?
Solved

DNS Intermittent (data gathered) Help!

Posted on 2004-10-13
1
Medium Priority
?
438 Views
Last Modified: 2008-02-01
It seems that we have run into a DNS problem that is intermittently affecting backup exec and quite possibly more.  For future reference, the well know backup exec "communications failure" was solved for us when we bypassed our primary DNS server (using with LMHOSTS, using another DNS with same records, or manually assigning the IP address of the machine instead of its DNS Name.)

Now that we have identified a potential problem, it seems that their may be other issues affecting the primary DNS or WINS server.  Heres the info---

Primary DNS server is running Windows 2003 Enterprise
Setup for scavenging and aging of stale records

NOT svavenging old records..... Multiple duplicate PTR's exist that affect reverse lookup which affects a small portion of our applications (SUS to name one.) These records are marked as stale, and eventid 2501 goes through every day without removing any stale entries.  

A sniffer setup on the same network using the DNS server gets the following interesting traffic (sniffer setup with a direct network connection)...

Source: Primary DNS: 53
Destination: sniffer: 30XX

Information:::::  DNS query failure

Computer: Some invalid computername that is no longer on the network....

And then does this consistently at about 2 a second.....



In addition to this, practically every computer is incrementing up on the "received address errors" counter (this one, for example, is incrementing up about 2000 a day.)    

Packets Received                   = 3338434556
Received Header Errors             = 0
Received Address Errors            = 16122
Datagrams Forwarded                = 0
Unknown Protocols Received         = 0
Received Packets Discarded         = 0
Received Packets Delivered         = 3338418419
Output Requests                    = 781894773
Routing Discards                   = 0
Discarded Output Packets           = 0
Output Packet No Route             = 0
Reassembly Required                = 56
Reassembly Successful              = 28
Reassembly Failures                = 0
Datagrams Successfully Fragmented  = 28
Datagrams Failing Fragmentation    = 0
Fragments Created                  = 56

Going through the layers (OSI model)

Layer 1 is fine from the DNS server to servers potentially having the problem.  

Layer 2 connectivity appears to be OK, although I have my doubts due to increased problems after a switch change that affected the pimary DNS server, but the simplicity of layer 2 leaves it looking pretty innocent

Layers 3 and 4 should be just fine, because no changes were made affecting the servers or our access rules

Anything above that could well be a problem.....

Many of the servers are getting this problem intermittently....

Eventid 5789
Source-Netlogin
Attempt to update DNS Host Name of the computer object in Active Directory failed. The updated value was '(Omitted)'. The following error occurred:
Access is denied.


On the other hand, the event viewer on the primary DNS server
Event 7063
Source-DNS
The DNS server is configured to forward to a non-recursive DNS server at Ommitted.
 
DNS servers in forwarders list MUST be configured to process recursive queries.
Either
  1) fix the forwarder (Omitted) to allow recursion
       - connect to it with DNS Manager
       - bring up server properties
       - open "Advanced" tab
       - uncheck "Disable Recursion"
       - click OK
  OR
  2) remove this forwarder from this servers forwarders list
       - DNS Manager
       - bring up server properties
       - open "Forwarders" tab


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Lastly, the DNS server ip configurations....

Primary DNS Server  
     First DNS Server: Localhost (using the appropriate address-i.e. not 127.0.0.1)
     Second DNS Server: Secondary DNS Server

Secondary DNS Server
     First DNS Server: Localhost (using the appropriate address-not 127.0.0.1)
     Second DNS Server:  Localhost
     Third DNS Server: Domain Controller running DNS

The domain controller running DNS is not scavenging any records and sees the same duplicate PTRs as the primary DNS.  Any suggestions or need more information?  Thanks!
0
Comment
Question by:cdesimone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 15

Accepted Solution

by:
adamdrayer earned 1000 total points
ID: 12306971
here are some posts that I have found on this problem:

-------------------------------------------------------------
Ionut Marin (Last update 7/31/2004):
- Error: "Could not find the domain controller for this domain" - See Q329708.
- Error: "Access is denied" - See Q826899 and Error code 5. (Evidently this is the wrong KB article)

See Q819411 for more information on this event.

From a newsgroup post: "After doing research on TechNet, I came across Q257623 that showed three methods of correcting this issue. Since methods 2 and 3 were not applicable to my situation, method 1 seemed my best choice. I followed the instructions and it did nothing. However, it did give me an idea. I searched my registry for the word "SUFFIX", hoping there would be minimum entries. I found what I needed and here is what I did. I changed my domain name in the following keys:

“HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEM\DNSCLIENT\NVPrimaryDNSSuffix="childrens" to "chva-int.org"

and

“HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEM\DNSCLIENT\PrimaryDNSSuffix="childrens" to "chva-int.org".

Then, in the TCP/IP properties, I clicked the Advanced Button, DNS tab, and checked "Use this connections DNS suffix in DNS Registration". Then I entered the following command in the command prompt: “c:\ipconfig /registerdns”. After this Event ID 5789 stopped appearing and “ipconfig /all” showed the correct DNS entries.

What caused this problem? Well, when creating my network and adding servers, I used the NetBIOS name to add the server to the network, instead of the DNS name. Yes, everything worked, but some time it stopped working".

Bernardo van Hoof (Last update 6/25/2004):
- Error: "The security context could not be established due to a failure in the requested quality of service (e.g. mutual authentication or delegation)" - I got this error when I joined a server to the domain and renamed the computer at the same time. The updated value still showed the old name of the computer. After the mandatory reboot, the error did not repeat.

Adrian Grigorof (Last update 7/11/2003):
Error: "Access is denied" - According to Microsoft: "This behavior can occur if the computer account has permission to read the Active Directory record for itself, but does not have permission to write to the record or the entire directory." See also the link to error code 5.

Error: "The parameter is incorrect" - See the link to error code 87.

Anonymous (Last update 7/11/2003):
Error: "Access is denied" - I found that if a trust has broken down between Domain Controler and member server and if the member server was to regain domain membership by joining a workgroup then rejoining the domain, although membership is granted, due to the fact that the user is a domain administrator, if the account has not been deleted from the DC's ative directory list, the secure token is still assingned to the previous membership therefore access is corrupted/restricted.

Cary Shufelt (Last update 7/11/2003):
Error: "Access is denied" - This was the result of a manual DNS entry. Set permissions of the DNS entry so that the computer has full control.
--------------------------------------------------------


0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question