[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

DNS & DC

Posted on 2004-11-27
14
Medium Priority
?
1,284 Views
Last Modified: 2009-02-07
I'm having problems with DNS server/ exchange.

I keep getting these errors

he remote server did not respond to a connection attempt.
Unable to bind to the destination server in DNS.

I don't know how to fix this....

I did a netdiag /v  and received this error which I think is related

The DNS entries for this DC are not registered correctly on DNS server 207.155.183.72 & 207.155.183.73   (these are the DNS ip address on my router)

No DNS servers have the DNS record for this DC registered

If I do a nslookup it returns the name of the ip address 207.155.183.72   hudson.concentric.net

if I do a ls domain  returns hudson.concentric.net  but says  can't list domain (domain name) : Bad error value

Any help would be appreciated Please

0
Comment
Question by:WestonGroup
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 6

Expert Comment

by:Eladla
ID: 12686854
http://www.winnetmag.com/Windows/Article/ArticleID/39651/39651.html
Try this.

Also, have your tryed setting the external DNS IPs on the server connection?
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 12686899
run netdiag /fix
0
 

Author Comment

by:WestonGroup
ID: 12687026
Tried netdiag /fix

this is what I received.  I think I have things setup in DNS incorrectly but not sure how to fix it....

[Warning] cannot find a primary authoriative DNS server for the name server.weston. [rcode_server_failure] the name server.weston. may not be registered in DNS

Failed to fix: DC DNS entry weston. re-registeration on DNS server 192.168.0.3 failed

netdiag failed to re-register missing DNS entries for theis DC on DNS server 192.168.0.3
no DNS servers have the DNS records for this DC registered.

I also already checked the queue folder for bad emails and there aren't any in that folder.

0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 11

Expert Comment

by:rafael_acc
ID: 12687271
Check for the following dns srv records in your dns! There must be all of them! Check this link:
http://www.petri.co.il/active_directory_srv_records.htm

Instead of netdiag /fix, try also dcdiag /fix.

Cheers.
0
 
LVL 2

Expert Comment

by:pcavenue
ID: 12701179
first off, the server needs to have the internal dns server in its first dns spot.  that is usually its self if the server is also the dns server..  ie if the server is 192.168.1.101 then the first dns entry on the server would be the same.  the seccond and third dns entrys can be your real dns servers on internet land.  this is also true on the workstations.  the first would be the server (192.168.1.101 in my example) the seccond and third wouldl be the true one.  when you run netdiag again you should get a pass on itself (registration wise), but a failure on the true dns server (one on internet )  ignore that one.

seccond you may need to do the followin to re-register the dns crap on the server.  try it without dooing this, but you may need to.  

ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon

you didnt mention if the netdiag came back with a failure on the dns portion, but im guessing it did.  if this dosent fix the netdiag failure we go to the next step.  also, when the server boots, does it take a long time on the "prepairing network connections"?

-dp
0
 

Author Comment

by:WestonGroup
ID: 12707749
THis is how I have everything set up..... I'm not using DHCP everything is static on the network

ip 192.168.0.3
default gateway 192.168.0.1
preferred DNS 192.168.0.3
Alternate DNS 192.168.0.2  --------- this is the ip address of our second server

computer name server.weston
domain weston

I created forward and reverse lookups
standard primary
name = weston
            weston.dns
primary server = server.weston.
responsible person = admin.weston.

name server = server.weston 192.168.0.3

allow zone transfers to any server

main dns server is listening on all ip addresses
enabled forwarders to ip address 4.2.2.2

(did i set this up correctly)

I do a nslookup and get this error
can't find server name for address 192.168.0.3: non-existent domain
can't find server name for address 192.168.0.2: no response from server

default servers are not available
default server: unknown
address: 192.168.0.3

if I do a ls weston

ls weston
[unknown]
weston.        NS        server = server.weston
server          A          192.168.0.3


My internet works for now, but i'm having email problems getting errors unable to biind to dns of destination....

If I do a netdiag /v I get a dns error  (DNS entries for this DC are not registered correctly on DNS server 192.168.0.3)
no DNS servers have the DNS records for this DC registered


Thats the whole problem and all the setting I have currently....
Thanks
0
 
LVL 2

Expert Comment

by:pcavenue
ID: 12721855
your correct on your first dns entry, thats your dns server (itself) the seccond one should be your real dns server (i.e. 207.155.183.72).  if that still gives you errors, you may have to do the following again....
ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon

if no go then, toasting the dns and re adding it will surely fix you up.  below is the simiplified path...  \


good luck...


Just don't restart your DC during this please.

•      Delete your zone off the DNS server that you picked.
•      If the zone is AD integrated, make it a Primary
•      Goto winnt\system32\dns) and delete your zone.dns files and delete the one in the backup folder too
•      Delete the NETLOGON.DNS and NETLOGON.DNB files from winnt\system32\config
•      In the reg, HKLM\system\CurrentControlSet\Services\DNS\Zones, delete your zone's
•      folder
•      Reinstall DNS
•      Reinstall your current service pack.
•      Now recreate the zone in DNS
•      Enable Dynamic Updates to "YES" and not to Secure just yet.
•      ipconfig /flushdns
•      ipconfig /registerdns1
•      Stop and Restart NETLOGON (net stop netlogon – net start netlogon)

dan
0
 

Author Comment

by:WestonGroup
ID: 12727416
You mention using ipconfig/flushdns

I'm not runing DHCP I believe that is used only when using DHCP

Everything is static on our network

if i'm incorrect let me know thanks

0
 
LVL 2

Expert Comment

by:pcavenue
ID: 12727776
no, the flush is for the dns, not dhcp.  when you do a registerdns it re-registeres it self anyway.  

release renew is dncp crap.

