Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



dcdiag.exe /test:DNS > Delegation is broken for the domain

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 29-06-2007
hugoelopezp@gmail.com
 
Posts: n/a
dcdiag.exe /test:DNS > Delegation is broken for the domain

hi guys! (windows 2003+3 DCs+1domain+DNS Integrated zone)

After every restart, all of my DCs are deadly slow to show up the
domain and allow users to logon. Giving a look at the events, i found
that the DNS service is delaying 22 minutes to get started. That made
me try dcdiag.exe /test:DNS and got the following weird error message:

DNS server: 192.168.12.5 (dc1.mydomain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
mydomain.com.MYDOMAIN.COM. on the DNS server 192.168.12.5

DNS server: 192.168.2.6 (dc2.mydomain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
mydomain.com.MYDOMAIN.COM. on the DNS server 192.168.2.6

DNS server: 192.168.21.110 (dc3.mydomain.com.)
1 test failure on this DNS server
Delegation is broken for the domain
mydomain.com.MYDOMAIN.COM. on the DNS server 192.168.21.110

Any clue about this? This "mydomain.com.MYDOMAIN.COM" seems quite
weird to me.

Thanks beforehand!


Reply With Quote
  #2  
Old 01-07-2007
Kevin D. Goodknecht Sr. [MVP]
 
Posts: n/a
Re: dcdiag.exe /test:DNS > Delegation is broken for the domain

Read inline please.

In news:1183141459.884949.97070@o61g2000hsh.googlegroups.com,
hugoelopezp@gmail.com <hugoelopezp@gmail.com> typed:
> hi guys! (windows 2003+3 DCs+1domain+DNS Integrated zone)
>
> After every restart, all of my DCs are deadly slow to show up the
> domain and allow users to logon. Giving a look at the events, i found
> that the DNS service is delaying 22 minutes to get started. That made
> me try dcdiag.exe /test:DNS and got the following weird error message:
>
> DNS server: 192.168.12.5 (dc1.mydomain.com.)
> 1 test failure on this DNS server
> Delegation is broken for the domain
> mydomain.com.MYDOMAIN.COM. on the DNS server 192.168.12.5
>
> DNS server: 192.168.2.6 (dc2.mydomain.com.)
> 1 test failure on this DNS server
> Delegation is broken for the domain
> mydomain.com.MYDOMAIN.COM. on the DNS server 192.168.2.6
>
> DNS server: 192.168.21.110 (dc3.mydomain.com.)
> 1 test failure on this DNS server
> Delegation is broken for the domain
> mydomain.com.MYDOMAIN.COM. on the DNS server 192.168.21.110
>
> Any clue about this? This "mydomain.com.MYDOMAIN.COM" seems quite
> weird to me.
>
> Thanks beforehand!


Something is obviously missing, to properly diagnose this problem, we'll
need to see this information:

1. Ipconfig /all from your DCs (unedited).
2. Active Directory domain name from AD Users & Computers.
3. List of forward lookup zones in your local DNS server.

These three pieces of information usually tell us the most common causes of
your errors.
If you want to try to fix it yourself, here is what you need to look at:

Your ipconfig /all should have a Primary DNS suffix that matches exactly
your Active Directory Domain name, and your Forward Lookup zone in DNS.
DNS should also have one additional Forward Lookup zone named
_msdcs.<ADDNSName>.

Also, in your ipconfig /all the DCs will need to point to another DC for the
Preferred DNS, and itself for Alternate. As with all AD Domain members, DCs
should also never have an ISP or other external DNS in TCP/IP properties.
Another issue you could be dealing with is a Single-label DNS domain name.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


Reply With Quote
  #3  
Old 25-07-2007
help
 
Posts: n/a
Re: dcdiag.exe /test:DNS > Delegation is broken for the domain

Hi guys,
Just figured it out the broken delegation. Someone created a
delegation of mydomain.com in mydomain.com zone and deleted the NS
record, don't know how the heck!.

Therefore, i got the issues about a delegation being broken for
mydomain.com.mydomain.com. Just deleted the crap the previous guy did
and voila!

The issue about my DCs booting deadly slow is still there 20MINUTES TO
BOOT UP and show up the domain.... any help will be appreciated.

Reply With Quote
  #4  
Old 26-07-2007
Kevin D. Goodknecht Sr. [MVP]
 
Posts: n/a
Re: dcdiag.exe /test:DNS > Delegation is broken for the domain

Read inline please.

In news:1185327563.102763.94470@d55g2000hsg.googlegroups.com,
help <hugoelopezp@gmail.com> typed:
> Hi guys,
> Just figured it out the broken delegation. Someone created a
> delegation of mydomain.com in mydomain.com zone and deleted the NS
> record, don't know how the heck!.
>
> Therefore, i got the issues about a delegation being broken for
> mydomain.com.mydomain.com. Just deleted the crap the previous guy did
> and voila!
>
> The issue about my DCs booting deadly slow is still there 20MINUTES TO
> BOOT UP and show up the domain.... any help will be appreciated.


If you have more than one DC, each DC should point to for Preferred DNS,
another DC w/DNS and the AD Domain zone that is always running when itself
is rebooted.
All DNS servers must be able to resolve the AD domain name, and in addition,
if the _msdcs.ForestRoot has been delegated, all DNS servers must have this
zone.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


Reply With Quote
  #5  
Old 18-08-2007
help
 
Posts: n/a
Re: dcdiag.exe /test:DNS > Delegation is broken for the domain

Hi Kevin,
I always knew this about the DNS setup and it's always worked setup
that way on my current LAN. But I'm still curious about the fact that
in networks with only 1 DC this delay does not happen.

I'm even more curious yet when I see the event log and the DNS service
takes at least 20 minutes to start.

Regards!

Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "dcdiag.exe /test:DNS > Delegation is broken for the domain"
Thread Thread Starter Forum Replies Last Post
DCDiag failed test systemlog madon Active Directory 4 13-02-2009 03:29 AM
Dcdiag /test:Checksecurityerror is failed raju_pitchuka Networking & Security 2 05-02-2009 06:06 PM
DCDIAG passes everything except Starting test: systemlog SupportAV Active Directory 4 04-12-2007 10:21 PM
Failed DCdiag Test AjitPal Small Business Server 3 11-07-2007 07:13 AM
DNS test fails with dcdiag /test:dns - TEST: Forwarders/Root hints (Forw) MartinH Windows Server Help 6 20-06-2006 07:20 PM


All times are GMT +5.5. The time now is 07:01 PM.