Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 151
  • Last Modified:

Windows 2000 DNS server is misconfigured after upgrading from NT 4.0

My Windows 2000 DNS Server has a major problem (this was an upgrade from NT). Netlogon gives me a message that it "cannot register or deregister because there is no DNS server". Here's roughly what my DNS screen looks like:
----------------------------------------
DNS
  Computer-name
      Cached Lookups
      Forward Lookups
      Reverse Lookups
----------------------------------------


Here's what I see under cached lookups:

---------------------------------------------
Cached Lookups
    (.)
        Net
           .........other stuff

---------------------------------------------

I have done an extensive amount of research and still don't know what the "Cached Lookups" domain is. Many articles I have read warn against the (.) root domain but they all say it would be under the "Forward lookup" zone, not under Cached Lookups. I don't get the option to delete "Cached Lookups". The server gives me the option to delete the "Net" folder but when I press delete it says: domain cannot be deleted - the zone doesnt exist.

I definitely feel I have to get rid of the "cached Lookups" folder to fix my problem, but I can't ( I have tried everything).

Here's my question:

My zone is Active Directory Integrated, what would happen if I deleted the "Computer Name" from DNS and started building the DNS over again? Will I get into real trouble with the Active Directory. I don't think it knows where the DNS is anyway. Or better yet, what if I removed DNS entirely and then added it back.

Or aternativelty is this something that "netdiag.exe /fix" would take care of?

Please do not point me to online documents - I have read all of them. And remember that I can't delete the (.) root folder. It doesnt let me (unless there is a tricky way to do it).

0
DontKnow
Asked:
DontKnow
  • 6
  • 4
1 Solution
 
PberSolutions ArchitectCommented:
I assume the DNS service is running on an Windows 2000 domain controller since you said it was Active directory integrated.

I've broken AD many times and it usually always because of DNS.  Removing the Computer name from DNS doesn't actually remove DNS, it just removes the ability to administer DNS on that computer.  I wouldn't worry about the cached lookup zone, I have the structure you have and mine works fine.

What do you see under your forward lookup zone?

Anyhow, you should be able to remove DNS and reinstall.  AD will be down, so I would do this after hours.  I still wouldn't recommend it.

But first try this...

Make sure in the TCP/IP that the server is pointing to itself for DNS (once again assuming DNS is installed on this machine)
Make sure "Append primary and connection specific DNS suffixes" are selected.
Check "Append parent suffixes of the primary DNS suffix"
Check "Register this connection's addresses in DNS"

Enter your AD DNS name in "DNS suffix for this connection"

On the DNS server, make sure you have a zone that matches your AD DNS name.  If not create it.
You may want to turn off Secure dynamic updates until DNS it working.

At a command prompt try:

c:\ipconfig /registerdns

This should register this server into DNS.  I've had problems with not having the DHCP client enabled while using NIC Teaming.

c:\ipconfig /flushdns
This will flush the DNS cache. The server will look into cache before it query's DNS.  This forces it to look at the DNS server.

If you are using NetBIOS, you might want to try:
c:\nbtstat -R
This is similar to /flushdns but for NetBIOS

c:\nslookup
This will allow you to query the DNS server to see if you can resolve things.

Also in the Windows 2000 support tools there a tool called Active Directory Replication monitor.  This tool is good for checking replication problems.

What kind of events are you getting in the Directory Service, DNS, Replication event logs?

