one computer in domain can't contact DNS....
Posted on 2005-04-08
I just removed an OLD DC, that was formerly the only one, out of the domain yesterday. All of a sudden e-mail is no longer accessable from outside the domain. Everything works well inside, but outside there's nothing.
It is very slow to connect to the e-mail server and there is an eventID on this box that is:
2013 - smtpsvc
SMTP could not connect to any DNS server. Either none are configured, or all are down.
The internet is not accessable on this box, which is probably why you can't contact it from outside. However, if you switch the IP address it will start going out to the internet.
It will start failing again as soon as the static mapping is updated with the new address on the firewall.
All the entries are gone from this server concerning the old DC, I have gone through MS's article on removing a DC after an unsuccessful demotion (even though it went successfully), and all the DNS settings are pointing to the new DC.
The other point of interest is an error on the remaining DC that is:
6702 - DNS
DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.
Does anyone have an idea what would be causing only one box to not be able to talk to the outside world?