In Single Domain, Windows Server 2003 environment with two Windows 2008 Domain Controllers, We continue to experience replication errors on the Windows 2008 read only domain controller regarding DNS - "DCDIAG /TEST:DNS" run from 2008 Read Only DC error message - Testing server: SI\TEST-DC02 Starting test: Connectivity ......................... TEST-DC02 passed test Connectivity Doing primary tests Testing server: SI\TEST-DC02 Starting test: DNS DNS Tests are running and not hung. Please wait a few minutes... ......................... TEST-DC02 passed test DNS Running partition tests on : DomainDnsZones Running partition tests on : ForestDnsZones Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : domain Running enterprise tests on : domain.ad Starting test: DNS Test results for domain controllers: DC: TEST-DC02.domain.ad Domain: domain.ad TEST: Records registration (RReg) Network Adapter [00000013] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client): Warning: Missing CNAME record at DNS server 192.168.1.3: 7a45283a-a6d9-4631-ace2-bc268c5b5039._msdcs.domain.ad Warning: Missing SRV record at DNS server 192.168.1.3: _ldap._tcp.SI._sites.domain.ad Warning: Missing SRV record at DNS server 192.168.1.3: _kerberos._tcp.SI._sites.dc._msdcs.domain.ad Warning: Missing SRV record at DNS server 192.168.1.3: _ldap._tcp.SI._sites.dc._msdcs.domain.ad Warning: Missing SRV record at DNS server 192.168.1.3: _kerberos._tcp.SI._sites.domain.ad Error: Record registrations cannot be found for all the network adapters Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext _________________________________________________________________ Domain: domain.ad TEST-DC02 PASS PASS PASS PASS PASS FAIL n/a ......................... domain.ad failed test 192.168.1.3 domain controller Windows 2008 server assigned as the alternative DNS server and Windows 2008 Read Only server Test-02 assigned to itself as the primary DNS So why would this FAIL during testing?? How should we configure the windows 2008 read only server regarding the DNS settings?

Please disable the firewall on both the server and try it.http://www.virmansec.com/blogs/skhairuddin

Same error message as before when disable Symantec Antivirus software on the two servers -For read only windows server 2008 domain controller how does the DNS settings need to be configured? Do we need to use the read-only system itself as primary DNS and a read/write DC as the alternative DNS? "DCDIAG /TEST:DNS" run from 2008 Read Only DC error message - Testing server: SI\TEST-DC02 Starting test: Connectivity ......................... TEST-DC02 passed test Connectivity Doing primary tests Testing server: SI\TEST-DC02 Starting test: DNS DNS Tests are running and not hung. Please wait a few minutes... ......................... TEST-DC02 passed test DNS Running partition tests on : DomainDnsZones Running partition tests on : ForestDnsZones Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : domain Running enterprise tests on : domain.ad Starting test: DNS Test results for domain controllers: DC: TEST-DC02.domain.ad Domain: domain.ad TEST: Records registration (RReg) Network Adapter [00000013] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client): Warning: Missing CNAME record at DNS server 192.168.1.3: 7a45283a-a6d9-4631-ace2-bc268c5b5039._msdcs.domain.ad Warning: Missing SRV record at DNS server 192.168.1.3: _ldap._tcp.SI._sites.domain.ad Warning: Missing SRV record at DNS server 192.168.1.3: _kerberos._tcp.SI._sites.dc._msdcs.domain.ad Warning: Missing SRV record at DNS server 192.168.1.3: _ldap._tcp.SI._sites.dc._msdcs.domain.ad Warning: Missing SRV record at DNS server 192.168.1.3: _kerberos._tcp.SI._sites.domain.ad Error: Record registrations cannot be found for all the network adapters Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext _________________________________________________________________ Domain: domain.ad TEST-DC02 PASS PASS PASS PASS PASS FAIL n/a ......................... domain.ad failed test

and firewall disabled same error message.

Hello, please post an unedited ipconfig /all from all involved DC/DNS servers. Is the DHCP client service started and set to automatic, this is required for correct DNS registrations?Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Yes the DHCP client service is started and set to automatic - Server 2008 Read Only ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : TEST-DC02 Primary Dns Suffix . . . . . . . : domain.ad Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : domain.ad Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) Physical Address. . . . . . . . . : 78-2B-CB-06-68-80 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::4862:3d45:8bb4:7e3b%14(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.2.6(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCPv6 IAID . . . . . . . . . . . : 376974283 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-E8-07-68-00-1B-21-83-60-44 DNS Servers . . . . . . . . . . . : ::1 192.168.2.6 192.168.1.3 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{636D19F0-770A-4673-9501-746C07779A25}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Read/Write Domain Controller ipconfig /all - Windows IP Configuration Host Name . . . . . . . . . . . . : TEST-DC03 Primary Dns Suffix . . . . . . . : domain.ad Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : domain.ad Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-50-56-BD-00-00 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.3 192.168.1.41 127.0.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{4F541B73-3C8E-43C8-A814-3E76BCA35F64}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes

Hello, for the RODC, let it point to a92.168.1.3 as a primary DNS server and to its private IP address as secondary one. I suppose here that DNS is installed on it. Also, delete ::1 from being a primary DNS server on IP v6. For the RWDC, let it point to 192.168.1.41 AS PRIMARY DNS server and its private IP address as secondary one. Once done, run ipconfig /registerdns and restart netlogon on each DC you have. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator

Thanks for the help but we are still getting the exact same error message after following the instructions on last post. Any other settings that we would need to check.