Domain subfolders are missing from forward lookup zone

Symptoms

Symptom 1

When you open the forward lookup zone in the Domain Name System (DNS) Microsoft Management Console (MMC) snap-in, the following subdomains may be missing:
  • _msdcs
  • _sites
  • _tcp
  • _udp

This problem may occur if the zone is either Active Directory-Integrated or Standard Primary. Additionally, the forward lookup zone is being used to store SRV records for Active Directory.

When this problem occurs, the following event is logged:

Symptom 2

The domain controller's netlogon service does not register the SRV records as they appear in the netlogon.dns file. Restarting the netlogon service in this situation triggers the following event:




Cause

Cause 1

On a multi-homed server, DNS dynamic update protocol registration may have been turned off (disabled) on the internal network adapter. The same problem occurs on a server that has a single network adapter and DNS dynamic update protocol turned off.

Cause 2

The Dynamic Update Group Policy setting may have been set to disabled. Specifically, the RegistrationEnabled DWORD value in the following registry subkey is set to 0:

HKLM\Software\Policies\Microsoft\Windows NT\DNSClient

Resolution

Resolution 1

To turn on DNS dynamic update protocol on the affected network adapter, follow these steps:
  1. On the desktop, right-click My Network Places, and then click Properties.
  2. Right-click the internal network adapter, and then click Properties.
  3. Click TCP/IP, and then click Properties.
  4. Click the Advanced button.
  5. Click the DNS tab, and then click to select the Register this connection's addresses in DNS check box at the bottom of the tab.
  6. Click OK until the Network Properties dialog box is closed.
  7. Click Start, click Run, type cmd, and then press ENTER.
  8. At a command prompt, stop and restart the Netlogon service and initiate the registration of the network adapter in DNS. To do this, use the following command-line statements:
    • net stop netlogon
    • net start netlogon
    • ipconfig /registerdns
If the previous steps do not resolve this problem, you may have to remove DNS and reinstall it. To remove DNS, follow these steps:

  1. Right-click My Network Places, and then click Properties.
  2. In the Network and Dial-Up Connections window on the Advanced menu, click Optional Networking Components.
  3. In the Windows Optional Networking Components Wizard, click to select Networking Services, and then click Details.
  4. In the Networking Services window, click to clear the box next to Domain Name System (DNS) check box, click OK, and then click Next. This removes DNS.
Before you reinstall DNS, delete the following files:

  • Cache.dns-which is located in %systemroot%\Winnt\System32\DNS
  • Netlogon.dns-which is located in %systemroot%\Winnt\System32\Config
  • Netlogon.dnb-which is located in %systemroot%\Winnt\System32\Config
To reinstall DNS, follow these steps:

  1. Right-click My Network Places, and then click Properties.
  2. In the Network and Dial-Up Connections window on the Advanced menu click Optional Networking Components.
  3. In the Windows Optional Networking Components Wizard, click to select the Networking Services check box, and then click Details.
  4. In the Networking Services dialog box, click to select the Domain Name System (DNS) check box, click OK, and then click Next.
  5. Insert the operating system installation disc when you are prompted, click OK, and DNS is reinstalled.
  6. Restart the computer.

To reconfigure the DNS server and re-create the Forward and Reverse Lookup Zones, see the articles that are listed in the "More Information" section.

Resolution 2

  1. Open the Group Policy Management console (Gpmc.msc).
  2. Locate the following setting, and change it to Enabled or Not Configured:
Computer Configuration\Administrative Templates\Network\DNS Client | Dynamic update

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

 There are other possible causes of this problem:
  • The value for Load zone data on startup on the Advanced tab in the DNS server properties is set to From registry instead of From Active Directory and registry. To resolve this problem, reset the value, and then restart the server.
  • The value of the following registry subkey is
    0:
    HKEY_LOCAL_MACHINE\CurrentControlSet\Services\Netlogon\Parameters\UseDynamicUpdates
  • The filter display limit for the zone is smaller than the number of records in the zone. To resolve this problem, follow these steps:
    1. Click Start, click Run, type dnsmgmt.msc in the Open box, and then click OK.
    2. In the Dnsmgmt dialog box, expand ServerName, and then expand Forward Lookup Zones.
    3. Click the zone, click the View menu, and then click Filter.
    4. Click the Display Limit tab.
    5. Set the display limit to a number that is larger than the number of records in your zone.
  • The forward lookup zone was created by using the wrong name or was accidentally deleted. To re-create the zone, follow these steps:
    1. Make sure that the internal network adapter (and external network adapter if there is one) point to the server IP for DNS resolution in the TCP/IP Properties dialog box.
    2. In the DNS MMC, right-click the server object, and then click New Zone. The New Zone Wizard starts. Under Zone Type, click Active Directory Integrated. On the next page, click Forward Lookup Zone, and then type a domain name (for example,
      domain.com).
    3. Expand the Forward Lookup Zones folder, right-click the zone, and then click Properties.
    4. On the General tab, make sure that Only secure updates is selected in the Allow Updates? list (this is the default setting). Click OK, and then close the DNS MMC.
    5. At a command prompt, restart the Netlogon service by using the following command line:
      • net stop netlogon
      • net start netlogon
      • ipconfig /registerdns
    Verify that the zone file now has the following subdomains:

    • _msdcs
    • _sites
    • _tcp
    • _udp

References

For more information about how to create and configure zone files in DNS on Windows 2000 Server, click the following article numbers to view the articles in the Microsoft Knowledge Base:

308201 How to create a new zone on a DNS server in Windows 2000

237675 Setting up the Domain Name System for Active Directory

Propiedades

Id. de artículo: 310568 - Última revisión: 12 ene. 2017 - Revisión: 12

Comentarios