Two W2003SP2 DCs, DC1 and DC2 having just renamed their domain from mydomain to mydomain.lan (single label to dotted name). Everything went well, no error messages. Clients logs on to the new domain name flawlessly.
However, there is a DNS problem. DC1 takes minutes to start, freezes at 'Preparing network connections'. The event logs displays various errors / warnings which are copied below. I believe that many of the problems are related. I need specific information on where to go in the consoles and what to check for to resolve this situation, therefore I set the points to 500.
Thanks a lot if there are som DNS / AD wizards out there ;-)
best regards
Geir
Excerpt from event logs after last reboot. DC" (the secondary DC) logs first:
!!!! Warning or Error events since last boot from DC2
application log:
event ID warning 53258 computer dc2
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: d:\nt\com\complus\dtc\dtc\
adme\uinam
e.cpp:9351
, Pid: 1128
No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.
exe
dns server log:
event ID warning 4010 computer dc2
The DNS server was unable to create a resource record for 1ffcb6ba-c6bf-4037-95bc-26
14d7ea9a61
._msdcs.my
domain.lan
. in zone mydomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.
event ID warning 4010 computer dc2
The DNS server was unable to create a resource record for 477e0653-8f6b-4265-ba75-b0
53508230da
._msdcs.my
domain.lan
. in zone mydomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.
!!!! Warning or Error events since last boot from DC1
application log:
event ID error 1005 computer DC1
The DSRestore Filter failed to connect to local SAM server. Error returned is <id:997>.
**************************
**
system log:
event ID warning 1101 computer DC1
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\DhcpMib
Agent\Curr
entVersion
because it is missing or misconfigured.
event id warning 40960 computer DC1
The Security System detected an authentication error for the server ldap/DC1.mydomain.LAN. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
same event id:
The Security System detected an authentication error for the server LDAP/DC1. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
**************************
**
directory service log:
event ID warning 2088
Active Directory could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.
Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory forest, including logon authentication or access to network resources.
You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.
Alternate server name:
DC2
Failing DNS host name:
1ffcb6ba-c6bf-4037-95bc-26
14d7ea9a61
._msdcs.my
domain.LAN
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1:
Registry Path: HKLM\System\CurrentControl
Set\Servic
es\NTDS\Di
agnostics\
22 DS RPC Client
Additional Data,
Error value:
11004 The requested name is valid, but no data of the requested type was found.
**************************
*********
dns log:
event ID error 4010 computer DC1
The DNS server was unable to create a resource record for 1ffcb6ba-c6bf-4037-95bc-26
14d7ea9a61
._msdcs.my
domain.lan
. in zone mydomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error
event ID error 4010
The DNS server was unable to create a resource record for 477e0653-8f6b-4265-ba75-b0
53508230da
._msdcs.my
domain.lan
. in zone mydomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.
event ID error 6702 computer DC1
DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
**************************
**********
*******
file replication service log
event ID warning 13508 computer DC1
The File Replication Service is having trouble enabling replication from DC2 to DC1 for c:\windows\sysvol\domain using the DNS name DC2.mydomain.LAN. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC2.mydomain.LAN from this computer.
[2] FRS is not running on DC2.mydomain.LAN.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
event ID warning 13509 computer DC1
The File Replication Service has enabled replication from DC2 to DC1 for c:\windows\sysvol\domain after repeated retries.
