one computer in domain can't contact DNS....

Posted on 2005-04-08
Last Modified: 2012-06-27
I just removed an OLD DC, that was formerly the only one, out of the domain yesterday. All of a sudden e-mail is no longer accessable from outside the domain. Everything works well inside, but outside there's nothing.
It is very slow to connect to the e-mail server and there is an eventID on this box that is:

2013 - smtpsvc
SMTP could not connect to any DNS server. Either none are configured, or all are down.

The internet is not accessable on this box, which is probably why you can't contact it from outside. However, if you switch the IP address it will start going out to the internet.
It will start failing again as soon as the static mapping is updated with the new address on the firewall.

All the entries are gone from this server concerning the old DC, I have gone through MS's article on removing a DC after an unsuccessful demotion (even though it went successfully), and all the DNS settings are pointing to the new DC.

The other point of interest is an error on the remaining DC that is:

6702 - DNS
DNS server has updated its own host (A) records.  In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update, the record data is the error code.
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact.  (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner.  It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

Does anyone have an idea what would be causing only one box to not be able to talk to the outside world?
Question by:wlandymore
    LVL 10

    Expert Comment

    Are you using the same static IP address that was used on the old DC.   This is very important.

    You will need to run some of the following tests and give me more details:

    Goto Start > Run > type cmd and enter....

    then type the following:

    C:\> nslookup
    >set type=mx
    > - this is your domain name that resolve your email e.g.

    tell me the outcome.
    LVL 1

    Author Comment

    the outcome was:
         primary name server =
         responsible mail addr=  admin
         serial                       =  3474
         refresh                    =  900
         retry                       =  600
         expire                     =  86400
         default TTL             =  3600
    The controller there is the only DC left in the domain now that the other one was demoted.
    LVL 1

    Author Comment

    even though the record was in the DNS for the e-mail server I entered "ipconfig /registerdns" at the command prompt and now the e-mail server seems to have access to the outside world.
    However, it's still 'spotty' and I have a feeling this is because of the firewall.
    LVL 10

    Expert Comment

    This server will need to have SMTP (25) and DNS (53) ports open outbound.  This is why I said it needs the old DC server address which is probably already routing "ip any any" outbound on your firewall.
    LVL 23

    Accepted Solution

    Why not just plug it back in, get all the domain setup off, including IP and user accounts, and then either --
    1. manaully change the IP in the user accounts to the new server, or easier
    2. Use the 2003 AD migration wizard?  This wizard was designed to do exactly this.

    You can save yourself DAYS of hassle, migrating those accounts and settings with the migration wizard.
    You run it on 2003, but you have to have the old DC plugged in, for it to find the accounts...
    LVL 1

    Author Comment

    although I found a solution to this problem myself, I'm awarding the points to you, sciwriter. Your answer did not exactly provide a fix to the problem I was having, but it did provide a possible 'better' solution if a situation like this came up again. More preventative than mine which was just in the time of need AFTER the problem happened.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now