Solved

DNS Intermittent (data gathered) Help!

Posted on 2004-10-13
1
427 Views
Last Modified: 2008-02-01
It seems that we have run into a DNS problem that is intermittently affecting backup exec and quite possibly more.  For future reference, the well know backup exec "communications failure" was solved for us when we bypassed our primary DNS server (using with LMHOSTS, using another DNS with same records, or manually assigning the IP address of the machine instead of its DNS Name.)

Now that we have identified a potential problem, it seems that their may be other issues affecting the primary DNS or WINS server.  Heres the info---

Primary DNS server is running Windows 2003 Enterprise
Setup for scavenging and aging of stale records

NOT svavenging old records..... Multiple duplicate PTR's exist that affect reverse lookup which affects a small portion of our applications (SUS to name one.) These records are marked as stale, and eventid 2501 goes through every day without removing any stale entries.  

A sniffer setup on the same network using the DNS server gets the following interesting traffic (sniffer setup with a direct network connection)...

Source: Primary DNS: 53
Destination: sniffer: 30XX

Information:::::  DNS query failure

Computer: Some invalid computername that is no longer on the network....

And then does this consistently at about 2 a second.....



In addition to this, practically every computer is incrementing up on the "received address errors" counter (this one, for example, is incrementing up about 2000 a day.)    

Packets Received                   = 3338434556
Received Header Errors             = 0
Received Address Errors            = 16122
Datagrams Forwarded                = 0
Unknown Protocols Received         = 0
Received Packets Discarded         = 0
Received Packets Delivered         = 3338418419
Output Requests                    = 781894773
Routing Discards                   = 0
Discarded Output Packets           = 0
Output Packet No Route             = 0
Reassembly Required                = 56
Reassembly Successful              = 28
Reassembly Failures                = 0
Datagrams Successfully Fragmented  = 28
Datagrams Failing Fragmentation    = 0
Fragments Created                  = 56

Going through the layers (OSI model)

Layer 1 is fine from the DNS server to servers potentially having the problem.  

Layer 2 connectivity appears to be OK, although I have my doubts due to increased problems after a switch change that affected the pimary DNS server, but the simplicity of layer 2 leaves it looking pretty innocent

Layers 3 and 4 should be just fine, because no changes were made affecting the servers or our access rules

Anything above that could well be a problem.....

Many of the servers are getting this problem intermittently....

Eventid 5789
Source-Netlogin
Attempt to update DNS Host Name of the computer object in Active Directory failed. The updated value was '(Omitted)'. The following error occurred:
Access is denied.


On the other hand, the event viewer on the primary DNS server
Event 7063
Source-DNS
The DNS server is configured to forward to a non-recursive DNS server at Ommitted.
 
DNS servers in forwarders list MUST be configured to process recursive queries.
Either
  1) fix the forwarder (Omitted) to allow recursion
       - connect to it with DNS Manager
       - bring up server properties
       - open "Advanced" tab
       - uncheck "Disable Recursion"
       - click OK
  OR
  2) remove this forwarder from this servers forwarders list
       - DNS Manager
       - bring up server properties
       - open "Forwarders" tab


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Lastly, the DNS server ip configurations....

Primary DNS Server  
     First DNS Server: Localhost (using the appropriate address-i.e. not 127.0.0.1)
     Second DNS Server: Secondary DNS Server

Secondary DNS Server
     First DNS Server: Localhost (using the appropriate address-not 127.0.0.1)
     Second DNS Server:  Localhost
     Third DNS Server: Domain Controller running DNS

The domain controller running DNS is not scavenging any records and sees the same duplicate PTRs as the primary DNS.  Any suggestions or need more information?  Thanks!
0
Comment
Question by:cdesimone
1 Comment
 
LVL 15

Accepted Solution

by:
adamdrayer earned 250 total points
ID: 12306971
here are some posts that I have found on this problem:

-------------------------------------------------------------
Ionut Marin (Last update 7/31/2004):
- Error: "Could not find the domain controller for this domain" - See Q329708.
- Error: "Access is denied" - See Q826899 and Error code 5. (Evidently this is the wrong KB article)

See Q819411 for more information on this event.

From a newsgroup post: "After doing research on TechNet, I came across Q257623 that showed three methods of correcting this issue. Since methods 2 and 3 were not applicable to my situation, method 1 seemed my best choice. I followed the instructions and it did nothing. However, it did give me an idea. I searched my registry for the word "SUFFIX", hoping there would be minimum entries. I found what I needed and here is what I did. I changed my domain name in the following keys:

“HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEM\DNSCLIENT\NVPrimaryDNSSuffix="childrens" to "chva-int.org"

and

“HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEM\DNSCLIENT\PrimaryDNSSuffix="childrens" to "chva-int.org".

Then, in the TCP/IP properties, I clicked the Advanced Button, DNS tab, and checked "Use this connections DNS suffix in DNS Registration". Then I entered the following command in the command prompt: “c:\ipconfig /registerdns”. After this Event ID 5789 stopped appearing and “ipconfig /all” showed the correct DNS entries.

What caused this problem? Well, when creating my network and adding servers, I used the NetBIOS name to add the server to the network, instead of the DNS name. Yes, everything worked, but some time it stopped working".

Bernardo van Hoof (Last update 6/25/2004):
- Error: "The security context could not be established due to a failure in the requested quality of service (e.g. mutual authentication or delegation)" - I got this error when I joined a server to the domain and renamed the computer at the same time. The updated value still showed the old name of the computer. After the mandatory reboot, the error did not repeat.

Adrian Grigorof (Last update 7/11/2003):
Error: "Access is denied" - According to Microsoft: "This behavior can occur if the computer account has permission to read the Active Directory record for itself, but does not have permission to write to the record or the entire directory." See also the link to error code 5.

Error: "The parameter is incorrect" - See the link to error code 87.

Anonymous (Last update 7/11/2003):
Error: "Access is denied" - I found that if a trust has broken down between Domain Controler and member server and if the member server was to regain domain membership by joining a workgroup then rejoining the domain, although membership is granted, due to the fact that the user is a domain administrator, if the account has not been deleted from the DC's ative directory list, the secure token is still assingned to the previous membership therefore access is corrupted/restricted.

Cary Shufelt (Last update 7/11/2003):
Error: "Access is denied" - This was the result of a manual DNS entry. Set permissions of the DNS entry so that the computer has full control.
--------------------------------------------------------


0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Preface There are many applications where some computing systems need have their system clocks running synchronized within a small margin and eventually need to be in sync with the global time. There are different solutions for this, i.e. the W3…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now