event 4015: DNS problems on windows server 2003.

hello
I have a windows 2000 domain
I recently added a windows 2003 server as a secondary DC and global catalog.
I'm running a DNS service on this server. for some reason, the server does not resolve DNS queries and I get the below error message:

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "00002106: SvcErr: DSID-0702038E, problem 5005 (UNABLE_TO_PROCEED), data 0". The event data contains the error.

what do you think the problem is? I've tried demoting it and repromoting it and reloaded the zones and did everything I can think of , to no avail.
please help
eggster34Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MazaraatCommented:
It sounds like your having a DNS problem, so lets verify your settings first:

How is your DNS configured on both DC1 and DC2?  
--include NIC primary DNS and anything special on the DNS tab
--DNS service (listener, forwarders, name servers)

Do an IPconfig /all from both servers and post here
0
MazaraatCommented:
next we will look at the output of DCdiag ran from DC2 (secondary)....but first lets see the info on your DNS config
0
eggster34Author Commented:
Windows IP Configuration

   Host Name . . . . . . . . . . . . : dc2
   Primary Dns Suffix  . . . . . . . : domain.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet Cont
oller (3C905C-TX Compatible)
   Physical Address. . . . . . . . . : 00-08-74-40-16-42
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.6.200
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 192.168.6.254
   DNS Servers . . . . . . . . . . . : 192.168.6.200

Ethernet adapter Local Area Connection 4:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapter(L
E100TX v4) #2
   Physical Address. . . . . . . . . : 00-0C-41-1E-74-8A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Autoconfiguration IP Address. . . : 169.254.194.52
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

C:\Documents and Settings\administrator>

this DC2 is configured to server only on the 192.168.6.200 interface
the other server's ip is 192.168.6.108
it has its own address in its DNS servers tab.



0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

MazaraatCommented:
On DC2 is that a typo on the subnet mask (255.255.254.0<-).

How is the DNS service configured on DC2 (and DC1)?
DNS MMC
->+servername->+properties
----Interfaces tab, What ip is configured for listener
----Forwarders tab, what IPs are listed as forwarders
->+servername->+forward lookup zone->+domain.local->+properties
----Type of DNS on General tab? (integrated?) dynamic updates?
----Name servers tab, list name servers


Post the ipconfig /all of DC1 nad the above DNS info also

do a DCdiag from DC2 post results...it will be long thats ok
0
eggster34Author Commented:
I solved the problem by installing Windows Support Tools and running the below command..

Looks like my pix was interfering with EDNS packets that were larger than usuall..
This command disabled edns.

dnscmd /config /enableednsprobes 0

Please rephrase this or copy / paste it as an answer and I'll accept it and award you the points since I wish to thank you for your effort and I want someone visiting this question in the future to be able to see the answer.
0
MazaraatCommented:
Well thanks for you post, even better here is a possible fix for the PIX to allow edns:

**workaround 1:
have you tried this line to limit your edns to a maximum of 512  by adding this to your PIX config:
"fixup protocol dns maximum-length 512"


**workaround 2:
http://honor.trusecure.com/pipermail/firewall-wizards/2003-May/014635.html

'It look slike windows is sending too much information for the edns to handle...so by disabling it your server will not advertise edns and never send UDP packets >512 bytes....'

You can disable EDNS-0 in your W2K3 DNS server by running this command:
                dnscmd /Config /EnableEDnsProbes 0

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
eggster34Author Commented:
many thanks indeed.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.