• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1747
  • Last Modified:

DNS errors and Active Directory

My desktop has been intermittently disconnected from the Exchange Server (part of SBS2003).  I checked here at EE and there was reference to possible DNS causes.  Checked the event viewer DNS tab and there are repeatedly a group of errors.
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4015
Date:            4/7/2006
Time:            11:41:53 PM
User:            N/A
Computer:      DELL1420
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 00 00 00               Q...    


Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            4/7/2006
Time:            11:41:53 PM
User:            N/A
Computer:      DELL1420
Description:
The DNS server was unable to complete directory service enumeration of zone ..  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            4/7/2006
Time:            11:41:53 PM
User:            N/A
Computer:      DELL1420
Description:
The DNS server was unable to complete directory service enumeration of zone _msdcs.fflaw.com.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    


Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            4/7/2006
Time:            11:41:53 PM
User:            N/A
Computer:      DELL1420
Description:
The DNS server was unable to complete directory service enumeration of zone 1.168.192.in-addr.arpa.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00  

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            4/7/2006
Time:            11:41:53 PM
User:            N/A
Computer:      DELL1420
Description:
The DNS server was unable to complete directory service enumeration of zone fflaw.com.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    
            *#..    

***********************************
I also see in another TAB:



Event Type:      Error
Event Source:      DhcpServer
Event Category:      None
Event ID:      1053
Date:            4/15/2006
Time:            3:13:01 AM
User:            N/A
Computer:      DELL1420
Description:
The DHCP/BINL service on this computer running Windows Server 2003 for Small Business Server has encountered another server on this network with  IP Address, 192.168.1.1, belonging to the domain: .

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....    


Event Type:      Error
Event Source:      DhcpServer
Event Category:      None
Event ID:      1054
Date:            4/15/2006
Time:            3:13:01 AM
User:            N/A
Computer:      DELL1420
Description:
The DHCP/BINL service on this computer is shutting down.  See the previous event log messages for reasons.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....    

*******************
And another.


Event Type:      Warning
Event Source:      DhcpServer
Event Category:      None
Event ID:      1056
Date:            4/15/2006
Time:            3:12:50 AM
User:            N/A
Computer:      DELL1420
Description:
The DHCP service has detected that it is running on a DC and has  no credentials configured for use with Dynamic DNS registrations  initiated by the DHCP service.   This is not a recommended security configuration.   Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the  DHCP Administrative tool.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....    


Not sure where to go from here.  I'm a "sophisticated" end userwith a paid accout here not a certified tech so "speak slowly" please.  <g>



0
Fritters
Asked:
Fritters
  • 7
  • 6
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Please post an IPCONFIG /ALL from your server and one from your WORKSTATION to help diagnose your problem.

At first glance, it seems as though you have a router that has DHCP enabled, and it should NOT be.  But let's look at the IPCONFIG to make sure.

Jeff
TechSoEasy
0
 
FrittersAuthor Commented:
The Linksys router had DHCP enabled.  I've now changed that.

Server (after I reset the Linksys)
Windows IP Configuration

   Host Name . . . . . . . . . . . . : DELL1420
   Primary Dns Suffix  . . . . . . . : xxxxx.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : fflaw.com

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Connection
   Physical Address. . . . . . . . . : 00-11-43-00-2C-26
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.5
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 68.6.16.30
                                       68.6.16.25
                                       66.2.16.30
   Primary WINS Server . . . . . . . : 192.168.1.5

Workstation:

Windows IP Configuration

        Host Name . . . . . . . . . . . . : ebfhome
        Primary Dns Suffix  . . . . . . . : xxxxxx.com
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : fflaw.com

Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
        Physical Address. . . . . . . . . : 00-0C-F1-81-B9-DE
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.101
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 68.6.16.30
                                            68.2.16.30
        Lease Obtained. . . . . . . . . . : April 15, 2006 1:58:02 PM
        Lease Expires . . . . . . . . . . : April 16, 2006 1:58:02 PM
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
From your question history, it seems as though you've had this server installed for quite some time.  I'm surprised that its only now that you are getting these types of errors.

Your DNS is not configured right at all... but it probably stems from the fact that you gave your internal domain a name with a .com at the end... which makes it a bit more complicated to configure.

Now that you've gotten the DHCP turned off on the router, you need to now fix the server so it can provide proper DNS for your network.  This will allow your internal workstations to resolve to local services such as http://companyweb (your SharePoint intranet site) as well as things like Exchange connectivity that use DNS resolution.  Before fixing the DNS configuration in your server, enable UPnP on your router so that the server will properly configure it.  

On the server, open your Server Control Panel > Internet and Email > Configure Network Connections.

When the Network Connections window opens, right click the Server Local Area Connection > Properties > Internet Protocol (TCP/IP) > Properties...  > Advanced... > DNS Servers TAB

You want this to be 192.168.1.5 only... however, that will be done automatically by the Internet Configuration Wizard which will take the TWO DNS IP addresses you have here and place them as your DNS Forwarders.

You currently have:
68.6.16.30
68.6.16.25
66.2.16.30

While I don't know where you are located, the first two are Cox San Diego and the last one is Cox Phoenix.  If you are in San Diego, then you should delete the last one.  If you are in Phoenix, delete the first two and add 66.2.16.25.  If you aren't in either of those places, just stick with the first two for now.

Close out of those windows with OK > OK > CLOSE.   Close the Network Connections window.

