Solved

DNS Not Correctly Registering Active Directory DNS Records

Posted on 2004-03-24
16
363 Views
Last Modified: 2013-12-19
I have a W2K DC with AD and this has been running fine for about three years.  The server is a DHCP server and had DNS working just fine until I had some laptops with duplicate/static IP's show up.  I didn't realize these people were no longer using DHCP and had configured their home networks with the same scope to make things easier for them.  Needless to say, my "solution" has become a problem.

In deleting their DNS entries, I managed to wipe out the _msdcs, _sites, _tcp, _udp folders for this zone along with all of the records.  The DNS server is (was) AD-integrated and allowing automatic updates.

I tried to reinstall DNS to no avail per: http://support.microsoft.com/?kbid=294328  Unfortunately, the DNS server is installed, but the AD required folders aren't restored.  According to: http://support.microsoft.com/?kbid=260371 netdiag /fix should correct the problem, but I get the following error:

DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'ATIFS1.acoustic.'. [RCODE_SERVER_FAILURE]
            The name 'ATIFS1.acoustic.' may not be registered in DNS.
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.acoustic. re-registeration on
 DNS server '192.168.200.2' failed.

The reverse lookup zone is being correctly populated as workstations are assigned IP's by DHCP on this server.

I have removed and reinstalled DNS and tried setting it up various ways.  This server is pointed to itself as the only DNS and I have worked through everything mentioned here: http://oldlook.experts-exchange.com:8080/Networking/WinNT_Networking/Q_20730750.html#9451087
0
Comment
Question by:acoustictech
  • 8
  • 3
  • 3
16 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 10671796
OK stop the DNS service

get your backup tapes out

restore the dns folder (lives in system 32) reboot
0
 

Author Comment

by:acoustictech
ID: 10671845
AD-integrated DNS servers don't use those text files if I am not mistaken.  If I install DNS as a Standard Primary, it does indeed create an acoustic.dns file (acoustic is my domain name), but the moment I convert it to ADI, it removes that file.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10671929
Are you sure? my old AD integrated DNS used them? add an A record and interrogate them if your unsure :)
0
 

Author Comment

by:acoustictech
ID: 10671989
Let me be more clear.  The .dns file is initially created if the DNS is a Standard Primary only.  After converting the DNS zone to Active Directory Integrated that .dns file is removed/deleted.  If I change it back to Standard Primary it will create the file with contents:

;
;  Database file acoustic.dns for acoustic zone.
;      Zone version:  2
;
@                       IN  SOA atifs1.acoustic.  admin.acoustic. (
                              2            ; serial number
                              900          ; refresh
                              600          ; retry
                              86400        ; expire
                              3600       ) ; minimum TTL
;
;  Zone NS records
;
@                       NS      atifs1.acoustic.
;
;  Zone records
;
atifs1                  A      192.168.200.2

BUT, if I then change it back to ADI, the .dns file is DELETED.

Thanks for the thought.  Does this indicate some other problem?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10672038
Unsure , youve got me pondering now, ive never seen these records deleted?
0
 

Author Comment

by:acoustictech
ID: 10672985
Anyone else think they have a good path for me to follow?  Is there some way to recreate the AD zone objects manually?  It looks like I can do so for everything but _msdcs, but I'm not sure how to do this or if it is any help.
0
 

Author Comment

by:acoustictech
ID: 10677757
I'm not sure what you do with these points, but if it will garner any input I'm happy to add them.  Any takers?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:acoustictech
ID: 10687892
Here's the latest: when I try to change the DNS server from Standard Primary to Active Directory Integrated, not all AD required records are created.  The zone shows up in the domain, but new DHCP clients are not registered in the Forward Lookup zone or in AD.  These new clients are added to the Reverse Lookup zone correctly.  I notice that the subzones/directories normally created are not after changing the DNS zone type.  These are:

_msdcs
_sites
_tcp
_udp

Due to this, none of the SRV records are created and my client machines cannont locate the domain controller.  I have tried to remove the server and recreate it several times with the same result.  How can I manually create the necessary DNS records/subzones/directories so that this server is fully AD integrated?  When I run netdiag /fix, I get the following:

C:\Documents and Settings\Administrator>netdiag /fix

.....................................

    Computer Name: ATIFS1
    DNS Host Name: ATIFS1.acoustic
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 8 Stepping 6, GenuineIntel
    List of installed hotfixes :
        KB822831
        KB823182
        KB823559
        KB823980
        KB824105
        KB824141
        KB824146
        KB825119
        KB826232
        KB828028
        KB828035
        KB828749
        KB830352
        Q147222
        Q816093
        Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 3

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : ATIFS1
        IP Address . . . . . . . . : 192.168.200.2
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.200.253
        Dns Servers. . . . . . . . : 192.168.200.2


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{843B680D-7EFD-4DE6-AFF7-1A61781945AD}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'ATIFS1.acoustic.'. [RCODE_SERVER_FAILURE]
            The name 'ATIFS1.acoustic.' may not be registered in DNS.
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.acoustic. re-registeration on
 DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.acoustic. re-regis
teration on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.acoustic. re-regist
eration on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ff2481d1-a6c7-4a06-a02e-25082
42216a2.domains._msdcs.acoustic. re-registeration on DNS server '192.168.200.2'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry 37f061da-5365-4b77-985b-0833ada6f30d._ms
dcs.acoustic. re-registeration on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.acoustic. re-re
gisteration on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.acoustic. re-regist
eration on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.acoustic. re-registeratio
n on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.acoustic. re-registeration on D
NS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.acoustic. re-registeratio
n on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.acoustic. re-registeration
 on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.acoustic. re-registeration
 on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.acoustic. re-registeration on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.acoustic. re-registeration on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.acoustic. re-registeration on DNS server '192.168.200.2' failed.

DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.acoustic. re-registeration on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.acoustic. re-registeration on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.
acoustic. re-registeration on DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry acoustic. re-registeration on DNS server
 '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry gc._msdcs.acoustic. re-registeration on
DNS server '192.168.200.2' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '192.168.200.2'.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{843B680D-7EFD-4DE6-AFF7-1A61781945AD}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{843B680D-7EFD-4DE6-AFF7-1A61781945AD}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'atifs3.acoustic'.
    [WARNING] Failed to query SPN registration on DC 'ATIFS2.acoustic'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Documents and Settings\Administrator>
0
 
LVL 2

Expert Comment

by:mbwortham
ID: 10692932
Make sure you have a host (A) record in your AD Integrated zone that says "(same as parent folder)" with the IP address of the server.  If it is not there, create it by making a new A record with the server's IP and leave the host name blank.  Then try running netdiag /fix again and see what you get.
0
 

Author Comment

by:acoustictech
ID: 10704718
I did have a NS record which said "(same as parent folder)".  I manually added the A record as instructed and received the following message:

"(same as parent folder) is not a valid host name.  Are you sure you want to add this record anyways?"

Note: I did not type "(same as parent folder)" in the Name field, but left it blank because this creates a (same as parent folder) record by default.

I clicked Yes and the record was created.  I ran netdiag /fix and received the same errors.

Does anyone have an AD integrated DNS server which also has a .dns file in the system32\dns directory?  I would like to see such a file.  Perhaps I can create a standard primary DNS server, edit the .dns file and then re-integrate it to get the SRV record.

My Forward Lookup zone (acoustic) currently looks like this:

Name                      Type      Data
(same as parent folder)      A      192.168.200.2
(same as parent folder)      NS      atifs1.acoustic.
(same as parent folder)      SOA      [8], atifs1.acoustic., admin.acoustic.
atifs1                                      A      192.168.200.2

My Reverse Lookup zone (200.168.192.in-addr.arpa) currently looks like this:

Name                  Type      Data
2                  PTR      atifs1.acoustic.
3                  PTR      atifs2.acoustic.
4                  PTR      atifs3.acoustic.
11                  PTR      maluku.acoustic.
12                  PTR      atilla.acoustic.
13                  PTR      samoa.acoustic.
14                  PTR      anatom.acoustic.
15                  PTR      martinique.acoustic.
16                  PTR      stlucia.acoustic.
17                  PTR      tahiti.acoustic.
18                  PTR      coco.acoustic.
19                  PTR      jamaica.acoustic.
(same as parent folder)      NS      atifs1.acoustic.
(same as parent folder)      SOA      [59], atifs1.acoustic., admin.acoustic.
0
 
LVL 2

Expert Comment

by:mbwortham
ID: 10710725
Only other things I can think of...

1. Is the current forward lookup zone configured to allow dynamic updates?

2. Make sure there is no connection specific DNS suffix on the LAN interface, and / or if you have the connection setup to append DNS suffixes in a certain order, make sure that the AD domain name is first in the list.

3. Have you tried deleting and then recreating the forward lookup zone?  In the past when I have had problems with an AD Integrated DNS zone, I was able to simply delete it, recreate it, and then (I would reccomend inserting a reboot here) the new zone would automagically populate with the necessary records for proper AD functionality.

Man, I hope you can get this one figured out.  I know AD problems are a real bummer.  :(

0
 
LVL 2

Accepted Solution

by:
mbwortham earned 355 total points
ID: 10710769
I just found a thread that may be pertinent to your AD DNS dilemna.  It appears (according to one's account) that the installation of Service Pack 4 for Windows 2000 introduces a problem / bug with the handling the use of TLD's for an AD domain ("domainname" instead of "domainname.com", etc.).  Check it out:

http://www.experts-exchange.com/Networking/Microsoft_Network/Q_20909749.html
0
 

Author Comment

by:acoustictech
ID: 10714646
That little registry hack did the trick... almost.  My DNS is now fully AD integrated, but I can't add any clients to the domain.  They report that the SRV record was successfully located, but the domain controller could not be contacted.  The query for the SRV record returns: atifs1.acoustic

I can ping this server.  However, when I run nslookup against this server I get the following:
---------------------------------------------------------------------
C:\>nslookup
Default Server:  atifs1.acoustic
Address:  192.168.200.2

> acoustic
Server:  atifs1.acoustic
Address:  192.168.200.2

*** atifs1.acoustic can't  find acoustic: Non-existant domain
>acoustic.
Server:  atifs1.acoustic
Address:  192.168.200.2

Name:  acoustic
Address:  192.168.200.2
---------------------------------------------------------------------
I have attempted to add the client computers to both "acoustic" and "acoustic." with the same results.  Any idea if there is similar registry entry required on W2K and XP clients?
0
 

Author Comment

by:acoustictech
ID: 10714706
I also note that when I run ipconfig /registerdns on both existing AD clients and servers, they are still not registered in the Forward Lookup zone.

I have tried creating the zone as "acoustic" and "acoustic." both with the same results.  I really can't fathom recreating my entire AD domain with a new name of "acoustic.local"
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now