-dp

good luck
0
 
LVL 4

Expert Comment

by:fettigcj07
ID: 12780533
Your server should not be server.weston.  as you stated (or was the trailing period meant as punctiuation to your sentance?) there should be a TLD listed. personally i use .local which would make your DC server.weston.local

can't find server name for address 192.168.0.3: non-existent domain       > This error has to do with a failure in reverse DNS of your 1st server
can't find server name for address 192.168.0.2: no response from server > This error says that your 2nd server isn't running DNS
responsible person = admin.weston.                                                      > This isn't valid. The 1st . is an @ from the email of the responsible person: admin@weston.
                                                                                                          > isn't a valid e-mail address. not critical but shows underlying problems.


I'd say your problems stem from failure during the DCPROMO process. when the domain controller was promoted from a member server to a DC it was most likely configured to point to somewhere else for its DNS services and thus didn't make the registration for advanced windows services in its own DNS records. this is also why the clients are unable to find a domain controller to process their logons from your previous thread. Additionally your domain name doesn't comply with standards, it is missing the TLD information after the last period. that's definately not helping you either. I'd say some rather drastic measures should be taken, depending on your environment and what maintenance windows are available and how long they are you should pursue fixing your domain name first. I can't say that that is what is causing your problems because i've not ever made a domain without a TLD of some sort - like I said, I usually use .local

http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx is the link to microsoft's How-to on renaming the domain.
0
 

Author Comment

by:WestonGroup
ID: 12783105
I agree with the fact that things were set up incorrectly initally, is it possible to rename everything with an already established network without running into other problems

also that link is for windows server 2003 i'm running server 2000  will the same steps apply?

Thanks
0
 
LVL 4

Expert Comment

by:fettigcj07
ID: 12784614
Sorry i thought you'd said 2003 DC somewhere. You can't rename a 2000 domain. unfortunately. Your problem just compounded by about 3 fold. Give me and the rest a little bit to ponder how to fix this without just scrapping the whole domain and moving all the client PCs to a new domain (2003 SBS server costs less than $2K including hardware...) and setting your current servers up as members of that new SBS 2003 domain.
0
 

Author Comment

by:WestonGroup
ID: 12784899
Ok Thanks for your help
0
 
LVL 4

Accepted Solution

by:
fettigcj07 earned 2000 total points
ID: 12790274
Unless someone else has some brilliant sollution I'd say your going to have to get messier than you will enjoy. Solutions i can see you doing on your own:

1) Scrap it and start fresh by installing a fresh domain controller, either using 2003 SBS or whatever 2000 your currently licensed for on new hardware
Pros: it's cleanest, it allows you to use a test environment before rolling out the new domain and you can test 2-5 workstation's behaviors BEFORE going live with the new domain.
Cons: It's a bloody large load of work. It requires new hardware. It can be screwed up again.

2) Rent a server, migrate to it, rebuild your server as above, migrate back, return the rental
Pros: Same as 1, but without the hardware cost.
Cons: It's even more work. the rental cost is a sunk cost, there is no redemptive value in accounting terms to that cash flow as you don't get to retain the asset.

3) Upgrade your existing domain to 2003 and then rename and fix your additional problems.
Pros: It doesn't require as much time as 1, you can use your existing hardware
Cons: It's not guarunteed to work. some of your problems sound rather convoluted and in all honesty I'd hate playing with a production environment. Users get upset easily at outages and it sounds like yours are fairly frazled already from previous problems. Trying to fix a problem you don't fully understand while attempting to maintain user service is nearly impossible

4)  ignore the lack of TLD and try to resolve your DNS problems
Pros: It's cheap.
Cons: It's quite possibly a waste of time. because the TLD is missing the wzards aren't doing their jobs at automated configuration. while a manual configuration might be able to compensate for those deficiencies this action-plan is essentially calling for thrashing about like a monkey hoping to hit the right button on a keyboard.

5) Let someone else figure it out. Hire an outside support contract and outsource your IT problems.
Pros: It's effective, it gets the problem off your plate and allows you to get back to big-picture planning rather than mud-pounding in the trenches.
Cons: You need to find a reliable value-added support company to help - VARs are a dime a dozen and alot of them aren't worth the time of your interview. It's seen as expensive but it's really not once you consider the company productivity you gain from things working as they should. It's a security hazard - even the best VARs have employees quit and take your passwords with them. While your own employees knowing your admin pass is dangerous when you fire them or they quit you KNOW about it. a VAR may not be as responsible as you might want. But again, that comes back to hiring a quality company and not a 2-bit fly-by-night operation.

ultimately I've seen enough posts from you to advise you to go with door #5, and not just for this problem. Find a company that will take on the IT infrastructure for you so that you can stop wasting time on all this crap and get back to your companies core goals. That's why companies like mine exist, to service other companies IT needs and make it so they don't have to wear the network administrator hat on top of all their other hats. Now you just need to find a big enough solutions provider.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question