[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

No DNS resolution to Exchange server but everyone can ping.No client gets/can send mail.

Posted on 2005-05-13
15
Medium Priority
?
2,035 Views
Last Modified: 2012-06-27
My client has 2 servers: The primary DC is running SBS2003 and is the Exchange as well as doubling as the Web Server. The 2nd DC is running Server 2000. All clients (25) are either Win2000 or XP pro with office 2003 installed. There is a dedicated print server running Oce' and another media server. They are a design firm using CAD and other large apps.

This morning it was found that the Primary DC was down (Exchange/Web) and BSOD. The office manager rebooted the system and it hung on the Windows splash screen for over 2 hours- then they called me.

When I arrived I was able to boot the Exchange/Web server into Active Directory Restore Mode.

Then I ran NTDSUTIL - FILE MAINTENANCE - INTEGRITY

…then I ran NTDSUTIL - Semantic Database Analysis - GO

This showed that there was in fact database corruption. So I ran the GO FIXUP and it appeared to have corrected all of the errors as running the utilities again resulted in no warning/prompt of bad files or corruption.

I rebooted and the Exchange/Web server came up fine with the exception that a pop-up warned me that one or more services had not been able to start and to check the Event Viewer. -Great!!!  At least they hadn't lost the server.

But when I checked the logs against what I thought was a good boot this is what I found:


From Directory Service Event Viewer:

Event Type:      Error
Event Source:      NTDS ISAM
Event Category:      Database Corruption
Event ID:      467
Date:            5/13/2005
Time:            4:12:29 PM
User:            N/A
Computer:      MAIL
Description:
NTDS (528) NTDSA: Index DRA_USN_index of table datatable is corrupted (0).

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

                  "---and---"

Index_00020078 of the table database is corrupted.

(This second appears every time I boot many times)



From DNS ServerEvent Viewer:

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4015
Date:            5/13/2005
Time:            4:12:13 PM
User:            N/A
Computer:      MAIL
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-02080495, problem 5012 (DIR_ERROR), data -1414". The event data contains the error.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 01 00 00 00               ....



   

From File Replication Event Viewer:

Event Type:      Warning
Event Source:      NtFrs
Event Category:      None
Event ID:      13508
Date:            5/13/2005
Time:            3:08:46 PM
User:            N/A
Computer:      MAIL
Description:
The File Replication Service is having trouble enabling replication from DCServer#2 to MAIL for c:\windows\sysvol\domain using the DNS name
DCServer#2.Domain.com. FRS will keep retrying. Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name DCServer#2.Domain.com from this computer.
 [2] FRS is not running on DCServer#2.Domain.com.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.




From System Event Viewer:

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5774
Date:            5/13/2005
Time:            3:42:09 PM
User:            N/A
Computer:      MAIL
Description:
The dynamic registration of the DNS record '_ldap._tcp.XXXXXXXX.com. 600 IN SRV 0 100 389 mail.Domain.com.' failed on the following DNS server:  

DNS server IP address: "xxx.xx.xx.xxx"
Returned Response Code (RCODE): 5
Returned Status Code: 9017  

For computers and users to locate this domain controller, this record must be registered in DNS.  

USER ACTION  
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\support.cab. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD. Or, you can manually add this record to DNS, but it is not recommended.  

ADDITIONAL DATA
Error Value: DNS bad key.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 05 00                     ..      


As per USER ACTION above, I tried to run the DCDiag.exe off of the SBS2003 instalation CD but the .cab file wont open (they are 4 OEM reinstall discs rather than an original from MS).

Now there is a DNS resolution problem between the network and the mail server. I can ping it from anywhere- the 2nd DC, any client… but cannot get to it through the mapped drives, My Network Places (shows Server "not connected to network") or windows explorer, etc...

When I added an entry for it to the Hosts file on the 2nd DC there was no problem with name resolution. Also, I can brows to the Wed-site fine from outside of the network.
 
Did the database corrupt the DNS service in the DCs?

The big problem: No one is getting any mail, in or out, through the Exchange Server.

