DNS - The DNS server could not signal the service "NAT". The error was 1168.

Windows server 2003
Server is domain controller

Sometime intermittently but usually every 4-5 hours the DNS will stop resolving and has to be restarted.  To get around this I have been restarting the DNS services as a scheduled task, but recently this hasn't been working as the problem gets more random.  The error below appears in the DNS Server event log:

--------------------------------------
Event Type:      Information
Event Source:      DNS
Event Category:      None
Event ID:      113
Date:            23/11/2004
Time:            15:30:00
User:            N/A
Computer:      SERVER
Description:
The DNS server could not signal the service "NAT". The error was 1168. There  may be interoperability problems between the DNS service and this service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------------------------

Is there another command I could schedule to prevent this, or is there an obvious solution to this problem?

PowerhousecomputingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PowerhousecomputingAuthor Commented:
Also this event appears just as often as the other:

------------------------------
Event Type:      Information
Event Source:      DNS
Event Category:      None
Event ID:      800
Date:            23/11/2004
Time:            15:35:04
User:            N/A
Computer:      LAYHER
Description:
The zone DOMAIN is configured to accept updates but the A record for the primary
server in the zone's SOA record is not available on this DNS server. This may
indicate a configuration problem. If the address of the primary server for the
zone cannot  be resolved DNS clients will be unable to locate a server to accept
updates for this zone. This will cause DNS clients to be unable to perform DNS updates.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
------------------------------

0
netwrkgirlygirlCommented:

Does this pertain to your setup?
From a newsgroup post: "Are you using ICS or NAT in RRAS? If it is ICS then disable ICS and use NAT in RRAS. If your are using NAT in RRAS then are you using the DNS proxy? If you have the DNS proxy enabled disable it."  

I have encountered a similar issue and I recreated my DNS zone ..  I made sure that my DNS server has itself as the primary server and had no issues since then...
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

PowerhousecomputingAuthor Commented:
Hi netwrkgirlygirl

I have recently had a similar DNS problem on another of my servers, and I recreated the DNS as the primary active directory server and it resolved that issue.  As you suggest the same for this problem I think I might give the same a go.  The symptoms of this problem and my other problem are very similiar; slow client logons and intermittent Internet access.

I shall recreate the DNS and post back how I did it and the result.
0
netwrkgirlygirlCommented:
Please let me know...  if not helping there are some other things we can try...

Heather
0
PowerhousecomputingAuthor Commented:
Here is what I did:

1) Delete contents of Forward Lookup Zones
2) Delete contents of Reverse Lookup Zones
3) stop DNS Service
4) Stop NETLOGON Service
5) ipconfig /flushdns
6) Locate %Systemroot%\System32\config\Netlogon.dns, netlogon.dnb and delete both files
7) Locate %Systemroot%\System32\DNS and delete all files,but NOT the directories (backup and samples)
8) Locate %Systemroot%\System32\DNS\backup and delete all files in there
9) Restart DNS
10) Create new Zone and select Active Directory Integrated.
11) Allow secure Updates.
12) Restart NETLOGON.

This has recreated the DNS but nothing seems to have changed in the DNS manager.  There are no _msdsc or _tcp subfolders to the domain.  There werent any in the first place, but I assume they would be created, and the lack of them is causing the login problems.

However logins are a lot faster now so something has worked!
0
netwrkgirlygirlCommented:
What concerns me is that you are saying that there was no "_msdsc or _tcp subfolders to the domain" when you initially configured this server as a DC....  This should have been a red flag for you that something was no correct to begin with...  Can you demote that server and re-create your AD if you are unsuccessful at trying the below suggestion..?  I don't know the scope of your network setup or if this is even an option for you.....  But having DNS not correctly working now with AD can cause more headaches later on down the road....  but I have a good feeling after you do the below that you should be ok...

Remove the DNS service all together from the Add/Remove Windows Components then reboot your machine and reinstall the DNS service...

Check the contents of the registry and manually delete the contents of the DNS if anything is existing...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\DNS Server\Zones\your domain name.something...

Then re-create your zones after you do a reboot.  

Check the contents of your systemroot\system32\dns folders and see what you have in place after...


