Posted on 2003-11-28
Last Modified: 2013-12-23
My problem started with one of the users unable to see printers on the network he could see our pdc but not our bdc.
and I was unable to connect to the laptop either.

we removed laptop name from domain and tried to add into domain however we were unable to do so and got the following error
"DNS server failure£
(error code 0x0000232A RCODE_SERVER_FAILURE)
The query was for the SRV record for _ldap.tcp.dc.msdcs.XXX

The DNS server used by this computer contains incorrect root hints (it lists dns servers)
One or more of the following zones contains incorrect delegation:  (the root zone)

The wierd part about this is that the laptop is cannot connect to our domain and we have it in a workgroup however you can ping our pdc which is our DNS server but not bds which is also a DNS server.

If anyone can help would appreciate it.

p.s I will have the laptop in front of me on Monday.

thanks Edel7

Question by:edel7
  • 4
  • 3
  • 2
LVL 33

Expert Comment

ID: 9838168
Is this the only PC with the issue?   Any chance you could post a portion of your DNS logs?  

I found an issue related to this concerning 2000 workstations.   The error messages wer almost identical.   The resolution was to recreate the zone.  

I also found an issue that had to do with single label domain name (no .com or .net, etc.)  pointed to the follwing KB article -

Good Luck

Author Comment

ID: 9838267
Yes this is the only pc causing problems
Excuse my ignorance but how do you recreate the zone?

Thanks edel7
LVL 33

Expert Comment

ID: 9838288
If the laptop is the only machine with the issue, do not recreate the zone on the server.  

Concentrate on the laptop.   What OS are you running?   Is your IP address DHCP or static?  
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Author Comment

ID: 9838462
I am running windows XP and the ip address is dhcp
LVL 24

Accepted Solution

SunBow earned 500 total points
ID: 9839473
Possibly it was hit with an exploit of DNS. Consider rebuilding it. Has it been loaded with all of the upgrades from MS, including those for the DNS exloits?

What used to be a fix, would be to use its registry, highlight DHCP, delete it all, reboot and let it self repair by reloading. I won't advise that. But attest to it having worked before.

Try examining all networking/TCP properties for the PC in question. Anything it has defined will override dhcp including dns servers, so run a search & destroy on any hard-coded addresses on the PC. Let it get the server addresses through dhcp. Revisit the dhcp server while you are at it, and look for corruptions.

Look also at default webpages and search engines, such as google. Some exploits are more definable by things they do such as for which servers are redefined.

Have you also run the latest AV patterns on it, such as from Symantec? These can ID some of the malwares that could have exploited you.

Run ipconfig/all to see what addresses it uses for dns, and verify them all.  Run a ping -a on them as further validation.

Look for rogue server on your network, maybe someone is running a browser service you want to know about.

Also consider running a static address as part of debugging, but in this case I do not think it necessary.

Install zonealarm, have it block everything, then report on any program trying to dial out. Also run TaskManager to see if there's anything running that you prefer to not run (but most exploits are simply redefining addresses to host files)
LVL 24

Expert Comment

ID: 9839498
> SRV record for _ldap

Actually, LDAP is used to lookup mail records - for email. So, do suppose that you could be stuck with an exploited vulnerability (malware) that is trying to use its own smtp engine to send reports to about what is going on inside your network. I think it'd be wise to have this box as isolated as possible until you figure out what is wrong with it or rebuild it from scratch.  The latter may get it up quicker, while the former may give a clue as to how some infection got in, which would enable another method you can use to retrain staff in what to not do, such as clicking on popups that say they may have won something. Anything they win of course, belongs to the company who's equipment was used <heh>   ;-)

Get this box scanned!
LVL 33

Expert Comment

ID: 9839534
Sunbow,  THose are good suggestions,  but I think those apply to a DNS issue that affects the DNS server, and symptons would show on all clients using that DNS, not just this one laptop.   Edel this is correct right?  Just this laptop has trouble?      If so, then concentrate on this laptop for the source of the trouble.  

Sunbow did mention a few points which you should lookat.   Any firewalls on this laptop?   AV on this laptop?   Have you run a Ad-aware scn on this laptop?      

Can you manually add another DNS if one is available and do you get the same issue?  

Can you run nslookup from the dos prompt and what's the result?


Author Comment

ID: 9849645
Yes it is just this laptop that is causing trouble I've ran nslookup and it is pointing to out dns server there are no firewalls on laptop, we didn't run ad-aware scn on laptop.

I have manually added the other dns server but same problem.

I have manually destroyed all ref to dns servers but problem still there

I am going to re-build machine this afternoon

Many thanks Edel
LVL 33

Expert Comment

ID: 9850134
Last thing to attmept is a re-install of Internet Explorer.    You'd be surprised how many problems just go away after IE is reapplied.  

Good Luck

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question