It actually turned out to be one the simplest DNS fixes I have ever done! But the Google trail for the answer was long! Lots of material, but few "do this".
This is how your log looks like, the list can be long with many DNS servers:
And all of the error messages in the DNS log looks similar to this:
The DNS server was unable to create a resource record for a3eda34b-bb98-456d-a6e4-9b7b3761a13c._msdcs.yourdomain.local. in zone yourdomain.local The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.
Well, I'll go out on a limb and say it is not corrupt, but the event data still dosn't tell me much. But here is a likly scenario with a solution:
You (or sombody else ofcoarse!) have created a new forward lookupzone on called: _msdcs.yourdomain.local (since it was missing, obvious) AND the old _msdcs zone under yourdomain.com zone is still there, but now none of your servers have access to it.
Without any warranty for your result (and after you backed up everything) you can delete the _mscds under the yourdomain.local zone and leave the _mscds.yourdoamain.local zone as is. Restart the DNS service on the DNS server where you did the change and the Errors in your DNS log should be gone.
Please note: Now that you deleted it, one of your DNS servers WILL recreate ALL the records again, since it now has access to do that. In my case there was a few retired DNS and some excisting servers so I deleted the _mscds zone again. Don't worry! If all your DNS servers are listed under _mscds.yourdomain.local everything is good.
And why does this work? Well, I'm guessing a little and using some logic, your DNS servers are functioning 100% even with this Error, right? This is because the _msdcs.yourdomain.local zone that was created manually actually works as it should. You (or someone) just forgot to delete the _mscds under yourdomain.local when they created the new zone. Thats it.
And again: Remember to go back and clean up again after a few hours. Hopefully you won't need a mop...
Google search used: The DNS server was unable to create a resource record for
Success is nothing more than a few simple
ReplyDeletedisciplines, practiced every day. See the link below for more info.
#few
www.ufgop.org
Thank you for your help.
ReplyDeleteI was able to solve my problem.