Solved

URGENT please help

Posted on 2004-08-01
15
903 Views
Last Modified: 2010-08-05
Hi
For some unknown reason our Windows 2000 SP4 server has stopped to perform some network actions. Previously everyting was OK, and this server was used for these two reasons:

(1) As a domain controller for a domain consisting of few Windows XP SP1 machines
(2) As the manager for Symantec AntiVirus Corporate Edition. Clients use this server to gain updates, so only this server nees to be updated each every often.

The problem has started without anything installed or any configuration changed on the machine.
Details:
The computer fails to ping any other computer, inside the local network, or outside in the internet. The computer fails to find the IP address for a domain name, for example when checkin with nslookup.
Event viewer shows such error message for every two hour:

Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.

So DNS is not working correctly. When I go to services.msc it shows that both client and server DNS services are running.
The funny thing is some of our Windows XP clients, are using this server as the primary and "ONLY" DNS server on the LAN, and they are working correctly (they have internet access!)

One can not ping any other machines from the server but all other machines can ping this computer.

Current DNS configuration (which used to work, and if has changed, I have not noticed it):

One forward lookup zone, one reverse lookup zone. (Do I need more?)
Both used to help machines in our domain (named TOSCA) to find each other!
Autoupdates enabled for all entries in the DNS tree.

Any help is highly appreciated.

Huji       :o(
0
Comment
Question by:huji
  • 7
  • 6
15 Comments
 
LVL 14

Author Comment

by:huji
ID: 11687556
Forgot to add:

In Event Viewer, in DNS events, I have such warning every 2 or 3 hours:
The DNS server has encountered nomerous run-time events. These are usually caused by reception of bad or unexpected packets, or from problems with or excessive replication traffic. The data is the number of suppressed events encountered in the last 15 minutes interval.
0000: 14 00 00 00            ....

Don't hesitate to ask any related questions.
Huji
0
 
LVL 82

Expert Comment

by:oBdA
ID: 11687565
What is the DNS setup in the TCP/IP configuration of the server itself? On your DC/DNS, make sure the DC's address *only* is listed in the TCP/IP properties (do NOT use 127.0.0.1).
Then these might be of help:

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202

Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/?kbid=237675

Troubleshooting Common Active Directory Setup Issues in Windows 2000
http://support.microsoft.com/?kbid=260371

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

HOW TO: Use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000
http://support.microsoft.com/?kbid=321708

DCDiag and NetDiag in Windows 2000 Facilitate Domain Join and DC Creation
http://support.microsoft.com/?kbid=265706

Do not install the Support Tools from your installation CD, some tools were updates by the Service Packs. Here's the current version:
Windows 2000 SP4 Support Tools
http://www.microsoft.com/windows2000/downloads/servicepacks/SP4/supporttools.asp

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897
0
 
LVL 14

Author Comment

by:huji
ID: 11687659
I read all what you sent to me, oBdA, and the only item that applied was that I shouldn't have a "." record and I had. I deleted it, but no way. Anyways, I am sure that I have not installed anything on this server about the time the error has occured, so a change in DNS records is nearly impossible.
I have not used NetDiag yet, and I will do so as soon as I can, but I still insist that the funny thing is, this computer can not use it self as the needed DNS to see other computers on the network, but others can use it for the same reason!
huji
0
 
LVL 82

Expert Comment

by:oBdA
ID: 11687691
If you had the root zone entry (".") in your forward lookup zones, but where still able to gain internet access, your DNS settings are incorrect. The existence of the root zone tells the DNS server that it's a root server, and as such it won't ask any other DNS server for addresses; since it obviously doesn't have external names in its database, as it's an internal DNS server, you shouldn't have been able to resolve by name any internet domain--unless your TCP/IP settings are/were incorrect.
Here's the short version again: On your DC/DNS, and on all of your domain members, make sure the DC's address *only* is listed in the TCP/IP properties (be that via DHCP or static; do NOT use 127.0.0.1 on the DNS itself!). That makes sure your internal lookups work correctly.
For internet access, open the properties page of your DNS server and configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where your ISP's DNS (or any other DNS than your DC) should be listed.
The error "Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available." (the source is probably "Netlogon") usually stems either from incorrect DNS settings in the TCP/IP properties (the DC must be able to dynamically register its services on the DNS server) or from dynamic updates being disabled in the DNS properties.
Maybe this might be of help; Note: You can ignore the note at the end about "Make sure that domain controllers do not reference themselves as a primary DNS server in their TCP/IP properties.". This would only be of use if you put the DNS server on another machine, which is not necessary. The fact that the DC repeats the "can't register" messages makes it clear that this error isn't caused by the bootup sequence.

