Windows 2003 Active Directory DNS issues with HP-UX BIND 4.7

Posted on 2004-09-01
Last Modified: 2010-03-18
Please HELP!!! We are incorporating Windows 2K3 with Active Directory and DNS in a legacy environment, with the intention of running all all DNS under AD.  We have a Win 2K3 Server Master DC, and a Win 2K DC.  The Win 2K3 server is running DNS and Active directory, the WIN 2K DC is running active directory only. We intend to make it a backup to the 2K3 master.  When we installed the server, we realized that the UNIX boxes were running DNS, and we began recieving some strange errors.  First of all, the _msdcs icon under the root domain is greyed out. Then, in the application log we saw the following:Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5774
Date:            9/1/2004
Time:            4:42:30 PM
User:            N/A
Computer:      domain controller
Description:The dynamic registration of the DNS record ' 600 IN CNAME' failed on the following DNS server:  DNS server IP address: x.x.x.x
Returned Response Code (RCODE): 5
Returned Status Code: 9017  
For computers and users to locate this domain
controller, this record must be registered in DNS.  
Determine what might have caused this failure, resolve
the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe.  To initiate registration of the DNS records by  this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain  controller or restart Net Logon service. Nltest.exe is available in the Microsoft
Windows  Server Resource Kit CD.   Or, you can manually add this record to DNS, but it is not recommended.  ADDITIONAL DATA Error Value: DNS bad key. Data:0000: 05 00                     ..

DCDiag shows that replication attempts with the Win2K DC have failed because DSA operation cannot proceed:DNS lookup failure, and <GUID> is not registered on one or more DNS servers.   Systemlog failed due to W32TM errors, but we have sinced corrected that. The other event was in the Application log, and it states that "The DNS server recv() function failed." Question is how to verify that my Active directory DNS is working properly, and that my UNIX DNS servers are not getting in the way of my AD installation. We read that BIND 4.7 could cause problems because it doesn't support SRV records and dynamic updates.  Has anyone experienced this issue, or could this be causing with our DNS issues?  We would like to do a DNS migration from the UNIX servers, without shutting them down...if possible.  PLEASE HELP!!!
Question by:Mindfungus
  • 3
  • 2
LVL 11

Expert Comment

ID: 11961193
For starters, have you make sure that all of your workstations and servers (ESPECIALLY THE SERVERS) are pointing to the AD-Integrated, 2k3 DNS servers?  If your servers happen to be using the Unix DNS server, you will have all kind of problems.

- Info

Author Comment

ID: 11965633
We are in the process of changing all the workstation s and server to point to the Win2K3 DC running the DNS.  I noticed that most machines pointed to the UNIX nameservers first, then the Win 2K3 server.  I noticed that some were configured with the firewall listed as a DNS server!!  Doesn't that present a security risk?  I will reply when we have completed the reconfiguration and hopefully that fixes the problem.
LVL 11

Accepted Solution

infotrader earned 500 total points
ID: 11966432
Yes, it could be.  At least make sure you lock down the DNS replications for the zones, so that Active Directory DNS does not replicate with unwanted non-authorized DNS server.

Good luck!!

P.S. Yes..  If your primary DNS is pointing to the UNIX DNS servers it very well can cause all kind of AD problems.

- Info

Author Comment

ID: 12012454
We are almost through demoting the last UNIX nameserver.  The first nameserver was running BIND 4.7, and was giving us issues with promoting the 1st DC, and the other 2 nameservers are running BIND 4.9, but have not generated specific errors, but best to take them offline.  While bringing these down, I took the advice of a friend, and added the follwing zones to the DNS in the interim, and I have some concerns about the way my DNS appears.  I added a _sites.mydomain,com,,  Originally, the _msdcs container was greyed out, now _msdcs, _tcp, _sites, nad _udp are grey, and their records moved to the new zone containers.  The DNS now appears as follows:
          +Cached Lookups
          -Forward Lookup Zones
                     _msdcs (greyed out since the beginning)
                     _sites (greyed out)
                     _tcp (greyed out)
                     _udp (greyed out)
              +Reverse Lookup Zones

After adding these entries, I am wondering what a healthy DNS looks like, because i would suspect that we have some issues caused by attempting to install a DNS server while other incompatible versions of BIND were running.  I have also noticed that DC1(DNS, Win2K3) can see itself, DC2, and my test laptop(XP).  DC2 can see everything in  The XP laptop cannot see anything in the domain(just joined), and other newly added XP and 98 boxes have either all the items in or no access to  I will let you know when we have removed the last nameserver.  

Author Comment

ID: 12176636
Infotrader - thanks for the good advice, and that was most definitely the problem.  As a result, I thin I have a much better understanding of active directory and DNS, and a lot more respect for it.  

P.S.  Make sure that when you set up your other domain controllers as DNS servers, and you use the wizard, you will still see the annoying "configure your DNS server" message anytime you highlight the server name.  Don't delete your DNS entries on your secondary just to get rid of the message thinking you can just replicate with the Master domain controller and get rid of that message.  It is literally the same directory as your master...and you WILL lose your DNS.  backup, Backup, Backup!

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question