Solved

DNS question

Posted on 2006-11-22
12
897 Views
Last Modified: 2008-02-01
I have ran the netdiag tool with the following results for the DNS test.  Can someone translate this into English? Sorry first time setting up dns.




DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'pways50-fs1.pways50.com.'. [ERROR_TIMEOUT]
            The name 'pways50-fs1.pways50.com.' may not be registered in DNS.
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pways50.com. re-registeration
 on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.pways50.com. re-registeration on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.pways50.com. re-re
gisteration on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.pways50.com. re-reg
isteration on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.pways50.com. re-registeration on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.95a0b48d-9a62-4320-8d7a-f7653
0b7e593.domains._msdcs.pways50.com. re-registeration on DNS server '10.183.168.3
' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry 0eaf7fe7-9dbc-44b5-9088-9871d6a48d5b._ms
dcs.pways50.com. re-registeration on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.pways50.com. re
-registeration on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.pways50.com. re-registeration on DNS server '10.183.168.3' faile
d.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.pways50.com. re-reg
isteration on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.ForestDnsZones.pways50.com. r
e-registeration on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.ForestDnsZones.pways50.com. re-registeration on DNS server '10.183.168.3' fail
ed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.DomainDnsZones.pways50.com. r
e-registeration on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.DomainDnsZones.pways50.com. re-registeration on DNS server '10.183.168.3' fail
ed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry pways50.com. re-registeration on DNS ser
ver '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry gc._msdcs.pways50.com. re-registeration
on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.pways50.com. re-registeration on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.pways50.com. re-registera
tion on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.pways50.com. re-registeration on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.pways50.com. re-registeration o
n DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.
pways50.com. re-registeration on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kerberos._udp.pways50.com. re-registera
tion on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.pways50.com. re-registerat
ion on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.pways50.com. re-registerat
ion on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry ForestDnsZones.pways50.com. re-registera
tion on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Failed to fix: DC DNS entry DomainDnsZones.pways50.com. re-registera
tion on DNS server '10.183.168.3' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
    [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th
is DC on DNS server '10.183.168.3'.
    [FATAL] No DNS servers have the DNS records for this DC registered.



thanks for your help.
0
Comment
Question by:nkeever
12 Comments
 
LVL 3

Expert Comment

by:overcld9
Comment Utility
What exactly are you trying to accomplish here?

Are you trying to setup DNS on your local domain?

IS this server going to be a webserver or host exchange?

Is this server a 2000 to 2003 upgrade?

0
 

Author Comment

by:nkeever
Comment Utility
Trying to setup DNS for local domain. No webserver and no exchange. Server 2003.

thanks
0
 
LVL 19

Expert Comment

by:feptias
Comment Utility
It sounds like you have not set the Preferred DNS server on the DC to point to itself. You can check the setting by typing "ipconfig /all" at the command prompt and look for the setting of "Preferred DNS server". You change the setting in the TCP/IP properties of the network interface (right-click My Network Places and select Properties, then right-click on "Local Area Connection" and select Properties again).

What this means is that if the Domain Controller has an IP address of, say, 192.168.1.250 then the setting for Preferred DNS server should be 192.168.1.250. You must have the DNS server service installed and running on the DC.
0
 

Author Comment

by:nkeever
Comment Utility
Your suggestions have been verified and passed inspection. Next step or any other suggestions?
Thanks again
0
 
LVL 23

Expert Comment

by:gecko_au2003
Comment Utility
have you manually configured your forward and reverse lookup zones ?
0
 
LVL 19

Expert Comment

by:feptias
Comment Utility
I assume that means that Preferred DNS server is already pointing to itself, yes?
Next step: Open the DNS Management Console and navigate to the Forward Lookup Zones. Find the FLZ that has the same name as your Windows domain. Right-click on it and select Properties. What is the setting for Dynamic Updates? It should be Nonsecure and secure.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 19

