Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

W2k3 DNS servers unavailable, they report "Access is denied. You do not have permission to access this dns server."

Posted on 2005-03-08
16
Medium Priority
?
3,395 Views
Last Modified: 2012-05-05
2 of our three DNS servers appear to be working correctly - although one of them (the operations master) not at all. All three servers do not allow any access to themselves through the management console offering the above error.

The DNS that is not working logs event id:113

The DNS server could not signal the service "NAT". The error was 1168. There may be interoperability problems between the DNS service and this service.

Help
0
Comment
Question by:MentalSolutions
  • 9
  • 7
16 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13487799
can you explain more about your network setup?  do you have windows server performing NAT at all via RRAS??  Are all DCs at the same location?  Can they ping each other etc?

0
 

Author Comment

by:MentalSolutions
ID: 13487948
No we are not running RRAS at all

we have a sonicwall 3060 which has two internet connections primary is a T1 line and the backup leg is an ADSL 2mb. Internet connectivity is working perfectly although on the operations master - no DNS lookups were working until we added dns servers to the nic (we added the other two dns servers from the domain).

The domain is spread over 2 main sites - with a 2mb leased line in between - each site is naturally on a different subnet. There are 2 DC's on each site.

the main problem is we cant access any of the DNS servers whatsoever.

 
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13488130
Ok,,, now im more confused:

"no DNS lookups were working until we added dns servers to the nic"   of course DNS lookups dont work if you dont have the computer pointed to a DNS server.

"the main problem is we cant access any of the DNS servers whatsoever. "  this contradicts the above statment.

in one place you say DNS lookups work when you have the NIC pointed to a DNS server (as expected), and then you say that you can't access any DNS servers at all.  Which is it???

All of your DNS servers should be pointed to themseves for DNS name resolution.
All of your clients should be pointed to the LOCAL DNS server for DNS name resolution.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:MentalSolutions
ID: 13488354
"no DNS lookups were working until we added dns servers to the nic"   of course DNS lookups dont work if you dont have the computer pointed to a DNS server.

The point is this machine *IS* a DNS server - so when working dosent actually need to point at dns - it uses itself. This machine has been happily working for 12 months in this fashion and 2 days ago it stopped working. the only way for us then to resolve dns was to point it at one of our other DNS servers.


"the main problem is we cant access any of the DNS servers whatsoever. " 
I can see how this statement can seem ambiguious - what I meant is that the management side of the DNS servers is accessible - although on two of the servers the actual DNS lookups are working.


All of your DNS servers should be pointed to themseves for DNS name resolution.
All of your clients should be pointed to the LOCAL DNS server for DNS name resolution.
*they are*
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13488493
so when working dosent actually need to point at dns - it uses itself.---not true,,,,, if you dont have any DNS servers listed for the NIC then it doesn't look anywhere for DNS name resolution.  Like i said,, it should be pointed to itself.

i would check the DNS error log for errors and try to resolve these errors.
OR  
i would remove dns from the problem server and then reinstall it.
0
 

Author Comment

by:MentalSolutions
ID: 13488876
so when working dosent actually need to point at dns - it uses itself.---not true,,,,, if you dont have any DNS servers listed for the NIC then it doesn't look anywhere for DNS name resolution.  Like i said,, it should be pointed to itself.

if you dont have any DNS servers listed - a message comes up and says

Warning - you dont have any DNS servers listed. The local IP address will be configured as the primary DNS as DNS server is installed on this machine.

So even though no DNS servers are listed it does indeed use itself

"OR  
i would remove dns from the problem server and then reinstall it."

I was thinking this is what i would do - its just that there seems to be something wrong with all of them - in terms of not being able to access the management side. I will try removing and re-installing and see if that cures it
0
 

Author Comment

by:MentalSolutions
ID: 13488914
The dns zone is only a secondary zone internal - would i be able to remove all the dns servers on the domain and then re-install again from scratch ?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13489454
are any of them active directory integrated zones?  they should all be AD integrated if they are physically on domain controllers.

Since all of these are on DCs,,, just remove the secondary zone and make them all AD integrated.
0
 

Author Comment

by:MentalSolutions
ID: 13489576
OK so I removed the DNS from all 3 servers and then re-installed on the operations master - unfortunately the installation could not complete due to the Access Denied 05 error
0
 

Author Comment

by:MentalSolutions
ID: 13489801
they are all supposed to be AD integrated zones -

sorry if some of my answers are misleading - i appreciate your assistance very much
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13489865
what about the other 2?  were you able to create an AD integrated DNS zone on those?

did you uninstall and reinstall DNS on the operations master??  NOT just remove the zone and recreate it,,,, you need to uninstall the DNS service, reboot, then reinstall teh DNS service on this server since the DNS service isn't working properly.  You do this from add/remove programs> windows components.

FYI,, i never said to remove DNS from all 3 servers. I said if they have a secondary zone, then remove the secondary zone and then create an AD integrated zone.

0
 

Author Comment

by:MentalSolutions
ID: 13490011
I know you didnt say to remove DNS from all 3 servers

unfortunately i did (although I didnt reboot inbetween)

Im afraid that now i have a big mess

when i re-install the DNS it says "access denied" halfway through the installation - again the dns appears to be installed but i have not told it if it is ad integrated primary or secondary. The DNS MMC snapin still simply says access denied. The zone contains no unique information - i would like to just re-install from scratch and let it pickup its settings again automatically. I just dont know how

0
 

Author Comment

by:MentalSolutions
ID: 13490020
I have about 200 users who will be arriving at work in 10 hours and at this rate wont be able to log-in - im starting to panic
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 1500 total points
ID: 13490185
Active directory REQUIRES DNS, bottom line.  which account are your logged in with when you attempt to install/configure DNS??  Is the account a member of the DNS admin group??  when you say you get the access denied error, do you get this on all 3 of your DCs or just the one that holds the operations master role??

just to make sure i understand correctly, you have 3 Domain controllers, all of which used to have DNS on them, but you have now removed DNS from all 3 right?

you said earlier that you have 2 sites with 2 DCs at each site,, wouldnt that mean you have 4 domain controllers though? does this 4th one have DNS installed?
0
 

Author Comment

by:MentalSolutions
ID: 13490346
4th controller does not have dns installed

problem has been seriously improved

the access denied problem has been resolved - the security settings were screwed on the MicrosoftDNS object
i had to go into ADu & C
then on the View menu, click Advanced Features , expand the System folder and found  MicrosoftDNS object with no owner

now when i click on the mmc dns snap-in it allows me access the dns server and i can re-create my zone

 thank god

I appreciate your tireless efforts to help and have given youthe points on your last answer

many thanks mikeleebrla

now if only i knew the best way to create the zone for this setup !
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13490572
its easy,, just create them all as AD integrated since they are all on DCs anyway
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Learn about cloud computing and its benefits for small business owners.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question