[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1264
  • Last Modified:

Win2003 AD - DNS/Kerberos/LDAP problems on DC in child domain

I have a Win2003 DC in a child domain that is having AD problems.  It manifested itself when I examined the default domain GPO.  What I discovered is this:
1. When I run netdiag, it fails the following tests- DNS, Kerberos and LDAP.  Below is the output from the command [NETDIAG]

2.  When I run dcdiag, it fails the following tests- Active Directory LDAP services check & FSMOCheck.  Below is output from the command [DCDIAG]

[NETDIAG]


........................................

    Computer Name: CPS1
    DNS Host Name: cps1.cps.oxford.com.
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB819696
        KB823182
        KB823353
        KB823559
        KB824105
        KB824141
        KB824146
        KB824151
        KB825119
        KB828028
        KB828035
        KB828741
        KB829558
        KB830352
        KB832894
        KB833987
        KB834707
        KB835732
        KB837001
        KB837009
        KB839643-DirectX9
        KB839645
        KB840315
        KB840374
        KB840987
        KB841356
        KB841533
        KB867801
        KB873376
        KB885881
        Q147222
        Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Intel Pro 1000 MT Gigabit Ethernet Adapter - Onboard

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : cps1.cps.oxford.com
        IP Address . . . . . . . . : 10.10.12.1
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.10.12.3
        Primary WINS Server. . . . : 10.10.12.1
        Dns Servers. . . . . . . . : 10.10.12.1
                                     10.10.11.1


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
            No remote names have been found.

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{9AC41A0C-03C5-4D8E-A1B1-C9A850B5E973}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.10.12.1'. Please wait for 30 minutes for DNS server replication.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.10.11.1'. Please wait for 30 minutes for DNS server replication.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{9AC41A0C-03C5-4D8E-A1B1-C9A850B5E973}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{9AC41A0C-03C5-4D8E-A1B1-C9A850B5E973}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Kerberos does not have a ticket for host/cps1.cps.oxford.com..


LDAP test. . . . . . . . . . . . . : Failed
    [WARNING] The default SPN registration for 'HOST/cps1.cps.oxford.com.' is missing on DC 'cps1.cps.oxford.com'.
    [FATAL] The default SPNs are not properly registered on any DCs.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

[END NETDIAG]

[DCDIAG]


Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine cps1, is a DC.
   * Connecting to directory service on server cps1.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 6 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: CPS\CPS1
      Starting test: Connectivity
         * Active Directory LDAP Services Check
            *** Warning: could not confirm the identity of this server in
               the directory versus the names returned by DNS servers.
               If there are problems accessing this directory server then
               you may need to check that this server is correctly registered
               with DNS
         * Active Directory RPC Services Check
         ......................... CPS1 passed test Connectivity