Anyone… Anyone…

I worked this for 7 hours today.
0
Comment
Question by:mojopojo
  • 7
  • 6
13 Comments
 
LVL 14

Expert Comment

by:alimu
ID: 14001084
in 2003 / xp, ping will default to a netbios connection if it can't get tcp/ip working.  
0
 
LVL 3

Author Comment

by:mojopojo
ID: 14001148
So, is what you are saying is that the TCP/IP protocol stack is blown?
0
 
LVL 3

Author Comment

by:mojopojo
ID: 14001154
I have had the winsoc problems before. This was my cure:

Accepted Answer from AlexJ: http://www.experts-exchange.com/Operating_Systems/WinXP/Q_20786932.html

{{Removed full text, replaced with link --2005-05-14 alimu/Page Editor Windows Networking}}
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
LVL 14

Expert Comment

by:alimu
ID: 14001212
What I'm saying is not to trust a successful ping as being an indicator that DNS resolution is working.
Ping will first attempt to send ICMP packets to an IP address resolved through DNS.
If this attempt fails it will use NetBIOS to make the connection.  

My point was that you seem to have a DNS problem and the successful ping should not be taken as "ok, it's sort of working".
0
 
LVL 3

Author Comment

by:mojopojo
ID: 14001245
Sorry. Thanx...
0
 
LVL 14

Expert Comment

by:alimu
ID: 14001268
-This one *may* help you out: http://support.microsoft.com/?kbid=259277 .. still looking for more possibilities.
-With the 5774 error have you had a look at your DNS configuration to check that the AD server is registered?
-have you got a backup of the server from pre-crash?
-There's a download here for windows 2000 dcdiag: http://www.microsoft.com/downloads/details.aspx?FamilyID=23870a87-8422-408c-9375-2d9aaf939fa3&displaylang=en
-in 2003, it should be on your Active Directory server already.

Have there been any changes made recently (service packs / domain structure / etc)?
0
 
LVL 3

Author Comment

by:mojopojo
ID: 14002839
No changes to the domaine in the past 3 months that we were made aware of but there ususal tech is out of town. We looked into  it but couldnt see any. I'll try the diagnostics tonight. Also, there is a pre-crash backup so no data is lost- and again their Web site is up and running from the problematic server.
0
 
LVL 14

Expert Comment

by:alimu
ID: 14004249
good to hear, it's often quicker to restore from backup and do a general health check to ensure stability of the restored system than spend time trying to figure out why it's broken... that's why we have backups :)  You still need to know why it crashed though...
0
 
LVL 3

Author Comment

by:mojopojo
ID: 14023474
alimu, please could you extrapolate:

< "With the 5774 error have you had a look at your DNS configuration to check that the AD server is registered?">

Do you mean is the correct IP for the DNS in the TCP/IP properties?
0
 
LVL 14

Accepted Solution

by:
alimu earned 1500 total points
ID: 14023587
If you're still trying to fix this it would be helpful to to see the output of the dcdiag command on the domain controller. (see 2003 reskit if it's not already on your server).  

I think I was referring to whether your DNS Server configuration included valid records for your Active Directory Servers (in your DNS management tool). You should have the following record types in DNS:
_msdcs
_sites
_tcp
_udp

also relating to  the 5774 error,  '_ldap._tcp.XXXXXXXX.com. 600 IN SRV 0 100 389 mail.Domain.com.'  was it trying to register the record in the right place? (is XXXXXXX.com the same as Domain.com?)  It's possible this errors coming up because your internal DNS server isn't resolving to itself for DNS requests  (i.e. it's IP address or 127.0.0.1 set as it's primary DNS Server in TCP/IP properties).

There's 2 possible solutions here if there's stuff missing. One to get the AD records into DNS if they're not there, one to fix the primary DNS server address (see my last paragraph) on the DNS servers themselves so they are checking themselves before sending DNS requests elsewhere.: http://www.netpro.com/forum/messageview.cfm?catid=15&threadid=254
0
 
LVL 14

Expert Comment

by:alimu
ID: 14227048
If asker doesn't respond I'd go with delete, no refund.  
I've no idea if anything I said assisted.
a.
0
 
LVL 3

Author Comment

by:mojopojo
ID: 14233773
Sorry I disappeared on this one. We rebuilt the DNS and AD from a known good backup. For some reason this network seems to function better when we point the primary DNS outside before in. (???) ...beats me, but if it works go with it.

Again, sorry about the time lapse. Points have been awarded and thank you alimu for your support, comments and keeping with me.

 
0
 
LVL 14

Expert Comment

by:alimu
ID: 14236104
ah - thankyou :) didn't know what happened.... thanks for the update too, glad it's all working.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Resolve DNS query failed errors for Exchange
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question