We have 3 DCs in our domain. One of the DCs died (wouldn't boot) two weeks ago. We performed metadata cleanup to remove the old DC from AD. Then we built a new DC with a new name (we used the same IP address).
The initial DNS replication functioned properly. However, two weeks in, we find that new DNS entries on the other DCs don't replicate to this one. We ran "repladmin /showrepl" on this DC and the other DCs. On the new DC, repladmin says all the recent replications went fine. On the other DCs, however, replication to the new DC has failed, giving error 8524 "The SDA operation is unable to proceed because of a DNS lookup failure."
The new DC's hostname is listed in our domain's forward and reverse lookup zones. However, it is formatted oddly in the _msdcs lookup zone. Only the hostname, not the FQDN is present. In DNS, the forward lookup zone "_msdcs.ourdomain.com" looks like this:
Name Type Data
(same as parent) Start of Authority [630,DC3., hostmaster.ourdomain.com]
(same as parent) Name Server (NS) dc1.ourdomain.com.
(same as parent) Name Server (NS) dc2.ourdomain.com.
(same as parent) Name Server (NS) dc3.
SID1 Alias(CNAME) dc1.ourdomain.com.
SID2 Alias(CNAME) dc2.ourdomain.com.
SID3 Alias(CNAME) dc3.
*Computer SIDs that I didn't feel like typing out. I verified that the SIDs are correct.
This information is the same when viewing DNS on all three DCs. Note that the new DC (DC3) doesn't have an FQDN next to its SID. Pings to that SID fail, while pings to the other two SIDs succeed. So there's my problem.
I'm very hesitant to manually modify anything in _msdcs. What do you say? Can I fix this just by editing that last entry to an FQDN? Or do I need to modify it somewhere else?
0 Answers