the active directory integrated DNS zone _msdcs was not found
I just added my 1st w2k8r2 server DC to my 2003 domain. Every thing seems to be working okay, replication , no events etc. Except when I run the Best Practices Analyzer in DNS I get the following error:
the active directory integrated DNS zone _msdcs was not found. Under the zone for my domain I have the _msdcs folder . I read articles where it said to create a _msdcs zone so I did that and the error went away but then I kept getting
the error 4010 in my event log every time I stopped and restarted DNS. I followed this
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/3ada55e6-344f-430f-a2f2-394e3bb6b0bf but it did not resolve the issue. I am not sure if I am getting the errors
because I have only 1 w2k8r2 server and it will go away once I install the second one? I want to transfer the roles from my W2k3 server to the 2k8 server but don't want to do so till I get this resolved. Any help would be appreciated.
March 29th, 2011 12:10am
Hello,
follow case 2 in the following document to create it, applies also to Windows server 2008 and higher:
http://support.microsoft.com/kb/817470/
I did it some weeks ago on domain that hadn't the _msdcs.domain.com zone.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
March 29th, 2011 12:23am
Thank you for the link I did read this article and created a zone for _msdcs.domain .com
the thing is before I did this I do have the _msdcs zone listed under my domain .
Domain.com
_mcdcs
I created a _mcdcs.domain.com have it replicating at forest level so now my zones are
domain.com
_mcdcs.domain.com
the error is gone when run best practices analyzer...but that is the only place I see an error..
I get the error 4010 now when I restart the service...I am kinda confused when the say _msdcs.forestzone was /is it supposed to be under my domain name or a totally separate zone and I remove the _msdcs record under my domain
March 29th, 2011 4:39am
Hello,
please see:
http://technet.microsoft.com/en-us/library/cc735667(WS.10).aspx
http://www.eventid.net/display.asp?eventid=4010&eventno=791&source=DNS&phase=1
http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
March 29th, 2011 10:04am
I did the same and in my case it worked too.
I rode in another article that its Best Practise to have the _msdcs.mydomain.com seperate and not an _msdcs under mydomain.com
Then you have to create a delegation record (grey folder) under mydomain.com. In my case i just had to create the folder _msdcs.mydomain.com and everything else worked automaticaly.
April 29th, 2011 7:56am
I did the same and in my case it worked too.
I rode in another article that its Best Practise to have the _msdcs.mydomain.com seperate and not an _msdcs under mydomain.com
Then you have to create a delegation record (grey folder) under mydomain.com. In my case i just had to create the folder _msdcs.mydomain.com and everything else worked automaticaly.
Did you step through Case 2 of Meinolf's replied support article?
http://support.microsoft.com/kb/817470/
Or did you just create a a new zone _msdcs.mydomain.com? Did you create the delegation record...your reply is a little convoluted in what you did exactly.
I am asking as I created the new zone with the property of replicate to all DNS servers in this Forest and my records look like they are all there. So I'm wondering if it's safe to delete the _msdcs subzone under mydomain.com, or should I repoint all of
my DNS server's DNS IP addresses to my root DNS server for a while to make sure (as suggested by the KB article 817470 listed), then delete the subzone.
Thanks.
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2011 7:28pm
Just an update... I forgot I had already set my primary DNS ip's on my DNS server's NIC's (say that 5 times fast), to my primary root DNS server (based on BPA suggestions for replication). So I went ahead and checked all my records. Had to manually add
two of my DNS servers to the zone's properties, "Name Servers" tab... (the others were found automatically???) and then life was good. Forced replication, waited for about 30 minutes, and deleted the remnant _msdcs under the mydomain.com zone. Ran BPA again
and it did not find that to complain about. Event viewer for all roles shows up clean.
May 3rd, 2011 12:17am