Then click on "Connect to the Internet".  You'll select your type of connection as "a local router with an IP address".  Most of the items should already be filled in, but in all cases, if there is an option to "not configure" change that option to "configure" and move on through the wizard.  An overview of it is here:  http://sbsurl.com/ceicw  and a full overview of how to configure network settings is here:  http://sbsurl.com/msicw

Once you've finished the wizard, you'll need to reboot the workstations so that they get the new network information.  In all likelihood, I'm guessing that you have a .com local domain and it won't resolve to your Internet .com site.  If this is the case you will need to add an "A" host record to your DNS Forward Lookup zone for "www.domain.com" pointing to the IP address of your www server.  (Instructions: http://technet2.microsoft.com/WindowsServer/en/Library/622db254-2857-4ac5-906a-6a7e6b947d361033.mspx)

You'll find an overview of this issue here:  http://snipurl.com/p91u

Please post back if you experience any problems with this procedure.

Jeff
TechSoEasy


0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
FrittersAuthor Commented:
After making changes you suggested, the IPCONFIG's are all follows.  
I eliminated Phoenix DNS address on the server.  UPnP was and is enabled.
I ran thru the Connect to the Internet wizard.  At first there was an error re firewall since I only have one NIC card.  I enabled Firewall on the Linksys server.  Wizard ran again without error.  
I wasn't sure, but changed the DNS on the workstation to ONLY  192.168.1.5.  Seems to work ok.

SERVER

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DELL1420
   Primary Dns Suffix  . . . . . . . : fflaw.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : fflaw.com

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Connection
   Physical Address. . . . . . . . . : 00-11-43-00-2C-26
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.5
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.5
   Primary WINS Server . . . . . . . : 192.168.1.5


WORKSTATION


Windows IP Configuration

        Host Name . . . . . . . . . . . . : ebfhome
        Primary Dns Suffix  . . . . . . . : fflaw.com
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : fflaw.com
                                            fflaw.com

Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . : fflaw.com
        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
        Physical Address. . . . . . . . . : 00-0C-F1-81-B9-DE
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.128
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.5
        DNS Servers . . . . . . . . . . . : 192.168.1.5
        Primary WINS Server . . . . . . . : 192.168.1.5
        Lease Obtained. . . . . . . . . . : April 16, 2006 9:39:09 PM
        Lease Expires . . . . . . . . . . : April 24, 2006 9:39:09 P


Re the  .com local domain issue in the last paragraph, I don't have an Internet .com site.  Not sure why the first Tech set up the local domain with .com.  If there's no reason to change it now, I'd just as soon wait until when and if I set up an Internet site.  
Any reason to change it?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
That all looks good.  I'm not sure what you mean by "I wasn't sure, but changed the DNS on the workstation to ONLY  192.168.1.5".  If you have DHCP enabled on the workstation, then it should be getting that DNS IP address from the server.  You shouldn't have to manually configure it.  At any rate, just the 192.168.1.5 is correct.

Regarding the .com domain name... not only is there not reason to change it now, you can't.  Domain renaming isn't allowed on an SBS without a complete reinstall... and there's definitely no reason for that!

Sounds like you've got everything in order now.  Hopefully you won't see any more of those DNS errors, and things will just hum along.

Jeff
TechSoEasy
0
 
FrittersAuthor Commented:
I seem to have created a different problem.  My PDA\PHONE was always able to Activesync with the server over Verizon's system.  Now, it can no longer connect.  Except for verifying that UPnP was enabled, I did nothing to the router so I doubt that's it.  Can you think of anything in the Wizard that would have made a change anywhere?
 

0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Yes, you probably created a new web certificate when you ran the CEICW.  You need to reconfigure your phone with the Configuration Wizard on your workstation.  

http://seanda.blogspot.com/2004/12/configuring-mobility-on-sbs-2003.html

Jeff
TechSoEasy
0
 
FrittersAuthor Commented:
During the first wizard run, I saw that the 'don't reconfigure' option in the SSL dialog was checked and the name of my server was greyed out in the first option (as though it had been set before.)

However, my PDA never had the "server uses SSL" box checked and I connected just fine.   I recall the first tech that set me up telling me I was not using SSL.

I read the blogspot reference and it seems to address syncing when the PDA is in the cradle.  That's not my problem.  It's the attempt to sync by phoning #777 and connecting that way that doesn't work anymore.  I checked and Outlook Mobile Access was and still is checked.  

This is a more serious problem for me than what I originally posted for.

BTW,  I'm happy to award the points to you for the original problem.  

What now?
0
 
FrittersAuthor Commented:
I'm now noticing that the Calendar, Contacts and Inbox are not syncing even when in the Cradle.  
If the server is now "demanding" SSL (whereas before it was not), how do I force the PDA to "know" what the certificate is.  The only thing I see on the PDA re SSL is "server uses SSL" box.  I never had to worry about this before.

Can I put in a "blank" for the SSL certificate option on the server to have "no certificate".  I didn't see a "don't use SSL" option on the server.

0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
If you want to disable SSL you need to use a little utility to do so.
DisableCertCheck:
http://www.microsoft.com/downloads/details.aspx?FamilyID=d88753b8-8b3a-4f1d-8e94-530a67614df1&DisplayLang=en

Jeff
TechSoEasy
0
 
FrittersAuthor Commented:
I had already done that.  Certchk.exe query shows that Certificate checking is now off.  Still no connection.

0
 
FrittersAuthor Commented:
Ok.  Verizon had me do a Hard reset on the phone.  Sync'ing now takes place automatically and/or manually.  So I'm a happy camper.  Consider this incident closed and points awarded.  Thanks.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Great!

Jeff
TechSoEasy
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now