Let me know what happens





0
 
DontKnowAuthor Commented:
I follwed your directions and here's what I have

Make sure in the TCP/IP that the server is pointing to itself for DNS (once again assuming DNS is installed on this machine)
     This is the case

Make sure "Append primary and connection specific DNS suffixes" are selected.
     These radio buttons are selected
   
Check "Append parent suffixes of the primary DNS suffix"
     This is the case

Check "Register this connection's addresses in DNS"
     This is selected

Enter your AD DNS name in "DNS suffix for this connection"
       The name was there

On the DNS server, make sure you have a zone that matches your AD DNS name.  If not create it.
       I did have a zone that matched the AD DNS name
   
I typed in the following command as you suggested:
c:\ipconfig /registerdns
I got a message: Registraion of resource records has started. Any error will be reported in the event viewer in 15 minutes. No error were reported

I ran the follwing command as well
c:\ipconfig /flushdns     it did it's job

I stopped the DNS service and restarted it and then stopped and restarted Netlogon. Netlogon again gave me the follwoing message:

Dynamic registration and deregistration of one or more DNS records failed because no DNS servers are available.

Here's some extra info - (assume that my domain name is "mydomain", and computer name is "compname"):

Under my forward lookup zone:

Forward Lookup
      SOA
      NS           compname.mydomain.
      NS           compname.mydomain.loc
        A            compname       IP

I don't know why I have 2 NS records but I havent been able to delete one.

Also, I don't have any SRV records, which I think should be appearing automatically under the Forward Lookup - I am assuming that's what netlogon is trying to do and can't.

I think the machine, or the domain doesnt understand there is a DNS on the same machine. As a result I cannot add a new DC to this domain. When I try to do that I get a message saying "no domain found" or something like that. I can add workstations to this domain though without any problems.

I think I am hosed. What kind of troubles could I get into if I just delete the computer name from my DNS and start rebuilding it. Of course that's no guarantee that would work either. At the moment users can log into the machine and do their work and I don't want to jeopardize that.

I think I will add another 100 points for your trouble.

0
 
DontKnowAuthor Commented:
I follwed your directions and here's what I have

Make sure in the TCP/IP that the server is pointing to itself for DNS (once again assuming DNS is installed on this machine)
     This is the case

Make sure "Append primary and connection specific DNS suffixes" are selected.
     These radio buttons are selected
   
Check "Append parent suffixes of the primary DNS suffix"
     This is the case

Check "Register this connection's addresses in DNS"
     This is selected

Enter your AD DNS name in "DNS suffix for this connection"
       The name was there

On the DNS server, make sure you have a zone that matches your AD DNS name.  If not create it.
       I did have a zone that matched the AD DNS name
   
I typed in the following command as you suggested:
c:\ipconfig /registerdns
I got a message: Registraion of resource records has started. Any error will be reported in the event viewer in 15 minutes. No error were reported

I ran the follwing command as well
c:\ipconfig /flushdns     it did it's job

I stopped the DNS service and restarted it and then stopped and restarted Netlogon. Netlogon again gave me the follwoing message:

Dynamic registration and deregistration of one or more DNS records failed because no DNS servers are available.

Here's some extra info - (assume that my domain name is "mydomain", and computer name is "compname"):

Under my forward lookup zone:

Forward Lookup
      SOA
      NS           compname.mydomain.
      NS           compname.mydomain.loc
        A            compname       IP

I don't know why I have 2 NS records but I havent been able to delete one.

Also, I don't have any SRV records, which I think should be appearing automatically under the Forward Lookup - I am assuming that's what netlogon is trying to do and can't.

I think the machine, or the domain doesnt understand there is a DNS on the same machine. As a result I cannot add a new DC to this domain. When I try to do that I get a message saying "no domain found" or something like that. I can add workstations to this domain though without any problems.

I think I am hosed. What kind of troubles could I get into if I just delete the computer name from my DNS and start rebuilding it. Of course that's no guarantee that would work either. At the moment users can log into the machine and do their work and I don't want to jeopardize that.

I think I will add another 100 points for your trouble.

0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
PberSolutions ArchitectCommented:
Well your setup looks good.

As far as deleting the Name server.  Select the Name server, right click.  Select properties, under the Name server tab, you should be able to remove the other entry.

It seems like the DCpromo didn't take (probably due to DNS).  Look at the DCpromo.log file in c:\winnt\debug and look for errors.

Does NSlookup query the DNS?  Make sure the server can atleast query itself.

