Solved

How do you validate a Windows 2003 Domain.

Posted on 2006-07-03
9
804 Views
Last Modified: 2008-02-01
Is there a set of routines that can be run to test the integrity of the domain.

I have a noteboot that will just not connect to the domain. To find out why I the system can't join I tried find out what is oing on.

Does anyone have suggestions on how to troubleshoot the following errors:

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            5/23/2006
Time:            4:00:55 PM
User:            N/A
Computer:      NOFEAR
Description:
The DNS server was unable to complete directory service enumeration of zone Sytek.local.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            5/23/2006
Time:            4:00:55 PM
User:            N/A
Computer:      NOFEAR
Description:
The DNS server was unable to complete directory service enumeration of zone 1.168.192.in-addr.arpa.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    


Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            5/23/2006
Time:            4:00:55 PM
User:            N/A
Computer:      NOFEAR
Description:
The DNS server was unable to complete directory service enumeration of zone _msdcs.Sytek.local.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4015
Date:            5/23/2006
Time:            4:00:55 PM
User:            N/A
Computer:      NOFEAR
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 00 00 00               Q...    


Details
Product: Windows Operating System
Event ID: 4004
Source: DNS
Version: 5.2
Symbolic Name: DNS_EVENT_DS_ZONE_ENUM_FAILED
Message: The DNS server was unable to complete directory service enumeration of zone %1. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "%2". The event data contains the error.
   
Explanation
The DNS Server service uses Active Directory to store DNS data, and it encountered a Lightweight Directory Access Protocol (LDAP) error while querying the directory. This error could be caused by either a high load on the domain controller or the failure of other domain controller services.
 
   
User Action
If this message appears repeatedly, restart the DNS Server service, and then look in the event log for other events occurring at the same time that could be causing this problem.

For more information about DNS and DNS troubleshooting procedures, see Domain Name System(DNS)Center .
 
   
   
Version: 5.0
Symbolic Name: DNS_EVENT_DS_ZONE_ENUM_FAILED
Message: The DNS server was unable to complete directory service enumeration of zone %1. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The record data contains the error status. For more information, click the Record Data tab.  
   
Explanation
The DNS Server service uses Active Directory to store DNS data, and it encountered a Lightweight Directory Access Protocol (LDAP) error while querying the directory. This error could be caused by either a high load on the domain controller or the failure of other domain controller services.
 
   
User Action
If this message appears repeatedly, restart the DNS Server service, and then look in the event log for other events occurring at the same time that could be causing this problem.

For more information about DNS and DNS troubleshooting procedures, see Domain Name System(DNS)Center.
 
 

--------------------------------------------------------------------------------
 
 Related Knowledge Base articles
 You can find additional information on this topic in the following Microsoft Knowledge Base articles:
 • DNS event messages 1616 through 6702 in Windows Server 2003
 Lists the DNS server events that may be displayed in the event logs on a Microsoft Windows Server 2003-based DNS server. This article describes event ID 1616 through 6702.
 • Windows 2000 DNS event messages 1616 through 6702
 This article describes DNS server events in Windows 2000 starting at event ID 1616 and higher. For events with lower number sequences, view the following article in the Microsoft Knowledge Base: 259302Windows 2000 DNS Event Messages 1 Through...
 
 



0
Comment
Question by:steveurich
  • 2
  • 2
  • 2
  • +1
9 Comments
 
LVL 29

Accepted Solution

by:
mass2612 earned 250 total points
Comment Utility
You can run dcdiag and netdiag which will test the DC and DNS config on the domain controller. Make sure that the client your trying to join to the domain is using the internal AD aware DNS servers as its only DNS servers. These tools are part of the support tools on the Windows CD.
0
 
LVL 28

Expert Comment

by:Michael Pfister
Comment Utility
A good resource for troubleshooting eventlog entries is: http://www.eventid.net
0
 
LVL 8

Assisted Solution

by:bilbus
bilbus earned 250 total points
Comment Utility
sounds like a dns problem

on your domain controler what is your tcp-ip config?

if its a single server domain, then your dns settings inside TCP-IP (on DC server) should be its own ip address. Do not put a external ip address in that location.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:steveurich
Comment Utility
I right click on the DNS Server, a single server Domain, and under interfaces I have set Listen only on the following IP 192.168.1.4 which is itself.

I have set forwarding to the Dlink box provided by Verizon FIOS.

I agree, that it is probably a DNS issue.

Is there anyway to get a dump of the DNS Config in txt format so that I can post it?]

Thanks for your help,

Steve
0
 

Author Comment

by:steveurich
Comment Utility
>> You can run dcdiag and netdiag

Are they available on the Web Somewhere.

If not where are they on the Windows 2003 CD, I could not find them.

Thanks,

Steve
0
 
LVL 29

Expert Comment

by:mass2612
Comment Utility
"These tools are part of the support tools on the Windows CD."

i.e. cdrom:\support\tools\support.cab.

0
 
LVL 8

Expert Comment

by:bilbus
Comment Utility
i ment in tcp-ip config of network card. make srue no external dns is in there
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now