Doing primary tests
   
   Testing server: CPS\CPS1
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=oxford,DC=com
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=oxford,DC=com
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=oxford,DC=com
               Latency information for 13 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  1 had no latency information (Win2K DC).  
            DC=oxford,DC=com
               Latency information for 11 entries in the vector were ignored.
                  10 were retired Invocations.  1 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=oace,DC=oxford,DC=com
               Latency information for 6 entries in the vector were ignored.
                  3 were retired Invocations.  3 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=cps,DC=oxford,DC=com
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=oacn,DC=oxford,DC=com
               Latency information for 7 entries in the vector were ignored.
                  4 were retired Invocations.  3 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         * Replication Site Latency Check
         ......................... CPS1 passed test Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Starting test: NCSecDesc
         * Security Permissions Check for
           DC=DomainDnsZones,DC=cps,DC=oxford,DC=com
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=ForestDnsZones,DC=oxford,DC=com
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=cps,DC=oxford,DC=com
            (Domain,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=oxford,DC=com
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=oxford,DC=com
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=oacn,DC=oxford,DC=com
            (Domain,Version 2)
         * Security Permissions Check for
           DC=oace,DC=oxford,DC=com
            (Domain,Version 2)
         * Security Permissions Check for
           DC=oxford,DC=com
            (Domain,Version 2)
         ......................... CPS1 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         ......................... CPS1 passed test NetLogons
      Starting test: Advertising
         The DC CPS1 is advertising itself as a DC and having a DS.
         The DC CPS1 is advertising as an LDAP server
         The DC CPS1 is advertising as having a writeable directory
         The DC CPS1 is advertising as a Key Distribution Center
         Warning: CPS1 is not advertising as a time server.
         The DS CPS1 is advertising as a GC.
         ......................... CPS1 failed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=ODC1,CN=Servers,CN=ODC,CN=Sites,CN=Configuration,DC=oxford,DC=com
         Role Domain Owner = CN=NTDS Settings,CN=ODC1,CN=Servers,CN=ODC,CN=Sites,CN=Configuration,DC=oxford,DC=com
         Role PDC Owner = CN=NTDS Settings,CN=CPS1,CN=Servers,CN=CPS,CN=Sites,CN=Configuration,DC=oxford,DC=com
         Role Rid Owner = CN=NTDS Settings,CN=CPS1,CN=Servers,CN=CPS,CN=Sites,CN=Configuration,DC=oxford,DC=com
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=CPS1,CN=Servers,CN=CPS,CN=Sites,CN=Configuration,DC=oxford,DC=com
         ......................... CPS1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 2104 to 1073741823
         * cps1.cps.oxford.com is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1604 to 2103
         * rIDPreviousAllocationPool is 1604 to 2103
         * rIDNextRID: 1634
         ......................... CPS1 passed test RidManager
      Starting test: MachineAccount
         * SPN found :LDAP/cps1.cps.oxford.com/cps.oxford.com
         * SPN found :LDAP/cps1.cps.oxford.com
         * SPN found :LDAP/CPS1
         * SPN found :LDAP/cps1.cps.oxford.com/CPS
         * SPN found :LDAP/d18d47cf-46b9-4035-89c1-1b77fd6a2e5c._msdcs.oxford.com
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d18d47cf-46b9-4035-89c1-1b77fd6a2e5c/cps.oxford.com
         * SPN found :HOST/cps1.cps.oxford.com/cps.oxford.com
         * SPN found :HOST/cps1.cps.oxford.com
         * SPN found :HOST/CPS1
         * SPN found :HOST/cps1.cps.oxford.com/CPS
         * SPN found :GC/cps1.cps.oxford.com/oxford.com
         ......................... CPS1 passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... CPS1 passed test Services
      Test omitted by user request: OutboundSecureChannels
      Starting test: ObjectsReplicated
         CPS1 is in domain DC=cps,DC=oxford,DC=com
         Checking for CN=CPS1,OU=Domain Controllers,DC=cps,DC=oxford,DC=com in domain DC=cps,DC=oxford,DC=com on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=CPS1,CN=Servers,CN=CPS,CN=Sites,CN=Configuration,DC=oxford,DC=com in domain CN=Configuration,DC=oxford,DC=com on 1 servers
            Object is up-to-date on all servers.
         ......................... CPS1 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... CPS1 passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         ......................... CPS1 passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... CPS1 passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0xC25A001D
            Time Generated: 11/19/2004   07:46:34
            Event String: The time provider NtpClient is configured to
acquire time from one or more time sources,
however none of the sources are currently
accessible.  No attempt to contact a source will
be made for 960 minutes. NtpClient has no source
of accurate time.  
         ......................... CPS1 failed test systemlog
      Test omitted by user request: VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
         CN=CPS1,OU=Domain Controllers,DC=cps,DC=oxford,DC=com and backlink on
         CN=CPS1,CN=Servers,CN=CPS,CN=Sites,CN=Configuration,DC=oxford,DC=com
         are correct.
         The system object reference (frsComputerReferenceBL)
         CN=CPS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cps,DC=oxford,DC=com
         and backlink on CN=CPS1,OU=Domain Controllers,DC=cps,DC=oxford,DC=com
         are correct.
         The system object reference (serverReferenceBL)
         CN=CPS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cps,DC=oxford,DC=com
         and backlink on
         CN=NTDS Settings,CN=CPS1,CN=Servers,CN=CPS,CN=Sites,CN=Configuration,DC=oxford,DC=com
         are correct.
         ......................... CPS1 passed test VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : cps
      Starting test: CrossRefValidation
         ......................... cps passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... cps passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running enterprise tests on : oxford.com
      Starting test: Intersite
         Skipping site OACE, this site is outside the scope provided by the
         command line arguments provided.
         Skipping site OACN, this site is outside the scope provided by the
         command line arguments provided.
         Skipping site ODC, this site is outside the scope provided by the
         command line arguments provided.
         Skipping site CPS, this site is outside the scope provided by the
         command line arguments provided.
         ......................... oxford.com passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\cps1.cps.oxford.com
         Locator Flags: 0xe00001bd
         PDC Name: \\cps1.cps.oxford.com
         Locator Flags: 0xe00001bd
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
         A Good Time Server could not be located.
         KDC Name: \\cps1.cps.oxford.com
         Locator Flags: 0xe00001bd
         ......................... oxford.com failed test FsmoCheck

