This error has baffeled me over quite some time, the DNS Server log (Windows 2003 and 2008R2) are filled up with these Errors on each and every reboot or service restart.
It actually turned out to be one the simplest DNS fixes I have ever done! But the Google trail for the answer was long! Lots of material, but few "do this".
This is how your log looks like, the list can be long with many DNS servers:
And all of the error messages in the DNS log looks similar to this:
The DNS server was unable to create a resource record for a3eda34b-bb98-456d-a6e4-9b7b3761a13c._msdcs.yourdomain.local. in zone yourdomain.local The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.
Well, I'll go out on a limb and say it is not corrupt, but the event data still dosn't tell me much. But here is a likly scenario with a solution:
You (or sombody else ofcoarse!) have created a new forward lookupzone on called: _msdcs.yourdomain.local (since it was missing, obvious) AND the old _msdcs zone under yourdomain.com zone is still there, but now none of your servers have access to it.
Without any warranty for your result (and after you backed up everything) you can delete the _mscds under the yourdomain.local zone and leave the _mscds.yourdoamain.local zone as is. Restart the DNS service on the DNS server where you did the change and the Errors in your DNS log should be gone.
Please note: Now that you deleted it, one of your DNS servers WILL recreate ALL the records again, since it now has access to do that. In my case there was a few retired DNS and some excisting servers so I deleted the _mscds zone again. Don't worry! If all your DNS servers are listed under _mscds.yourdomain.local everything is good.
And why does this work? Well, I'm guessing a little and using some logic, your DNS servers are functioning 100% even with this Error, right? This is because the _msdcs.yourdomain.local zone that was created manually actually works as it should. You (or someone) just forgot to delete the _mscds under yourdomain.local when they created the new zone. Thats it.
And again: Remember to go back and clean up again after a few hours. Hopefully you won't need a mop...
Google search used: The DNS server was unable to create a resource record for
First post!
I recently had some problems, well earlier as well, with computers not joining the domain during a task sequence. Usually this is caused by missing or incorrect network drivers. But not this time. And as usual everybody just says, check the logs for the error message...
Well, you need to know what logs and what to look for then...
Anyway, in my case this time it was due to a wrong password. I am 100% sure that the password for the DJA (Domain Join Account) was typed correctly both in AD and on the SCCM server. I used this password: sccmD0m@!n It just refused to join/rejoin the computer to the domain.
Log entry in SCCM (Status Message Queries -> All Status Message):
The task sequence execution engine successfully completed the action (Apply Network Settings) in the group (Install Operating System) with exit code 0
Action output: ==============================[ OSDNetSettings.exe ]===========================
Command line: "osdnetsettings.exe" configure
Setting %SystemRoot% to "C:\Windows"
Loading existing answer file "C:\Windows\panther\unattend\unattend.xml"
Configuring global network settings
Join type: 0
Joining domain: sccm.com
Getting namespace "Microsoft-Windows-UnattendedJoin" for architecture "x86"
DNS domain:
DNS domain search order:
IP filter sec enabled: falseNo adapters found in environment. Performing global configuration only.Writing configuration information to C:\Windows\panther\unattend\unattend.xml
Successfully saved configuration information to C:\Windows\panther\unattend\unattend.xml
Configuring "OSDNetSettings.exe finalize" to run onfirst boot
OSDNetSettings finished: 0x00000000.
As I said, this time it was not drivers, cause the computer have network access during this step. So over to the next log then, over to the failing client.
Go to: C:\Windows\debug
Locate the netsetup.log file open it and look for error messages, in my case I found this message:
01/25/2012 21:03:49:557 -----------------------------------------------------------------
01/25/2012 21:03:49:557 NetpDoDomainJoin
01/25/2012 21:03:49:557 NetpMachineValidToJoin: 'SCCM_BUILD_X32'
01/25/2012 21:03:49:557 OS Version: 6.1
01/25/2012 21:03:49:557 Build number: 7601 (7601.win7sp1_gdr.111025-1505)
01/25/2012 21:03:49:557 ServicePack: Service Pack 1
01/25/2012 21:03:49:588 SKU: Windows 7 Enterprise
01/25/2012 21:03:49:588 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
01/25/2012 21:03:49:588 NetpGetLsaPrimaryDomain: status: 0x0
01/25/2012 21:03:49:588 NetpMachineValidToJoin: status: 0x0
01/25/2012 21:03:49:588 NetpJoinDomain
01/25/2012 21:03:49:588 Machine: SCCM_BUILD_X32
01/25/2012 21:03:49:588 Domain: sccm.com\dc.sccm.com
01/25/2012 21:03:49:588 MachineAccountOU: (NULL)
01/25/2012 21:03:49:588 Account: sccm.com\dja
01/25/2012 21:03:49:588 Options: 0x23
01/25/2012 21:03:49:588 NetpLoadParameters: loading registry parameters...
01/25/2012 21:03:49:588 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/25/2012 21:03:49:588 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/25/2012 21:03:49:588 NetpLoadParameters: status: 0x2
01/25/2012 21:03:49:588 NetpValidateName: checking to see if 'sccm.com' is valid as type 3 name
01/25/2012 21:03:49:806 NetpCheckDomainNameIsValid [ Exists ] for 'sccm.com' returned 0x0
01/25/2012 21:03:49:806 NetpValidateName: name 'sccm.com' is valid for type 3
01/25/2012 21:03:49:994 NetUseAdd to \\dc.sccm.com\IPC$ returned 132601/25/2012 21:03:49:994 NetpJoinDomain: status of connecting to dc '\\dc.sccm.com': 0x52e
01/25/2012 21:03:49:994 NetpJoinDomainOnDs: Function exits with status of: 0x52e
01/25/2012 21:03:49:994 NetpDoDomainJoin: status: 0x52e
01/25/2012 21:03:55:001 -----------------------------------------------------------------
The 1326 error means that the username is unkown or the password is bad. You can guess whats wrong in my case... BTW: a 1355 error means that the domain name cant be contacted or it can be misspelled (hence it cant be contacted)
After I changed the password to a more simple one, yes, one that I REALLY can spell correctly, I got this log entry: Shortened a lot, but here is the essential lines:
01/24/2012 23:24:45:129 NetpClearFullJoinState: Status of deleting join state key 0x0
01/24/2012 23:24:45:129 NetpCompleteOfflineDomainJoin: status: 0x0
01/24/2012 23:24:45:129 NetpJoinDomain: NetpCompleteOfflineDomainJoin SUCCESS: Requested a reboot :0x0
01/24/2012 23:24:45:129 NetpDoDomainJoin: status: 0x0
I really look forward to the "Test" button that is promised in SCCM 2012
Google searches used:
netjoindomain returned 1326 sccm
sccm cant rejoin computer to domain
no adapters found in environment. performing global configuration only
