Solved

DNS SERVER FAILURE

Posted on 2003-11-28
9
2,933 Views
Last Modified: 2013-12-23
Hi,
My problem started with one of the users unable to see printers on the network he could see our pdc but not our bdc.
and I was unable to connect to the laptop either.

we removed laptop name from domain and tried to add into domain however we were unable to do so and got the following error
"DNS server failure£
(error code 0x0000232A RCODE_SERVER_FAILURE)
The query was for the SRV record for _ldap.tcp.dc.msdcs.XXX

The DNS server used by this computer contains incorrect root hints (it lists dns servers)
One or more of the following zones contains incorrect delegation:  (the root zone)

The wierd part about this is that the laptop is cannot connect to our domain and we have it in a workgroup however you can ping our pdc which is our DNS server but not bds which is also a DNS server.

If anyone can help would appreciate it.

p.s I will have the laptop in front of me on Monday.

thanks Edel7





0
Comment
Question by:edel7
  • 4
  • 3
  • 2
9 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 9838168
Is this the only PC with the issue?   Any chance you could post a portion of your DNS logs?  


I found an issue related to this concerning 2000 workstations.   The error messages wer almost identical.   The resolution was to recreate the zone.  


I also found an issue that had to do with single label domain name (no .com or .net, etc.)  pointed to the follwing KB article - http://support.microsoft.com/?id=300684


Good Luck
0
 

Author Comment

by:edel7
ID: 9838267
Yes this is the only pc causing problems
Excuse my ignorance but how do you recreate the zone?

Thanks edel7
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 9838288
If the laptop is the only machine with the issue, do not recreate the zone on the server.  

Concentrate on the laptop.   What OS are you running?   Is your IP address DHCP or static?  
0
 

Author Comment

by:edel7
ID: 9838462
I am running windows XP and the ip address is dhcp
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 24

Accepted Solution

by:
SunBow earned 500 total points
ID: 9839473
Possibly it was hit with an exploit of DNS. Consider rebuilding it. Has it been loaded with all of the upgrades from MS, including those for the DNS exloits?

What used to be a fix, would be to use its registry, highlight DHCP, delete it all, reboot and let it self repair by reloading. I won't advise that. But attest to it having worked before.

Try examining all networking/TCP properties for the PC in question. Anything it has defined will override dhcp including dns servers, so run a search & destroy on any hard-coded addresses on the PC. Let it get the server addresses through dhcp. Revisit the dhcp server while you are at it, and look for corruptions.

Look also at default webpages and search engines, such as google. Some exploits are more definable by things they do such as for which servers are redefined.

Have you also run the latest AV patterns on it, such as from Symantec? These can ID some of the malwares that could have exploited you.

Run ipconfig/all to see what addresses it uses for dns, and verify them all.  Run a ping -a on them as further validation.

Look for rogue server on your network, maybe someone is running a browser service you want to know about.

Also consider running a static address as part of debugging, but in this case I do not think it necessary.

Install zonealarm, have it block everything, then report on any program trying to dial out. Also run TaskManager to see if there's anything running that you prefer to not run (but most exploits are simply redefining addresses to host files)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 9839498
> SRV record for _ldap

Actually, LDAP is used to lookup mail records - for email. So, do suppose that you could be stuck with an exploited vulnerability (malware) that is trying to use its own smtp engine to send reports to about what is going on inside your network. I think it'd be wise to have this box as isolated as possible until you figure out what is wrong with it or rebuild it from scratch.  The latter may get it up quicker, while the former may give a clue as to how some infection got in, which would enable another method you can use to retrain staff in what to not do, such as clicking on popups that say they may have won something. Anything they win of course, belongs to the company who's equipment was used <heh>   ;-)

Get this box scanned!
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 9839534
Sunbow,  THose are good suggestions,  but I think those apply to a DNS issue that affects the DNS server, and symptons would show on all clients using that DNS, not just this one laptop.   Edel this is correct right?  Just this laptop has trouble?      If so, then concentrate on this laptop for the source of the trouble.  

Sunbow did mention a few points which you should lookat.   Any firewalls on this laptop?   AV on this laptop?   Have you run a Ad-aware scn on this laptop?      

Can you manually add another DNS if one is available and do you get the same issue?  

Can you run nslookup from the dos prompt and what's the result?

0
 

Author Comment

by:edel7
ID: 9849645
Yes it is just this laptop that is causing trouble I've ran nslookup and it is pointing to out dns server there are no firewalls on laptop, we didn't run ad-aware scn on laptop.

I have manually added the other dns server but same problem.

I have manually destroyed all ref to dns servers but problem still there

I am going to re-build machine this afternoon

Many thanks Edel
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 9850134
Last thing to attmept is a re-install of Internet Explorer.    You'd be surprised how many problems just go away after IE is reapplied.  

Good Luck
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
This video discusses moving either the default database or any database to a new volume.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now