[END DCDIAG]


Additionally, running netdiag /fix returns the following error:

[FATAL] Failed to fix: DC DNS entry _ldap._tcp.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.CPS._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.OACE._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.OACN._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ODC._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.CPS._sites.gc._msdcs.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.0a1dde4d-652e-4673-b406-5d3af9d3162f.domains._msdcs.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry d18d47cf-46b9-4035-89c1-1b77fd6a2e5c._msdcs.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.CPS._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.OACE._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.OACN._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.ODC._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.CPS._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.OACE._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.OACN._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ODC._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.CPS._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.OACE._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.OACN._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.ODC._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.CPS._sites.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.CPS._sites.DomainDnsZones.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.OACE._sites.DomainDnsZones.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.OACN._sites.DomainDnsZones.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ODC._sites.DomainDnsZones.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.CPS._sites.ForestDnsZones.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for this DC on DNS server '10.10.12.1'.
    [FATAL] No DNS servers have the DNS records for this DC registered.

Finally, the output from ipcopnfig /all is listed below:


Windows IP Configuration

   Host Name . . . . . . . . . . . . : cps1
   Primary Dns Suffix  . . . . . . . : cps.oxford.com.
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : cps.oxford.com.
                                       oxford.com.

Ethernet adapter Intel Pro 1000 MT Gigabit Ethernet Adapter - Onboard:

   Connection-specific DNS Suffix  . : cps.oxford.com
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-C0-9F-2B-DD-1A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.10.12.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.12.3
   DNS Servers . . . . . . . . . . . : 10.10.12.1
                                       10.10.11.1
   Primary WINS Server . . . . . . . : 10.10.12.1

Since this is the only DC in the child domain, I cannot demote/promote, nor do I have the equipment to bring another server in, so the only thing I can do is fix this one, in place.  Some history on this child domain:  The domain had another Win2000 server that was replaced by this one.  The new one was renamed with the old server name, which I'm sure is part of the problem.  What are my options?  TIA
0
thaller
Asked:
thaller
  • 8
  • 7
1 Solution
 
WeHeCommented:
Is DNS server running on this DC?
Is "Allow Dynamic Updates" allowed for all zones (forward and reverse)?
Do you have a "." zone and a zone named like your ad namespace (cps.oxford.com)?
Who is 10.10.11.1? Is this a DNS Server with Dynamic Updates allowed?
0
 
cfairleyCommented:
Found a link that may solve this issue.  I think all of your problems with the DC is resulting from DNS.

http://www-tus.csx.cam.ac.uk/pc_support/WinNT/dns/netlogonerror.html
0
 
thallerAuthor Commented:
The DNS service is running, dynamic updates are allowed for all zones, there is no "." zone in any of the domains in the forest, all namespaces are represented in AD.  10.10.11.1 is the DC of the parent domain with dynamic updates allowed.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
WeHeCommented:
After reviewing the logs again and again, i think you should repair the time server error first.
A time difference more then 5 minutes can have strange effects on dc's.
As this is a DC of a subdomain (and the PDC Emulator of this domain) it must use the root-domain pdc emulator as a time reference.
Check if you can reach and resolve the root PDC-Emulator per ping and nslookup. But the DcGetDcName indicates a failure on this.
If it is reachable, check your w32time registry settings (http://support.microsoft.com/kb/223184/EN-US/).
Importend Values are: NtpServer is blank, Type=Nt5DS
0
 
thallerAuthor Commented:
I corrected the time server error which eliminated some of the problems, but it exposed another problem that was staring us in the face all along...I will be correcting that problem shortly and will let you know the outcome.
0
 
WeHeCommented:
i will wait for it.
i want to know, which problems are gone and which not.
0
 
thallerAuthor Commented:
Once I resolved the time server errors, I concentrated on why I was failing the LDAP and DNS test.  The problem is located in the following snippet from one of the tests:

Host Name . . . . . . . . . . . . : cps1
   Primary Dns Suffix  . . . . . . . : cps.oxford.com.
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : cps.oxford.com.
                                       oxford.com.

