We have 3 DCs, 2 at our HQ, and 1 at our DR site.
2 DCs at our HQ are Server 2008 R2 SP1 Standard, 1 DC at our DR site is Server 2008 SP2.
Whenever I try to create a new DNS record on either one of the two DCs at our HQ I get the following error:
DNS---------------------------
The host record testing.ourdomain.local cannot be created.
Refused
---------------------------
OK
I checked Event Viewer and found the following:
Event ID 4015 - DNS-Server-ServicesThe DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "0000051B: AtrErr: DSID-030F1F8D, #1:
0: 0000051B: DSID-030F1F8D, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 20119 (nTSecurityDescriptor)". The event data contains the error.
dcdiag /test:dns results on all 3 DCs and the 2 DCs at HQ that I can't create DNS records on both pass without any errors. The one server at our DR site is the only one that throws errors and those errors are as follow:
______________________________________
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = dr-DC-01s
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: our-company-DR\DR-DC-01S
Starting test: Connectivity
......................... DR-DC-01S passed test Connectivity
Doing primary tests
Testing server: our-company-DR\DR-DC-01S
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... DR-DC-01S passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : ourcompany
Running enterprise tests on : ourcompany.local
Starting test: DNS
Test results for domain controllers:
DC: dr-DC-01s.ourcompany.local
Domain: ourcompany.local
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Records registration (RReg)
Network Adapter
[00000012] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
Warning:
Missing AAAA record at DNS server 192.168.HQ.23:
dr-DC-01s.ourcompany.local
Warning:
Missing AAAA record at DNS server 192.168.HQ.23:
gc._msdcs.ourcompany.local
Warning:
Missing AAAA record at DNS server 192.168.HQ.22:
dr-DC-01s.ourcompany.local
Warning:
Missing AAAA record at DNS server 192.168.HQ.22:
gc._msdcs.ourcompany.local
Warning:
Missing AAAA record at DNS server 192.168.DR.51:
dr-DC-01s.ourcompany.local
Warning:
Missing AAAA record at DNS server 192.168.DR.51:
gc._msdcs.ourcompany.local
Warning: Record Registrations not found in some network adapters
dr-DC-01s PASS WARN PASS PASS PASS WARN n/a
......................... ourcompany.local passed test DNS
_____________________________________________________________________________________________
For now it's not an emergency, just something that I eventually need to fix. All other directory services seem to be functioning correctly and I've done a ton of googling and searching to try to figure out how to fix this, but I just haven't found the right resource yet. For now I can create new dns records by logging onto our DR server and creating DNS records there, then waiting a few minutes for the changes to replicate to the other DCs, but this is by no means a permanent solution.
If you have any suggestions on how to fix it or any suggestions on what to look at/for next I'm all ears.