[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


DNS error : Windows 2003 Server

Posted on 2004-11-19
Medium Priority
Last Modified: 2013-12-19
Got my DNS on my Windows 2003 Server Enterprise as a PDC and will be running my exchange server on a member server (Windows 2003 Server Standard).  In preparing for the exchange server deployment, I need to run several tools and tests to make sure the deploy will be succesful.

One of the tools I ran failed on me, which I ran on my PDC.

dcdiag /f:readme

This is my output:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   Testing server: Default-First-Site-Name\HAMSERVER
      Starting test: Connectivity
         The host e44c29e4-4272-4054-8c56-7a190027454f._msdcs.hamfarm.com could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name

         (e44c29e4-4272-4054-8c56-7a190027454f._msdcs.hamfarm.com) couldn't be

         resolved, the server name (HamServer.hamfarm.com) resolved to the IP

         address ( and was pingable.  Check that the IP address

         is registered correctly with the DNS server.
         ......................... HAMSERVER failed test Connectivity

Doing primary tests
   Testing server: Default-First-Site-Name\HAMSERVER
      Skipping all tests, because server HAMSERVER is
      not responding to directory service requests
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   Running partition tests on : hamfarm
      Starting test: CrossRefValidation
         ......................... hamfarm passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... hamfarm passed test CheckSDRefDom
   Running enterprise tests on : hamfarm.com
      Starting test: Intersite
         ......................... hamfarm.com passed test Intersite
      Starting test: FsmoCheck
         ......................... hamfarm.com passed test FsmoCheck

As you can see, why is it failing?  Is it because my DNS isn't setup correctly?  If so, please show me how to correct this.
Question by:Pentrix2
LVL 85

Expert Comment

ID: 12629350
Check the TCP/IP settings on your DC as well; while you're at it, make sure the domain members are configured correctly as well.

*** TCP/IP-Settings ***
* On your DC/DNS, make sure the only DNS listed in the TCP/IP properties is itself.
* On your domain members, enter only your DC as primary.
* Do NOT enter your ISP's DNS server in the TCP/IP settings on any domain member. All DNS resolution needs to be done by your internal DNS servers *only*.

*** DNS Server Settings ***
* Delete the root zone (if present) in your DNS server's forward lookup zones (the single dot, "."), to enable external lookups.
* Right-click your forward and reverse lookup zones, go to Properties, and make sure that Dynamic Updates are enabled.
* In the properties page of your DNS servers, configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.
* It's recommended (but not necessary) to set your zones to Active Directory integrated (this can be done in the properties of the zones as well).
* You might want to create a reverse lookup zone for your network as well.

Once you've checked this, open a command prompt and enter "ipconfig /registerdns", then stop and re-start the netlogon service. Check if the SRV records have been created (see link below).

Oh, and in case you haven't done so yet, install a WINS server on your DC as well; Exchange wants one.

Troubleshooting Active Directory DNS Errors in Windows 2000

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003

How to Verify the Creation of SRV Records for a Domain Controller

SRV Resource Records May Not Be Created on Domain Controller

HOW TO: Set Up the Domain Name System for Active Directory in Windows Server 2003

HOW TO: Configure DNS for Internet Access in Windows Server 2003

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003

Exchange Server 2003 and Exchange 2000 Server require NetBIOS name resolution for full functionality

HOW TO: Install WINS in Windows Server 2003

Author Comment

ID: 12644756
I don't see the area to see if Dynamic Updates to be enabled?  I do see an area and it says, Secure Updates only for Dynamic Updates.

As far as a WINS server, I did install it but haven't configured it.  Can you tell me on how to configure this WINS?  I did noticed that Exchange 2003 requires WINS.

Author Comment

ID: 12644837
I did try to see if my SRV Records are created but this is the output I'm receiving.

*** Can't find server name for address Non-existent domain
Default Server:  UnKnown

Then, I'm suppose to type

>set type=all    
Server:  UnKnown

*** UnKnown can't find _ldap._tcp.dc.msdcs.hamfarm:  Non-existent domain
Server:  UnKnown

How do I fix this?
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 12668705
Actually you might try pointiing HAMSERVER's Primary DNS setting in its TCP/IP properties to another DNS server (not itself), prferebablt the main DNS server in your domain. Leave the secondary blank.
 I have seen cases where a domain controller won't register it's records properly if it is poitning to itself as primary DNS.
At a command prompt type:
ipconfig /flushDNS
net stop netlogon & net start netlogon
ipconfig /registerdns

Wait a little while and check again. You can also use DNSLINT. I belive it is in the Support Tools on the server CD. Otherwise jusy Google it. Very nice utility

Author Comment

ID: 12669535
So I shouldn't be using the PDC as the DNS server, I should use a member server?

Expert Comment

ID: 12669618
The PDC should be fine. I use a DNS in my "hub" site.

Author Comment

ID: 12669634
Because right now I"m using the PDC as my DNS server, as well as my WINS, RRAS, Media Streaming, DHCP and file server.  Everything works properly but just not the DNS portion.

The reason is because I'm trying to get my exchange 2003 server enterprise on it too.  BTW, I'm using windows 2003 server enterprise edition.


Expert Comment

ID: 12669675
Depending on the size of your network, you may want to offload DNS on to another server. You should also have at least two DNS servers.
Do you have more than one DNS server on your network?


Author Comment

ID: 12669702
Not at this point, this is just my test environment, but curious how would I make 2 DNS servers?  Make one primary and other trusted?

Accepted Solution

Antknee869 earned 2000 total points
ID: 12670231
Generally, you want to use AD-Integrated DNS for and Active Directory infrastructure.
So, I am assuming you have one standalone DNS server? If you go to Administrative Tools > DNS and right click on one of your zones and select Properties. You will see a Type entry. It will say Primary if you are using a standalone non-AD Integrated DNS. It will say Active Directory Integrated if, well.... you know.
I would do this:
1. Convert your Zones in on your one DNS server to AD-Integrated.
2. Point your other server's primary DNS setting in TCP/IP properties to the one DNS server.
3. Either reboot the servers or issue the commands I listed above
4. verify that DNS is working OK. Use DCDIAG and DNSLINT.
5. If DNS is working you can install a second DNS server. Since it is a test lab, this is not too critical but would be good practice for setting up a production AD network.
To install a second AD Integrated DNS server go to Add/Remove programs > Windows setup > Network Services and select DNS. If you give the server 30-60 minutes it will popualte itself through AD replication.
If it is standalone, you need to do some config. I recommend AD integrated, but if you want to use standalone, LMK and I will give directions on this

Expert Comment

ID: 13730431
This is likely there is an error with using a top level domain.   See KB Article ID : 300684 You need to modify registy on 2000 box and can use policy for 2003

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question