Application of MS04-011 - missing SRV records on DCs - GC failures
From: Trust No One (dana.scully_at_usa.net)
Date: 6 May 2004 06:41:11 -0700
We've recently applied MS04-011 to our Global Active Directory. The
roll-out intially appeared to have gone flawlessly, but this morning
we noticed that clients worldwide were reporting slow logins;
furthermore non GC domain controllers were logging hundreds of Event
ID:1126 - unable to establish connection with global catalog"
All our domain controllers are running Windows 2000 with SP4.
We ran DCDIAG on some of the remote domain controllers, and DCDIAG
quite worryingly reported "Warning: DcGetDcName(GC_SERVER_REQUIRED)
call failed, error 1355 - A Global Catalog Server could not be located
- All GC's are down"
I ran REPADMIN on a number of Global Catalogs and it indicated that
all the expected naming contexts were present (thanks goodness!). I
next had a look at the netlogon.dns file and was surprised to see the
file was less than half its expected size - a number of SRV records
including those usually registered for Global Catalogs were missing.
This was the case for all our domain controllers worldwide, and the
time on the netlogon.dns file corresponded roughly to when the hotfix
was applied. The missing SRV records meant among other things that
none of the GCs in the forest were advertising.
Luckily deleting the Netlogon.DNS and Netlong.DNB files, followed by a
stop and restart of the Netlogon service resulted in a correct version
of Netlogon.DNS being written, with all the appropriate DNS records.
We drummed up a quick script to perform the above and all the domain
controllers and our AD now appears to be back to normal. Hopefully
this is an isolated incident, but the procedure above might save
someone some time in digging around if similar symptoms appear on
application of MS04-011.
-- Peter <X-Files FAN and AD enthusiast :)>