Note the trailing "."s.  This was confirmed by going to \HKLM\CurrentControlSet\Services\Parameters\Domain.  Sure enough, it reads "cps.oxford.com."  This leads me to 2 conclusions:

1. I have a disjointed namespace
2. I should fix it per http://support.microsoft.com/kb/257623 using the fixdomainsuffix.vbs script.

It appears as if this script will resolve the issue.  Any thoughts?  WeHe?
0
 
WeHeCommented:
Go to "My Computer" -> Properties -> Computer Name -> Change -> More
Does this textfield contain a trailling "." ?
If yes, delete it everywhere you find it.
0
 
thallerAuthor Commented:
It does, but I thought I couldn't rename a DC without demoting it first.  Since it's the only DC in the domain, I can't demote it.  So it appears I must run the script, which looks like it renames the FQDN of the DC to match the domain namespace.
0
 
WeHeCommented:
You are right, use this script.
0
 
thallerAuthor Commented:
I used the script, and it renamed the server successfully.  I'm still getting the following output from netdiag:

 Gathering IPX configuration information.
    Querying status of the Netcard drivers... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing DNS
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.10.12.1'. Please wait for 30 minutes for DNS server replication.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.10.11.1'. Please wait for 30 minutes for DNS server replication.
        [FATAL] No DNS servers have the DNS records for this DC registered.

    Tests complete.


    Computer Name: CPS1
    DNS Host Name: cps1.cps.oxford.com
    DNS Domain Name: cps.oxford.com
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel

All of the other issues seem to be resolved.  Any suggestions?
0
 
WeHeCommented:
try a "netdiag /fix" please.
0
 
thallerAuthor Commented:
I did, and the following output was generated:


.......................................

    Computer Name: CPS1
    DNS Host Name: cps1.cps.oxford.com
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB819696
        KB823182
        KB823353
        KB823559
        KB824105
        KB824141
        KB824146
        KB824151
        KB825119
        KB828028
        KB828035
        KB828741
        KB829558
        KB830352
        KB832894
        KB833987
        KB834707
        KB835732
        KB837001
        KB837009
        KB839643-DirectX9
        KB839645
        KB840315
        KB840374
        KB840987
        KB841356
        KB841533
        KB867801
        KB870763
        KB873376
        KB885835
        KB885836
        KB885881
        Q147222
        Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Intel Pro 1000 MT Gigabit Ethernet Adapter - Onboard

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : cps1.cps.oxford.com
        IP Address . . . . . . . . : 10.10.12.1
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.10.12.3
        Primary WINS Server. . . . : 10.10.12.1
        Dns Servers. . . . . . . . : 10.10.12.1
                                     10.10.11.1


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{9AC41A0C-03C5-4D8E-A1B1-C9A850B5E973}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.CPS._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.OACE._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.OACN._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ODC._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.CPS._sites.gc._msdcs.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.0a1dde4d-652e-4673-b406-5d3af9d3162f.domains._msdcs.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry d18d47cf-46b9-4035-89c1-1b77fd6a2e5c._msdcs.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.CPS._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.OACE._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.OACN._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.ODC._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.CPS._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.OACE._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.OACN._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ODC._sites.dc._msdcs.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.CPS._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.OACE._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.OACN._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.ODC._sites.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.CPS._sites.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.CPS._sites.DomainDnsZones.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.OACE._sites.DomainDnsZones.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.OACN._sites.DomainDnsZones.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ODC._sites.DomainDnsZones.cps.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.CPS._sites.ForestDnsZones.oxford.com. re-registeration on DNS server '10.10.12.1' failed.
DNS Error code: 0x0000000E
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for this DC on DNS server '10.10.12.1'.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{9AC41A0C-03C5-4D8E-A1B1-C9A850B5E973}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{9AC41A0C-03C5-4D8E-A1B1-C9A850B5E973}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully


I also ran "ipconfig /registerdns", and will post the results.  Thanks again for the help!
0
 
WeHeCommented:
Are you sure, there is a DNS running on this server (10.10.12.1)?
And why it is a W2K Server and not a W2K3?
0
 
thallerAuthor Commented:
Yes, it is running both an AD enabled primary forward and primary reverse lookup zones for the 10.10.12.0/24 subnet.  I've uninstalled/re-installed several times, including remove registry entries, all to no avail.  The server is a Win2k3 server.  The net diag output is misleading in that is displays "windows 2000".
0
 
thallerAuthor Commented:
Thanks WeHe for your help.  The problem still exists, I will look at as time permits.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now