No DNS resolution to Exchange server but everyone can ping.No client gets/can send mail.
My client has 2 servers: The primary DC is running SBS2003 and is the Exchange as well as doubling as the Web Server. The 2nd DC is running Server 2000. All clients (25) are either Win2000 or XP pro with office 2003 installed. There is a dedicated print server running Oce' and another media server. They are a design firm using CAD and other large apps.
This morning it was found that the Primary DC was down (Exchange/Web) and BSOD. The office manager rebooted the system and it hung on the Windows splash screen for over 2 hours- then they called me.
When I arrived I was able to boot the Exchange/Web server into Active Directory Restore Mode.
Then I ran NTDSUTIL - FILE MAINTENANCE - INTEGRITY
…then I ran NTDSUTIL - Semantic Database Analysis - GO
This showed that there was in fact database corruption. So I ran the GO FIXUP and it appeared to have corrected all of the errors as running the utilities again resulted in no warning/prompt of bad files or corruption.
I rebooted and the Exchange/Web server came up fine with the exception that a pop-up warned me that one or more services had not been able to start and to check the Event Viewer. -Great!!! At least they hadn't lost the server.
But when I checked the logs against what I thought was a good boot this is what I found:
From Directory Service Event Viewer:
Event Type: Error
Event Source: NTDS ISAM
Event Category: Database Corruption
Event ID: 467
Date: 5/13/2005
Time: 4:12:29 PM
User: N/A
Computer: MAIL
Description:
NTDS (528) NTDSA: Index DRA_USN_index of table datatable is corrupted (0).
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
"---and---"
Index_00020078 of the table database is corrupted.
(This second appears every time I boot many times)
From DNS ServerEvent Viewer:
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 5/13/2005
Time: 4:12:13 PM
User: N/A
Computer: MAIL
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-02080495, problem 5012 (DIR_ERROR), data -1414". The event data contains the error.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 01 00 00 00 ....
From File Replication Event Viewer:
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 5/13/2005
Time: 3:08:46 PM
User: N/A
Computer: MAIL
Description:
The File Replication Service is having trouble enabling replication from DCServer#2 to MAIL for c:\windows\sysvol\domain using the DNS name
DCServer#2.Domain.com. FRS will keep retrying. Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DCServer#2.Domain.com from this computer.
[2] FRS is not running on DCServer#2.Domain.com.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
From System Event Viewer:
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5774
Date: 5/13/2005
Time: 3:42:09 PM
User: N/A
Computer: MAIL
Description:
The dynamic registration of the DNS record '_ldap._tcp.XXXXXXXX.com. 600 IN SRV 0 100 389 mail.Domain.com.' failed on the following DNS server:
DNS server IP address: "xxx.xx.xx.xxx"
Returned Response Code (RCODE): 5
Returned Status Code: 9017
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\support.cab.
ADDITIONAL DATA
Error Value: DNS bad key.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 05 00 ..
As per USER ACTION above, I tried to run the DCDiag.exe off of the SBS2003 instalation CD but the .cab file wont open (they are 4 OEM reinstall discs rather than an original from MS).
Now there is a DNS resolution problem between the network and the mail server. I can ping it from anywhere- the 2nd DC, any client… but cannot get to it through the mapped drives, My Network Places (shows Server "not connected to network") or windows explorer, etc...
When I added an entry for it to the Hosts file on the 2nd DC there was no problem with name resolution. Also, I can brows to the Wed-site fine from outside of the network.
Did the database corrupt the DNS service in the DCs?
The big problem: No one is getting any mail, in or out, through the Exchange Server.
Anyone… Anyone…
I worked this for 7 hours today.
This morning it was found that the Primary DC was down (Exchange/Web) and BSOD. The office manager rebooted the system and it hung on the Windows splash screen for over 2 hours- then they called me.
When I arrived I was able to boot the Exchange/Web server into Active Directory Restore Mode.
Then I ran NTDSUTIL - FILE MAINTENANCE - INTEGRITY
…then I ran NTDSUTIL - Semantic Database Analysis - GO
This showed that there was in fact database corruption. So I ran the GO FIXUP and it appeared to have corrected all of the errors as running the utilities again resulted in no warning/prompt of bad files or corruption.
I rebooted and the Exchange/Web server came up fine with the exception that a pop-up warned me that one or more services had not been able to start and to check the Event Viewer. -Great!!! At least they hadn't lost the server.
But when I checked the logs against what I thought was a good boot this is what I found:
From Directory Service Event Viewer:
Event Type: Error
Event Source: NTDS ISAM
Event Category: Database Corruption
Event ID: 467
Date: 5/13/2005
Time: 4:12:29 PM
User: N/A
Computer: MAIL
Description:
NTDS (528) NTDSA: Index DRA_USN_index of table datatable is corrupted (0).
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
"---and---"
Index_00020078 of the table database is corrupted.
(This second appears every time I boot many times)
From DNS ServerEvent Viewer:
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 5/13/2005
Time: 4:12:13 PM
User: N/A
Computer: MAIL
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-02080495, problem 5012 (DIR_ERROR), data -1414". The event data contains the error.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 01 00 00 00 ....
