Restoring a domain controller

scottalanmiller

@Carnival-Boy said:

When I run nslookup from a command prompt, it works ok (displays the default server and address).

However, when I run nslookup from within DNS manager (right click on the server and select "Launch nslookup" it says:
Default Server: UnKnown
Address: fe80::704f::3fe7:6795:d3c7

That address is an IPV6 address, right?

Yes that is IPv6

Sounds like DNS is misconfigured and can't do a lookup on its own.

Dashrender

@Carnival-Boy said:

When I run nslookup from a command prompt, it works ok (displays the default server and address).

However, when I run nslookup from within DNS manager (right click on the server and select "Launch nslookup" it says:
Default Server: UnKnown
Address: fe80::704f::3fe7:6795:d3c7

That address is an IPV6 address, right?

Also, in DNS manager, there are NS entries for our old DC, which is no longer part of the domain, and also an NS entry for our file server which used run DNS but doesn't any more. Should I delete this entries. Do they make a difference?

I completely missed this post. As Scott pointed out, it does look like DNS is what's not working - this probably explains why when you restore the other DC things work as you desire because DC-1 is relying on DC-2 to make DNS work correctly (though that wouldn't explain why an offline backup that's restored works - so that's still odd).

What happens if you skip the non authoritative restore after restoring the backup?

Carnival Boy

On either server, if I type** nslookup DC-01 DC-01** I get
DNS request time out
Server: UnKnown
Address: fe80::704f:3fe7:6795:d3c7
Name: DC-01
Address: 10.1.2.13

whereas if I type nslookup DC-01 10.1.2.13 I get
Server: DC-01
Address: 10.1.2.3
Name: DC-01
Address: 10.1.2.13

So it seems it can resolve when specifying the IPv4 address of the DNS server, but otherwise it thinks the DNS Server is at an IPv6 that it can't find?

That address is the IPv6 address of DC-01 and it resolves if I type** ping DC-01**.

In otherwords, is this an IPv6 issue?

scottalanmiller

I don't think that it is possible for it to be an IPv6 issue.

scottalanmiller

What are the DNS settings on each host?

Dashrender

I wonder if the DNS server itself on that DC is broken?

scottalanmiller

@Dashrender said:

I wonder if the DNS server itself on that DC is broken?

That's kinda what I am thinking.

Carnival Boy

Update. Had a guy in to take a look. He thinks he's fixed it. I'd love to tell you exactly how, but I didn't really understand what he was telling me. But basically he thinks DC-01 (the PDC) was fine, but DC-02 was screwed. As you've said already, and as he said today, when AD isn't working it's usually a DNS problem somewhere. He didn't think DC-02 was registering correctly or there were some dodgy DNS records. He's wasn't entirely sure why this mean't DC-01 wouldn't restore correctly on it's own, other than if DNS is screwed it is screwed and needs fixing.

He demoted DC-02, removed it from the domain, re-added it to the domain and promoted it. He also tidied up a few other things, as everything was a bit of a mess. I knew this, as previous consultants had been in and done work and not tidied up as well as they should of. He ensured everything registered and replicated correctly and then backed up DC-01 and restored it. So far, the restore looks good. Yay!

So touch wood, everything is ok.

A little disappointed that ML (and myself) couldn't get the win, but a win's a win. He did say it wasn't anything obvious and it took him most of the day to fix, so at least I haven't embarrassed myself in front of him and you. On the surface everything looked fine and it was only when you dug deeper that one or two things didn't look quite right.

Thanks for all the help.

Dashrender

Great news - though for ML's sake, I think we did find the issue at least before you told us what the tech said, we just didn't have time to dig through settings with you before your consultant did.

It is odd that leaving and joining DC-02 fixed the issue, I would have thought that DC-01 was what was broken. This leads me to believe that the cleanup he did did more to solve the problem than than the leaving/rejoining of DC-02.

If you still have an old image of the server pre fix - I'd personally love to see the DNS in hopes of really understanding what was broken.

Carnival Boy

I'll see what I can do. What info do you want me to look up and post?

Dashrender

A full out exploded view of the entries side by side with the new one would give us the best results, but there is probably privacy in there so that might not be possible.