Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

DNS/ Active Directory -- Directory Service zone enumeration problems - network FUBAR - help!

Posted on 2004-11-04
7
Medium Priority
?
2,215 Views
Last Modified: 2011-10-03
our network  (W2K3 Small biz - 3 XP pro clients  Yahoo/sbc DSL) was working fine for about a month then all of the sudden we started getting errors trying to connect to network shares or the internet--we setup this server about a month ago and everything was OK. yesterday we started having problmes connecting to the internet and netwrok shares--it would be very slow, or fail or come back with a warning when attempting to connect to netwrok shares saying something to the effect of there was already a connection..as the novice admin I am I assumed we were having som,e DNS issues-- event viewer had numerous warnings starting a week ago with this occuring every few days...

"event id 6702
DNS server has updated its own host (A) records.  In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update, the record data is the error code. "
 
these happened ever few days and ended on 10/26.


Then on 11/2 we received these DNS event log warnings in order...


event ID 4015
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

event ID 4004
The DNS server was unable to complete directory service enumeration of zone _msdcs.nextwave.detroit.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

event id 4004
The DNS server was unable to complete directory service enumeration of zone nextwave.detroit.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

 I rebooted the server and I havent received the warnings, but our network is FUBAR-- intermittent connections to internet and to local shares-- I am not a DNS superstar so I am sure this is probably and relatively easy fix for great ones as yourselves. I am assuming that this is why we are having network issues BIG TIME. "Help me Obi-Wan, your my only hope."



0
Comment
Question by:kevotron
  • 4
  • 3
7 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 12497150
To start with, check your DNS settings against this setup:

*** TCP/IP-Settings ***
* On your DC/DNS, make sure the only DNS listed in the TCP/IP properties is itself.
* On your domain members, enter only the DC as primary DNS.
* Do NOT enter your ISP's DNS server in the TCP/IP settings on any domain member. All DNS resolution needs to be done by your internal DNS servers *only*.

*** DNS Server Settings ***
* Delete the root zone (if present) in your DNS server's forward lookup zones (the single dot, "."), to enable external lookups.
* Right-click your forward and reverse lookup zones, go to Properties, and make sure that Dynamic Updates are enabled.
* In the properties page of your DNS servers, configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.
* It's recommended (but not necessary) to set your zones to Active Directory integrated (this can be done in the properties of the zones as well).

Once you've checked this, open a command prompt and enter "ipconfig /registerdns", then stop and re-start the netlogon service. Check if the SRV records have been created (see link below).
For further troubleshooting, you can use dcdiag.exe and netdiag.exe to check your system for errors in the domain setup.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897

HOW TO: Set Up the Domain Name System for Active Directory in Windows Server 2003
http://support.microsoft.com/?kbid=816584

HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003
http://support.microsoft.com/?kbid=816567
0
 

Author Comment

by:kevotron
ID: 12505022
OK thanks for the help. I also found out that I had the DNS settings on the clients pointed to the server (192.168.1.10) I was under the assumption that the clients would get the DNS from the server which was getting it from the DNS servers provided by SBC. I changed that so that the primary DNS on the clients is set to the gateway (192.168.1.254) and the secondary is set to the DNS server IP provided by SBC -- somebody told me that the zone emumeration erros were a result of my having the DNS settings on the clients pointed to the server instead of the gateway. does this sound right?
0
 
LVL 85

Expert Comment

by:oBdA
ID: 12508037
Not at all, sorry. Please read the correct setup again.
*All* your domain members (including the SBS itself!) need to use your internal SBS server *only* for DNS resolution. Your SBS will forward requests beyond your internal domain (assuming correct configuration) to your ISP's (or your router's) DNS.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:kevotron
ID: 12508376
OOps to clarify.... SBC --thats the provider of the DSL. I thought the server would be getting its DNS settings from the DNS server IPs they had provided me--I have those setup in the TCP/IP settings on the server NIC. Then with my XP clients pointed to the server to obtain DNS settings ( 192.168.1.10) -- they would get the DNS from there. As I said I am a novice, so I know you are probably saying "what?" Is this still completly off?
0
 
LVL 85

Expert Comment

by:oBdA
ID: 12508744
SBS refers to your Small Business Server.
On this server (192.168.1.10, if I understood you correctly), open the TCP/IP properties of your LAN connection and configure the primary DNS server to be 192.168.1.10 (leave the secondary DNS server entry empty!), the default gateway to be 192.168.1.254. Do exactly the same on your clients.
Then open the DNS management console, and configure your DNS server as described above.
0
 

Author Comment

by:kevotron
ID: 12509309
you wrote "open the TCP/IP properties of your LAN connection and configure the primary DNS server to be 192.168.1.10 (leave the secondary DNS server entry empty!)" -  I have  the primary and alternate DNS servers in the TCP/IP porperties set to the IP addresses our internet provider (SBC) gave us ofr DNS. So that is wrong, yes? Could you just briefly explain why I set the primary DNS to point to itself and the seocndary is left blank--I do not doubt you in the least, I would just really like to know why it is supposed to be pointed to itself for learnings sake. I will award you the 500 points for all your help. Thanks.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 12510318
Because DNS is vital in an AD domain; the DC(s) need to register themselves there, and W2k/XP clients will query DNS to find a DC for their domain. That will only work if the DNS server supports dynamic updates (see above on how to make sure DDNS is enabled on your DNS server). Of course, your internal DNS knows nothing about external addresses like www.google.com or whatever; that's why you need to configure the forwarders section in your DNS, and that's where your SBC DNS addresses go.
Have a look at the articles above, especially at the FAQ; this might clear some things up.
You'll find more about Active Directory here (and at google, of course):
Windows Server 2003 Active Directory
http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Screencast - Getting to Know the Pipeline

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question