Error 5774 Source Netlogon

I have a Windows 2003 Server, with serves as our PDC and Email Server for Exchange 2003.  I've never had a problem until recently and this is the error message showing up in the Event Logs.  The challenge is, I have to fix this REMOTELY from off-site.  Can anyone give assistance?

The dynamic registration of the DNS record ' 600 IN A' failed on the following DNS server:  

DNS server IP address:
Returned Response Code (RCODE): 5
Returned Status Code: 9017  

For computers and users to locate this domain controller, this record must be registered in DNS.  

Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\ To learn more about  DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by  this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain  controller or restart Net Logon service. Nltest.exe is available in the Microsoft Windows  Server Resource Kit CD.
  Or, you can manually add this record to DNS, but it is not recommended.  

Error Value: DNS bad key.

For more information, see Help and Support Center at
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

There are two problems that show up immediately:
Your DC doesn't have a static IP address, or if it's entered statically, it's from an incorrect range. is the range reserved for APIPA, it should not be used for a normal network.

Then your DC has an external DNS server specified in the TCP/IP properties, instead of itself (and, if applicable, other *internal* DNS servers). Change the DC to point to itself only, configure forwarders (the 216 DNS server for example) for external resolution.
You should be able to fix the DNS entry remotely. Changing the IP range should be done while you're there, that involves somewhat more work.
Check here for details about the correct DNS settings in an AD domain:

10 DNS Errors That Will Kill Your Network

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
CHILINVLNAuthor Commented:
My DC DOES have a static IP address, which is and it's locked.  If you ping the IP or the name of the server from any machine in the office, it does resolve.

I have the DNS forwarding to three other IP's, however, none of those are the ones on this error message.  This problem was first noticed when my users tried to access their email with Outlook 2003.  However, they CAN access their email over the web, which is telling me the IP's and IIS is correct.

Here is another thread on that for reference.
Then you have an unused NIC in the machine which is trying to obtain a DHCP address; this should be disabled.
You won't find the 216 IP address from above in the forwarders; it's a DNS server entry in the TCP/IP properties of a NIC (probably the unused one!)
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

CHILINVLNAuthor Commented:
Remember, this is my domain controller.  It's ASSIGNING IP addresses out.  There is only 1 nic enabled, and the IP is static  The DNS Forwarders on it are correct.

I can't find this IP address ANYWHERE on the server...

THere has got to be an explanation for this and why it's causing everyone to not be able to reach the Exchange Server (on the same server) to access email other than OWA.
That's rather bizarre.
Did that machine ever have a second NIC that was connected directly to an ISP (the IP address above is, and then removed?
If so, change the view in Device Manager to display hidden devices, check if the old NIC shows up, and delete it.
CHILINVLNAuthor Commented:
I solved this myself.. and this was the problem.

Our primary firewall was acting as a DHCP which conflicted with our true DHCP on the server.  I had our ISP disabled the DHCP on the firewall, I reconfigured our forwarders for DNS to point to itself rather than outside DNS servers, and I restarted all DHCP services.

This completely flushed out the problem and resolved everything on the network.  When and how the DHCP services were changed on the firewall, I dunno, however, it was fixed.  This gave me a hard time mainly because I didn't even begin to think the problem was coming from my firewall.  Naturally, I thought the problem was server based and I couldn't locate it anywhere.
PAQed with points refunded (500)

Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.