[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

The DSA operation is unable to proceed because of a DNS lookup failure.

Posted on 2004-09-07
5
Medium Priority
?
1,499 Views
Last Modified: 2008-01-09
We have a Win2k Domain with 3 sites.  Each site has a DC that acts as an inter-site replication partner.  Replication had been working with both intersite and intrasite replication partners. Recently we started to have intersite replication problems that I am not sure how to resolve.  Here are some of the event errors we are receiving:

------------------------------------------------------------------------------------------

Event Type:      Error
Event Source:      NTDS KCC
Event Category:      (1)
Event ID:      1311
Date:            9/4/2004
Time:            6:51:05 AM
User:            N/A
Computer:      DC-DS1
Description:
The Directory Service consistency checker has determined that either (a)
there is not enough physical connectivity published via the Active Directory
Sites and Services Manager to create a spanning tree connecting all the sites
containing the Partition CN=Configuration,DC=altarum,DC=pri, or (b)
replication cannot be performed with one or more critical servers in order
for changes to propagate across all sites (most often due to the servers
being unreachable).  

For (a), please use the Active Directory Sites and Services Manager to do
one of the following:
1. Publish sufficient site connectivity information such that the system can
infer a route by which this Partition can reach this site.  This option is
preferred.
2. Add an ntdsConnection object to a Domain Controller that contains the
Partition CN=Configuration,DC=altarum,DC=pri in this site from a Domain
Controller that contains the same Partition in another site.  

For (b), please see previous events logged by the NTDS KCC source that
identify the servers that could not be contacted.

----------------------------------------------------------------------------------------------

Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      (1)
Event ID:      1265
Date:            9/4/2004
Time:            6:51:05 AM
User:            N/A
Computer:      DC-DS1
Description:
The attempt to establish a replication link with parameters
 
 Partition: DC=altarum,DC=pri
 Source DSA DN: CN=NTDS
Settings,CN=AA-DS3,CN=Servers,CN=AnnArbor,CN=Sites,CN=Configuration,DC=altarum,DC=pri
 Source DSA Address: 48b860a6-2891-4d95-a2ae-83f13bceb6fb._msdcs.altarum.pri
 Inter-site Transport (if any): CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=altarum,DC=pri
 
 failed with the following status:
 
 The DSA operation is unable to proceed because of a DNS lookup failure.
 
 The record data is the status code.  This operation will be retried.
Data:
0000: 4c 21 00 00               L!..    

---------------------------------------------------------------------------------------



In running netdiag /v on the servers:
---------------------------------------------------------------------------------
TX-DC1:
Testing trust relationships... Failed
PASS - All the DNS entries for DC are registered on DNS server
'204.106.25.15'.
Trust relationship test. . . . . . : Failed
    Test to ensure DomainSid of domain 'ALTARUM' is correct.
    Secure channel for domain 'ALTARUM' is to '\\aa-ds1.altarum.pri'.
    [FATAL] Cannot set secure channel for domain 'ALTARUM' to PDC emulator.
[ERROR_NO_LOGON_SERVERS]
    Find PDC emulator in domain 'ALTARUM':
        [WARNING] Cannot find PDC emulator in domain 'ALTARUM'.
[ERROR_NO_SUCH_DOMAIN]

DC-DS1:
Testing trust relationships... Failed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1'.
Trust relationship test. . . . . . : Failed
    Test to ensure DomainSid of domain 'ALTARUM' is correct.
    Secure channel for domain 'ALTARUM' is to '\\aa-ds1.altarum.pri'.
    [FATAL] Cannot set secure channel for domain 'ALTARUM' to PDC emulator.
[ERROR_NO_LOGON_SERVERS]
    Find PDC emulator in domain 'ALTARUM':
        [WARNING] Cannot find PDC emulator in domain 'ALTARUM'.
[ERROR_NO_SUCH_DOMAIN]

AA-DS2:
Testing trust relationships... Passed
PASS - All the DNS entries for DC are registered on DNS server '198.108.7.9'
and other DCs also have some of the names registered.
Trust relationship test. . . . . . : Passed
    Test to ensure DomainSid of domain 'ALTARUM' is correct.
    Secure channel for domain 'ALTARUM' is to '\\aa-ds1.altarum.pri'.
    Secure channel for domain 'ALTARUM' was successfully set to PDC emulator
'\\aa-ds1.altarum.pri'.
Find PDC emulator in domain 'ALTARUM':
    Found this PDC emulator in domain 'ALTARUM':
        DC. . . . . . . . . . . : \\aa-ds1.altarum.pri
        Address . . . . . . . . : \\198.108.7.9
        Domain Guid . . . . . . : {2F33C2A8-5E95-493A-A035-1C095E3167EA}
        Domain Name . . . . . . : altarum.pri
        Forest Name . . . . . . : altarum.pri
        DC Site Name. . . . . . : AnnArbor
        Our Site Name . . . . . : AnnArbor
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE
DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
------------------------------------------------------------------------------------------------


I have verified that all pertinent DNS records are present on all DNS servers.  I have also run ipconfig /flushdns and /registerdns to be sure.  Replication between sites is still down and I'm at a loss as to what to try next.  I have considered deleting all sites from AD Sites and Services and setting them up again to see if this gets replication going, but I wasn't sure if there might be a better approach to take.  I need to get intersite replication up and running as quickly as possible.

Any help you can give would be greatly appreciated!
0
Comment
Question by:Altarum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 15

Assisted Solution

by:Yan_west
Yan_west earned 1400 total points
ID: 11996470
Q307593 provides an approach in troubleshooting Event ID 1311 Messages on a Windows 2000 Domain

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307593
0
 
LVL 15

Assisted Solution

by:Yan_west
Yan_west earned 1400 total points
ID: 11996483
0
 
LVL 9

Accepted Solution

by:
jdeclue earned 600 total points
ID: 11996739
Here is a KB, on using the Repadmin.exe. This is the Replication Administrator tool. It can be very helpful. As is suggests at the bottom, using the tool to determine the last time each server updated, can usually point you to the root of a problem.

J


http://support.microsoft.com/?kbid=229896
0
 

Author Comment

by:Altarum
ID: 11999097
Thanks for the quick responses!  I'm splitting the points between you all because all suggestions were required for me to come up with the answer.  In order to resolve this, I ran repadmin /showreps and ran dcdiag /test:intersite /e /q.  It then came to me that what I've been seeing in a lot of my tests is that there were missing _msdcs guids.  The solution was found on the eventid.net site Yan recommended.

In the end, I remoted into all intersite replication partner DCs and recreated the _msdcs guid CNAME records for all DCs.  Upon doing this, replication kicked right in.

After resolving this, I have a healthy suspicion as to where our replicating problems started and was wondering if you might have some ideas as to why this happened.  Last week we were testing out some config changes and had tested enabling scavaging of stale resource records.  Would this have for some reason viewed these CNAME records as stale and removed them?

Thanks,
Michelle
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11999420
It is possible, although I have never seen that happen before. I imagine it might be possible if the DNS was not configured properly to begin with. Glad you got it figured out, that was pretty quick. Good Job!

J
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question