Troubleshooting Netlogon Event 5774, 5775, and 5781
http://support.microsoft.com/?kbid=259277

By the way: If you refer to an event in the event log, always include the source, the event id, and the full text of the message.
0
 
LVL 14

Author Comment

by:huji
ID: 11687745
Come on, the problem is not solved that way. I did all you said. But no way.
Some other thing: I am using a TCP/IP based program to have access to this server at home. It can connect to it correctly, using port 4899. (It's named Radmin.)
I connect to the ISP from home, which is another computer on the same network, and I'am assigned an IP address.. I can ping the problem making server, but it can not ping my IP address!
I still need help, and am wondering about some LAN card issue...
Huji
0
 
LVL 82

Expert Comment

by:oBdA
ID: 11687815
Well, have you actually re-checked the DNS servers in the TCP/IP properties of your DNS? What might have happened (I'm guessing here) is that on the DC, your internal DNS was set as first DNS server, and your ISP's as second. While the first DNS server can be reached, the machine won't contact the secondary. For some reason (reboot, restart of the DNS server, high air humidity, whatever), the internal DNS couldn't be reached, and now it's trying the ISP's, which obviously won't accept dynamic registrations.
Sorry for insisting on this, but I've seen way too many botched DNS configurations, including way too many hints from "experts" claiming that the primary DNS should point to the internal DNS server, the secondary to the ISP.
Then some other questions:
What happens if you enter "ipconfig /registerdns" on your DNS server?
Have you verified that the SRV records are created on your DNS server?
Can you ping other machines in your internal network by IP address?
Is your default gateway configured correctly?
Have you checked your hosts file for rogue entries?
While you're at it, check the output of "route print", if some comedian or virus managed to mess up your routing table. On the same matter: what does "tracert some.internal.ip.address" and/or "tracert some.external.ip.address" yield?
The next thing to try is definitely netdiag.exe; it might give some hints as to what is going wrong.

It might be that your TCP/IP stack is corrupted, but at the moment, I don't think that's likely, since the machine can still be reached. Anyway, here's a "last resort" approach, but I wouldn't try that until anything else is ruled out.
HOW TO: Remove and Reinstall TCP/IP on a Windows 2000 Domain Controller
http://support.microsoft.com/?kbid=299451
0
 
LVL 14

Author Comment

by:huji
ID: 11688076
I re-re-checked it now, as you requested. My server IP is 192.168.100.50 and only this IP is used for DNS in TCP/IP settings.

I run ipconfig /registerdns      It said that the registration process is started, and errors will be reported in Event Viewer within 15 minutes.

I have two forward lookup zones on my server right now:
1)ssrc.local (ssrc is the name of the domain)
2)|| (two pipes)

In ssrc.local I have _msdcs, _sites, _tcp, and _udp folders, and start of authority, nameserver, and some host records. The only nameserver listed in the properties page of Start of Authority records is 192.168.100.50
By the way, in this Micrososft article (http://support.microsoft.com/default.aspx?scid=kb;en-us;241515) I checked for srv records, and they existed.
The same article sais that I should have a result this way:

From your DNS server, type nslookup at a command prompt.
Type set type=all, and then press ENTER.
Type _ldap._tcp.dc._msdcs.domainname (where domainname is the name of your domain), and then press ENTER.
Nslookup returns one or more SRV service location records in the following format
hostname.domainname internet address = ipaddress

But it fails for me, with a request time out. :o(         seems that the problem can relate to the SRV thing, that I don't know what it is...
I insist that I have the proper record in the _msdcs/dc/_sites/default-first-site-name/_tcp and the folder and in my nslookup.dns file.

I can not ping any machine by IP address, except the server. I can not ping the defalut GateWay or the ISP's DNS with IP. (I never use ping with names, I always ping using IPs!!)
The default GateWay is configured correctly as much as I know. Many other windows XP clients are using the same configuration now.

>>Have you checked your hosts file for rogue entries?
I don't know how to...

Just an idea... This server is part of a greater LAN behind a firewall... May the owner of the main network change some settings, for example on the gateway, in a way that, client machines can work, but servers can not? For example a very premitive idea can be to close port 53 that I wonder is needed for DNS forwarding... It may seem funny. It was just an idea! :op

Another thing. We had experienced some high voltages in our main network recently, in one of these cases, my clients could only ping computers in the same domain, and failed to connect to internet or anything... That issue was resolved by substituting LAN cards... They were damaged... Can it apply to the current case too? (I will manage this to be check by tommorow of course..)