From File Replication Event Viewer:
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 5/13/2005
Time: 3:08:46 PM
User: N/A
Computer: MAIL
Description:
The File Replication Service is having trouble enabling replication from DCServer#2 to MAIL for c:\windows\sysvol\domain using the DNS name
DCServer#2.Domain.com. FRS will keep retrying. Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DCServer#2.Domain.com from this computer.
[2] FRS is not running on DCServer#2.Domain.com.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
From System Event Viewer:
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5774
Date: 5/13/2005
Time: 3:42:09 PM
User: N/A
Computer: MAIL
Description:
The dynamic registration of the DNS record '_ldap._tcp.XXXXXXXX.com. 600 IN SRV 0 100 389 mail.Domain.com.' failed on the following DNS server:
DNS server IP address: "xxx.xx.xx.xxx"
Returned Response Code (RCODE): 5
Returned Status Code: 9017
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\support.cab.
ADDITIONAL DATA
Error Value: DNS bad key.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 05 00 ..
As per USER ACTION above, I tried to run the DCDiag.exe off of the SBS2003 instalation CD but the .cab file wont open (they are 4 OEM reinstall discs rather than an original from MS).
Now there is a DNS resolution problem between the network and the mail server. I can ping it from anywhere- the 2nd DC, any client… but cannot get to it through the mapped drives, My Network Places (shows Server "not connected to network") or windows explorer, etc...
When I added an entry for it to the Hosts file on the 2nd DC there was no problem with name resolution. Also, I can brows to the Wed-site fine from outside of the network.
Did the database corrupt the DNS service in the DCs?
The big problem: No one is getting any mail, in or out, through the Exchange Server.
Anyone… Anyone…
I worked this for 7 hours today.
alimu
in 2003 / xp, ping will default to a netbios connection if it can't get tcp/ip working.
ASKER
So, is what you are saying is that the TCP/IP protocol stack is blown?
ASKER
I have had the winsoc problems before. This was my cure:
Accepted Answer from AlexJ: https://www.experts-exchange.com/questions/20786932/Windows-XP-Winsock-errors.html
{{Removed full text, replaced with link --2005-05-14 alimu/Page Editor Windows Networking}}
Accepted Answer from AlexJ: https://www.experts-exchange.com/questions/20786932/Windows-XP-Winsock-errors.html
{{Removed full text, replaced with link --2005-05-14 alimu/Page Editor Windows Networking}}
What I'm saying is not to trust a successful ping as being an indicator that DNS resolution is working.
Ping will first attempt to send ICMP packets to an IP address resolved through DNS.
If this attempt fails it will use NetBIOS to make the connection.
My point was that you seem to have a DNS problem and the successful ping should not be taken as "ok, it's sort of working".
Ping will first attempt to send ICMP packets to an IP address resolved through DNS.
If this attempt fails it will use NetBIOS to make the connection.
My point was that you seem to have a DNS problem and the successful ping should not be taken as "ok, it's sort of working".
ASKER
Sorry. Thanx...
-This one *may* help you out: http://support.microsoft.com/?kbid=259277 .. still looking for more possibilities.
-With the 5774 error have you had a look at your DNS configuration to check that the AD server is registered?
-have you got a backup of the server from pre-crash?
-There's a download here for windows 2000 dcdiag: http://www.microsoft.com/downloads/details.aspx?FamilyID=23870a87-8422-408c-9375-2d9aaf939fa3&displaylang=en
-in 2003, it should be on your Active Directory server already.
Have there been any changes made recently (service packs / domain structure / etc)?
-With the 5774 error have you had a look at your DNS configuration to check that the AD server is registered?
-have you got a backup of the server from pre-crash?
-There's a download here for windows 2000 dcdiag: http://www.microsoft.com/downloads/details.aspx?FamilyID=23870a87-8422-408c-9375-2d9aaf939fa3&displaylang=en
-in 2003, it should be on your Active Directory server already.
Have there been any changes made recently (service packs / domain structure / etc)?
ASKER
No changes to the domaine in the past 3 months that we were made aware of but there ususal tech is out of town. We looked into it but couldnt see any. I'll try the diagnostics tonight. Also, there is a pre-crash backup so no data is lost- and again their Web site is up and running from the problematic server.
good to hear, it's often quicker to restore from backup and do a general health check to ensure stability of the restored system than spend time trying to figure out why it's broken... that's why we have backups :) You still need to know why it crashed though...
ASKER
alimu, please could you extrapolate:
< "With the 5774 error have you had a look at your DNS configuration to check that the AD server is registered?">
Do you mean is the correct IP for the DNS in the TCP/IP properties?
< "With the 5774 error have you had a look at your DNS configuration to check that the AD server is registered?">
Do you mean is the correct IP for the DNS in the TCP/IP properties?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If asker doesn't respond I'd go with delete, no refund.
I've no idea if anything I said assisted.
a.
I've no idea if anything I said assisted.
a.
ASKER
Sorry I disappeared on this one. We rebuilt the DNS and AD from a known good backup. For some reason this network seems to function better when we point the primary DNS outside before in. (???) ...beats me, but if it works go with it.
Again, sorry about the time lapse. Points have been awarded and thank you alimu for your support, comments and keeping with me.
Again, sorry about the time lapse. Points have been awarded and thank you alimu for your support, comments and keeping with me.
ah - thankyou :) didn't know what happened.... thanks for the update too, glad it's all working.