Solved

DNS + AD not properly configured when DCPromed...?

Posted on 2004-09-19
8
207 Views
Last Modified: 2010-04-19
Hi,

I  just realized that my DNS was not properly configured and now it is making application deeply attached to AD fail every time I try to install them (i.e. Exchange).
The problem that I'm seeing is, there are no SRV records under Forward Lookup Zones except for _msdcs.
I have already tried "net start/stop netlogon" and this didn't do anything.

Now, my question is that, would it be possible to re-setup DNS without damaging the Active Directory?
Without damaging... I mean this by preserving the exchange mail accounts as well.  (we were trying to add another exchange server, then faced the issue)

Here's the background information on this issue
Server1: DC + AD + DNS + Exch2003 @ Win2003 standard <-- the one with the problem
Server2: Exch2003 @ Win2003 standard <-- the one we are adding

Thank you very much in advance
0
Comment
Question by:sunflowersh
  • 4
  • 4
8 Comments
 
LVL 16

Expert Comment

by:JamesDS
ID: 12100416
sunflowersh
Take a look at the NETDIAG and DCDIAG commands that ship with the support tools pack from the Windows 2003 CD

Cheers

JamesDS
0
 
LVL 2

Author Comment

by:sunflowersh
ID: 12106199
James, here's the dump from both commands,

C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\GEORGIA
      Starting test: Connectivity
         The host 60d65301-1afa-44de-b0ff-b8c5b09fb72d._msdcs.wasinc.local could
 not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (60d65301-1afa-44de-b0ff-b8c5b09fb72d._msdcs.wasinc.local) couldn't be
         resolved, the server name (georgia) resolved to the IP address
         (192.168.0.254) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... GEORGIA failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\GEORGIA
      Skipping all tests, because server GEORGIA is
      not responding to directory service requests

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : wasinc
      Starting test: CrossRefValidation
         ......................... wasinc passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... wasinc passed test CheckSDRefDom

   Running enterprise tests on : wasinc.local
      Starting test: Intersite
         ......................... wasinc.local passed test Intersite
      Starting test: FsmoCheck
         ......................... wasinc.local passed test FsmoCheck

C:\Program Files\Support Tools>netdiag

.....................................

    Computer Name: GEORGIA
    DNS Host Name: georgia
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB819696
        KB823182
        KB823353
        KB823559
        KB824105
        KB824141
        KB825119
        KB828035
        KB828741
        KB831464
        KB832894
        KB833987
        KB835732
        KB837001
        KB839643
        KB839645
        KB840315
        KB840374
        KB867801
        Q147222
        Q828026


Netcard queries test . . . . . . . : Passed

Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : georgia
        IP Address . . . . . . . . : 192.168.0.254
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.1
        Dns Servers. . . . . . . . : 192.168.0.254

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{6701CF64-12EE-4F19-8B39-609542E5734E}
    1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.0.254'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{6701CF64-12EE-4F19-8B39-609542E5734E}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{6701CF64-12EE-4F19-8B39-609542E5734E}
    The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Kerberos does not have a ticket for host/georgia.

LDAP test. . . . . . . . . . . . . : Failed
    [WARNING] The default SPN registration for 'HOST/GEORGIA' is missing on DC '
georgia'.
    [FATAL] The default SPNs are not properly registered on any DCs.

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
    No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully
0
 
LVL 2

Author Comment

by:sunflowersh
ID: 12106267
Sorry for the huge post above,
but it seems to me that both commands are failing because the dns server lacks the correct SRV data,
which somehow didn't get produced during the initial setup.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12109460
sunflowersh

Can you post an IPCONFIG /ALL from each Domain Controller and from the problem machine as well.


Cheers

JamesDS
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 2

Author Comment

by:sunflowersh
ID: 12119457
This is the server with AD + DC + DNS (Server1)

C:\Program Files\Support Tools>ipconfig -all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : georgia
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-11-11-19-50-CF
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.254
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.254


Here's server2
Windows IP Configuration

   Host Name . . . . . . . . . . . . : washington
   Primary Dns Suffix  . . . . . . . : wasinc.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wasinc.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
   Physical Address. . . . . . . . . : 00-E0-B8-4E-47-FD
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.252
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.254

Hope this helps something....
Thanks
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 12120328
sunflowersh
GEORGIA doesn't have a primary DNS suffix, so is unable to register it's DNS records correctly - hence the other server can't find it in DNS.

Configure the DNS suffix and make usre the IP stack is set to register this connection in DNS and then run these commands:

NET STOP NETLOGON
NET START NETLOGON

Then re-run dcdiag and see if that has helped.

Cheers

JamesDS
0
 
LVL 2

Author Comment

by:sunflowersh
ID: 12135412
James, you are genius!
Amazingly well done :)
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12136461
sunflowersh
Thank you :)

You're very welcome, glad to help.

Cheers

JamesDS
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Power setting GPO not working 6 55
Domain and Forest functional levels 11 63
home drive migration 16 66
Best practice DHCP migration 7 55
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now