Do you have another copy of cache.dns of all the root servers in place again?  if not copy this into that directory
;
;  Root Name Server Hints File:
;
;      These entries enable the DNS server to locate the root name servers
;      (the DNS servers authoritative for the root zone).
;      For historical reasons this is known often referred to as the
;      "Cache File"
;

@                       NS      a.root-servers.net.
a.root-servers.net      A      198.41.0.4
@                       NS      b.root-servers.net.
@                       NS      c.root-servers.net.
@                       NS      d.root-servers.net.
@                       NS      e.root-servers.net.
@                       NS      f.root-servers.net.
@                       NS      g.root-servers.net.
@                       NS      h.root-servers.net.
@                       NS      i.root-servers.net.
@                       NS      j.root-servers.net.
@                       NS      k.root-servers.net.
@                       NS      l.root-servers.net.
@                       NS      m.root-servers.net.

-------------------------------------------------------------------------------------------------

Put this back into your \samples\cache.dns:
;
;   cache.dns -- DNS CACHE FILE
;
;   Initial cache data for root domain servers.
;
;   YOU SHOULD CHANGE:
;   ->  Nothing if connected to the Internet.  Edit this file only when
;       updated root name server list is released.
;           OR
;   ->  If NOT connected to the Internet, remove these records and replace
;       with NS and A records for the DNS server authoritative for the
;       root domain at your site.
;
;   Note, if you are a root domain server, for your own private intranet,
;   no cache is required, and you may edit your boot file to remove
;   it.
;

;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/named.root
;           on server           FTP.INTERNIC.NET
;
;       last update:    Nov 5, 2002
;       related version of root zone:   2002110501
;
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
;
; formerly NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     128.9.0.107
;
; formerly C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; formerly TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
;
; formerly NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; formerly NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
;
; formerly NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
;
; operated by VeriSign, Inc.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
;
; housed in LINX, operated by RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
;
; operated by IANA
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     198.32.64.12
;
; housed in Japan, operated by WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
; End of File


Please let me know if this was successful or not...  might be able to try another suggestion...
GOOD LUCK!!!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PowerhousecomputingAuthor Commented:

My copy of cache.dns in systemroot\system32\dns has all the IP addresses which seems to be the only difference to the version you posted.  Shall I replace it anyway?  The cache.dns in \samples\ is the same as you posted.

-----------------------------------------------------
;
;  Root Name Server Hints File:
;
;      These entries enable the DNS server to locate the root name servers
;      (the DNS servers authoritative for the root zone).
;      For historical reasons this is known often referred to as the
;      "Cache File"
;

@                       NS      a.root-servers.net.
a.root-servers.net      A      198.41.0.4
@                       NS      b.root-servers.net.
b.root-servers.net      A      192.228.79.201
@                       NS      c.root-servers.net.
c.root-servers.net      A      192.33.4.12
@                       NS      d.root-servers.net.
d.root-servers.net      A      128.8.10.90
@                       NS      e.root-servers.net.
e.root-servers.net      A      192.203.230.10
@                       NS      f.root-servers.net.
f.root-servers.net      A      192.5.5.241
@                       NS      g.root-servers.net.
g.root-servers.net      A      192.112.36.4
@                       NS      h.root-servers.net.
h.root-servers.net      A      128.63.2.53
@                       NS      i.root-servers.net.
i.root-servers.net      A      192.36.148.17
@                       NS      j.root-servers.net.
j.root-servers.net      A      192.58.128.30
@                       NS      k.root-servers.net.
k.root-servers.net      A      193.0.14.129
@                       NS      l.root-servers.net.
l.root-servers.net      A      198.32.64.12
@                       NS      m.root-servers.net.
m.root-servers.net      A      202.12.27.33
-----------------------------------------------------

I havent tried removing the DNS component or deleting the registry key yet, just want to check with you about the different versions of cache.dns so I can do the job in one go.
0
PowerhousecomputingAuthor Commented:
Will I need the Windows Server 2003 CD to do this?
0
netwrkgirlygirlCommented:
Use the files that I have given you... try what I have recommended above first...


this machine is using a private IP addressing scheme correct?  

I believe this will solve your issue...

Heather
0
PowerhousecomputingAuthor Commented:
Would you believe I haven't found a good time to try this yet!  I will post when I do :)
0
netwrkgirlygirlCommented:
Yeah I believe it...  You don't need the CD to do this... I'm eager to see your results...  
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.