de (since 2013, the site is as far as I know not linked to the local Domain, buts the same Name as the old domain-Name.

I think the problem does not base on bad IP/DNS-settings, but on some (hidden) old fragments from the old domain-Name.
The key could be the netlogon.dns file which contains always some of the old entries.

Thanks

• Edited by Freisu Monday, August 31, 2015 7:30 AM

Hi,

that's all right, but all 5774 event-logs contain fragments of the old domain-Name and by accident the old Domain Name is identical with our extern hostet domain-Name.
So I think I should find the reason why the logon-Service creates some records based on the old domain-Name.

Thanks.

Can you share the result of the commands listed by Purvesh Adua to proceed further.

Hi,

ist only a root DC, no childs, no escondary DC,... -> no replication
Repadmin Shows nothing special

DCDiag runs fine, all tests passed,
eventlog test not passed because there are 5774 Errors
no dns entries point to the old domainname
-> so no new Information about the reason.

OK first I tried also wireshark to get some further Information. But there I could see the wrong telegrams coresponding to the Errors and to the bad entries in netlogon.dns. But what's the reason for this?

Thanks

have you try the hotfix? https://support.microsoft.com/en-us/kb/977158

may I know why your forwarders point to DSL Router?

Do you have external DNS hosting outside that similar to your internal domain?

Here you find the results, Domain and dc are renamed.

http://1drv.ms/1X4vXVx

Hi,

I have check DCDIAG log but this log is not in English language. Also can you provide the IPconfig /all from all the DC's.

Sorry, it's a German Server, only one DC. I've added the ipconfig file to the link above.

hope you have gone through the article:

https://support.microsoft.com/en-us/kb/977158

Yes, I have done it, but I think the described Scenarios do not conform.

• I don't use a third-party server application for DNS Resolution.
• My return Status code is not 9502 but 1460
• My Errors are based on wrong entries which I can also see in netlogon.dns, pointing to an obsolete Domain, renamed some years ago
• The error message contains also the obsolete domainname "domain.de", thats wrong this Name don't have to show up 
  "_ldap._tcp.Standardname-des-ersten-Standorts._sites.dc._msdcs.domain.de. 600 IN SRV 0 100 389 SERVER.domain.local."

Thanks

Hi,

Can you see old DC entry here in DNS console. if yes try and delete those entry from server.

Dnsmgmt.msc [Dns Management]
 A.Expand the forward lookup zones\_msdcs folder
 i. Make sure only the actual domain controllers are listed, delete wrong Alias recordsremove wrong name server records
 ii. Select the container [forward lookup zones\_msdcs.domain.com\dc\_sites_\sitename\_tcp] > delete incorrect _ldap and _kerberos records are listed.
 iii. Select the container [forward lookup zones\_msdcs.domain.com\dc\_tcp] and delete incorrect _ldap and _kerberos records
 iv. Expand the [forward lookup zones\_msdcs.domain.com\domains\guid\_tcp] and delete incorrect _ldap entries
 v. Select [forward lookup zones\_msdcs.domain.com\gc] delete incorrect HostA records
 vi. Expand the [forward lookup zones\_msdcs.domain.com\gc\_sites\sitename\_tcp] delete incorrect _ldap entries
 vii.Select the [forward lookup zones\_msdcs.domain.com\gc\_tcp] delete incorrect _ldap entries
 viii. Select the [forward lookup zones\_msdcs.domain.com\pdc\_tcp] delete incorrect _ldap entries
 
 B.Expand the forward lookup zones\domain.com folder
 i.Delete Host(A) records of dcs which are non-existant.
 ii.Correct the NameServer (NS) records
 iii. Follow steps similar to A ii >> A viii
 
Dssite.msc [Sites and Services]
 A.Expand the [Sites\Sitename\Servers] delete incorrect servers
 B.Delete incorrect subnet configurations [Sites\Subnets]
 C.Delete incorrect site links [Sites\IP]
 
  Make sure the domain controllers are pointing to the correct dns servers in tcp\ip settings.
  Force replication repadmin /syncall 

Hi,

i have added the file netlogon.dns to the download-link below, here I find 20 entries pointing to the incorrect/obsolete myolddomain.de

http://1drv.ms/1X4vXVx

No I cannot see any bad(old) entry in the Forward or Reverse-Lookupzone, also last week I've deleted both zones and recreated them with the wizzard on the dns console.

Dssite.msc:
Yes a week ago, I found here also an incorrect/obsolete DC, which I deleted. Now I cannot see further incorrect entries.

Domain controler Points to the correct dns Server in tcp/ip settings

I called:
repadmin /syncall
delete the netlogon.* files
nltest /dsregdns
restart dns and netlogon services

-> nothing changed (my new created netlogon.dns file still contains the incorrect records).

I have the suspicion that the configuiration in dns/AD do not reach the netlogon service, so it still creates the obsolete/incorrect records.

Thanks !

Do you have backup of your AD & DNS?

No Special backup of the ad & dns, bat backups of the full os-volume including AD.

Could it be a good idea to remove the whole dns role and recreate it later?

Thanks

• Edited by Freisu Tuesday, September 01, 2015 10:00 AM

can help run nslookup:

set q=srv

_ldap._tcp.Standardname-des-ersten-Standorts._sites.dc._msdcs.domain.de

just to verify whether it is exist or not.

Ok, I tried it on the Server (DC), first the incorrect one, domain.de, result translated to english

> _ldap._tcp.Standardname-des-ersten-Standorts._sites.dc._msdcs.domain.de
Server:  myserver.domain.local
Address:  192.168.0.11

*** _ldap._tcp.Standardname-des-ersten-Standorts._sites.dc._msdcs.domain.de was from server.domain.local not found: Non-existent domain.

Then, a second nslookup test on the Server (DC), with the correct one, domain.local

> _ldap._tcp.Standardname-des-ersten-Standorts._sites.dc._msdcs.domain.local
Server:  myserver.domain.local
Address:  192.168.0.11

Name:    _ldap._tcp.Standardname-des-ersten-Standorts._sites.dc._msdcs.domain.local

Seems as domain.local can be resolved and domain.de not, correct?
What's the conclusion?

Thanks!

okay...

one last thing to check is the partition CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,dc=local. this is just to make sure the old record is not there i.e DC=domain,dc=de

I have an example in my scenario in https://netoverme.wordpress.com/2014/07/26/event-id-5774-in-windows-server-2008-r2-sp1/ 

Path:
DC=Domain, class=domainDNS, ...DC=local
  CN=System, class=Container,...DC=local
    CN=MicrosoftDNS, class=dnsZone,...dc=local
      DC=RootDNSServers, class=dnsNode,...dc=local.
        DC=@, class=dnsNode,...dc=local

Second NIC on DC is deactivated, I don't see any special configuration on this NIC

• Edited by Freisu Tuesday, September 01, 2015 12:32 PM

First thing you should not have two NIC on domain controller. It is not good practise as per Microsoft.

Can you post the IPconfig /all from DC.

 

Ok, the ipconfig /all Output you find here at my link http://1drv.ms/1X4vXVx

It's only one NIC connected to the Network and only one NIC activated.
Is this good practice, or should I do something more?

Regards

Hi,

can you please send the screenshot of DNS configuration at server properties & Zone properties and upload the same.

Hi,
I've done it, you'll find the Settings in the file DC_DNS_settings.pdf at http://1drv.ms/1X4vXVx

But sorry, it's german. So if I should translate something, let me know it.

Regards

I'm unable to launch the link... It's a long thread, had a quick glance, should be something on DNS side, so suggest to have a thoroughly examine on this.