• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1344
  • Last Modified:

Error 5774 Source Netlogon

I have a Windows 2003 Server, with serves as our PDC and Email Server for Exchange 2003.  I've never had a problem until recently and this is the error message showing up in the Event Logs.  The challenge is, I have to fix this REMOTELY from off-site.  Can anyone give assistance?

The dynamic registration of the DNS record 'ForestDnsZones.mydomain.org. 600 IN A' failed on the following DNS server:  

DNS server IP address:
Returned Response Code (RCODE): 5
Returned Status Code: 9017  

For computers and users to locate this domain controller, this record must be registered in DNS.  

Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\support.cab. To learn more about  DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by  this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain  controller or restart Net Logon service. Nltest.exe is available in the Microsoft Windows  Server Resource Kit CD.
  Or, you can manually add this record to DNS, but it is not recommended.  

Error Value: DNS bad key.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  • 3
  • 3
1 Solution
There are two problems that show up immediately:
Your DC doesn't have a static IP address, or if it's entered statically, it's from an incorrect range. is the range reserved for APIPA, it should not be used for a normal network.

Then your DC has an external DNS server specified in the TCP/IP properties, instead of itself (and, if applicable, other *internal* DNS servers). Change the DC to point to itself only, configure forwarders (the 216 DNS server for example) for external resolution.
You should be able to fix the DNS entry remotely. Changing the IP range should be done while you're there, that involves somewhat more work.
Check here for details about the correct DNS settings in an AD domain:

10 DNS Errors That Will Kill Your Network

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
CHILINVLNAuthor Commented:
My DC DOES have a static IP address, which is and it's locked.  If you ping the IP or the name of the server from any machine in the office, it does resolve.

I have the DNS forwarding to three other IP's, however, none of those are the ones on this error message.  This problem was first noticed when my users tried to access their email with Outlook 2003.  However, they CAN access their email over the web, which is telling me the IP's and IIS is correct.

Here is another thread on that for reference.
Then you have an unused NIC in the machine which is trying to obtain a DHCP address; this should be disabled.
You won't find the 216 IP address from above in the forwarders; it's a DNS server entry in the TCP/IP properties of a NIC (probably the unused one!)
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

CHILINVLNAuthor Commented:
Remember, this is my domain controller.  It's ASSIGNING IP addresses out.  There is only 1 nic enabled, and the IP is static  The DNS Forwarders on it are correct.

I can't find this IP address ANYWHERE on the server...

THere has got to be an explanation for this and why it's causing everyone to not be able to reach the Exchange Server (on the same server) to access email other than OWA.
That's rather bizarre.
Did that machine ever have a second NIC that was connected directly to an ISP (the IP address above is ns.apollohosting.com), and then removed?
If so, change the view in Device Manager to display hidden devices, check if the old NIC shows up, and delete it.
CHILINVLNAuthor Commented:
I solved this myself.. and this was the problem.

Our primary firewall was acting as a DHCP which conflicted with our true DHCP on the server.  I had our ISP disabled the DHCP on the firewall, I reconfigured our forwarders for DNS to point to itself rather than outside DNS servers, and I restarted all DHCP services.

This completely flushed out the problem and resolved everything on the network.  When and how the DHCP services were changed on the firewall, I dunno, however, it was fixed.  This gave me a hard time mainly because I didn't even begin to think the problem was coming from my firewall.  Naturally, I thought the problem was server based and I couldn't locate it anywhere.
PAQed with points refunded (500)

Community Support Moderator
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now