Is the DNS server allowing Dynamic updates?  This is needed for the records to be updated.

Is there a file in c:\winnt\system32\config called netlogon.dns  This file will have the srv records in it.

What events are you getting in the Event logs?

If you are hosed, I wouldn't worry about deleting the zone.  Recreate as a primary and try to have the DC recreate the records (Start Netlogon).  I hosed my AD once and I entered in all the SRV records manually and AD came back.  

0
 
DontKnowAuthor Commented:
I follwed your directions and here's what I have

Make sure in the TCP/IP that the server is pointing to itself for DNS (once again assuming DNS is installed on this machine)
     This is the case

Make sure "Append primary and connection specific DNS suffixes" are selected.
     These radio buttons are selected
   
Check "Append parent suffixes of the primary DNS suffix"
     This is the case

Check "Register this connection's addresses in DNS"
     This is selected

Enter your AD DNS name in "DNS suffix for this connection"
       The name was there

On the DNS server, make sure you have a zone that matches your AD DNS name.  If not create it.
       I did have a zone that matched the AD DNS name
   
I typed in the following command as you suggested:
c:\ipconfig /registerdns
I got a message: Registraion of resource records has started. Any error will be reported in the event viewer in 15 minutes. No error were reported

I ran the follwing command as well
c:\ipconfig /flushdns     it did it's job

I stopped the DNS service and restarted it and then stopped and restarted Netlogon. Netlogon again gave me the follwoing message:

Dynamic registration and deregistration of one or more DNS records failed because no DNS servers are available.

Here's some extra info - (assume that my domain name is "mydomain", and computer name is "compname"):

Under my forward lookup zone:

Forward Lookup
      SOA
      NS           compname.mydomain.
      NS           compname.mydomain.loc
        A            compname       IP

I don't know why I have 2 NS records but I havent been able to delete one.

Also, I don't have any SRV records, which I think should be appearing automatically under the Forward Lookup - I am assuming that's what netlogon is trying to do and can't.

I think the machine, or the domain doesnt understand there is a DNS on the same machine. As a result I cannot add a new DC to this domain. When I try to do that I get a message saying "no domain found" or something like that. I can add workstations to this domain though without any problems.

I think I am hosed. What kind of troubles could I get into if I just delete the computer name from my DNS and start rebuilding it. Of course that's no guarantee that would work either. At the moment users can log into the machine and do their work and I don't want to jeopardize that.

I think I will add another 100 points for your trouble.

0
 
DontKnowAuthor Commented:
You are right. DCPROMO didnt take. Here's the log:
dcpromos t:0x284 00002  running Windows NT 5.0 build 2195  
dcpromos t:0x284 00003  logging mask 0038
dcpromos t:0x284 00004  DLL_PROCESS_ATTACH
dcpromos t:0x284 00005  Enter DcPromoSaveDcStateForUpgrade
dcpromos t:0x284 00006    Enter IsDSRunning
dcpromos t:0x284 00007      Enter MyDsRoleGetPrimaryDomainInformation
dcpromos t:0x284 00008        Enter MyDsRoleGetPrimaryDomainInformationHelper
dcpromos t:0x284 00009          Calling DsRoleGetPrimaryDomainInformation
dcpromos t:0x284 00010          lpServer  : (null)
dcpromos t:0x284 00011          InfoLevel : 0x1 (DsRolePrimaryDomainInfoBasic)
dcpromos t:0x284 00012          Error 0x0 (!0 => error)
dcpromos t:0x284 00013        Exit  MyDsRoleGetPrimaryDomainInformationHelper
dcpromos t:0x284 00014        MachineRole   : 0x5
dcpromos t:0x284 00015        Flags         : 0x0
dcpromos t:0x284 00016        DomainNameFlat: ACADEMY-NT
dcpromos t:0x284 00017        DomainNameDns : (null)
dcpromos t:0x284 00018        DomainForestName: (null)
dcpromos t:0x284 00019      Exit  MyDsRoleGetPrimaryDomainInformation
dcpromos t:0x284 00020      DS is NOT running
dcpromos t:0x284 00021    Exit  IsDSRunning
dcpromos t:0x284 00022    Calling DsRoleServerSaveStateForUpgrade
dcpromos t:0x284 00023    AnswerFile : (null)
dcpromos t:0x284 00024    Error 0x0 (!0 => error)
dcpromos t:0x284 00025  Exit  DcPromoSaveDcStateForUpgrade
dcpromos t:0x164 00026  DLL_PROCESS_DETACH
dcpromos t:0x164 00027  closing log file

