DNS Intermittent (data gathered) Help!

It seems that we have run into a DNS problem that is intermittently affecting backup exec and quite possibly more.  For future reference, the well know backup exec "communications failure" was solved for us when we bypassed our primary DNS server (using with LMHOSTS, using another DNS with same records, or manually assigning the IP address of the machine instead of its DNS Name.)

Now that we have identified a potential problem, it seems that their may be other issues affecting the primary DNS or WINS server.  Heres the info---

Primary DNS server is running Windows 2003 Enterprise
Setup for scavenging and aging of stale records

NOT svavenging old records..... Multiple duplicate PTR's exist that affect reverse lookup which affects a small portion of our applications (SUS to name one.) These records are marked as stale, and eventid 2501 goes through every day without removing any stale entries.  

A sniffer setup on the same network using the DNS server gets the following interesting traffic (sniffer setup with a direct network connection)...

Source: Primary DNS: 53
Destination: sniffer: 30XX

Information:::::  DNS query failure

Computer: Some invalid computername that is no longer on the network....

And then does this consistently at about 2 a second.....

In addition to this, practically every computer is incrementing up on the "received address errors" counter (this one, for example, is incrementing up about 2000 a day.)    

Packets Received                   = 3338434556
Received Header Errors             = 0
Received Address Errors            = 16122
Datagrams Forwarded                = 0
Unknown Protocols Received         = 0
Received Packets Discarded         = 0
Received Packets Delivered         = 3338418419
Output Requests                    = 781894773
Routing Discards                   = 0
Discarded Output Packets           = 0
Output Packet No Route             = 0
Reassembly Required                = 56
Reassembly Successful              = 28
Reassembly Failures                = 0
Datagrams Successfully Fragmented  = 28
Datagrams Failing Fragmentation    = 0
Fragments Created                  = 56

Going through the layers (OSI model)

Layer 1 is fine from the DNS server to servers potentially having the problem.  

Layer 2 connectivity appears to be OK, although I have my doubts due to increased problems after a switch change that affected the pimary DNS server, but the simplicity of layer 2 leaves it looking pretty innocent

Layers 3 and 4 should be just fine, because no changes were made affecting the servers or our access rules

Anything above that could well be a problem.....

Many of the servers are getting this problem intermittently....

Eventid 5789
Attempt to update DNS Host Name of the computer object in Active Directory failed. The updated value was '(Omitted)'. The following error occurred:
Access is denied.

On the other hand, the event viewer on the primary DNS server
Event 7063
The DNS server is configured to forward to a non-recursive DNS server at Ommitted.
DNS servers in forwarders list MUST be configured to process recursive queries.
  1) fix the forwarder (Omitted) to allow recursion
       - connect to it with DNS Manager
       - bring up server properties
       - open "Advanced" tab
       - uncheck "Disable Recursion"
       - click OK
  2) remove this forwarder from this servers forwarders list
       - DNS Manager
       - bring up server properties
       - open "Forwarders" tab

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Lastly, the DNS server ip configurations....

Primary DNS Server  
     First DNS Server: Localhost (using the appropriate address-i.e. not
     Second DNS Server: Secondary DNS Server

Secondary DNS Server
     First DNS Server: Localhost (using the appropriate address-not
     Second DNS Server:  Localhost
     Third DNS Server: Domain Controller running DNS

The domain controller running DNS is not scavenging any records and sees the same duplicate PTRs as the primary DNS.  Any suggestions or need more information?  Thanks!
Who is Participating?
adamdrayerConnect With a Mentor Commented:
here are some posts that I have found on this problem:

Ionut Marin (Last update 7/31/2004):
- Error: "Could not find the domain controller for this domain" - See Q329708.
- Error: "Access is denied" - See Q826899 and Error code 5. (Evidently this is the wrong KB article)

See Q819411 for more information on this event.

From a newsgroup post: "After doing research on TechNet, I came across Q257623 that showed three methods of correcting this issue. Since methods 2 and 3 were not applicable to my situation, method 1 seemed my best choice. I followed the instructions and it did nothing. However, it did give me an idea. I searched my registry for the word "SUFFIX", hoping there would be minimum entries. I found what I needed and here is what I did. I changed my domain name in the following keys:




Then, in the TCP/IP properties, I clicked the Advanced Button, DNS tab, and checked "Use this connections DNS suffix in DNS Registration". Then I entered the following command in the command prompt: “c:\ipconfig /registerdns”. After this Event ID 5789 stopped appearing and “ipconfig /all” showed the correct DNS entries.

What caused this problem? Well, when creating my network and adding servers, I used the NetBIOS name to add the server to the network, instead of the DNS name. Yes, everything worked, but some time it stopped working".

Bernardo van Hoof (Last update 6/25/2004):
- Error: "The security context could not be established due to a failure in the requested quality of service (e.g. mutual authentication or delegation)" - I got this error when I joined a server to the domain and renamed the computer at the same time. The updated value still showed the old name of the computer. After the mandatory reboot, the error did not repeat.

Adrian Grigorof (Last update 7/11/2003):
Error: "Access is denied" - According to Microsoft: "This behavior can occur if the computer account has permission to read the Active Directory record for itself, but does not have permission to write to the record or the entire directory." See also the link to error code 5.

Error: "The parameter is incorrect" - See the link to error code 87.

Anonymous (Last update 7/11/2003):
Error: "Access is denied" - I found that if a trust has broken down between Domain Controler and member server and if the member server was to regain domain membership by joining a workgroup then rejoining the domain, although membership is granted, due to the fact that the user is a domain administrator, if the account has not been deleted from the DC's ative directory list, the secure token is still assingned to the previous membership therefore access is corrupted/restricted.

Cary Shufelt (Last update 7/11/2003):
Error: "Access is denied" - This was the result of a manual DNS entry. Set permissions of the DNS entry so that the computer has full control.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.