Solved

Event ID 2087

Posted on 2006-07-14
14
614 Views
Last Modified: 2010-03-18
Hi,

Need help with this error on my server2:

Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
 
Source domain controller:
 server
Failing DNS host name:
 75629aea-87c6-47a5-bb06-2722394ec279._msdcs.mydomain.com
 
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur.  To log all individual failure events, set the following diagnostics registry value to 1:
 
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
 
User Action:
 
 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
 
 2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
 
 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns
 
  dcdiag /test:dns
 
 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
 
  dcdiag /test:dns
 
 5) For further analysis of DNS error failures see KB 824449:
   http://support.microsoft.com/?kbid=824449
 
Additional Data
Error value:
 11004 The requested name is valid, but no data of the requested type was found.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:ITRick
  • 7
  • 5
  • 2
14 Comments
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
ID: 17118020
Have you tried #3/4 running DCDiag at a command line on your domain controller. DCDiag is available as part of the windows resource kit or from:
http://www3.ns.sympatico.ca/malagash/Downloads/Net/dcdiag.exe
Try as suggested
dcdiag.exe  /test:dns
or simply
dcdiag
and see if it reports any specific errors.
0
 

Author Comment

by:ITRick
ID: 17119511
Server:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER
      Starting test: Connectivity
         ......................... SERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER
      Starting test: Replications
         ......................... SERVER passed test Replications
      Starting test: NCSecDesc
         ......................... SERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER passed test NetLogons
      Starting test: Advertising
         ......................... SERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVER passed test RidManager
      Starting test: MachineAccount
         ......................... SERVER passed test MachineAccount
      Starting test: Services
         ......................... SERVER passed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SERVER passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SERVER failed test frsevent
      Starting test: kccevent
         ......................... SERVER passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/16/2006   23:08:26
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/16/2006   23:08:26
            (Event String could not be retrieved)
         ......................... SERVER failed test systemlog
      Starting test: VerifyReferences
         ......................... SERVER passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : Domain
      Starting test: CrossRefValidation
         ......................... Domain passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Domain passed test CheckSDRefDom

   Running enterprise tests on : Domain.com
      Starting test: Intersite
         ......................... Domain.com passed test Intersite
      Starting test: FsmoCheck
         ......................... Domain.com passed test FsmoCheck

0
 

Author Comment

by:ITRick
ID: 17119530
Server2


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER2
      Starting test: Connectivity
         ......................... SERVER2 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER2
      Starting test: Replications
         ......................... SERVER2 passed test Replications
      Starting test: NCSecDesc
         ......................... SERVER2 passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\SERVER2\netlogon)
         [SERVER2] An net use or LsaPolicy operation failed with error 1203, No
network provider accepted the given network path..
         ......................... SERVER2 failed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\server.domain.com, wh
en we were trying to reach SERVER2.
         Server is not responding or is not considered suitable.
         ......................... SERVER2 failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVER2 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVER2 passed test RidManager
      Starting test: MachineAccount
         ......................... SERVER2 passed test MachineAccount
      Starting test: Services
         ......................... SERVER2 passed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER2 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SERVER2 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SERVER2 failed test frsevent
      Starting test: kccevent
         ......................... SERVER2 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/16/2006   23:08:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/16/2006   23:08:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/16/2006   23:22:18
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/16/2006   23:22:19
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 07/16/2006   23:22:19
            (Event String could not be retrieved)
         ......................... SERVER2 failed test systemlog
      Starting test: VerifyReferences
         ......................... SERVER2 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : domain
      Starting test: CrossRefValidation
         ......................... domain passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... domain passed test CheckSDRefDom

   Running enterprise tests on : domain.com
      Starting test: Intersite
         ......................... domain.com passed test Intersite
      Starting test: FsmoCheck
         ......................... domain.com passed test FsmoCheck

0
 

Author Comment

by:ITRick
ID: 17119537
Server2 DNS:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER2
      Starting test: Connectivity
         ......................... SERVER2 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER2

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : domain

   Running enterprise tests on : domain.com
      Starting test: DNS
         Test results for domain controllers:

            DC: server2.domain.com
            Domain: domain.com


               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90

            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4

            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10

            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.228.79.201

            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12

            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17

            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241

            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30

            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129

            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12

            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4

            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: domain.com
               server2                      PASS PASS FAIL PASS PASS PASS n/a

         ......................... domain.com failed test DNS

0
 

Author Comment

by:ITRick
ID: 17119541
Ok... Those are the test I ran... dcdiag /test:dns passed all the way on server

The first post is Server the second post is Server2 at my second location Third post is the DNS test on Server2


If anyone knows how to fix this please let me know.

Also I had to change the name of the real domain name to just domain.


Thanks,
Rick
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17122440
In my opinion, something is not right with your DNS. Were there any specific errors in the Event logs?. If so could you post the Event ID's and Source. Check your DNS management console to make sure the Host records are correct for all servers.
Is this a new problem, or on going?
0
 

Author Comment

by:ITRick
ID: 17122593
13508
1006
1030

No errors in DNS Event logs... But all the other errors point to DNS.

0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 77

Expert Comment

by:Rob Williams
ID: 17122821
13508 may indicate the file replication service between the machines is being blocked. First step would be to at least temporarily disable the Windows, or any other software firewall, to see if there is an improvement.

The other two can be numerous things, one of which is an expired password, probably for a system service account.
Is the server with the above event errors an upgraded server from 2000, or has it been re-named?

Confirm on the server NIC's that they only point to your internal DNS servers, and the IP's are correct. Do not allow them to also point to the ISP.
0
 

Author Comment

by:ITRick
ID: 17126465
Well the DNS is getting worst on its own now... I posted its changes here:

http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21921846.html

0
 
LVL 14

Accepted Solution

by:
FriarTuk earned 250 total points
ID: 17132379
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17160955
Any luck with your server changes ITRick ?
I have been following the other thread. You are in good hands with James/Jay_Jay70.
--Rob
0
 

Author Comment

by:ITRick
ID: 17170653
No luck yet haven't read all replies yet, been away for a couple of days.
0
 
LVL 14

Expert Comment

by:FriarTuk
ID: 17254833
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17279714
Thanks ITRick,
--Rob
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now