Thanks for your attention
Huji
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 82

Expert Comment

by:oBdA
ID: 11688399
The "||" forward lookup zone is very strange; it might be that your DNS database is corrupt. You can safely delete this "||" thing, it has nothing at all lost there.
If you have another W2k (or W2k3) server in your network, you can try to install DNS on that machine, then have your server and your clients point to the other server for DNS. Don't forget to allow dynamic updates on the new DNS server (both the forward and the reverse lookup zone), delete the root zone, and configure forwarders for full functionality. Once you've changed the DNS server address on your DC, restart the netlogon service (this will/should create the SRV entries on your new DNS server), and enter "ipconfig /registerdns" (this will register the DC's address in the new DNS server). On your new server, verify if the SRV entries have been created, and if the DC registered its IP address.
On other clients you want to use for testing, an "ipconfig /registerdns" after changing the DNS server is enough.
For the first testing purposes, you can of course simply add the new one as secondary DNS to your DC and the clients first; to address this server when using nslookup, simply add the new server's IP address after the name to lookup: nslookup dcname.yourdomain.intern IP.OF.NEW.DNS.

HOW TO: Install Network Services Such as WINS and DNS in Windows 2000
http://support.microsoft.com/?kbid=261321

Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/?kbid=237675

Whatever happens "outside" of your server shouldn't have any influence on the server's ability to check itself. Seeing as other clients can still ping the server, the hardware seems to be OK; but on the other hand, stranger things have happened, so I wouldn't rule it out completely. During or shortly after the voltage surge, did the DC start exhibiting the strange behaviour, or did it reboot by itself?
0
 
LVL 14

Author Comment

by:huji
ID: 11688624
I am not sure if there has been another voltage surge.. When the first one happened, all LAN cards were damaged, except the server's. As this server is one of the few computers in the university that is never turned off, the surge can have happened sometime in the late night or early morning, so that I can not say what has happened at that moment. All I know is there is no restart reported in Event Viewer, near the time the warning messages above were written to Event Viewer. (I detect a restart by a "DNS service started" event.)
I can not have more than one PCs used for server purposes, so if I would do something, I would install a new server, and move the AD and data to it, then change the previous server to a client... But I assume this is the last option...
Well.. seems that we are getting nothing at the moment..
Thanks any ways
Huji
0
 
LVL 82

Expert Comment

by:oBdA
ID: 11689454
You can setup a temporary second server on desktop hardware, just to check if it's the DNS database that's corrupted, or if it's something else. You don't need to go for the whole nine yards with dcpromo and everything, all you need for testing is another DNS server that's capable of accepting dynamic updates.
0
 
LVL 14

Author Comment

by:huji
ID: 11691442
Bad news:
I deleted the || zone in my forward lookup zones, and from that moment, the domain is corrupted. People can not change password, AD opens with an error message and is not working any more.. and everything is messed....
Thank god I have a Drive Image of the server partition, belonging to months ago, so I'm gonna format everything and restore the image, since it seems 100% solving, and takes a few time...
Anyways, you were wrong about deleting that forward lookup zone, my friend.
I will manage the problem this way, and if the problem persists, it must be related to hardware, or the main network...
I'm planning to close this quesiton.
Regards,
Huji
0
 
LVL 82

Expert Comment

by:oBdA
ID: 11691562
If deleting a forward lookup zone named "||" led to a complete nonfunctional DNS, then your DNS database was really badly corrupted. All that should be there is your own domain name, and the zones you created yourself in addition. A pipe symbol is not a a valid character in a DNS name, so lookups for a zone including these characters are simply impossible.
There's no need to reformat yet. "All" that's missing is a functioning DNS (unless something else is corrupt as well); AD won't work without DNS.
Uninstall DNS from the server (or install it on another server, as suggested above, and change the DNS entries accordingly), move the contents of the %systemroot%\system32\DNS folder someplace else. Reinstall DNS, create the proper forward and reverse lookup zones, restart the netlogon service on the server, run "ipconfig /registerdns" on the server. Repeat the "ipconfig /registerdns" on other machines that have to be listed in DNS. Verify the creation of the SRV records.
0
 

Accepted Solution

by:
OzzMod earned 0 total points
ID: 11734807
Closed, 500 points refunded.
Thanks

OzzMod
Community Support Moderator
0
 
LVL 14

Author Comment

by:huji
ID: 11741561
Just for further reference: My problem related to the LAN card, as I guessed...
Huji
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now