NSLOOKUP runs fine and it finds everything.

The DNS is set to do dynamic updates but it cant do them.

netlogon.dns does exit and has SRV records in it.

And yes I am hosted.

What is the problem exactly? Is it that the DC doesn't know it is the primary? If I delete the entire zone from DNS and reinstall, do I have to rerun DCPROMO? I guess tell me what you would do in this scenario and I will give you your points. You have been quite helpful and there doesnt seem to be an easy solution.
0
 
DontKnowAuthor Commented:
I follwed your directions and here's what I have

Make sure in the TCP/IP that the server is pointing to itself for DNS (once again assuming DNS is installed on this machine)
     This is the case

Make sure "Append primary and connection specific DNS suffixes" are selected.
     These radio buttons are selected
   
Check "Append parent suffixes of the primary DNS suffix"
     This is the case

Check "Register this connection's addresses in DNS"
     This is selected

Enter your AD DNS name in "DNS suffix for this connection"
       The name was there

On the DNS server, make sure you have a zone that matches your AD DNS name.  If not create it.
       I did have a zone that matched the AD DNS name
   
I typed in the following command as you suggested:
c:\ipconfig /registerdns
I got a message: Registraion of resource records has started. Any error will be reported in the event viewer in 15 minutes. No error were reported

I ran the follwing command as well
c:\ipconfig /flushdns     it did it's job

I stopped the DNS service and restarted it and then stopped and restarted Netlogon. Netlogon again gave me the follwoing message:

Dynamic registration and deregistration of one or more DNS records failed because no DNS servers are available.

Here's some extra info - (assume that my domain name is "mydomain", and computer name is "compname"):

Under my forward lookup zone:

Forward Lookup
      SOA
      NS           compname.mydomain.
      NS           compname.mydomain.loc
        A            compname       IP

I don't know why I have 2 NS records but I havent been able to delete one.

Also, I don't have any SRV records, which I think should be appearing automatically under the Forward Lookup - I am assuming that's what netlogon is trying to do and can't.

I think the machine, or the domain doesnt understand there is a DNS on the same machine. As a result I cannot add a new DC to this domain. When I try to do that I get a message saying "no domain found" or something like that. I can add workstations to this domain though without any problems.

I think I am hosed. What kind of troubles could I get into if I just delete the computer name from my DNS and start rebuilding it. Of course that's no guarantee that would work either. At the moment users can log into the machine and do their work and I don't want to jeopardize that.

I think I will add another 100 points for your trouble.

0
 
PberSolutions ArchitectCommented:
Since DCPromo didn't do anything, here's what I would do:

- Blow away everything in DNS, just leave the service running.  No Forward/Reverse zones at all.

- Rerun DCpromo (as per Q237675).

- When it asks for the FQDN - enter the domain name with a "." at the end.
i.e. microsoft.com.

(this will prevent the creation of a "." root zone (this can be deleted later)).

If this still doesn't work, Remove the DNS service from the Domain controller.
Run DCpromo and when the option comes up, allow DCpromo to install DNS for you.
0
 
DontKnowAuthor Commented:
Thanks for hanging in there. I should be able to take it from here.
0
 
PberSolutions ArchitectCommented:
Glad to help.  I spent ALOT of time dealing with DNS issues when we setup AD.  You don't learn unless you break something... and I learned alot.
(:

Good luck

0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now