I hate this….
Ahh the life of a systems engineer.
You go to the trouble of fixing an error and 18 months later you are chasing down the same error again but forgetting that you fixed it before.
A customer of mine is running a classic root and child domain AD model. Issue was (and is) that the root domain only uses a “single label” top level domain (Imagine calling your internal root domain .com and you will get the idea.
Well MS – for good reasons – decided that AD will not, by default, update a SLTLD. Problem is that when you upgrade to 2003 and decide to store your DNS in a forest wide application partition then the partition name becomes “forestDNSzones.com” which is a zone stored in a SLTLD.
OK issue is then the DCs in the child “child.com” then try to update into partition which is inaccesible so hence stuff like the _MSDCS records (essential for cross site replication) don’t get updated. The DCs then start to register Error 5871 messages.
Here’s where I hate this…
There is a Group Policy HKLM\Softtware\Policies\Network\DNSCLient (don’t quote me on this – its 12:47AM) which is supposed to be applied but mysteriously didn’t
I looked back at some notes and found I’d fixed this in the past.
Problem I have is that this link http://support.microsoft.com/kb/300684 doesn’t come up in a search for “error 5871 site:microsoft.com” until about page 14 (actually it doesn’t) so you would never find it.
After consulting a mate he said “remember the TLD issue”…… DOH. The lights came on. Still don’t know why this one DC hasn’t updated from the Default DC GP (which has the entry) but the problem is fixed, the errors have dissappeared and I can stop worrying.
New data to hand, Windows 2008 R2 also will not update a SLTLD. There are 2 registry entries you need – they are (Conveniently in REGEDIT 5.0 Format)
Again – this fixes Event Error 4513