The client I am currently working at has asked me to take a look at one of theirmany Active Directory forests. They are saying their Admins are reporting the fact that they cannot do any amendments to groups etc. in AD. Initital analysis showed that replication was working OK however, when I took a close look at the underlying DNS I notived that the DNS appears to be adding a space to end of the NS (the NS are the domain controllers).
If I run a netdiag /test:dns the following error is displayed:
DNS test . . . . . . . . . . . . . : Failed
[FATAL] The DNS host name 'SERVERNAME.DOMAIN.DOMAIN.DC.DC ' is not valid. [DNS_ERROR_INVALID_NAME_CHAR]
[WARNING] Cannot find a primary authoritative DNS server for the name
'SERVERNAME.DOMAIN.DOMAIN.DC.DC .'. [RCODE_SERVER_FAILURE]
'SERVERNAME.DOMAIN.DOMAIN.DC.DC .' may not be registered in DNS.
[WARNING] The DNS entries for this DC are not registered correctly on DNS server 'IP.IP.IP.IP'. Please wait for 30 minutes for DNS server replication.
[WARNING] The DNS entries for this DC are not registered correctly on DNS server 'IP.IP.IP.IP'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
NOTE: I've changed the client server/domain/ip addresses to remove any reference that can identify the client.
Those with an eagle eye will note the " " at the end of the dns record, hence the DNS_ERROR_INVALID_NAME_CHAR message. This is the same on both the domain controllers in the domain. Has anyone come across this before? If so did they manage to fix this without doing a complete forest rebuild?
I've gone through every config file, setting etc. looking to see where this rogue " " is coming from but cannot find it. The DNS would appear to be FUBAR'd and my gut feeling is due to the fact the client does not have a backup of the AD from before this error that this is "un-fixable" and the client is in a very uncomfortable place.
Before I go back and write up my report suggesting a complete rebuild from scratch (as no restore option is available) I thought I'd throw this out to my peers. Has anyone come across this before, do they have any tips/procedures for re-creating the DNS in the whole forest (Windows 2003 R2), any other suggestions that I can try etc.
I've done the dcdiag /fix, netdiag /fix, etc. etc. but the error (space appended to end of NS record is still present).