Hello all.  Eric here again.  OK, so maybe the title of this blog post isn’t the best, primarily because there could be a ton of reasons why some DC’s might not be able to sync time with the PDCE.  Some obvious examples would be port blockages, connectivity issues, DC’s set to “NoSync”, VM’s syncing to their host, maybe a broken IPSec policy on the DC, and a lot of other reasons.  I ran into what I thought was an interesting scenario today ... [More]

Greetings All. Eric here again. Recently I was doing an ADRAP remediation and one of the High Risk findings that the tool found was "Multiple Copies of a Primary zone Stored in Different Locations". In this environment all of the DC's were Windows Server 2008 R2. I've seen this finding on the ADRAP report a number of other times where the same zone was in the ForestDNSZones, DomainDNSZones, and Domain partitions, among other file based zones across different DC's all at the same time in some pre... [More]

Hello all, this is Eric again. Recently I was at a customer site finishing up a 2008 R2 (pre-SP1 – and there is a difference as discussed in my update at the end) upgrade project, cutting over their last site, when the customer randomly mentioned something that he had seen when he built and promoted a new 2008 R2 DC a couple of days ago. He said that he'd built it from media, added anti-virus, and then promoted it, checking the DNS and GC boxes in the dcpromo wizard. He said that he didn't do an... [More]

How's it goin' team? Eric here again. It's been a while since I've blogged, so I figured I'd write one based on some scenarios during a recent customer visit. I was on-site with a customer that added probably a hundred new zones since I'd been there last. The only reason we even looked at that was because there appeared to be some stale entries impacting SCCM deployments, and that’s when I found that aging/scavenging wasn't enabled on the new zones (you can find very good info on scavengin... [More]

Eric here again. Recently I had an interesting issue with one of my customers that I caught on accident while looking for something else related to a different problem. When combing through the event log I found the following error in the event logs: After the other issue was fixed, I started to look into my new finding. In this scenario Domain.com is a relatively newly built domain that trusts the domain that MemberServer resides in, however the domain that MemberServer lives in doesn't trus... [More]

While on the topic if DNS, one of the DC's that had the corrupt application partition (discussed in my last blog entry) also had another interesting issue that's not all that common, at least in my experience. One DC in one of the child domains, was missing a few AD integrated DNS zones that were stored in the ForestDNSZones application partition, however it had other zones loaded that were stored in the same partition. To clarify what I mean when I say missing, I mean missing from the DNS conso... [More]

Right before my trip to Japan one of my Desktop machines "died". It's a BitLockered Windows 7 x64 machine. Since the machine wasn't "mission critical", it had to wait. Now, a month and a half later during the Thanksgiving holiday, I was finally able to look into the issue. Essentially all I did was a reboot to install updates. On the way back up, it essentially said no bootable disk, press F1 to continue. How exciting…. Also, though, I'm a "Platforms" engineer, my specialty isn't "setup",... [More]