Windows DNS registers duplicate SRV records for a DC if its computer name has uppercase letters

Прилага се за: Windows Server 2019, all versionsWindows Server 2016

Symptoms


You have one or more Windows Server 2019-based or Windows Server 2016-based domain controllers (DCs) in a deployment that uses AD DS-integrated DNS zones. At least one of the DCs has a computer name that includes uppercase characters.

In this situation, you notice that the DNS records for the domain include duplicate server location (SRV) records for the DCs that have uppercase characters in their computer names. One record includes the computer name in the RDATA in all lowercase characters, and one record includes the computer name in the RDATA in the correct case characters.

Cause


This behavior occurs because of a change in how the Windows Server DNS functionality manages the RDATA segment of an SRV record. In Windows Server 2012 R2 and earlier versions, the RDATA segment contains only lowercase letters. If a computer name contains uppercase letters, the DNS functionality converts them to lowercase. However, the Windows Server 2016 (or later version) DNS functionality accepts uppercase and lowercase letters.

When the DNS server checks to see whether a computer name already has an associated SRV record, it does not account for changes in case. Therefore, it considers "winserv16.contoso.com" and "WinServ16.contoso.com" to be different addresses. 

For this reason, you may see unexpected effects if you use the following configurations:

  • All the DNS servers and DCs in the domain have been upgraded from Windows Server 2012 R2 (or an earlier version) to Windows Server 2016 (or a later version). The DNS database may generate extra SRV records for any DC that has uppercase characters in its computer name.
  • All the DNS servers and DCs in the domain run Windows Server 2012 or earlier. You install the DNS server role on a Windows Server 2016 member server, and then you promote that member server to a DC in the same domain. If the Windows Server 2016 DC has uppercase characters in its computer name, it will have extra SRV records in DNS.
  • You have a domain that contains DCs and DNS servers that run various versions of Windows Server. The primary DNS server is a DC that runs Windows Server 2012 or earlier, and the secondary DNS server is a Windows Server 2016 DC. The primary DNS server becomes unavailable, and you change the Windows Server 2016 DC to be the new primary DNS server. After this change, the DNS database may generate extra SRV records for any DC that has uppercase characters in its computer name. 

Workarounds


Preventing duplicate SRV records

You can use the following methods to prevent Windows DNS from creating duplicate SRV records:

  • Before you promote a member server to a DC or before you upgrade a DC to Windows Server 2016 or a later version, make sure that its computer name contains only lowercase characters.
  • Make sure that all internal build processes, tools, and scripts that create, modify, or use computer names also use lowercase characters.
  • If you cannot rename your DCs (or if it will take a long time to do so), configure your DNS topology so that DCs that run Windows Server 2016 or later use DNS servers that run Windows Server 2016 or later. Similarly, configure DCs that run Windows Server 2012 R2 or earlier to use DNS servers that run Windows Server 2012 R2 or earlier.
     

Removing duplicate SRV records

To work around this issue after you encounter it, you have to rename your DCs by using all lowercase characters. Depending on the details of your deployment, you may have to manually reconfigure settings or remove files. This section provides the following workaround methods, in order of complexity:

Method 1: Rename a DC in a single-DC domain

If you have one DC, use the steps in Renaming a Domain Controller to change the DC's computer name to a new name that contains only lowercase characters. In the case of a single DC, you do not have to demote and repromote it.

Method 2: Rename DCs in a multi-DC domain

If you have more than one DC in your domain, follow these steps for each affected DC:

  1. Demote the DC, and clean up the related metadata. For more information, see Demoting Domain Controllers and Domains and AD Forest Recovery - Cleaning metadata of removed writable domain controllers.
  2. Rename the computer, giving it a name that contains only lowercase characters.
  3. Promote the computer to a DC again.

By the time all the DCs are back online, the duplicate (mixed-case) SRV records should be gone.

Method 3: Rename DCs and remove all stored SRV records

If Method 1 and Method 2 do not provide satisfactory results, follow these steps for each affected DC:

  1. Demote the DC, and clean up the related metadata. For more information, see Demoting Domain Controllers and Domains and AD Forest Recovery - Cleaning metadata of removed writable domain controllers.
  2. On the demoted computer, follow these steps:
    1. Rename the computer, giving it a name that contains only lowercase characters.
    2. Stop the netlogon service. To do this, open an elevated Command Prompt window, and then run net stop netlogon.
    3. Delete the following files in the C:\Windows\System32\config\ folder:
      • netlogon.dnb
      • netlogon.dns
  3. On one of the other DCs, open Server Manager, select Tools, and then select DNS.
  4. In DNS Manager, inspect the containers under Forward Lookup Zones and then delete the SRV records for the DC that you demoted.
  5. On the renamed computer, start the netlogon service. To do this, open an elevated Command Prompt window, and then run net start netlogon.
  6. Promote the renamed computer to a DC again.