Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


DNS Intermittent (data gathered) Help!

Posted on 2004-10-13
Medium Priority
Last Modified: 2008-02-01
It seems that we have run into a DNS problem that is intermittently affecting backup exec and quite possibly more.  For future reference, the well know backup exec "communications failure" was solved for us when we bypassed our primary DNS server (using with LMHOSTS, using another DNS with same records, or manually assigning the IP address of the machine instead of its DNS Name.)

Now that we have identified a potential problem, it seems that their may be other issues affecting the primary DNS or WINS server.  Heres the info---

Primary DNS server is running Windows 2003 Enterprise
Setup for scavenging and aging of stale records

NOT svavenging old records..... Multiple duplicate PTR's exist that affect reverse lookup which affects a small portion of our applications (SUS to name one.) These records are marked as stale, and eventid 2501 goes through every day without removing any stale entries.  

A sniffer setup on the same network using the DNS server gets the following interesting traffic (sniffer setup with a direct network connection)...

Source: Primary DNS: 53
Destination: sniffer: 30XX

Information:::::  DNS query failure

Computer: Some invalid computername that is no longer on the network....

And then does this consistently at about 2 a second.....

In addition to this, practically every computer is incrementing up on the "received address errors" counter (this one, for example, is incrementing up about 2000 a day.)    

Packets Received                   = 3338434556
Received Header Errors             = 0
Received Address Errors            = 16122
Datagrams Forwarded                = 0
Unknown Protocols Received         = 0
Received Packets Discarded         = 0
Received Packets Delivered         = 3338418419
Output Requests                    = 781894773
Routing Discards                   = 0
Discarded Output Packets           = 0
Output Packet No Route             = 0
Reassembly Required                = 56
Reassembly Successful              = 28
Reassembly Failures                = 0
Datagrams Successfully Fragmented  = 28
Datagrams Failing Fragmentation    = 0
Fragments Created                  = 56

Going through the layers (OSI model)

Layer 1 is fine from the DNS server to servers potentially having the problem.  

Layer 2 connectivity appears to be OK, although I have my doubts due to increased problems after a switch change that affected the pimary DNS server, but the simplicity of layer 2 leaves it looking pretty innocent

Layers 3 and 4 should be just fine, because no changes were made affecting the servers or our access rules

Anything above that could well be a problem.....

Many of the servers are getting this problem intermittently....

Eventid 5789
Attempt to update DNS Host Name of the computer object in Active Directory failed. The updated value was '(Omitted)'. The following error occurred:
Access is denied.

On the other hand, the event viewer on the primary DNS server
Event 7063
The DNS server is configured to forward to a non-recursive DNS server at Ommitted.
DNS servers in forwarders list MUST be configured to process recursive queries.
  1) fix the forwarder (Omitted) to allow recursion
       - connect to it with DNS Manager
       - bring up server properties
       - open "Advanced" tab
       - uncheck "Disable Recursion"
       - click OK
  2) remove this forwarder from this servers forwarders list
       - DNS Manager
       - bring up server properties
       - open "Forwarders" tab

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Lastly, the DNS server ip configurations....

Primary DNS Server  
     First DNS Server: Localhost (using the appropriate address-i.e. not
     Second DNS Server: Secondary DNS Server

Secondary DNS Server
     First DNS Server: Localhost (using the appropriate address-not
     Second DNS Server:  Localhost
     Third DNS Server: Domain Controller running DNS

The domain controller running DNS is not scavenging any records and sees the same duplicate PTRs as the primary DNS.  Any suggestions or need more information?  Thanks!
Question by:cdesimone
1 Comment
LVL 15

Accepted Solution

adamdrayer earned 1000 total points
ID: 12306971
here are some posts that I have found on this problem:

Ionut Marin (Last update 7/31/2004):
- Error: "Could not find the domain controller for this domain" - See Q329708.
- Error: "Access is denied" - See Q826899 and Error code 5. (Evidently this is the wrong KB article)

See Q819411 for more information on this event.

From a newsgroup post: "After doing research on TechNet, I came across Q257623 that showed three methods of correcting this issue. Since methods 2 and 3 were not applicable to my situation, method 1 seemed my best choice. I followed the instructions and it did nothing. However, it did give me an idea. I searched my registry for the word "SUFFIX", hoping there would be minimum entries. I found what I needed and here is what I did. I changed my domain name in the following keys:




Then, in the TCP/IP properties, I clicked the Advanced Button, DNS tab, and checked "Use this connections DNS suffix in DNS Registration". Then I entered the following command in the command prompt: “c:\ipconfig /registerdns”. After this Event ID 5789 stopped appearing and “ipconfig /all” showed the correct DNS entries.

What caused this problem? Well, when creating my network and adding servers, I used the NetBIOS name to add the server to the network, instead of the DNS name. Yes, everything worked, but some time it stopped working".

Bernardo van Hoof (Last update 6/25/2004):
- Error: "The security context could not be established due to a failure in the requested quality of service (e.g. mutual authentication or delegation)" - I got this error when I joined a server to the domain and renamed the computer at the same time. The updated value still showed the old name of the computer. After the mandatory reboot, the error did not repeat.

Adrian Grigorof (Last update 7/11/2003):
Error: "Access is denied" - According to Microsoft: "This behavior can occur if the computer account has permission to read the Active Directory record for itself, but does not have permission to write to the record or the entire directory." See also the link to error code 5.

Error: "The parameter is incorrect" - See the link to error code 87.

Anonymous (Last update 7/11/2003):
Error: "Access is denied" - I found that if a trust has broken down between Domain Controler and member server and if the member server was to regain domain membership by joining a workgroup then rejoining the domain, although membership is granted, due to the fact that the user is a domain administrator, if the account has not been deleted from the DC's ative directory list, the secure token is still assingned to the previous membership therefore access is corrupted/restricted.

Cary Shufelt (Last update 7/11/2003):
Error: "Access is denied" - This was the result of a manual DNS entry. Set permissions of the DNS entry so that the computer has full control.


Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question