Error 5774 Source Netlogon

Posted on 2006-04-12
Last Modified: 2012-08-13
I have a Windows 2003 Server, with serves as our PDC and Email Server for Exchange 2003.  I've never had a problem until recently and this is the error message showing up in the Event Logs.  The challenge is, I have to fix this REMOTELY from off-site.  Can anyone give assistance?

The dynamic registration of the DNS record ' 600 IN A' failed on the following DNS server:  

DNS server IP address:
Returned Response Code (RCODE): 5
Returned Status Code: 9017  

For computers and users to locate this domain controller, this record must be registered in DNS.  

Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\ To learn more about  DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by  this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain  controller or restart Net Logon service. Nltest.exe is available in the Microsoft Windows  Server Resource Kit CD.
  Or, you can manually add this record to DNS, but it is not recommended.  

Error Value: DNS bad key.

For more information, see Help and Support Center at
Question by:CHILINVLN
    LVL 82

    Expert Comment

    There are two problems that show up immediately:
    Your DC doesn't have a static IP address, or if it's entered statically, it's from an incorrect range. is the range reserved for APIPA, it should not be used for a normal network.

    Then your DC has an external DNS server specified in the TCP/IP properties, instead of itself (and, if applicable, other *internal* DNS servers). Change the DC to point to itself only, configure forwarders (the 216 DNS server for example) for external resolution.
    You should be able to fix the DNS entry remotely. Changing the IP range should be done while you're there, that involves somewhat more work.
    Check here for details about the correct DNS settings in an AD domain:

    10 DNS Errors That Will Kill Your Network

    Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS

    Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
    LVL 1

    Author Comment

    My DC DOES have a static IP address, which is and it's locked.  If you ping the IP or the name of the server from any machine in the office, it does resolve.

    I have the DNS forwarding to three other IP's, however, none of those are the ones on this error message.  This problem was first noticed when my users tried to access their email with Outlook 2003.  However, they CAN access their email over the web, which is telling me the IP's and IIS is correct.

    Here is another thread on that for reference.
    LVL 82

    Expert Comment

    Then you have an unused NIC in the machine which is trying to obtain a DHCP address; this should be disabled.
    You won't find the 216 IP address from above in the forwarders; it's a DNS server entry in the TCP/IP properties of a NIC (probably the unused one!)
    LVL 1

    Author Comment

    Remember, this is my domain controller.  It's ASSIGNING IP addresses out.  There is only 1 nic enabled, and the IP is static  The DNS Forwarders on it are correct.

    I can't find this IP address ANYWHERE on the server...

    THere has got to be an explanation for this and why it's causing everyone to not be able to reach the Exchange Server (on the same server) to access email other than OWA.
    LVL 82

    Expert Comment

    That's rather bizarre.
    Did that machine ever have a second NIC that was connected directly to an ISP (the IP address above is, and then removed?
    If so, change the view in Device Manager to display hidden devices, check if the old NIC shows up, and delete it.
    LVL 1

    Author Comment

    I solved this myself.. and this was the problem.

    Our primary firewall was acting as a DHCP which conflicted with our true DHCP on the server.  I had our ISP disabled the DHCP on the firewall, I reconfigured our forwarders for DNS to point to itself rather than outside DNS servers, and I restarted all DHCP services.

    This completely flushed out the problem and resolved everything on the network.  When and how the DHCP services were changed on the firewall, I dunno, however, it was fixed.  This gave me a hard time mainly because I didn't even begin to think the problem was coming from my firewall.  Naturally, I thought the problem was server based and I couldn't locate it anywhere.

    Accepted Solution

    PAQed with points refunded (500)

    Community Support Moderator

    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now