?
Solved

event 4015: DNS problems on windows server 2003.

Posted on 2006-04-12
7
Medium Priority
?
986 Views
Last Modified: 2012-08-14
hello
I have a windows 2000 domain
I recently added a windows 2003 server as a secondary DC and global catalog.
I'm running a DNS service on this server. for some reason, the server does not resolve DNS queries and I get the below error message:

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "00002106: SvcErr: DSID-0702038E, problem 5005 (UNABLE_TO_PROCEED), data 0". The event data contains the error.

what do you think the problem is? I've tried demoting it and repromoting it and reloaded the zones and did everything I can think of , to no avail.
please help
0
Comment
Question by:eggster34
  • 4
  • 3
7 Comments
 
LVL 12

Expert Comment

by:Mazaraat
ID: 16439079
It sounds like your having a DNS problem, so lets verify your settings first:

How is your DNS configured on both DC1 and DC2?  
--include NIC primary DNS and anything special on the DNS tab
--DNS service (listener, forwarders, name servers)

Do an IPconfig /all from both servers and post here
0
 
LVL 12

Expert Comment

by:Mazaraat
ID: 16439087
next we will look at the output of DCdiag ran from DC2 (secondary)....but first lets see the info on your DNS config
0
 

Author Comment

by:eggster34
ID: 16439250
Windows IP Configuration

   Host Name . . . . . . . . . . . . : dc2
   Primary Dns Suffix  . . . . . . . : domain.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet Cont
oller (3C905C-TX Compatible)
   Physical Address. . . . . . . . . : 00-08-74-40-16-42
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.6.200
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 192.168.6.254
   DNS Servers . . . . . . . . . . . : 192.168.6.200

Ethernet adapter Local Area Connection 4:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapter(L
E100TX v4) #2
   Physical Address. . . . . . . . . : 00-0C-41-1E-74-8A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Autoconfiguration IP Address. . . : 169.254.194.52
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

C:\Documents and Settings\administrator>

this DC2 is configured to server only on the 192.168.6.200 interface
the other server's ip is 192.168.6.108
it has its own address in its DNS servers tab.



0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 12

Expert Comment

by:Mazaraat
ID: 16439923
On DC2 is that a typo on the subnet mask (255.255.254.0<-).

How is the DNS service configured on DC2 (and DC1)?
DNS MMC
->+servername->+properties
----Interfaces tab, What ip is configured for listener
----Forwarders tab, what IPs are listed as forwarders
->+servername->+forward lookup zone->+domain.local->+properties
----Type of DNS on General tab? (integrated?) dynamic updates?
----Name servers tab, list name servers


Post the ipconfig /all of DC1 nad the above DNS info also

do a DCdiag from DC2 post results...it will be long thats ok
0
 

Author Comment

by:eggster34
ID: 16440388
I solved the problem by installing Windows Support Tools and running the below command..

Looks like my pix was interfering with EDNS packets that were larger than usuall..
This command disabled edns.

dnscmd /config /enableednsprobes 0

Please rephrase this or copy / paste it as an answer and I'll accept it and award you the points since I wish to thank you for your effort and I want someone visiting this question in the future to be able to see the answer.
0
 
LVL 12

Accepted Solution

by:
Mazaraat earned 2000 total points
ID: 16440505
Well thanks for you post, even better here is a possible fix for the PIX to allow edns:

**workaround 1:
have you tried this line to limit your edns to a maximum of 512  by adding this to your PIX config:
"fixup protocol dns maximum-length 512"


**workaround 2:
http://honor.trusecure.com/pipermail/firewall-wizards/2003-May/014635.html

'It look slike windows is sending too much information for the edns to handle...so by disabling it your server will not advertise edns and never send UDP packets >512 bytes....'

You can disable EDNS-0 in your W2K3 DNS server by running this command:
                dnscmd /Config /EnableEDnsProbes 0

0
 

Author Comment

by:eggster34
ID: 16442439
many thanks indeed.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question