Expert Comment

by:feptias
Comment Utility
Should have said, Secure updates is good too (probably better) - the options available depend partly on whether the zone is AD-Integrated or not.
0
 

Author Comment

by:nkeever
Comment Utility
feptias
That is what i have.
Also what is the benefit to having the zone AD-intergrated?
Thanks again

I am heading out of the office soon and will not be back until Monday. Thanks for your help.
0
 
LVL 19

Expert Comment

by:feptias
Comment Utility
AD-Integrated zones are automatically replicated to other DC's in the domain. Not much benefit if you only have one DC. The point I was making is not whether it is AD-Integrated, just that it must allow dynamic updates. If dynamic updates is set to None, then the DC will not be able to create all the records and sub-folders that are required in DNS. That would match with the original description of your problem.

Have you tried running DCDIAG?
0
 

Author Comment

by:nkeever
Comment Utility
Just ran dcdiag and here are the results. While i wait for a reply i will try and figure out what this all means. thanks




   Testing server: Default-First-Site-Name\PWAYS50-FS1
      Starting test: Connectivity
         The host 0eaf7fe7-9dbc-44b5-9088-9871d6a48d5b._msdcs.pways50.com could
not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (0eaf7fe7-9dbc-44b5-9088-9871d6a48d5b._msdcs.pways50.com) couldn't be
         resolved, the server name (pways50-fs1.pways50.com) resolved to the IP
         address (10.183.168.3) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... PWAYS50-FS1 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\PWAYS50-FS1
      Skipping all tests, because server PWAYS50-FS1 is
      not responding to directory service requests

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : pways50
      Starting test: CrossRefValidation
         ......................... pways50 passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... pways50 passed test CheckSDRefDom

   Running enterprise tests on : pways50.com
      Starting test: Intersite
         ......................... pways50.com passed test Intersite
      Starting test: FsmoCheck
         ......................... pways50.com passed test FsmoCheck

C:\Program Files\Support Tools>
0
 
LVL 19

Accepted Solution

by:
feptias earned 500 total points
Comment Utility
Open the DNS Management Console on the DC and navigate to the Forward Lookup Zones. In there you should see a zone called pways50.com and it should contain a Host (A) record called "pways50-fs1" with a Data value of 10.183.168.3.

Below pways50.com there should be a folder called _msdcs. In _msdcs there should be an Alias (CNAME) record called "0eaf7fe7-9dbc-44b5-9088-9871d6a48d5b" with a data value of "pways50-fs1.pways50.com".

If the DNS forward lookup zones do not have that structure and contain those resource records then please try the following:
Set the zone type for pways50.com as AD-Integrated
Set the dynamic updates as "Secure only"
Now restart the Windows Netlogon service (or reboot the DC)
Look again at the DNS fwd lookup zones mentioned above, but you may need to select refresh from the Action drop down menu or the right-click pop-up menu to make sure you are looking at current info.

It would also be useful to see the output from ipconfig /all on the DC - can you post that please.

Finally, here are some links that might help (copied from an answer posted by another expert, so I hope they are ok):
What are the most common DNS related Dcpromo errors? How do I fix them?
http://www.petri.co.il/troubleshooting_dcpromo_errors.htm
10 DNS Errors That Will Kill Your Network
http://www.mcpmag.com/features/article.asp?EditorialsID=413
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382
Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515
0
 

Author Comment

by:nkeever
Comment Utility
Ok I followed your instructions and now see the folders you mentioned. My original problem was that after 8 hours I would lose my mapped connection to my server and would have to log out and log back in to get the drives to work. After following your instruction and restarting the netlogon service I went to two of my workstations that were not able to connect to the server this morning and tried them again. Without having to log off and back on I was able to connect to my server. After reviewing some of the post on this site everything came down to DNS. So the first test has passed, and now I will wait for 8 hours and make sure everything is still working wonderfully before reporting back. Thanks for all your help.

0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This video discusses moving either the default database or any database to a new volume.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now